From 765c66a23e13543bda01683000fdaaaf81c83129 Mon Sep 17 00:00:00 2001
From: Philip Tricca <flihp@twobit.us>
Date: Mon, 21 Oct 2013 18:06:52 +0000
Subject: bzip SELinux policy modules in ${datadir}

The 'semodule' utility can operate on compresed modules so the only
cost of this change is a slower module load time when invoking
'semodule -i' on a running system (increased CPU load due to bzip2).
That said my tests show more than 100M reduction in ext3 image size
of core-image-selinux. This last metric is a bit skewed as the image
includes two policies. Still, a reduction in the size of the refpolicy
package by 1/2 is significant.

(From meta-selinux master rev: d549fef3f4c41140b8f74263724deb75c9b5908e)

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 recipes-security/refpolicy/refpolicy_common.inc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 2ee42e1..b46903f 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -12,7 +12,7 @@ SRC_URI += "file://customizable_types \
 S = "${WORKDIR}/refpolicy"
 
 FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
-	${datadir}/selinux/${POLICY_NAME}/*.pp"
+	${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
 FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,11 +79,12 @@ EOF
 	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
 	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
 	touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
-	bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp  > \
-		${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
 	for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+		bzip2 $i
 		if [ "`basename $i`" != "base.pp" ]; then
-			bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+			cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+		else
+			cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
 		fi
 	done
 
-- 
cgit v1.2.3-54-g00ecf