From a9e8f834d7a7bd94c649af89205c354ffbe1d3a6 Mon Sep 17 00:00:00 2001
From: Philip Tricca <flihp@twobit.us>
Date: Mon, 4 Apr 2016 00:21:35 +0000
Subject: refpolicy_common: Sanity test DEFAULT_ENFORCING value and set
 default.

Use the anonymous python function to be sure the value set for
'SELINUX' in the config file is something useful. In the event that
DEFAULT_ENFORCING isn't set to one of the 3 permissible values we
set it to 'permissive'.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
 recipes-security/refpolicy/refpolicy_common.inc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 305675f..10e972d 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -66,6 +66,16 @@ EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
 EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`"
 EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"
 
+python __anonymous () {
+    import re
+
+    # make sure DEFAULT_ENFORCING is something sane
+    if not re.match('^(enforcing|permissive|disabled)$',
+                    d.getVar('DEFAULT_ENFORCING', True),
+                    flags=0):
+        d.setVar('DEFAULT_ENFORCING', 'permissive')
+}
+
 do_compile() {
 	oe_runmake conf
 	oe_runmake policy
-- 
cgit v1.2.3-54-g00ecf