From af4937c07eadb13d829c1ef278bed6528a2603a5 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Mon, 22 Sep 2014 14:10:47 +0800 Subject: Use compressed_policy by default, and clear distro feature Original refpolicy install compressed policy modules to policy store, but leave datadir ones uncompressed. After, a "compressed_policy" distro feature is added for compressing the datadir ones. This simple mechanism is unworthy for a distro feature, just clear it and use compressed policy modules by default. Signed-off-by: Xin Ouyang --- conf/distro/oe-selinux.conf | 2 +- .../refpolicy/refpolicy-minimum_2.20140311.bb | 23 ++++++------------ recipes-security/refpolicy/refpolicy_common.inc | 28 +++++++--------------- 3 files changed, 17 insertions(+), 36 deletions(-) diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf index 5f4af87..6e55a32 100644 --- a/conf/distro/oe-selinux.conf +++ b/conf/distro/oe-selinux.conf @@ -1,4 +1,4 @@ DISTRO = "oe-selinux" DISTROOVERRIDES .= ":selinux" -DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy" +DISTRO_FEATURES_append = " acl xattr pam selinux" diff --git a/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb b/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb index 0b286ac..b275821 100644 --- a/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb +++ b/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb @@ -38,20 +38,11 @@ prepare_policy_store () { mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local - if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then - for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do - bzip2 $i - done - cp base.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp - for i in ${POLICY_MODULES_MIN}; do - cp ${i}.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp` - done - else - bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \ - ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp - for i in ${POLICY_MODULES_MIN}; do - bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \ - ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp - done - fi + for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do + bzip2 -f $i && mv -f $i.bz2 $i + done + cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp + for i in ${POLICY_MODULES_MIN}; do + cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp` + done } diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index fd205cf..0dc055e 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -13,7 +13,7 @@ S = "${WORKDIR}/refpolicy" FILES_${PN} = " \ ${sysconfdir}/selinux/${POLICY_NAME}/ \ - ${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \ + ${datadir}/selinux/${POLICY_NAME}/*.pp \ " FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/" @@ -69,24 +69,14 @@ prepare_policy_store () { mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local - if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then - for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do - bzip2 $i - if [ "`basename $i`" != "base.pp" ]; then - cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` - else - cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` - fi - done - else - bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\ - ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp - for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do - if [ "`basename $i`" != "base.pp" ]; then - bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`; - fi - done - fi + for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do + bzip2 -f $i && mv -f $i.bz2 $i + if [ "`basename $i`" != "base.pp" ]; then + cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` + else + cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` + fi + done } rebuild_policy () { -- cgit v1.2.3-54-g00ecf