[yocto] [meta-selinux][PATCH 1/3] refpolicy: Setup virtual/refpolicy provider.

Philip Tricca flihp at twobit.us
Sun Apr 3 17:21:33 PDT 2016 

This allows us to provide a default policy through the
PREFERRED_PROVIDER mechanism for each of the example distro configs.
Consumers of meta-selinux will be able to override this at the config
level instead of having to depend on a specific policy package. We do
lose the ability install more than one policy package but this falls
in line with the embedded nature of the project.

Signed-off-by: Philip Tricca <flihp at twobit.us>
---
 conf/distro/oe-selinux.conf                                    | 1 +
 recipes-security/packagegroups/packagegroup-core-selinux.bb    | 3 +--
 recipes-security/packagegroups/packagegroup-selinux-minimal.bb | 2 +-
 recipes-security/refpolicy/refpolicy_common.inc                | 3 +++
 recipes-security/selinux/selinux-config_0.1.bb                 | 3 +--
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..0011d45 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -2,3 +2,4 @@ DISTRO = "oe-selinux"
 DISTROOVERRIDES .= ":selinux"
 
 DISTRO_FEATURES_append = " acl xattr pam selinux"
+PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index a2480a3..62c5a76 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -26,7 +26,6 @@ RDEPENDS_${PN} = " \
 	selinux-autorelabel \
 	selinux-init \
 	selinux-labeldev \
-	refpolicy-standard \
-	refpolicy-mls \
+	virtual/refpolicy \
 	coreutils \
 	"
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index 34c5f7c..87ae686 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -23,5 +23,5 @@ RDEPENDS_${PN} = "\
 	policycoreutils-setfiles \
 	selinux-config \
 	selinux-labeldev \
-	refpolicy-mls \
+	virtual/refpolicy \
 "
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 67d0426..ba887e4 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -3,6 +3,9 @@ LICENSE = "GPLv2"
 
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
+PROVIDES += "virtual/refpolicy"
+RPROVIDES_${PN} += "virtual/refpolicy"
+
 # Specific config files for Poky
 SRC_URI += "file://customizable_types \
             file://setrans-mls.conf \
diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb
index 37fe4b7..e902e98 100644
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ b/recipes-security/selinux/selinux-config_0.1.bb
@@ -1,4 +1,3 @@
-DEFAULT_POLICY ??= "mls"
 DEFAULT_ENFORCING ??= "enforcing"
 
 SUMMARY = "SELinux configuration"
@@ -30,7 +29,7 @@ SELINUX=${DEFAULT_ENFORCING}
 #     mls - Multi Level Security protection.
 #     targeted - Targeted processes are protected.
 #     mcs - Multi Category Security protection.
-SELINUXTYPE=${DEFAULT_POLICY}
+SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]}
 " > ${WORKDIR}/config
 	install -d ${D}/${sysconfdir}/selinux
 	install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
-- 
2.1.4

More information about the yocto mailing list