refpolicy: Setup virtual/refpolicy provider.

This allows us to provide a default policy through the PREFERRED_PROVIDER mechanism for each of the example distro configs. Consumers of meta-selinux will be able to override this at the config level instead of having to depend on a specific policy package. We do lose the ability install more than one policy package but this falls in line with the embedded nature of the project. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2026-01-01 13:58:04 +00:00 · 2016-04-04 00:21:33 +00:00 · 2016-04-04 00:21:33 +00:00 · 14c84b182b
commit 14c84b182b
parent fc122bb653
5 changed files with 7 additions and 5 deletions
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@ -2,3 +2,4 @@ DISTRO = "oe-selinux"
 DISTROOVERRIDES .= ":selinux"

 DISTRO_FEATURES_append = " acl xattr pam selinux"
+PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@ -26,7 +26,6 @@ RDEPENDS_${PN} = " \
 	selinux-autorelabel \
 	selinux-init \
 	selinux-labeldev \
-	refpolicy-standard \
-	refpolicy-mls \
+	virtual/refpolicy \
 	coreutils \
 	"
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@ -23,5 +23,5 @@ RDEPENDS_${PN} = "\
 	policycoreutils-setfiles \
 	selinux-config \
 	selinux-labeldev \
-	refpolicy-mls \
+	virtual/refpolicy \
 "
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@ -3,6 +3,9 @@ LICENSE = "GPLv2"

 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

+PROVIDES += "virtual/refpolicy"
+RPROVIDES_${PN} += "virtual/refpolicy"
+
 # Specific config files for Poky
 SRC_URI += "file://customizable_types \
            file://setrans-mls.conf \
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ b/recipes-security/selinux/selinux-config_0.1.bb
@ -1,4 +1,3 @@
-DEFAULT_POLICY ??= "mls"
 DEFAULT_ENFORCING ??= "enforcing"

 SUMMARY = "SELinux configuration"
@ -30,7 +29,7 @@ SELINUX=${DEFAULT_ENFORCING}
 #     mls - Multi Level Security protection.
 #     targeted - Targeted processes are protected.
 #     mcs - Multi Category Security protection.
-SELINUXTYPE=${DEFAULT_POLICY}
+SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]}
 " > ${WORKDIR}/config
 	install -d ${D}/${sysconfdir}/selinux
 	install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/