refpolicy: Skip HLL module processing for monolithic policy builds

Avoid processing and copying high-level language (.pp) modules during do_install when MONOLITHIC=y is set. This prevents build failures due to missing files in /usr/share/selinux/targeted, which are not generated in monolithic mode. Fixes error: cp: cannot stat '/usr/share/selinux/targeted/*.*': No such file or directory Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2026-01-01 13:58:04 +00:00 · 2025-10-21 08:55:35 +05:30 · 2025-10-21 08:55:35 +05:30 · b7822f7772
commit b7822f7772
parent 91bf293772
2 changed files with 34 additions and 31 deletions
--- a/recipes-security/refpolicy/refpolicy-minimum_git.bb
+++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb
@ -78,20 +78,22 @@ prepare_policy_store() {
    HLL_TYPE=$(echo ${POL_SRC}/base.* | awk -F . '{if (NF>1) {print $NF}}')
    HLL_BIN=${STAGING_DIR_NATIVE}${prefix}/libexec/selinux/hll/${HLL_TYPE}

-    for i in base ${POLICY_MODULES_MIN}; do
-        MOD_FILE=${POL_SRC}/${i}.${HLL_TYPE}
-        MOD_DIR=${POL_ACTIVE_MODS}/${i}
-        mkdir -p ${MOD_DIR}
-        echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext
+    if [ "${POLICY_MONOLITHIC}" != "y" ]; then
+        for i in base ${POLICY_MODULES_MIN}; do
+            MOD_FILE=${POL_SRC}/${i}.${HLL_TYPE}
+            MOD_DIR=${POL_ACTIVE_MODS}/${i}
+            mkdir -p ${MOD_DIR}
+            echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext

-        if ! bzip2 -t ${MOD_FILE} >/dev/null 2>&1; then
-            ${HLL_BIN} ${MOD_FILE} | bzip2 --stdout > ${MOD_DIR}/cil
-            bzip2 -f ${MOD_FILE} && mv -f ${MOD_FILE}.bz2 ${MOD_FILE}
-        else
-            bunzip2 --stdout ${MOD_FILE} | \
-                ${HLL_BIN} | \
-                bzip2 --stdout > ${MOD_DIR}/cil
-        fi
-        cp ${MOD_FILE} ${MOD_DIR}/hll
-    done
+            if ! bzip2 -t ${MOD_FILE} >/dev/null 2>&1; then
+                ${HLL_BIN} ${MOD_FILE} | bzip2 --stdout > ${MOD_DIR}/cil
+                bzip2 -f ${MOD_FILE} && mv -f ${MOD_FILE}.bz2 ${MOD_FILE}
+            else
+                bunzip2 --stdout ${MOD_FILE} | \
+                    ${HLL_BIN} | \
+                    bzip2 --stdout > ${MOD_DIR}/cil
+            fi
+            cp ${MOD_FILE} ${MOD_DIR}/hll
+        done
+    fi
 }
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@ -173,22 +173,23 @@ prepare_policy_store() {
    # Get hll type from suffix on base policy module
    HLL_TYPE=$(echo ${POL_SRC}/base.* | awk -F . '{if (NF>1) {print $NF}}')
    HLL_BIN=${STAGING_DIR_NATIVE}${prefix}/libexec/selinux/hll/${HLL_TYPE}
-
-    for i in ${POL_SRC}/*.${HLL_TYPE}; do
-        MOD_NAME=$(basename $i | sed "s/\.${HLL_TYPE}$//")
-        MOD_DIR=${POL_ACTIVE_MODS}/${MOD_NAME}
-        mkdir -p ${MOD_DIR}
-        echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext
-        if ! bzip2 -t $i >/dev/null 2>&1; then
-            ${HLL_BIN} $i | bzip2 --stdout > ${MOD_DIR}/cil
-            bzip2 -f $i && mv -f $i.bz2 $i
-        else
-            bunzip2 --stdout $i | \
-                ${HLL_BIN} | \
-                bzip2 --stdout > ${MOD_DIR}/cil
-        fi
-        cp $i ${MOD_DIR}/hll
-    done
+    if [ "${POLICY_MONOLITHIC}" != "y" ]; then
+        for i in ${POL_SRC}/*.${HLL_TYPE}; do
+            MOD_NAME=$(basename $i | sed "s/\.${HLL_TYPE}$//")
+            MOD_DIR=${POL_ACTIVE_MODS}/${MOD_NAME}
+            mkdir -p ${MOD_DIR}
+            echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext
+            if ! bzip2 -t $i >/dev/null 2>&1; then
+                ${HLL_BIN} $i | bzip2 --stdout > ${MOD_DIR}/cil
+                bzip2 -f $i && mv -f $i.bz2 $i
+            else
+                bunzip2 --stdout $i | \
+                    ${HLL_BIN} | \
+                    bzip2 --stdout > ${MOD_DIR}/cil
+            fi
+            cp $i ${MOD_DIR}/hll
+        done
+    fi
 }

 rebuild_policy() {