package/refpolicy: allow packages to provide their own SELinux modules

Allow packages to have an 'selinux' subfolder containing SELinux modules (sources) to be synced and compiled within the refpolicy, if the package is selected. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-31 12:10:38 +02:00 · 2020-07-31 12:10:38 +02:00 · 07e5d4dec1
commit 07e5d4dec1
parent 8619307c96
2 changed files with 5 additions and 1 deletions
--- a/package/pkg-generic.mk
+++ b/package/pkg-generic.mk
@ -1092,6 +1092,8 @@ KEEP_PYTHON_PY_FILES += $$($(2)_KEEP_PY_FILES)
 ifneq ($$($(2)_SELINUX_MODULES),)
 PACKAGES_SELINUX_MODULES += $$($(2)_SELINUX_MODULES)
 endif
+PACKAGES_SELINUX_EXTRA_MODULES_DIRS += \
+	$$(if $$(wildcard $$($(2)_PKGDIR)/selinux),$$($(2)_PKGDIR)/selinux)

 ifeq ($$($(2)_SITE_METHOD),svn)
 DL_TOOLS_DEPENDENCIES += svn
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@ -41,7 +41,9 @@ ifeq ($(BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION),y)

 # Allow to provide out-of-tree SELinux modules in addition to the ones
 # in the refpolicy.
-REFPOLICY_EXTRA_MODULES_DIRS = $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES_DIRS))
+REFPOLICY_EXTRA_MODULES_DIRS = \
+	$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES_DIRS)) \
+	$(PACKAGES_SELINUX_EXTRA_MODULES_DIRS)
 $(foreach dir,$(REFPOLICY_EXTRA_MODULES_DIRS),\
 	$(if $(wildcard $(dir)),,\
 		$(error BR2_REFPOLICY_EXTRA_MODULES_DIRS contains nonexistent directory $(dir))))