package/refpolicy: allow selecting additional modules

Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/refpolicy/Config.in

@@ -67,6 +67,11 @@ config BR2_REFPOLICY_EXTRA_MODULES_DIRS
 	  sub-directories. Also, you cannot have several modules with
 	  the same name in different directories.
 
+config BR2_REFPOLICY_EXTRA_MODULES
+	string "Extra modules to enable"
+	help
+	  List of extra SELinux modules to enable in the refpolicy.
+
 endif
 
 comment "refpolicy needs a toolchain w/ threads"

package/refpolicy/refpolicy.mk

@@ -54,6 +54,7 @@ REFPOLICY_MODULES = \
 	unconfined \
 	userdomain \
 	$(PACKAGES_SELINUX_MODULES) \
+	$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
 	$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
 		$(basename $(notdir $(wildcard $(d)/*.te))))