NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/refpolicy: allow selecting additional modules

Browse Source 
Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Antoine Tenart 2020-07-31 12:10:36 +02:00 committed by Thomas Petazzoni
parent 1e2e3cc951
commit 7f3b075609
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package/refpolicy/Config.in
View File

@ -67,6 +67,11 @@ config BR2_REFPOLICY_EXTRA_MODULES_DIRS
sub-directories. Also, you cannot have several modules with sub-directories. Also, you cannot have several modules with
the same name in different directories. the same name in different directories.
config BR2_REFPOLICY_EXTRA_MODULES
string "Extra modules to enable"
help
List of extra SELinux modules to enable in the refpolicy.
endif endif
comment "refpolicy needs a toolchain w/ threads" comment "refpolicy needs a toolchain w/ threads"

1
package/refpolicy/refpolicy.mk
View File

@ -54,6 +54,7 @@ REFPOLICY_MODULES = \
unconfined \ unconfined \
userdomain \ userdomain \
$(PACKAGES_SELINUX_MODULES) \ $(PACKAGES_SELINUX_MODULES) \
$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\ $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
$(basename $(notdir $(wildcard $(d)/*.te)))) $(basename $(notdir $(wildcard $(d)/*.te))))