package/refpolicy: allow selecting additional modules

Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 1912f24a58209a1c3c7300b08d9378a00c89bec6..24c811ca24cec00f72bbbdbb8d3eabcd46ba31bf 100644 (file)
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -67,6 +67,11 @@ config BR2_REFPOLICY_EXTRA_MODULES_DIRS
          sub-directories. Also, you cannot have several modules with
          the same name in different directories.
 
+config BR2_REFPOLICY_EXTRA_MODULES
+       string "Extra modules to enable"
+       help
+         List of extra SELinux modules to enable in the refpolicy.
+
 endif
 
 comment "refpolicy needs a toolchain w/ threads"

diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index a7a924f0af13dbb3acd564fec33553bbf1c45676..50d86699b2ffba0ad349f8d162126bbec99904ab 100644 (file)
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -54,6 +54,7 @@ REFPOLICY_MODULES = \
        unconfined \
        userdomain \
        $(PACKAGES_SELINUX_MODULES) \
+       $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
        $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
                $(basename $(notdir $(wildcard $(d)/*.te))))