refpolicy: add ability to specify policy version

Refpolicy by default will build the highest version supported. This may
cause older kernels to not load the policy.

This patch adds a custom policy version string which is defaulted to 30,
which is the highest supported as of today.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber  <matthew.weber@rockwellcollins.com>
[Thomas:
 - rename option to BR2_PACKAGE_REFPOLICY_POLICY_VERSION
 - use qstrip to remove double quotes]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index bcc74d432b17fb38208bbcc56b1dc3bf9e775bf0..69785629ccfcc2be8d8b6c9d9128987729596a5a 100644 (file)
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -33,3 +33,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
        depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
        depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
                !BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
+       string "Policy version"
+       default "30"
+
+endif

diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 9a1d6da4924c74bf9e2348284016c832eb0ca8a3..4d85ee5edc29b35f52d5b267d7468245819f0699 100644 (file)
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -29,8 +29,12 @@ REFPOLICY_MAKE = \
        $(TARGET_MAKE_ENV) \
        $(MAKE1)
 
+REFPOLICY_POLICY_VERSION = \
+       $(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION))
+
 define REFPOLICY_CONFIGURE_CMDS
-       $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+       $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
+               $(@D)/build.conf
        $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
        $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 endef