From d54aa0e861850986d847338c9e6218bffde3d801 Mon Sep 17 00:00:00 2001
From: Adam Duskett <Aduskett@gmail.com>
Date: Sat, 20 May 2017 16:41:42 -0400
Subject: [PATCH] refpolicy: add ability to specify policy version

Refpolicy by default will build the highest version supported. This may
cause older kernels to not load the policy.

This patch adds a custom policy version string which is defaulted to 30,
which is the highest supported as of today.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber  <matthew.weber@rockwellcollins.com>
[Thomas:
 - rename option to BR2_PACKAGE_REFPOLICY_POLICY_VERSION
 - use qstrip to remove double quotes]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/refpolicy/Config.in    | 8 ++++++++
 package/refpolicy/refpolicy.mk | 6 +++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index bcc74d432b..69785629cc 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -33,3 +33,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
 		!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
+	string "Policy version"
+	default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 9a1d6da492..4d85ee5edc 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -29,8 +29,12 @@ REFPOLICY_MAKE = \
 	$(TARGET_MAKE_ENV) \
 	$(MAKE1)
 
+REFPOLICY_POLICY_VERSION = \
+	$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION))
+
 define REFPOLICY_CONFIGURE_CMDS
-	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
+		$(@D)/build.conf
 	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
 	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 endef
-- 
2.30.2