[yocto] [meta-selinux][PATCH 4/4] refpolicy: add minimum targeted policy

[wenzong.fan]

From: Wenzong Fan <wenzong....@windriver.com>

This is a minimum targeted policy with just core policy modules, and
could be used as a base for customizing targeted policy.
Pretty much everything runs as initrc_t or unconfined_t so all of the
domains are unconfined.

Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
---
 .../refpolicy/refpolicy-minimum_2.20130424.bb      |   46 ++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb

diff --git a/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb 
b/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
new file mode 100644
index 0000000..e904810
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
@@ -0,0 +1,46 @@
+include refpolicy-targeted_${PV}.bb
+
+SUMMARY = "SELinux minimum policy"
+DESCRIPTION = "\
+This is a minimum reference policy with just core policy modules, and \
+could be used as a base for customizing targeted policy. \
+Pretty much everything runs as initrc_t or unconfined_t so all of the \
+domains are unconfined. \
+"
+
+POLICY_NAME = "minimum"
+
+FILESEXTRAPATHS_prepend := 
"${THISDIR}/files:${THISDIR}/refpolicy-${PV}:${THISDIR}/refpolicy-targeted:"
+
+CORE_POLICY_MODULES = "unconfined \
+       selinuxutil storage sysnetwork \
+       application libraries miscfiles logging userdomain \
+       init mount modutils getty authlogin locallogin \
+       "
+
+# nscd caches libc-issued requests to the name service.
+# Without nscd.pp, commands want to use these caches will be blocked.
+EXTRA_POLICY_MODULES += "nscd"
+
+# pam_mail module enables checking and display of mailbox status upon
+# "login", so "login" process will access to /var/spool/mail.
+EXTRA_POLICY_MODULES += "mta"
+
+POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"
+
+prepare_policy_store () {
+       oe_runmake install \
+               DESTDIR=${D}
+
+       # Prepare to create policy store
+       mkdir -p ${D}${sysconfdir}/selinux/
+       mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy
+       mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
+       mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
+       bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp  > \
+               ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+       for i in ${POLICY_MODULES_MIN}; do
+               bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \
+                       
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp
+       done
+}
-- 
1.7.9.5

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto