refpolicy: add ability to specify policy version

Refpolicy by default will build the highest version supported. This may
cause older kernels to not load the policy.

This patch adds a custom policy version string which is defaulted to 30,
which is the highest supported as of today.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber  <matthew.weber@rockwellcollins.com>
[Thomas:
 - rename option to BR2_PACKAGE_REFPOLICY_POLICY_VERSION
 - use qstrip to remove double quotes]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2 files changed, 13 insertions, 1 deletions

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index bcc74d432b..69785629cc 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -33,3 +33,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
 		!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
+	string "Policy version"
+	default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 9a1d6da492..4d85ee5edc 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -29,8 +29,12 @@ REFPOLICY_MAKE = \
 	$(TARGET_MAKE_ENV) \
 	$(MAKE1)
 
+REFPOLICY_POLICY_VERSION = \
+	$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION))
+
 define REFPOLICY_CONFIGURE_CMDS
-	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
+		$(@D)/build.conf
 	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
 	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 endef