package/refpolicy/Config.in


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

config BR2_PACKAGE_REFPOLICY
	bool "refpolicy"
	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
	depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # policycoreutils
	depends on !BR2_STATIC_LIBS # policycoreutils
	depends on !BR2_arc # policycoreutils
	select BR2_PACKAGE_POLICYCOREUTILS
	select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
	help
	  The SELinux Reference Policy project (refpolicy) is a
	  complete SELinux policy that can be used as the system
	  policy for a variety of systems and used as the basis for
	  creating other policies. Reference Policy was originally
	  based on the NSA example policy, but aims to accomplish many
	  additional goals.

	  The current refpolicy does not fully support Buildroot and
	  needs modifications to work with the default system file
	  layout. These changes should be added as patches to the
	  refpolicy that modify a single SELinux policy.

	  The refpolicy works for the most part in permissive
	  mode. Only the basic set of utilities are enabled in the
	  example policy config and some of the pathing in the
	  policies is not correct.  Individual policies would need to
	  be tweaked to get everything functioning properly.

	  https://github.com/TresysTechnology/refpolicy

comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
	depends on !BR2_arc
	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
		!BR2_TOOLCHAIN_USES_GLIBC

if BR2_PACKAGE_REFPOLICY

config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
	string "Policy version"
	default "30"

choice
	prompt "SELinux default state"
	default BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE

config BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
	bool "Enforcing"
	help
	  SELinux security policy is enforced

config BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
	bool "Permissive"
	help
	  SELinux prints warnings instead of enforcing

config BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
	bool "Disabled"
	help
	  No SELinux policy is loaded
endchoice

config BR2_PACKAGE_REFPOLICY_POLICY_STATE
	string
	default "permissive" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
	default "enforcing" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
	default "disabled" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED

endif