[yocto] [meta-selinux][PATCH 2/2] policy: Create compressed_policy distro feature

[Joe MacDonald]

There is a small cost to having compressed policy files on the final
image both in terms of memory requirements and load times.  In nearly all
circumstances this is negligible, but this adds a DISTRO_FEATURE that
can be used to enable it, if desired.

The default selinux distros will enable the feature by default.

Signed-off-by: Joe MacDonald <joe at deserted.net>
---
 conf/distro/oe-selinux.conf                     |    2 +-
 recipes-security/refpolicy/refpolicy_common.inc |   32 ++++++++++++++++-------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..5f4af87 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -1,4 +1,4 @@
 DISTRO = "oe-selinux"
 DISTROOVERRIDES .= ":selinux"
 
-DISTRO_FEATURES_append = " acl xattr pam selinux"
+DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy"
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index b46903f..a71c5dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -11,8 +11,10 @@ SRC_URI += "file://customizable_types \
 
 S = "${WORKDIR}/refpolicy"
 
-FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
-	${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
+FILES_${PN} = " \
+	${sysconfdir}/selinux/${POLICY_NAME}/ \
+	${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \
+	"
 FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,14 +81,24 @@ EOF
 	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
 	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
 	touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
-	for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
-		bzip2 $i
-		if [ "`basename $i`" != "base.pp" ]; then
-			cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
-		else
-			cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
-		fi
-	done
+	if  ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
+		for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+			bzip2 $i
+			if [ "`basename $i`" != "base.pp" ]; then
+				cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+			else
+				cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
+			fi
+		done
+	else
+		bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp  >\
+			${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+		for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+			if [ "`basename $i`" != "base.pp" ]; then
+				bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+			fi
+		done
+	fi
 
 	# Create policy store and build the policy
 	semodule -p ${D} -s ${POLICY_NAME} -n -B
-- 
1.7.10.4