GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/495232/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 495232,
    "url": "http://patchwork.ozlabs.org/api/patches/495232/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/1436905227-26937-4-git-send-email-clayton.shotwell@rockwellcollins.com/",
    "project": {
        "id": 27,
        "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api",
        "name": "Buildroot development",
        "link_name": "buildroot",
        "list_id": "buildroot.buildroot.org",
        "list_email": "buildroot@buildroot.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1436905227-26937-4-git-send-email-clayton.shotwell@rockwellcollins.com>",
    "list_archive_url": null,
    "date": "2015-07-14T20:20:15",
    "name": "[v9,03/15] refpolicy: new package",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": false,
    "hash": "071e52d937bd9a2128251ca4af9d2cb86d60aaa9",
    "submitter": {
        "id": 64481,
        "url": "http://patchwork.ozlabs.org/api/people/64481/?format=api",
        "name": "Clayton Shotwell",
        "email": "clayton.shotwell@rockwellcollins.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/1436905227-26937-4-git-send-email-clayton.shotwell@rockwellcollins.com/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/495232/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/495232/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<buildroot-bounces@busybox.net>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "buildroot@lists.busybox.net"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "buildroot@osuosl.org"
        ],
        "Received": [
            "from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\tby ozlabs.org (Postfix) with ESMTP id BCD7414076D\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 15 Jul 2015 06:21:00 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 110E8A4349;\n\tTue, 14 Jul 2015 20:21:00 +0000 (UTC)",
            "from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id C8_2MPg_tszF; Tue, 14 Jul 2015 20:20:51 +0000 (UTC)",
            "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 9542CA4361;\n\tTue, 14 Jul 2015 20:20:42 +0000 (UTC)",
            "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id CE9461CE612\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:39 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id CA74F9558D\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:39 +0000 (UTC)",
            "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id ffoRJs7zLspJ for <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:37 +0000 (UTC)",
            "from secvs02.rockwellcollins.com (secvs02.rockwellcollins.com\n\t[205.175.225.241])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 10A799559B\n\tfor <buildroot@buildroot.org>; Tue, 14 Jul 2015 20:20:36 +0000 (UTC)",
            "from unknown (HELO crulimr02.rockwellcollins.com)\n\t([131.198.26.125])\n\tby secvs02.rockwellcollins.com with ESMTP; 14 Jul 2015 15:20:36 -0500"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6",
        "X-Received": "from thehammer.rockwellcollins.com (unknown [192.168.141.197])\n\tby crulimr02.rockwellcollins.com (Postfix) with ESMTP id 3976060186; \n\tTue, 14 Jul 2015 15:20:36 -0500 (CDT)",
        "From": "Clayton Shotwell <clayton.shotwell@rockwellcollins.com>",
        "To": "buildroot@buildroot.org",
        "Date": "Tue, 14 Jul 2015 15:20:15 -0500",
        "Message-Id": "<1436905227-26937-4-git-send-email-clayton.shotwell@rockwellcollins.com>",
        "X-Mailer": "git-send-email 1.9.1",
        "In-Reply-To": "<1436905227-26937-1-git-send-email-clayton.shotwell@rockwellcollins.com>",
        "References": "<1436905227-26937-1-git-send-email-clayton.shotwell@rockwellcollins.com>",
        "Cc": "Clayton Shotwell <clayton.shotwell@rockwellcollins.com>",
        "Subject": "[Buildroot] [PATCH v9 03/15] refpolicy: new package",
        "X-BeenThere": "buildroot@busybox.net",
        "X-Mailman-Version": "2.1.18-1",
        "Precedence": "list",
        "List-Id": "Discussion and development of buildroot <buildroot.busybox.net>",
        "List-Unsubscribe": "<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>",
        "List-Archive": "<http://lists.busybox.net/pipermail/buildroot/>",
        "List-Post": "<mailto:buildroot@busybox.net>",
        "List-Help": "<mailto:buildroot-request@busybox.net?subject=help>",
        "List-Subscribe": "<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "buildroot-bounces@busybox.net",
        "Sender": "\"buildroot\" <buildroot-bounces@busybox.net>"
    },
    "content": "Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>\nSigned-off-by: Matt Weber <matthew.weber@rockwellcollins.com>\nReviewed-by: Samuel Martin <s.martin49@gmail.com>\n\n---\nChanges v8 -> v9:\n  - Minor nit picks on spacing (Suggested by Samuel)\n\nChanges v7 -> v8:\n  - Changes REFPOLICY_MAKE_CMDS to REFPOLICY_MAKE_OPTS (Suggested by\n    Samuel)\n  - Added a help section to the custom git repo to explain why the\n    refpolicy-contrib option is needed (Suggested by Samuel)\n  - Added rsync exclusions to ensure no unneeded files are copied during\n    the refpolicy-contrib sync (Suggested by Samuel)\n\nChanges v6 -> v7:\n  - Moving the refpolicy patch into a version specific folder to\n    prevent it from being applied to the custom git repos. (Clayton S.)\n\nChanges v5 -> v6:\n  - Fixed references to GIT in config files (Suggested by Ryan B.)\n  - Removed execute permissions on files (Suggested by Ryan B.)\n  - Fixed spelling error and changed staging install to always install\n    the documentation (Suggested by Samuel)\n\nChanges v4 -> v5:\n  - Removed TODO and dependency on glibc (Matt W.)\n  - Added lib depends to meet policycoreutils limitation on std lib\n    (Matt W.)\n  - Added comment for when an option is not defined (Matt W.)\n  - Removed largefile, locale, and wchar dependencies (Clayton S.)\n  - Remove dependancy on host-python-pyxml (Ryan B.)\n  - Forced package to use $(HOST_DIR)/usr/bin/python2 for python\n    executable (Ryan B.)\n  - Added host-python dependency (Clayton S.)\n  - Removed config menu (suggested by Thomas P.)\n  - Added patch to fix awk issue (Clayton S.)\n\nChanges v3 -> v4:\n  - Added a dependency on host-gawk and correct the awk calls\n    in the makefile to use $(AWK)\n  - Changed the default policy name to br_policy to differentiate\n    the policy generated from refpolicy\n  - Added a install step to create a /.autorelabel file to cause\n    the file system to be relabeled by S12SELinux init script\n  - Adding a default modules.conf file with an option to specify\n    a different one. This will decrease the build time for\n    refpolicy by removing unused policies. (implemented by\n    Thomas P.)\n  - Cleaned up the configure comments (implemented by Thomas).\n  - Added a check to only install the documentation if the\n    Buildroot option is enabled\n  - Removed the build because the install step completes the\n    same process. Also removed the clean step because it is\n    being removed globally from buildroot (implemented by\n    Thomas P.)\n  - Added more error handling to the startup script to print\n    a warning if SELinux fails to install the policy if it\n    exists. This can be caused by the kernel not being configured\n    with SELinux enabled\n\nChanges v2 -> v3:\n  - Changes patch naming convention (suggested by Thomas P.)\n  - Added dependencies on BR2_TOOLCHAIN_HAS_THREADS and\n    BR2_LARGEFILE (suggested by Thomas P.)\n  - Removed configure option for a specific patch folder\n    (suggested by Thomas P.)\n  - Removed distribution configuration option (suggested by Thomas)\n  - Changed the monolithic configuration option to a modular\n    configuration option (suggested by Thomas P.)\n  - Removed the refpolicy name option (suggested by Thomas P.)\n  - Corrected gramatical and comment errors (suggested by Thomas P.)\n  - Multiple style corrections to the mk file (suggested by Thomas P.)\n  - Added a comment to clairfy the usage of the the host build\n    options for a target build\n\nChanges v1 -> v2:\n  - General cleanup to the mk file to conform to the standard format\n  - Fixed the patch naming to match the standard 4 digit numbering\n  - Changed package dependencies into selects in the config\n---\n package/Config.in                                  |   2 +\n package/refpolicy-contrib/Config.in                |  19 +\n package/refpolicy-contrib/refpolicy-contrib.mk     |  18 +\n .../0001-Fix-awk-references-to-use-variable.patch  |  42 +++\n package/refpolicy/Config.in                        |  99 +++++\n package/refpolicy/S00selinux                       | 136 +++++++\n package/refpolicy/config                           |   8 +\n package/refpolicy/modules.conf                     | 406 +++++++++++++++++++++\n package/refpolicy/refpolicy.hash                   |   2 +\n package/refpolicy/refpolicy.mk                     | 121 ++++++\n 10 files changed, 853 insertions(+)\n create mode 100644 package/refpolicy-contrib/Config.in\n create mode 100644 package/refpolicy-contrib/refpolicy-contrib.mk\n create mode 100644 package/refpolicy/2.20130424/0001-Fix-awk-references-to-use-variable.patch\n create mode 100644 package/refpolicy/Config.in\n create mode 100644 package/refpolicy/S00selinux\n create mode 100644 package/refpolicy/config\n create mode 100644 package/refpolicy/modules.conf\n create mode 100644 package/refpolicy/refpolicy.hash\n create mode 100644 package/refpolicy/refpolicy.mk",
    "diff": "diff --git a/package/Config.in b/package/Config.in\nindex 514c1e5..1fe7850 100644\n--- a/package/Config.in\n+++ b/package/Config.in\n@@ -1364,6 +1364,8 @@ endmenu\n \n menu \"Security\"\n \tsource \"package/policycoreutils/Config.in\"\n+\tsource \"package/refpolicy/Config.in\"\n+\tsource \"package/refpolicy-contrib/Config.in\"\n \tsource \"package/setools/Config.in\"\n endmenu\n \ndiff --git a/package/refpolicy-contrib/Config.in b/package/refpolicy-contrib/Config.in\nnew file mode 100644\nindex 0000000..b518248\n--- /dev/null\n+++ b/package/refpolicy-contrib/Config.in\n@@ -0,0 +1,19 @@\n+if BR2_PACKAGE_REFPOLICY_CUSTOM_GIT\n+\n+comment \"A refpolicy contrib repository is required if using a refpolicy repo. (Contrib is a Git submodule of refpolicy)\"\n+\n+config BR2_PACKAGE_REFPOLICY_CONTRIB\n+\tbool \"refpolicy-contrib\"\n+\thelp\n+\t  A Git submodule of the refpolicy package.\n+\n+config BR2_PACKAGE_REFPOLICY_CONTRIB_CUSTOM_REPO_URL\n+\tstring \"URL of custom contrib submodule repository\"\n+\n+config BR2_PACKAGE_REFPOLICY_CONTRIB_CUSTOM_REPO_VERSION\n+\tstring \"Custom contrib submodule repository version\"\n+\thelp\n+\t  Revision to use in the typical format used by Git\n+\t  e.g. a SHA id, a tag, branch, ..\n+\n+endif\ndiff --git a/package/refpolicy-contrib/refpolicy-contrib.mk b/package/refpolicy-contrib/refpolicy-contrib.mk\nnew file mode 100644\nindex 0000000..3d1c53e\n--- /dev/null\n+++ b/package/refpolicy-contrib/refpolicy-contrib.mk\n@@ -0,0 +1,18 @@\n+################################################################################\n+#\n+# refpolicy-contrib\n+#\n+################################################################################\n+\n+ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)\n+REFPOLICY_CONTRIB_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CONTRIB_CUSTOM_REPO_URL))\n+REFPOLICY_CONTRIB_VERSION = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CONTRIB_CUSTOM_REPO_VERSION))\n+REFPOLICY_CONTRIB_SITE_METHOD = git\n+\n+# Inherits license from refpolicy as normally this is a submodule\n+REFPOLICY_CONTRIB_LICENSE = GPLv2\n+endif\n+\n+# If refpolicy is from release archive, this contrib content is part of it.\n+\n+$(eval $(generic-package))\ndiff --git a/package/refpolicy/2.20130424/0001-Fix-awk-references-to-use-variable.patch b/package/refpolicy/2.20130424/0001-Fix-awk-references-to-use-variable.patch\nnew file mode 100644\nindex 0000000..8236fa2\n--- /dev/null\n+++ b/package/refpolicy/2.20130424/0001-Fix-awk-references-to-use-variable.patch\n@@ -0,0 +1,42 @@\n+From 1d4c826e8de366bccb93f167cd9be834ab5911c8 Mon Sep 17 00:00:00 2001\n+From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>\n+Date: Fri, 8 May 2015 14:13:00 -0500\n+Subject: [PATCH] Fix awk references to use variable\n+\n+Ensure all awk calls use the variable setup in the makefile rather than\n+relying on the system.\n+\n+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>\n+---\n+ Makefile | 8 ++++----\n+ 1 file changed, 4 insertions(+), 4 deletions(-)\n+\n+diff --git a/Makefile b/Makefile\n+index 85d4cfb..3aa4b51 100644\n+--- a/Makefile\n++++ b/Makefile\n+@@ -292,9 +292,9 @@ cmdline_mods := $(addsuffix .te,$(APPS_MODS))\n+ cmdline_off := $(addsuffix .te,$(APPS_OFF))\n+ \n+ # extract settings from modules.conf\n+-mod_conf_base := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configbase)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n+-mod_conf_mods := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configmod)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n+-mod_conf_off := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configoff)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n++mod_conf_base := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configbase)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n++mod_conf_mods := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configmod)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n++mod_conf_off := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == \"$(configoff)\") print $$1 }' $(mod_conf) 2> /dev/null)))\n+ \n+ base_mods := $(cmdline_base)\n+ mod_mods := $(cmdline_mods)\n+@@ -308,7 +308,7 @@ off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_c\n+ off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))\n+ \n+ # filesystems to be used in labeling targets\n+-filesystems = $(shell mount | grep -v \"context=\" | egrep -v '\\((|.*,)bind(,.*|)\\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)\n++filesystems = $(shell mount | grep -v \"context=\" | egrep -v '\\((|.*,)bind(,.*|)\\)' | $(AWK) '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)\n+ fs_names := \"btrfs ext2 ext3 ext4 xfs jfs\"\n+ \n+ ########################################\n+-- \n+1.9.1\n+\ndiff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in\nnew file mode 100644\nindex 0000000..e2314de\n--- /dev/null\n+++ b/package/refpolicy/Config.in\n@@ -0,0 +1,99 @@\n+config BR2_PACKAGE_REFPOLICY\n+\tbool \"refpolicy\"\n+\tselect BR2_PACKAGE_POLICYCOREUTILS\n+\tselect BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX\n+\tdepends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils\n+\tdepends on BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL # policycoreutils\n+\thelp\n+\t  The SELinux Reference Policy project (refpolicy) is a\n+\t  complete SELinux policy that can be used as the system\n+\t  policy for a variety of systems and used as the basis\n+\t  for creating other policies. Reference Policy was originally\n+\t  based on the NSA example policy, but aims to accomplish\n+\t  many additional goals.\n+\n+\t  The current refpolicy does not fully support Buildroot\n+\t  and needs modifications to work with the default system\n+\t  file layout. These changes should be added as patches to\n+\t  the refpolicy that modify a single SELinux policy.\n+\n+comment \"refpolicy needs a toolchain w/ threads, glibc or musl\"\n+\tdepends on !BR2_TOOLCHAIN_HAS_THREADS \\\n+\t\t|| !(BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL)\n+\n+if BR2_PACKAGE_REFPOLICY\n+\n+choice\n+\tprompt \"SELinux policy type\"\n+\tdefault BR2_PACKAGE_REFPOLICY_TYPE_STANDARD\n+\n+\tconfig BR2_PACKAGE_REFPOLICY_TYPE_STANDARD\n+\t\tbool \"Standard\"\n+\t\thelp\n+\t\t  Standard SELinux policy\n+\n+\tconfig BR2_PACKAGE_REFPOLICY_TYPE_MCS\n+\t\tbool \"MCS\"\n+\t\thelp\n+\t\t  SELinux policy with multi-catagory support\n+\n+\tconfig BR2_PACKAGE_REFPOLICY_TYPE_MLS\n+\t\tbool \"MLS\"\n+\t\thelp\n+\t\t  SELinux policy with multi-catagory and multi-level support\n+endchoice\n+\n+config BR2_PACKAGE_REFPOLICY_TYPE\n+\tstring\n+\tdefault \"standard\" if BR2_PACKAGE_REFPOLICY_TYPE_STANDARD\n+\tdefault \"mcs\" if BR2_PACKAGE_REFPOLICY_TYPE_MCS\n+\tdefault \"mls\" if BR2_PACKAGE_REFPOLICY_TYPE_MLS\n+\n+config BR2_PACKAGE_REFPOLICY_MODULES_FILE\n+\tstring \"Refpolicy modules configuration\"\n+\tdefault \"package/refpolicy/modules.conf\"\n+\thelp\n+\t  Location of a custom modules.conf file that lists the\n+\t  SELinux policy modules to be included in the compiled\n+\t  policy. See policy/modules.conf in the refpolicy sources for\n+\t  the complete list of available modules.\n+\t  NOTE: This file is only used if a Custom Git repo is\n+\t  not specified.\n+\n+config BR2_PACKAGE_REFPOLICY_MODULAR\n+\tbool \"Build a modular SELinux policy\"\n+\thelp\n+\t  Select Y to build a modular SELinux policy. By default,\n+\t  a monolithing policy will be built to save space on the\n+\t  target. A modular policy can also be built if policies\n+\t  need to be modified without reloading the target.\n+\n+config BR2_PACKAGE_REFPOLICY_CUSTOM_GIT\n+\tbool \"Custom Git repository\"\n+\tselect BR2_PACKAGE_REFPOLICY_CONTRIB\n+\thelp\n+\t This option allows Buildroot to get the refpolicy source\n+\t code from a Git repository. This option should generally\n+\t be used to add custom SELinux policy to the base refpolicy\n+\t without having to deal with lots of patches.\n+\n+\t Please note that with the current configuration of the\n+\t mainline refpolicy git repositories, a refpolicy and a\n+\t refpolicy-contrib git repo must be specified. These are\n+\t linked using a git submodule which does not get initialized\n+\t during the Buildroot build.\n+\n+if BR2_PACKAGE_REFPOLICY_CUSTOM_GIT\n+\n+config BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL\n+\tstring \"URL of custom repository\"\n+\n+config BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION\n+\tstring \"Custom repository version\"\n+\thelp\n+\t  Revision to use in the typical format used by Git\n+\t  e.g. a SHA id, a tag, branch, ..\n+\n+endif\n+\n+endif\ndiff --git a/package/refpolicy/S00selinux b/package/refpolicy/S00selinux\nnew file mode 100644\nindex 0000000..f2ac2e6\n--- /dev/null\n+++ b/package/refpolicy/S00selinux\n@@ -0,0 +1,136 @@\n+#!/bin/sh\n+################################################################################\n+#\n+# This file labels the security contexts of memory based filesystems such as\n+# /dev/ and checks for auto relabel request if '/.autorelabel' file exists.\n+#\n+# This script is a heavily stripped down and modified version of the one used\n+# in CentOS 6.2\n+#\n+################################################################################\n+\n+failed()\n+{\n+   echo $1\n+   exit 1\n+}\n+\n+# Get SELinux config env vars\n+. /etc/selinux/config || failed \"Failed to source the SELinux config\"\n+\n+setup_selinux() {\n+   # Create required directories\n+   mkdir -p /etc/selinux/${SELINUXTYPE}/policy/ ||\n+         failed \"Failed to create the policy folder\"\n+   mkdir -p /etc/selinux/${SELINUXTYPE}/modules/active/modules || \\\n+         failed \"Failed to create the modules folder\"\n+   if [ ! -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local ]\n+   then\n+      touch /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local || \\\n+            failed \"Failed to create the file_contexts.local file\"\n+   fi\n+\n+   # Install modules\n+   semodule -v -s ${SELINUXTYPE} -b /usr/share/selinux/${SELINUXTYPE}/base.pp \\\n+         -i $(ls /usr/share/selinux/${SELINUXTYPE}/*.pp | grep -v base) || \\\n+         failed \"Failed to install the base policy\"\n+\n+   # Load the policy to activate it\n+   load_policy -i || failed \"Failed to load the SELinux policy\"\n+}\n+\n+relabel_selinux() {\n+   # if /sbin/init is not labeled correctly this process is running in the\n+   # wrong context, so a reboot will be required after relabel\n+   AUTORELABEL=\n+\n+   # Switch to Permissive mode\n+   echo \"0\" > /selinux/enforce || failed \"Failed to disable enforcing mode\"\n+\n+   echo\n+   echo \"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required.\"\n+   echo \"*** Relabeling could take a very long time, depending on file\"\n+   echo \"*** system size and speed of hard drives.\"\n+\n+   # Relabel mount points\n+   restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\\// { print $2 }' /etc/fstab) \\\n+         >/dev/null 2>&1 || failed \"Failed to relabel the mount points\"\n+\n+   # Relabel file system\n+   echo \"Relabeling file systems\"\n+   restorecon -R -F / || failed \"Failed to relabel the file system\"\n+\n+   # Remove label\n+   rm -f  /.autorelabel || failed \"Failed to remove the autorelabel flag\"\n+\n+   # Reboot to activate relabeled file system\n+   echo \"Automatic reboot in progress.\"\n+   reboot -f\n+}\n+\n+start() {\n+   echo -n \"Initializing SELinux: \"\n+\n+   # Check to see if the default policy has been installed\n+   if [ \"`sestatus | grep \"SELinux status\" | grep enabled`\" == \"\" ]; then\n+      if [ ! -f /etc/selinux/${SELINUXTYPE}/policy/policy.* ]\n+      then\n+         setup_selinux\n+      else\n+         echo \"SELinux policy install failed. Check kernel and init config\"\n+         exit 1\n+      fi\n+   fi\n+\n+   # Check SELinux status\n+   SELINUX_STATE=\n+   if [ -e \"/selinux/enforce\" ] && [ \"$(cat /proc/self/attr/current)\" != \"kernel\" ]; then\n+      if [ -r \"/selinux/enforce\" ] ; then\n+         SELINUX_STATE=$(cat \"/selinux/enforce\")\n+      else\n+         # assume enforcing if you can't read it\n+         SELINUX_STATE=1\n+      fi\n+   fi\n+\n+   # Context Label /dev/\n+   if [ -n \"$SELINUX_STATE\" -a -x /sbin/restorecon ] && fgrep \" /dev \" /proc/mounts >/dev/null 2>&1 ; then\n+      /sbin/restorecon -R -F /dev 2>/dev/null\n+   fi\n+\n+   # Context Label tmpfs mounts\n+   if [ -n \"$SELINUX_STATE\" -a -x /sbin/restorecon ]; then\n+      /sbin/restorecon -R -F $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\\// && $3 ==\"tmpfs\" { print $2 }' /etc/fstab) >/dev/null 2>&1\n+   fi\n+\n+   # Clean up SELinux labels\n+   if [ -n \"$SELINUX_STATE\" -a -x /sbin/restorecon ]; then\n+      restorecon -F /etc/mtab /etc/ld.so.cache /etc/resolv.conf >/dev/null 2>&1\n+   fi\n+\n+   # Check for filesystem relabel request\n+   if [ -f /.autorelabel ] ; then\n+      relabel_selinux\n+   fi\n+\n+   echo \"OK\"\n+}\n+stop() {\n+   # There is nothing to do\n+   echo \"OK\"\n+}\n+\n+case \"$1\" in\n+   start)\n+      start\n+      ;;\n+   stop)\n+      stop\n+      ;;\n+   *)\n+      echo \"Usage: $0 {start|stop}\"\n+      exit 1\n+      ;;\n+esac\n+\n+exit $?\ndiff --git a/package/refpolicy/config b/package/refpolicy/config\nnew file mode 100644\nindex 0000000..5eee807\n--- /dev/null\n+++ b/package/refpolicy/config\n@@ -0,0 +1,8 @@\n+# This file controls the state of SELinux on the system.\n+# SELINUX= can take one of these three values:\n+#     enforcing - SELinux security policy is enforced.\n+#     permissive - SELinux prints warnings instead of enforcing.\n+#     disabled - No SELinux policy is loaded.\n+SELINUX=permissive\n+# SELINUXTYPE= name of the selinux policy to use\n+SELINUXTYPE=refpolicy\ndiff --git a/package/refpolicy/modules.conf b/package/refpolicy/modules.conf\nnew file mode 100644\nindex 0000000..58282d8\n--- /dev/null\n+++ b/package/refpolicy/modules.conf\n@@ -0,0 +1,406 @@\n+#\n+# This file contains a listing of available modules.\n+# To prevent a module from  being used in policy\n+# creation, set the module name to \"off\".\n+#\n+# For monolithic policies, modules set to \"base\" and \"module\"\n+# will be built into the policy.\n+#\n+# For modular policies, modules set to \"base\" will be\n+# included in the base module.  \"module\" will be compiled\n+# as individual loadable modules.\n+#\n+\n+# Layer: kernel\n+# Module: corecommands\n+# Required in base\n+#\n+# Core policy for shells, and generic programs\n+# in /bin, /sbin, /usr/bin, and /usr/sbin.\n+#\n+corecommands = base\n+\n+# Layer: kernel\n+# Module: corenetwork\n+# Required in base\n+#\n+# Policy controlling access to network objects\n+#\n+corenetwork = base\n+\n+# Layer: kernel\n+# Module: devices\n+# Required in base\n+#\n+# Device nodes and interfaces for many basic system devices.\n+#\n+devices = base\n+\n+# Layer: kernel\n+# Module: domain\n+# Required in base\n+#\n+# Core policy for domains.\n+#\n+domain = base\n+\n+# Layer: kernel\n+# Module: files\n+# Required in base\n+#\n+# Basic filesystem types and interfaces.\n+#\n+files = base\n+\n+# Layer: kernel\n+# Module: filesystem\n+# Required in base\n+#\n+# Policy for filesystems.\n+#\n+filesystem = base\n+\n+# Layer: kernel\n+# Module: kernel\n+# Required in base\n+#\n+# Policy for kernel threads, proc filesystem,\n+# and unlabeled processes and objects.\n+#\n+kernel = base\n+\n+# Layer: kernel\n+# Module: mcs\n+# Required in base\n+#\n+# Multicategory security policy\n+#\n+mcs = base\n+\n+# Layer: kernel\n+# Module: mls\n+# Required in base\n+#\n+# Multilevel security policy\n+#\n+mls = base\n+\n+# Layer: kernel\n+# Module: selinux\n+# Required in base\n+#\n+# Policy for kernel security interface, in particular, selinuxfs.\n+#\n+selinux = base\n+\n+# Layer: kernel\n+# Module: terminal\n+# Required in base\n+#\n+# Policy for terminals.\n+#\n+terminal = base\n+\n+# Layer: kernel\n+# Module: ubac\n+# Required in base\n+#\n+# User-based access control policy\n+#\n+ubac = base\n+\n+# Layer: admin\n+# Module: bootloader\n+#\n+# Policy for the kernel modules, kernel image, and bootloader.\n+#\n+bootloader = module\n+\n+# Layer: admin\n+# Module: consoletype\n+#\n+# Determine of the console connected to the controlling terminal.\n+#\n+consoletype = module\n+\n+# Layer: admin\n+# Module: dmesg\n+#\n+# Policy for dmesg.\n+#\n+dmesg = module\n+\n+# Layer: admin\n+# Module: netutils\n+#\n+# Network analysis utilities\n+#\n+netutils = module\n+\n+# Layer: admin\n+# Module: su\n+#\n+# Run shells with substitute user and group\n+#\n+su = module\n+\n+# Layer: admin\n+# Module: sudo\n+#\n+# Execute a command with a substitute user\n+#\n+sudo = module\n+\n+# Layer: admin\n+# Module: usermanage\n+#\n+# Policy for managing user accounts.\n+#\n+usermanage = module\n+\n+# Layer: apps\n+# Module: seunshare\n+#\n+# Filesystem namespacing/polyinstantiation application.\n+#\n+seunshare = module\n+\n+# Layer: kernel\n+# Module: storage\n+#\n+# Policy controlling access to storage devices\n+#\n+storage = module\n+\n+# Layer: roles\n+# Module: auditadm\n+#\n+# Audit administrator role\n+#\n+auditadm = module\n+\n+# Layer: roles\n+# Module: logadm\n+#\n+# Log administrator role\n+#\n+logadm = module\n+\n+# Layer: roles\n+# Module: secadm\n+#\n+# Security administrator role\n+#\n+secadm = module\n+\n+# Layer: roles\n+# Module: staff\n+#\n+# Administrator's unprivileged user role\n+#\n+staff = module\n+\n+# Layer: roles\n+# Module: sysadm\n+#\n+# General system administration role\n+#\n+sysadm = module\n+\n+# Layer: roles\n+# Module: unprivuser\n+#\n+# Generic unprivileged user role\n+#\n+unprivuser = module\n+\n+# Layer: services\n+# Module: postgresql\n+#\n+# PostgreSQL relational database\n+#\n+postgresql = module\n+\n+# Layer: services\n+# Module: ssh\n+#\n+# Secure shell client and server policy.\n+#\n+ssh = module\n+\n+# Layer: services\n+# Module: xserver\n+#\n+# X Windows Server\n+#\n+xserver = module\n+\n+# Layer: system\n+# Module: application\n+#\n+# Policy for user executable applications.\n+#\n+application = module\n+\n+# Layer: system\n+# Module: authlogin\n+#\n+# Common policy for authentication and user login.\n+#\n+authlogin = module\n+\n+# Layer: system\n+# Module: clock\n+#\n+# Policy for reading and setting the hardware clock.\n+#\n+clock = module\n+\n+# Layer: system\n+# Module: fstools\n+#\n+# Tools for filesystem management, such as mkfs and fsck.\n+#\n+fstools = module\n+\n+# Layer: system\n+# Module: getty\n+#\n+# Policy for getty.\n+#\n+getty = module\n+\n+# Layer: system\n+# Module: hostname\n+#\n+# Policy for changing the system host name.\n+#\n+hostname = module\n+\n+# Layer: system\n+# Module: hotplug\n+#\n+# Policy for hotplug system, for supporting the\n+# connection and disconnection of devices at runtime.\n+#\n+hotplug = module\n+\n+# Layer: system\n+# Module: init\n+#\n+# System initialization programs (init and init scripts).\n+#\n+init = module\n+\n+# Layer: system\n+# Module: ipsec\n+#\n+# TCP/IP encryption\n+#\n+ipsec = module\n+\n+# Layer: system\n+# Module: iptables\n+#\n+# Policy for iptables.\n+#\n+iptables = module\n+\n+# Layer: system\n+# Module: libraries\n+#\n+# Policy for system libraries.\n+#\n+libraries = module\n+\n+# Layer: system\n+# Module: locallogin\n+#\n+# Policy for local logins.\n+#\n+locallogin = module\n+\n+# Layer: system\n+# Module: logging\n+#\n+# Policy for the kernel message logger and system logging daemon.\n+#\n+logging = module\n+\n+# Layer: system\n+# Module: lvm\n+#\n+# Policy for logical volume management programs.\n+#\n+lvm = module\n+\n+# Layer: system\n+# Module: miscfiles\n+#\n+# Miscelaneous files.\n+#\n+miscfiles = module\n+\n+# Layer: system\n+# Module: modutils\n+#\n+# Policy for kernel module utilities\n+#\n+modutils = module\n+\n+# Layer: system\n+# Module: mount\n+#\n+# Policy for mount.\n+#\n+mount = module\n+\n+# Layer: system\n+# Module: netlabel\n+#\n+# NetLabel/CIPSO labeled networking management\n+#\n+netlabel = module\n+\n+# Layer: system\n+# Module: selinuxutil\n+#\n+# Policy for SELinux policy and userland applications.\n+#\n+selinuxutil = module\n+\n+# Layer: system\n+# Module: setrans\n+#\n+# SELinux MLS/MCS label translation service.\n+#\n+setrans = module\n+\n+# Layer: system\n+# Module: sysnetwork\n+#\n+# Policy for network configuration: ifconfig and dhcp client.\n+#\n+sysnetwork = module\n+\n+# Layer: system\n+# Module: udev\n+#\n+# Policy for udev.\n+#\n+udev = module\n+\n+# Layer: system\n+# Module: unconfined\n+#\n+# The unconfined domain.\n+#\n+unconfined = module\n+\n+# Layer: system\n+# Module: userdomain\n+#\n+# Policy for user domains\n+#\n+userdomain = module\n+\ndiff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash\nnew file mode 100644\nindex 0000000..eca53d7\n--- /dev/null\n+++ b/package/refpolicy/refpolicy.hash\n@@ -0,0 +1,2 @@\n+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease\n+sha256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4  refpolicy-2.20130424.tar.bz2\ndiff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk\nnew file mode 100644\nindex 0000000..d367c09\n--- /dev/null\n+++ b/package/refpolicy/refpolicy.mk\n@@ -0,0 +1,121 @@\n+################################################################################\n+#\n+# refpolicy\n+#\n+################################################################################\n+\n+ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)\n+REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))\n+REFPOLICY_VERSION = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION))\n+REFPOLICY_SITE_METHOD = git\n+REFPOLICY_DEPENDENCIES += refpolicy-contrib\n+else\n+REFPOLICY_VERSION = 2.20130424\n+REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2\n+REFPOLICY_SITE = http://oss.tresys.com/files/refpolicy/\n+endif\n+REFPOLICY_LICENSE = GPLv2\n+REFPOLICY_LICENSE_FILES = COPYING\n+\n+# Cannot use multiple threads to build the reference policy\n+REFPOLICY_MAKE = $(TARGET_MAKE_ENV) $(MAKE1)\n+\n+REFPOLICY_DEPENDENCIES += host-m4 host-checkpolicy host-policycoreutils \\\n+\thost-setools host-gawk host-python policycoreutils\n+\n+REFPOLICY_INSTALL_STAGING = YES\n+\n+REFPOLICY_POLICY_NAME = br_policy\n+\n+# To apply board specific customizations, create a refpolicy folder in\n+# BR2_GLOBAL_PATCH_DIR.  These patches will be applied after the patches\n+# in package/refpolicy\n+\n+# Passing the HOST_CONFIGURE_OPTS to the target build because all of the\n+# build utilities are expected to be on system. This fools the make files\n+# into using the host built utilities to compile the SELinux policy for\n+# the target.\n+#\n+# Note, the TEST_TOOLCHAIN option will also set the\n+# LD_LIBRARY_PATH at run time.\n+REFPOLICY_MAKE_OPTS = $(HOST_CONFIGURE_OPTS) \\\n+\tTEST_TOOLCHAIN=\"$(HOST_DIR)\"\n+\n+# Build requires python2 to run\n+REFPOLICY_MAKE_ENV = \\\n+\tPYTHON=\"$(HOST_DIR)/usr/bin/python2\" \\\n+\tAWK=\"$(HOST_DIR)/usr/bin/gawk\" \\\n+\tM4=\"$(HOST_DIR)/usr/bin/m4\"\n+\n+\n+ifeq ($(BR2_PACKAGE_REFPOLICY_MODULAR),y)\n+\tREFPOLICY_MONOLITHIC = n\n+else\n+\tREFPOLICY_MONOLITHIC = y\n+endif\n+\n+ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)\n+define REFPOLICY_GIT_SUBMODULE_SETUP\n+\trsync -ar $(RSYNC_VCS_EXCLUSIONS) $(REFPOLICY_CONTRIB_DIR)/* \\\n+\t\t$(@D)/policy/modules/contrib/\n+endef\n+else\n+REFPOLICY_MODULES_FILE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_MODULES_FILE))\n+define REFPOLICY_CUSTOM_MODULES_CONF\n+\tcp $(REFPOLICY_MODULES_FILE) $(@D)/policy/modules.conf\n+endef\n+endif\n+\n+define REFPOLICY_CONFIGURE_CMDS\n+\t$(REFPOLICY_GIT_SUBMODULE_SETUP)\n+\t# If an external repo is used to build refpolicy, this preserves the\n+\t# custom modules.conf which defines the enabled components.\n+\tif [ -f $(@D)/policy/modules.conf ]; then \\\n+\t\tmv $(@D)/policy/modules.conf $(@D)/modules.conf.bk ; \\\n+\tfi\n+\t$(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) bare \\\n+\t\t$(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)\n+\t$(SED) \"/TYPE/c\\TYPE = $(BR2_PACKAGE_REFPOLICY_TYPE)\" $(@D)/build.conf\n+\t$(SED) \"/MONOLITHIC/c\\MONOLITHIC = $(REFPOLICY_MONOLITHIC)\" $(@D)/build.conf\n+\t$(SED) \"/NAME/c\\NAME = $(REFPOLICY_POLICY_NAME)\" $(@D)/build.conf\n+\t$(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) conf \\\n+\t\t$(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)\n+\tif [ -f $(@D)/modules.conf.bk ]; then \\\n+\t\techo \"[Preserved modules.conf]\" ; \\\n+\t\tmv $(@D)/modules.conf.bk $(@D)/policy/modules.conf ; \\\n+\tfi\n+\t$(REFPOLICY_CUSTOM_MODULES_CONF)\n+endef\n+\n+define REFPOLICY_INSTALL_STAGING_CMDS\n+\t$(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \\\n+\t\tinstall-docs $(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)\n+endef\n+\n+define REFPOLICY_INSTALL_TARGET_CMDS\n+\t$(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) install \\\n+\t\t$(REFPOLICY_MAKE_OPTS) DESTDIR=$(TARGET_DIR)\n+\t$(INSTALL) -m 0755 -D package/refpolicy/config $(TARGET_DIR)/etc/selinux/config\n+\t$(SED) \"/^SELINUXTYPE/c\\SELINUXTYPE=$(REFPOLICY_POLICY_NAME)\" \\\n+\t\t$(TARGET_DIR)/etc/selinux/config\n+\ttouch $(TARGET_DIR)/.autorelabel\n+\t$(RM) $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/booleans\n+endef\n+\n+define REFPOLICY_INSTALL_INIT_SYSV\n+\t$(INSTALL) -m 0755 -D package/refpolicy/S00selinux \\\n+\t\t$(TARGET_DIR)/etc/init.d/S00selinux\n+endef\n+\n+define REFPOLICY_POLICY_COMPILE\n+\t$(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/policy\n+\t$(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/modules/active/modules\n+\t$(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/contexts/files\n+\ttouch $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/contexts/files/file_contexts.local\n+endef\n+\n+ifeq ($(BR2_PACKAGE_REFPOLICY_MODULAR),y)\n+\tREFPOLICY_POST_INSTALL_TARGET_HOOKS += REFPOLICY_POLICY_COMPILE\n+endif\n+\n+$(eval $(generic-package))\n",
    "prefixes": [
        "v9",
        "03/15"
    ]
}