[Buildroot] [PATCH 11/15] package/refpolicy: allow selecting additional modules

[Antoine Tenart]

Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.

Signed-off-by: Antoine Tenart <antoine.tenart at bootlin.com>
---
 package/refpolicy/Config.in    | 5 +++++
 package/refpolicy/refpolicy.mk | 1 +
 2 files changed, 6 insertions(+)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 030b1e93c9bd..73274920000a 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -64,6 +64,11 @@ config BR2_REFPOLICY_EXTRA_MODULES_DIRS
 	  Each of those directories must contain the SELinux policy .fc, .if
 	  and .te files directly at the top-level, with no sub-directories.
 
+config BR2_REFPOLICY_EXTRA_MODULES
+	string "Extra modules to enable"
+	help
+	  List of extra SELinux modules to enable in the refpolicy.
+
 endif
 
 comment "refpolicy needs a toolchain w/ threads"
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index edbb5a228f55..de1fe9217a80 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -47,6 +47,7 @@ REFPOLICY_MODULES = \
 	unconfined \
 	userdomain \
 	$(PACKAGES_SELINUX_MODULES) \
+	$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
 	$(foreach d,$(call qstrip,$(REFPOLICY_EXTRA_MODULES)),\
 		$(basename $(notdir $(wildcard $(d)/*.te))))
 
-- 
2.26.2