Bump buidlroot version to 2018.02.6

bsp/buildroot/package/refpolicy/Config.in

@@ -0,0 +1,69 @@
+config BR2_PACKAGE_REFPOLICY
+	bool "refpolicy"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+	depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # policycoreutils
+	depends on !BR2_STATIC_LIBS # policycoreutils
+	depends on !BR2_arc # policycoreutils
+	select BR2_PACKAGE_POLICYCOREUTILS
+	select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+	help
+	  The SELinux Reference Policy project (refpolicy) is a
+	  complete SELinux policy that can be used as the system
+	  policy for a variety of systems and used as the basis for
+	  creating other policies. Reference Policy was originally
+	  based on the NSA example policy, but aims to accomplish many
+	  additional goals.
+
+	  The current refpolicy does not fully support Buildroot and
+	  needs modifications to work with the default system file
+	  layout. These changes should be added as patches to the
+	  refpolicy that modify a single SELinux policy.
+
+	  The refpolicy works for the most part in permissive
+	  mode. Only the basic set of utilities are enabled in the
+	  example policy config and some of the pathing in the
+	  policies is not correct.  Individual policies would need to
+	  be tweaked to get everything functioning properly.
+
+	  https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+	depends on !BR2_arc
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
+	string "Policy version"
+	default "30"
+
+choice
+	prompt "SELinux default state"
+	default BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
+	bool "Enforcing"
+	help
+	  SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
+	bool "Permissive"
+	help
+	  SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
+	bool "Disabled"
+	help
+	  No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_POLICY_STATE
+	string
+	default "permissive" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
+	default "enforcing" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
+	default "disabled" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
+
+endif

bsp/buildroot/package/refpolicy/config

@@ -0,0 +1,8 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted

bsp/buildroot/package/refpolicy/refpolicy.hash

@@ -0,0 +1,5 @@
+# From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 e826f7d7f899a548e538964487e9fc1bc67ca94756ebdce0bfb6532b4eb0d06b  refpolicy-2.20180114.tar.bz2
+
+# Locally computed
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING

bsp/buildroot/package/refpolicy/refpolicy.mk

@@ -0,0 +1,62 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = 2.20180114
+REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
+REFPOLICY_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files
+REFPOLICY_LICENSE = GPL-2.0
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES = \
+	host-m4 \
+	host-checkpolicy \
+	host-policycoreutils \
+	host-setools \
+	host-gawk \
+	policycoreutils
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+REFPOLICY_DEPENDENCIES += host-python3
+else
+REFPOLICY_DEPENDENCIES += host-python
+endif
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = \
+	TEST_TOOLCHAIN=$(HOST_DIR) \
+	$(TARGET_MAKE_ENV) \
+	$(MAKE1)
+
+REFPOLICY_POLICY_VERSION = \
+	$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION))
+REFPOLICY_POLICY_STATE = \
+	$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_STATE))
+
+define REFPOLICY_CONFIGURE_CMDS
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
+		$(@D)/build.conf
+	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) bare conf
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) \
+		install-src install-headers
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
+	$(INSTALL) -m 0755 -D package/refpolicy/config \
+		$(TARGET_DIR)/etc/selinux/config
+	$(SED) "/^SELINUX=/c\SELINUX=$(REFPOLICY_POLICY_STATE)" \
+		$(TARGET_DIR)/etc/selinux/config
+endef
+
+$(eval $(generic-package))