diff mbox

[v13,1/8] policycoreutils: new package

Message ID 1477423570-15694-1-git-send-email-bryce.ferguson@rockwellcollins.com
State Accepted
Headers show

Commit Message

Bryce Ferguson Oct. 25, 2016, 7:26 p.m. UTC 
From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>

This package contains the core policy utilities that are required
for basic operation of an SELinux system.

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>

---
Changes: v12 -> v13:
  - Incorporated changes found here: https://patchwork.ozlabs.org/patch/649176/

Changes v11 -> v12:
  - splitted DESTDIR and CFLAGS patches into three patches( DESTDIR,PREFIX and removal of ARCH).

Changes v10 -> v11:
  - Removed LDFLAGS="-Wl,-rpath,$(HOST_DIR)/usr/lib" as it is overriding LDFLAGS.
  - Removed patch PREFIX number in the subject line .
  - Replaced line  LDFLAGS="-Wl,-rpath,$(HOST_DIR)/usr/lib" with LDFLAGS="$(HOST_LDFLAGS)".
  - Added patch to disable dbuslib flags in policycoreutils .
  - Added libglib2 dependency for restorecond.

Changes v9 -> v10:
  - Added LDFLAGS for HOST_POLICYCOREUTILS_MAKE_OPTS:LDFLAGS="-Wl,-rpath,$(HOST_DIR)/usr/lib"

Changes v8 -> v9:
  - Cleaned up DESTDIR references in patches to use PREFIX instead
    (suggested by Samuel)
  - Added the use of the ARCH to pass the host and target architectures
    to the build (Suggested by Samuel)

Changes v7 -> v8:
  - Cleaned up indentations in policycoreutils.mk (Suggested by
    Thomas P.)
  - Fixed sed separator (Suggested by Thomas P.)
  - Cleaned up cross compile patches and make options (Suggested by
    Thomas P.)
  - Changed dbus-glib dependency to a select and cleaned up the
    dependencies (Suggested by Thomas P.)

Changes v6 -> v7:
  - No changes

Changes v5 -> v6:
  - No changes

Changes v4 -> v5:
  - Updated depends and removed glibc dependency (Matt W.)
  - Updated site to github (Matt W.)
  - Added host python 2/3 support (Matt W.)
  - Removed sandbox and mctrans support (Matt W.)
  - Removed restorcon init script (Matt W.)
  - Agree as optional settings were removed so menu isn't needed
    (Suggested by Ryan B. and Thomas P.)
  - added Config.in select for LIBCAP_NG (Suggested by Thomas P.)
  - cleaned up pam/audit ifeq (Suggested by Thomas P.)
  - fixed CFLAGS to include target_cflags instead of += (Suggested by
    Thomas P.)
  - Refactored lists of build/install steps into loops  (Suggested by
    Thomas P.)
  - Removed += on first host depends assignment (Suggested by Thomas P.)
  - Refactored host make opts assignments (Suggested by Thomas P.)
  - Limited to glibc because of fts.h, some uclibc toolchains have it
    others don't.  Eventually this would be good to fix with the updated
    method of file traversal. (Matt W.)
  - Gettext fixups for uclibc support.  Counter productive as we
    now limit to glibc only. (Matt W.)
  - Added musl as possible lib type (Matt W.)
  - Removed largefile dependency (Clayton S.)
  - Changed dbus-glib select to a depends on in the Config.in (suggested
    by Ryan B.)

Changes v3 -> v4:
  - Add a select for the libselinux Python bindings when debugging
    is enabled.  This will cause Python to be built for the target
    (suggested by Thomas P.)
  - Cleaned up the configure comments (suggested by Thomas).
  - Added a dependency on BR2_USE_MMU for the debugging option
    because python requires it (suggested by Thomas P.)
  - Removed the dependencies on audit and linux-pam. Both packages
    are now optional dependencies based on whether or not the package
    has been selected
  - Moved the dependency on dbus-glib to only the restorecond option
    where it is used
  - Added a INSTALL_INIT_SYSV for the restorecond daemon rather than
    just installing it directly
  - Adding a dependency on glibc
  - Removed the clean commands

Changes v2 -> v3:
  - Added dependencies on BR2_TOOLCHAIN_HAS_THREADS and BR2_LARGEFILE
    (suggested by Thomas P.)
  - Changes patch naming convention (suggested by Thomas P.)
  - Added selects for linux-pam and audit

Changes v1 -> v2:
  - General cleanup to the mk file to conform to the standard format
  - Fixed the patch naming to avoid using the version number
  - Cleaned up the patch to include a signed-off-by line
  - Changed package dependencies into selects in the config
---
 package/Config.in                                  |   1 +
 ...IR-to-all-paths-that-use-an-absolute-path.patch | 131 +++++++++++++
 .../0002-Add-PREFIX-to-host-paths.patch            | 211 +++++++++++++++++++++
 .../0003-Remove-hardcoded-arch-variable.patch      |  43 +++++
 ...licy-python-install-arguments-to-be-a-var.patch |  42 ++++
 .../0005-Check-to-see-if-DBUS-is-enabled.patch     |  56 ++++++
 package/policycoreutils/Config.in                  |  59 ++++++
 package/policycoreutils/policycoreutils.hash       |   2 +
 package/policycoreutils/policycoreutils.mk         | 111 +++++++++++
 9 files changed, 656 insertions(+)
 create mode 100644 package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
 create mode 100644 package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
 create mode 100644 package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
 create mode 100644 package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
 create mode 100644 package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
 create mode 100644 package/policycoreutils/Config.in
 create mode 100644 package/policycoreutils/policycoreutils.hash
 create mode 100644 package/policycoreutils/policycoreutils.mk

Comments

Thomas Petazzoni Dec. 10, 2016, 2:59 p.m. UTC | #1 
Hello,

On Tue, 25 Oct 2016 14:26:03 -0500, Bryce Ferguson wrote:
> From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
> 
> This package contains the core policy utilities that are required
> for basic operation of an SELinux system.
> 
> Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
> Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
> Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
> Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>

I've applied your patch to master, with the following changes:

    [Thomas:
     - Move the Config.in comment at the top of the Config.in file rather
       than between the main option and its sub-options, as this breaks
       menuconfig indentation.
     - Fix the propagation of the libsemanage dependencies. libsemanage
       depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and
       BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it
       depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related
       handling becomes useless and has been removed.
     - Rename the prompt of the restorecond sub-option to just
       "restorecond".
     - Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of
       passing LDFLAGS, CC, etc. manually.
     - Use make "foreach" function for loops instead of shell "for" loops.
     - Rework the explanation of why we're passing DESTDIR at build time.
     - Minor formatting tweaks here and there.]

I've also added Clayton as the contact in the DEVELOPERS file for this
package. If this is not correct, please send another patch to fix that
up. We really want your help to fix build issues that may arise from
this package.

Also, could you please have a look at what I answered to:

  [PATCH v13 4/8] util-linux: selinux, audit, and pam support

and look at the alternative proposals I made:

  https://patchwork.ozlabs.org/patch/703332/
  https://patchwork.ozlabs.org/patch/703333/

Thanks,

Thomas
Matt Weber Dec. 12, 2016, 7:11 p.m. UTC | #2 
Thomas,

On Sat, Dec 10, 2016 at 8:59 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
>
> Hello,
>
> On Tue, 25 Oct 2016 14:26:03 -0500, Bryce Ferguson wrote:
> > From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
> >
> > This package contains the core policy utilities that are required
> > for basic operation of an SELinux system.
> >
> > Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
> > Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
> > Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
> > Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
> > Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
>
> I've applied your patch to master, with the following changes:
>
>     [Thomas:
>      - Move the Config.in comment at the top of the Config.in file rather
>        than between the main option and its sub-options, as this breaks
>        menuconfig indentation.
>      - Fix the propagation of the libsemanage dependencies. libsemanage
>        depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and
>        BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it
>        depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related
>        handling becomes useless and has been removed.
>      - Rename the prompt of the restorecond sub-option to just
>        "restorecond".
>      - Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of
>        passing LDFLAGS, CC, etc. manually.
>      - Use make "foreach" function for loops instead of shell "for" loops.
>      - Rework the explanation of why we're passing DESTDIR at build time.
>      - Minor formatting tweaks here and there.]
>
> I've also added Clayton as the contact in the DEVELOPERS file for this
> package. If this is not correct, please send another patch to fix that
> up. We really want your help to fix build issues that may arise from
> this package.

Clayton is still a good contact and if not we'll update.

Definitely will be watching the autobuilder.  I'm currently looking at
a issue with "-D_FILE_OFFSET_BITS==64"

>
>
> Also, could you please have a look at what I answered to:
>
>   [PATCH v13 4/8] util-linux: selinux, audit, and pam support
>
> and look at the alternative proposals I made:
>
>   https://patchwork.ozlabs.org/patch/703332/
>   https://patchwork.ozlabs.org/patch/703333/

I'll let Bryce follow up on these.

Thanks!
Bryce Ferguson Dec. 12, 2016, 7:28 p.m. UTC | #3 
Hello,

On Sat, Dec 10, 2016 at 8:59 AM, Thomas Petazzoni <
thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Tue, 25 Oct 2016 14:26:03 -0500, Bryce Ferguson wrote:
>> From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
>>
>> This package contains the core policy utilities that are required
>> for basic operation of an SELinux system.
>>
>> Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
>> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
>> Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
>> Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
>> Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
>
> I've applied your patch to master, with the following changes:
>
>     [Thomas:
>      - Move the Config.in comment at the top of the Config.in file rather
>        than between the main option and its sub-options, as this breaks
>        menuconfig indentation.
>      - Fix the propagation of the libsemanage dependencies. libsemanage
>        depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and
>        BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it
>        depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related
>        handling becomes useless and has been removed.
>      - Rename the prompt of the restorecond sub-option to just
>        "restorecond".
>      - Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of
>        passing LDFLAGS, CC, etc. manually.
>      - Use make "foreach" function for loops instead of shell "for" loops.
>      - Rework the explanation of why we're passing DESTDIR at build time.
>      - Minor formatting tweaks here and there.]
>
> I've also added Clayton as the contact in the DEVELOPERS file for this
> package. If this is not correct, please send another patch to fix that
> up. We really want your help to fix build issues that may arise from
> this package.
>
> Also, could you please have a look at what I answered to:
>
>   [PATCH v13 4/8] util-linux: selinux, audit, and pam support
>
> and look at the alternative proposals I made:
>
>   https://patchwork.ozlabs.org/patch/703332/
>   https://patchwork.ozlabs.org/patch/703333/

I will perform a test build with these patches and provide tested-by
feedback.  I think we will want to use these patches instead of [PATCH v13
4/8].  So, to confirm, I will remove that patch completely as yours will
supersede it, correct?

Thanks
Thomas Petazzoni Dec. 12, 2016, 8:14 p.m. UTC | #4 
Hello,

On Mon, 12 Dec 2016 13:28:04 -0600, Bryce Ferguson wrote:

> > Also, could you please have a look at what I answered to:
> >
> >   [PATCH v13 4/8] util-linux: selinux, audit, and pam support
> >
> > and look at the alternative proposals I made:
> >
> >   https://patchwork.ozlabs.org/patch/703332/
> >   https://patchwork.ozlabs.org/patch/703333/  
> 
> I will perform a test build with these patches and provide tested-by
> feedback.  I think we will want to use these patches instead of [PATCH v13
> 4/8].  So, to confirm, I will remove that patch completely as yours will
> supersede it, correct?

Yes, that's the idea. Thanks for the feedback.

Also, I'm on IRC #buildroot, usually starting from 9/9:30 PM CET, which
should conveniently fall into the afternoon for you. It would be great
if a few folks interested in SELinux in Buildroot on your side could be
on IRC so we can quickly exchange on how to move forward with this.

Thanks!

Thomas
diff mbox

Patch

diff --git a/package/Config.in b/package/Config.in
index 9399f63..8091e33 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1657,6 +1657,7 @@  menu "Real-Time"
 endmenu
 
 menu "Security"
+	source "package/policycoreutils/Config.in"
 	source "package/setools/Config.in"
 endmenu
 
diff --git a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
new file mode 100644
index 0000000..bbd6895
--- /dev/null
+++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
@@ -0,0 +1,131 @@ 
+The addition of this patch makes the use of DESTDIR
+mandatory as there are conditional checks which would fail if it's not
+defined.
+
+This patch was updated from the patch provided by Niranjan Reddy to
+accomodate version 2.5
+
+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
+Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ policycoreutils/Makefile             | 2 +-
+ policycoreutils/newrole/Makefile     | 4 ++--
+ policycoreutils/restorecond/Makefile | 5 +++--
+ policycoreutils/run_init/Makefile    | 4 ++--
+ policycoreutils/sepolicy/Makefile    | 2 +-
+ policycoreutils/sestatus/Makefile    | 2 +-
+ policycoreutils/setfiles/Makefile    | 4 ++--
+ 7 files changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 962ac12..0634a2a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
++INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
+ 
+ ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
+ 	SUBDIRS += restorecond
+diff --git a/newrole/Makefile b/newrole/Makefile
+index 646cd4d..f124a6a 100644
+--- a/newrole/Makefile
++++ b/newrole/Makefile
+@@ -4,8 +4,8 @@ BINDIR ?= $(PREFIX)/bin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR = /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ # Enable capabilities to permit newrole to generate audit records.
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
+diff --git a/restorecond/Makefile b/restorecond/Makefile
+index f99e1e7..92a4a4d 100644
+--- a/restorecond/Makefile
++++ b/restorecond/Makefile
+@@ -11,11 +11,12 @@ autostart_DATA = sealertauto.desktop
+ INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+ SELINUXDIR = $(DESTDIR)/etc/selinux
+ 
+-DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include
++DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
+ DBUSLIB = -ldbus-glib-1 -ldbus-1
+ 
+ CFLAGS ?= -g -Werror -Wall -W
+-override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
++override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
++-I$(DESTDIR)/usr/lib64/glib-2.0/include -I$(DESTDIR)/usr/lib/glib-2.0/include
+ 
+ LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR)
+ 
+diff --git a/run_init/Makefile b/run_init/Makefile
+index 5815a08..c81179b 100644
+--- a/run_init/Makefile
++++ b/run_init/Makefile
+@@ -5,8 +5,8 @@ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR ?= /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+diff --git a/sepolicy/Makefile b/sepolicy/Makefile
+index 39d46e8..6624373 100644
+--- a/sepolicy/Makefile
++++ b/sepolicy/Makefile
+@@ -12,7 +12,7 @@ LOCALEDIR ?= /usr/share/locale
+ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+ SHAREDIR ?= $(PREFIX)/share/sandbox
+ CFLAGS ?= -Wall -Werror -Wextra -W
+-override CFLAGS += -I$(PREFIX)/include -DPACKAGE="policycoreutils" -DSHARED -shared
++override CFLAGS = $(LDFLAGS) -I$(DESTDIR)/usr/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
+ 
+ BASHCOMPLETIONS=sepolicy-bash-completion.sh
+ 
+diff --git a/sestatus/Makefile b/sestatus/Makefile
+index c04ff00..e10c32c 100644
+--- a/sestatus/Makefile
++++ b/sestatus/Makefile
+@@ -6,7 +6,7 @@ ETCDIR ?= $(DESTDIR)/etc
+ LIBDIR ?= $(PREFIX)/lib
+ 
+ CFLAGS ?= -Werror -Wall -W
+-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
++override CFLAGS += -I$(DESTDIR)/usr/include -D_FILE_OFFSET_BITS=64
+ LDLIBS = -lselinux -L$(LIBDIR)
+ 
+ all: sestatus
+diff --git a/setfiles/Makefile b/setfiles/Makefile
+index 98f4f7d..eb26ed0 100644
+--- a/setfiles/Makefile
++++ b/setfiles/Makefile
+@@ -3,13 +3,13 @@ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR = $(PREFIX)/share/man
+ LIBDIR ?= $(PREFIX)/lib
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++AUDITH = $(shell ls  $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ 
+ PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
+ ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
+ 
+ CFLAGS ?= -g -Werror -Wall -W
+-override CFLAGS += -I$(PREFIX)/include
++override CFLAGS += -I$(DESTDIR)/usr/include
+ LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+ 
+ ifeq ($(AUDITH), /usr/include/libaudit.h)
+-- 
+2.7.4
+
diff --git a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
new file mode 100644
index 0000000..ba7a478
--- /dev/null
+++ b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
@@ -0,0 +1,211 @@ 
+From 7f99a727cdb8160d49bb0d0554fc88787980c971 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Thu, 14 Jul 2016 13:16:03 -0400
+Subject: [PATCH 2/5] Add PREFIX to host paths
+
+Updates the remaining hardcoded host paths used in the build to be
+prefixed with a PREFIX path to allow cross compilation.
+
+Updated to work with version 2.5
+
+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
+Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ policycoreutils/Makefile              |  4 +++-
+ policycoreutils/audit2allow/Makefile  |  2 +-
+ policycoreutils/load_policy/Makefile  |  2 +-
+ policycoreutils/mcstrans/src/Makefile | 17 +++++++++--------
+ policycoreutils/newrole/Makefile      |  8 ++++----
+ policycoreutils/run_init/Makefile     |  8 ++++----
+ policycoreutils/sepolicy/Makefile     |  2 +-
+ policycoreutils/setfiles/Makefile     |  4 ++--
+ 8 files changed, 25 insertions(+), 22 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 0634a2a..bd99b1c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,8 +1,10 @@
++PREFIX  ?= $(DESTDIR)/usr
++
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+ INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
+ 
+-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
++ifeq (${INOTIFYH}, $(PREFIX)/include/sys/inotify.h)
+ 	SUBDIRS += restorecond
+ endif
+ 
+diff --git a/audit2allow/Makefile b/audit2allow/Makefile
+index 87d2502..d4108fe 100644
+--- a/audit2allow/Makefile
++++ b/audit2allow/Makefile
+@@ -5,7 +5,7 @@ PREFIX ?= $(DESTDIR)/usr
+ BINDIR ?= $(PREFIX)/bin
+ LIBDIR ?= $(PREFIX)/lib
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(PREFIX)/share/locale
+ 
+ all: audit2why
+ 
+diff --git a/load_policy/Makefile b/load_policy/Makefile
+index 7c5bab0..5cd0bbb 100644
+--- a/load_policy/Makefile
++++ b/load_policy/Makefile
+@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+ USRSBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(PREFIX)/share/locale
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
+index 907a1f1..6fda57e 100644
+--- a/mcstrans/src/Makefile
++++ b/mcstrans/src/Makefile
+@@ -1,23 +1,24 @@
+ ARCH = $(shell uname -i)
++# Installation directories.
++PREFIX  ?= $(DESTDIR)/usr
++SBINDIR ?= $(DESTDIR)/sbin
++INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
++SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
++
+ ifeq "$(ARCH)" "x86_64"
+ 	# In case of 64 bit system, use these lines
+-	LIBDIR=/usr/lib64
++	LIBDIR=$(PREFIX)/lib64
+ else 
+ ifeq "$(ARCH)" "i686"
+ 	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
++	LIBDIR=$(PREFIX)/lib
+ else
+ ifeq "$(ARCH)" "i386"
+ 	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
++	LIBDIR=$(PREFIX)/lib
+ endif
+ endif
+ endif
+-# Installation directories.
+-PREFIX  ?= $(DESTDIR)/usr
+-SBINDIR ?= $(DESTDIR)/sbin
+-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+ 
+ PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
+ PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
+diff --git a/newrole/Makefile b/newrole/Makefile
+index f124a6a..b687a09 100644
+--- a/newrole/Makefile
++++ b/newrole/Makefile
+@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
+ BINDIR ?= $(PREFIX)/bin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+-LOCALEDIR = /usr/share/locale
++LOCALEDIR =  $(PREFIX)/share/locale
+ PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
+ AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ # Enable capabilities to permit newrole to generate audit records.
+@@ -24,7 +24,7 @@ CFLAGS ?= -Werror -Wall -W
+ EXTRA_OBJS =
+ override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
+ 	override CFLAGS += -DUSE_PAM
+ 	EXTRA_OBJS += hashtab.o
+ 	LDLIBS += -lpam -lpam_misc
+@@ -32,7 +32,7 @@ else
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -66,7 +66,7 @@ install: all
+ 	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ 	install -m $(MODE) newrole $(BINDIR)
+ 	install -m 644 newrole.1 $(MANDIR)/man1/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
+ 	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ ifeq ($(LSPP_PRIV),y)
+ 	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+diff --git a/run_init/Makefile b/run_init/Makefile
+index c81179b..ce0df9f 100644
+--- a/run_init/Makefile
++++ b/run_init/Makefile
+@@ -4,21 +4,21 @@ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(PREFIX)/share/locale
+ PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
+ AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
+ 	override CFLAGS += -DUSE_PAM
+ 	LDLIBS += -lpam -lpam_misc
+ else
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -38,7 +38,7 @@ install: all
+ 	install -m 755 open_init_pty $(SBINDIR)
+ 	install -m 644 run_init.8 $(MANDIR)/man8/
+ 	install -m 644 open_init_pty.8 $(MANDIR)/man8/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
+ 	install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ endif
+ 
+diff --git a/sepolicy/Makefile b/sepolicy/Makefile
+index 6624373..a16f8de 100644
+--- a/sepolicy/Makefile
++++ b/sepolicy/Makefile
+@@ -8,7 +8,7 @@ BINDIR ?= $(PREFIX)/bin
+ SBINDIR ?= $(PREFIX)/sbin
+ DATADIR ?= $(PREFIX)/share
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(PREFIX)/share/locale
+ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+ SHAREDIR ?= $(PREFIX)/share/sandbox
+ CFLAGS ?= -Wall -Werror -Wextra -W
+diff --git a/setfiles/Makefile b/setfiles/Makefile
+index eb26ed0..3c6b80d 100644
+--- a/setfiles/Makefile
++++ b/setfiles/Makefile
+@@ -12,7 +12,7 @@ CFLAGS ?= -g -Werror -Wall -W
+ override CFLAGS += -I$(DESTDIR)/usr/include
+ LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+ 
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+-- 
+2.7.4
+
diff --git a/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch b/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
new file mode 100644
index 0000000..bf48051
--- /dev/null
+++ b/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
@@ -0,0 +1,43 @@ 
+From 7424f2bea0cb412e96202f596ad8077131589f40 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Thu, 14 Jul 2016 13:18:24 -0400
+Subject: [PATCH 3/5] Remove hardcoded arch variable.
+
+Allow the ARCH value to be passed in as original configuration was
+solely based on host architecture.
+
+This patch was updated to work with version 2.5
+
+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
+Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ policycoreutils/mcstrans/src/Makefile   | 1 -
+ policycoreutils/mcstrans/utils/Makefile | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
+index 6fda57e..7b4489f 100644
+--- a/mcstrans/src/Makefile
++++ b/mcstrans/src/Makefile
+@@ -1,4 +1,3 @@
+-ARCH = $(shell uname -i)
+ # Installation directories.
+ PREFIX  ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
+index 1ffb027..912fe12 100644
+--- a/mcstrans/utils/Makefile
++++ b/mcstrans/utils/Makefile
+@@ -2,7 +2,6 @@
+ PREFIX ?= $(DESTDIR)/usr
+ BINDIR ?= $(PREFIX)/sbin
+ 
+-ARCH = $(shell uname -i)
+ ifeq "$(ARCH)" "x86_64"
+         # In case of 64 bit system, use these lines
+         LIBDIR=/usr/lib64
+-- 
+2.7.4
+
diff --git a/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch b/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
new file mode 100644
index 0000000..7c4b417
--- /dev/null
+++ b/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
@@ -0,0 +1,42 @@ 
+From 27fd1c85ca95b5d66ab0241a08242a75b60b375c Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Thu, 14 Jul 2016 13:22:57 -0400
+Subject: [PATCH 4/5] Change sepolicy python install arguments to be a variable
+
+To allow the python install arguments to be overwritten, change the
+arguments to be a variable. This also cleans up the DESTDIR detection a
+little bit.
+
+Updated to work with version 2.5
+
+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ policycoreutils/sepolicy/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sepolicy/Makefile b/sepolicy/Makefile
+index a16f8de..2013301 100644
+--- a/sepolicy/Makefile
++++ b/sepolicy/Makefile
+@@ -1,4 +1,7 @@
+ PYTHON ?= python
++ifneq ($(DESTDIR),)
++PYTHON_INSTALL_ARGS ?= --root $(DESTDIR)
++endif
+ 
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
+@@ -32,7 +35,7 @@ test:
+ 	@$(PYTHON) test_sepolicy.py -v
+ 
+ install:
+-	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++	$(PYTHON) setup.py install $(PYTHON_INSTALL_ARGS)
+ 	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
+ 	install -m 755 sepolicy.py $(BINDIR)/sepolicy
+ 	(cd $(BINDIR); ln -sf sepolicy sepolgen)
+-- 
+2.7.4
+
diff --git a/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch b/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
new file mode 100644
index 0000000..1e57af1
--- /dev/null
+++ b/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
@@ -0,0 +1,56 @@ 
+From d1bc28c5b2efe60a0ee04d9c171928d0f3475654 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Thu, 14 Jul 2016 13:26:23 -0400
+Subject: [PATCH 5/5] Check to see if DBUS is enabled.
+
+Adds a condition to prevent linking against dbus when at build time
+dbus has not been enabled.
+
+Updated for 2.5.
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ policycoreutils/restorecond/Makefile | 2 ++
+ policycoreutils/restorecond/user.c   | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/restorecond/Makefile b/restorecond/Makefile
+index 92a4a4d..95f38a6 100644
+--- a/restorecond/Makefile
++++ b/restorecond/Makefile
+@@ -11,8 +11,10 @@ autostart_DATA = sealertauto.desktop
+ INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+ SELINUXDIR = $(DESTDIR)/etc/selinux
+ 
++ifdef ENABLE_DBUS
+ DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
+ DBUSLIB = -ldbus-glib-1 -ldbus-1
++endif
+ 
+ CFLAGS ?= -g -Werror -Wall -W
+ override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
+diff --git a/restorecond/user.c b/restorecond/user.c
+index 714aae7..a04cddb 100644
+--- a/restorecond/user.c
++++ b/restorecond/user.c
+@@ -54,7 +54,6 @@ static const char *PATH="/org/selinux/Restorecond";
+ static const char *INTERFACE="org.selinux.RestorecondIface";
+ static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
+ 
+-static int local_lock_fd = -1;
+ 
+ static DBusHandlerResult
+ signal_filter (DBusConnection *connection  __attribute__ ((__unused__)), DBusMessage *message, void *user_data)
+@@ -101,6 +100,7 @@ static int dbus_server(GMainLoop *loop) {
+ #include <selinux/selinux.h>
+ #include <sys/file.h>
+ 
++static int local_lock_fd = -1;
+ /* size of the event structure, not counting name */
+ #define EVENT_SIZE  (sizeof (struct inotify_event))
+ /* reasonable guess as to size of 1024 events */
+-- 
+2.7.4
+
diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
new file mode 100644
index 0000000..519d1d9
--- /dev/null
+++ b/package/policycoreutils/Config.in
@@ -0,0 +1,59 @@ 
+config BR2_PACKAGE_POLICYCOREUTILS
+	bool "policycoreutils"
+	select BR2_PACKAGE_LIBSEMANAGE
+	select BR2_PACKAGE_LIBCAP_NG
+	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+	depends on !BR2_STATIC_LIBS #libsemanage
+	depends on !BR2_arc #libsemanage
+	depends on BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL # uses fts.h
+	help
+	  Policycoreutils is a collection of policy utilities (originally
+	  the "core" set of utilities needed to use SELinux, although it
+	  has grown a bit over time), which have different dependencies.
+	  sestatus, secon, run_init, and newrole only use libselinux.
+	  load_policy and setfiles only use libselinux and libsepol.
+	  semodule and semanage use libsemanage (and thus bring in
+	  dependencies on libsepol and libselinux as well). setsebool
+	  uses libselinux to make non-persistent boolean changes (via
+	  the kernel interface) and uses libsemanage to make persistent
+	  boolean changes.
+
+	  The base package will install the following utilities:
+	      load_policy
+	      newrole
+	      restorecond
+	      run_init
+	      secon
+	      semodule
+	      semodule_deps
+	      semodule_expand
+	      semodule_link
+	      semodule_package
+	      sepolgen-ifgen
+	      sestatus
+	      setfiles
+	      setsebool
+
+	  http://selinuxproject.org/page/Main_Page
+
+comment "policycoreutils needs a glibc or musl toolchain w/ threads"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS  \
+		|| !(BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL)
+
+if BR2_PACKAGE_POLICYCOREUTILS
+
+config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
+	bool "restorecond Utility"
+	select BR2_PACKAGE_LIBGLIB2 #glib2
+	depends on BR2_USE_WCHAR # glib2
+	depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
+	depends on BR2_USE_MMU # glib2
+	help
+	  Enable restorecond to be built
+
+comment "restorecond needs a toolchain w/ wchar, threads"
+	depends on BR2_USE_MMU
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
+
+endif
diff --git a/package/policycoreutils/policycoreutils.hash b/package/policycoreutils/policycoreutils.hash
new file mode 100644
index 0000000..44cb0c3
--- /dev/null
+++ b/package/policycoreutils/policycoreutils.hash
@@ -0,0 +1,2 @@ 
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 329382cfe9fa977678abf541dcd8fe3847cf0c83b24654c8f7322343907078a1 policycoreutils-2.5.tar.gz
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
new file mode 100644
index 0000000..6611cdb
--- /dev/null
+++ b/package/policycoreutils/policycoreutils.mk
@@ -0,0 +1,111 @@ 
+################################################################################
+#
+# policycoreutils
+#
+################################################################################
+
+POLICYCOREUTILS_VERSION = 2.5
+POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
+POLICYCOREUTILS_LICENSE = GPLv2
+POLICYCOREUTILS_LICENSE_FILES = COPYING
+
+# gettext for load_policy.c use of libintl_* functions
+POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(if $(BR2_NEEDS_GETTEXT),gettext)
+
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+POLICYCOREUTILS_DEPENDENCIES += linux-pam
+POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y
+define POLICYCOREUTILS_INSTALL_TARGET_LINUX_PAM_CONFS
+	$(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole
+	$(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init
+endef
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+POLICYCOREUTILS_DEPENDENCIES += audit
+POLICYCOREUTILS_MAKE_OPTS += AUDIT_LOG_PRIV=y
+endif
+
+# Enable LSPP_PRIV if both audit and linux pam are enabled
+ifeq ($(BR2_PACKAGE_LINUX_PAM)$(BR2_PACKAGE_AUDIT),yy)
+POLICYCOREUTILS_MAKE_OPTS += LSPP_PRIV=y
+endif
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
+# large file support.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+POLICYCOREUTILS_MAKE_OPTS += \
+	CC="$(TARGET_CC)" \
+	CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \
+	LDFLAGS="$(TARGET_LDFLAGS) $(if $(BR2_NEEDS_GETTEXT),-lintl)" \
+	ARCH="$(BR2_ARCH)" 
+
+POLICYCOREUTILS_MAKE_DIRS = load_policy newrole run_init \
+	secon semodule semodule_deps semodule_expand semodule_link \
+	semodule_package sepolgen-ifgen sestatus setfiles setsebool
+
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
+POLICYCOREUTILS_MAKE_DIRS += restorecond
+endif
+#The source has been patched to require a DESTDIR path which is
+#prefixed to all filesystem paths which were by default hardcoded to
+#host system paths.
+define POLICYCOREUTILS_BUILD_CMDS
+	for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \
+		$(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all || exit 1 ; \
+	done
+endef
+
+define POLICYCOREUTILS_INSTALL_TARGET_CMDS
+	for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \
+		$(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install || exit 1 ; \
+	done
+endef
+
+HOST_POLICYCOREUTILS_DEPENDENCIES = host-libsemanage host-dbus-glib host-sepolgen host-setools
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
+# large file support.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+HOST_POLICYCOREUTILS_MAKE_OPTS = \
+	CC="$(HOSTCC)" \
+	CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
+	PYTHON="$(HOST_DIR)/usr/bin/python" \
+	PYTHON_INSTALL_ARGS="$(HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS)" \
+	ARCH="$(HOSTARCH)" \
+	LDFLAGS="$(HOST_LDFLAGS)"
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3
+HOST_POLICYCOREUTILS_MAKE_OPTS += \
+	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
+else
+HOST_POLICYCOREUTILS_DEPENDENCIES += host-python
+HOST_POLICYCOREUTILS_MAKE_OPTS += \
+	PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
+endif
+
+# Note: We are only building the programs required by the refpolicy build
+HOST_POLICYCOREUTILS_MAKE_DIRS = load_policy semodule semodule_deps semodule_expand semodule_link \
+	semodule_package setfiles restorecond audit2allow scripts semanage sepolicy
+
+define HOST_POLICYCOREUTILS_BUILD_CMDS
+	for dir in $(HOST_POLICYCOREUTILS_MAKE_DIRS) ; do \
+		$(MAKE) -C $(@D)/$${dir} $(HOST_POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(HOST_DIR) all || exit 1 ; \
+	done
+endef
+#The source has been patched to require a DESTDIR path which is
+#prefixed to all filesystem paths which were by default hardcoded to
+#host system paths.
+define HOST_POLICYCOREUTILS_INSTALL_CMDS
+	for dir in $(HOST_POLICYCOREUTILS_MAKE_DIRS) ; do \
+		$(MAKE) -C $(@D)/$${dir} $(HOST_POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(HOST_DIR) install || exit 1 ; \
+	done
+	# Fix python paths
+	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/audit2allow
+	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolgen-ifgen
+	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolicy
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))