image.mk: evaluate /etc/selinux/config to choose SELinux policy

Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.

Signed-off-by: Daniel Golle <[email protected]>

diff --git a/include/image.mk b/include/image.mk
index f72095db56345e1ca803a56cc93cc2416bebc7d4..28f40fe6a9901acd194788942a149caaddd4d216 100644 (file)
--- a/include/image.mk
+++ b/include/image.mk
@@ -243,10 +243,11 @@ endef
 
 ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
 define Image/mkfs/squashfs
+       echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > [email protected]
        echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \
             "$(call mkfs_target_dir,$(1))" \
-            "$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
-            "$(call mkfs_target_dir,$(1))" > [email protected]
+            "$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \
+            "$(call mkfs_target_dir,$(1))" >> [email protected]
        echo "$(Image/mkfs/squashfs-common)" >> [email protected]
        chmod +x [email protected]
        $(FAKEROOT) "[email protected]"