package/refpolicy/Config.in - buildroot - Git at Google

 config BR2_PACKAGE_REFPOLICY
 	bool "refpolicy"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libsepol
 	# Even though libsepol is not necessary for building, we get
 	# the policy version from libsepol, so we select it, and treat
 	# it like a runtime dependency.
 	select BR2_PACKAGE_LIBSEPOL
 	help
 	  The SELinux Reference Policy project (refpolicy) is a
 	  complete SELinux policy that can be used as the system
 	  policy for a variety of systems and used as the basis for
 	  creating other policies. Reference Policy was originally
 	  based on the NSA example policy, but aims to accomplish many
 	  additional goals.

 	  The current refpolicy does not fully support Buildroot and
 	  needs modifications to work with the default system file
 	  layout. These changes should be added as patches to the
 	  refpolicy that modify a single SELinux policy.

 	  The refpolicy works for the most part in permissive
 	  mode. Only the basic set of utilities are enabled in the
 	  example policy config and some of the pathing in the
 	  policies is not correct.  Individual policies would need to
 	  be tweaked to get everything functioning properly.

 	  https://github.com/TresysTechnology/refpolicy

 if BR2_PACKAGE_REFPOLICY

 choice
 	prompt "SELinux default state"
 	default BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE

 config BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
 	bool "Enforcing"
 	help
 	  SELinux security policy is enforced

 config BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
 	bool "Permissive"
 	help
 	  SELinux prints warnings instead of enforcing

 config BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
 	bool "Disabled"
 	help
 	  No SELinux policy is loaded
 endchoice

 config BR2_PACKAGE_REFPOLICY_POLICY_STATE
 	string
 	default "permissive" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
 	default "enforcing" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
 	default "disabled" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED

 endif

 comment "refpolicy needs a toolchain w/ threads"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS
	config BR2_PACKAGE_REFPOLICY
	bool "refpolicy"
	depends on BR2_TOOLCHAIN_HAS_THREADS # libsepol
	# Even though libsepol is not necessary for building, we get
	# the policy version from libsepol, so we select it, and treat
	# it like a runtime dependency.
	select BR2_PACKAGE_LIBSEPOL
	help
	The SELinux Reference Policy project (refpolicy) is a
	complete SELinux policy that can be used as the system
	policy for a variety of systems and used as the basis for
	creating other policies. Reference Policy was originally
	based on the NSA example policy, but aims to accomplish many
	additional goals.

	The current refpolicy does not fully support Buildroot and
	needs modifications to work with the default system file
	layout. These changes should be added as patches to the
	refpolicy that modify a single SELinux policy.

	The refpolicy works for the most part in permissive
	mode. Only the basic set of utilities are enabled in the
	example policy config and some of the pathing in the
	policies is not correct. Individual policies would need to
	be tweaked to get everything functioning properly.

	https://github.com/TresysTechnology/refpolicy

	if BR2_PACKAGE_REFPOLICY

	choice
	prompt "SELinux default state"
	default BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE

	config BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
	bool "Enforcing"
	help
	SELinux security policy is enforced

	config BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
	bool "Permissive"
	help
	SELinux prints warnings instead of enforcing

	config BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
	bool "Disabled"
	help
	No SELinux policy is loaded
	endchoice

	config BR2_PACKAGE_REFPOLICY_POLICY_STATE
	string
	default "permissive" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
	default "enforcing" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
	default "disabled" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED

	endif

	comment "refpolicy needs a toolchain w/ threads"
	depends on !BR2_TOOLCHAIN_HAS_THREADS