[libvirt PATCH 06/13] selinux: don't hardcode policy include files directory

[Daniel P. Berrangé]

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 meson_options.txt                    |  1 +
 scripts/selinux-compile-policy.py    | 15 +++++++--------
 src/security/selinux/mcs/meson.build |  3 ++-
 src/security/selinux/meson.build     |  2 ++
 src/security/selinux/mls/meson.build |  3 ++-
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/meson_options.txt b/meson_options.txt
index 859ed36b8f..7287cf1222 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -39,6 +39,7 @@ option('sanlock', type: 'feature', value: 'auto', description: 'sanlock support'
 option('sasl', type: 'feature', value: 'auto', description: 'sasl support')
 option('selinux', type: 'feature', value: 'auto', description: 'selinux support')
 option('selinux_mount', type: 'string', value: '', description: 'set SELinux mount point')
+option('selinux_policy_includes', type: 'string', value: '/usr/share/selinux/devel/include', description: 'SELinux policy include directory')
 option('udev', type: 'feature', value: 'auto', description: 'udev support')
 option('wireshark_dissector', type: 'feature', value: 'auto', description: 'wireshark support')
 option('wireshark_plugindir', type: 'string', value: '', description: 'wireshark plugins directory for use when installing wireshark plugin')
diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py
index 31b9113a5d..3890b4e55a 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
 import os
 import glob
 
-if len(sys.argv) != 9:
+if len(sys.argv) != 10:
     print("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp "
-          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath>"
+          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath> "
+          "<policyincludepath>"
           .format(sys.argv[0]), file=sys.stderr)
     exit(os.EX_USAGE)
 
@@ -43,14 +44,12 @@ else:
 
 checkmod_path = sys.argv[7]
 semod_path = sys.argv[8]
+policy_includes = sys.argv[9]
 
-SHAREDIR = "/usr/share/selinux"
-HEADERDIR = os.path.join(SHAREDIR, "devel/include")
-
-m4support = sorted(glob.glob("{}/support/*.spt".format(HEADERDIR)))
-header_layers = glob.glob("{}/*/".format(HEADERDIR))
+m4support = sorted(glob.glob("{}/support/*.spt".format(policy_includes)))
+header_layers = glob.glob("{}/*/".format(policy_includes))
 header_layers = sorted([x for x in header_layers
-                        if os.path.join(HEADERDIR, "support") not in x])
+                        if os.path.join(policy_includes, "support") not in x])
 
 header_interfaces = []
 for layer in header_layers:
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mcs/meson.build
index 0f2edc2b76..9ecfe976db 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -10,7 +10,8 @@ virt_pp = custom_target('virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
              'selinux/mcs/tmp', 'mcs',
-             checkmod_prog, semod_prog],
+             checkmod_prog, semod_prog,
+             selinux_policy_includes],
   install : false)
 
 bzip = custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build
index bd9abc9a33..dda8730141 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -2,6 +2,8 @@ semod_prog = find_program('semodule_package')
 checkmod_prog = find_program('checkmodule')
 bzip2_prog = find_program('bzip2')
 
+selinux_policy_includes = get_option('selinux_policy_includes')
+
 install_data('virt.if', install_dir : 'share/selinux/devel/include/distributed')
 
 subdir('mcs')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/mls/meson.build
index 2c866c548c..ef72a5f5ec 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -10,7 +10,8 @@ virt_pp_mls = custom_target('virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
              'selinux/mls/tmp', 'mls',
-             checkmod_prog, semod_prog],
+             checkmod_prog, semod_prog,
+             selinux_policy_includes],
   install : false)
 
 bzip_mls = custom_target('virt.pp.bz2',
-- 
2.31.1