busybox: add selinux variant

This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>

package/utils/busybox/Config.in

@@ -1,4 +1,4 @@
-if PACKAGE_busybox
+if PACKAGE_busybox || PACKAGE_busybox-selinux
 
 config BUSYBOX_CUSTOM
 	bool "Customize busybox options"

package/utils/busybox/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2020 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.31.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2))
 
 # All files provided by busybox will serve as fallback alternatives by opkg.
 # There should be no need to enumerate ALTERNATIVES entries here
-define Package/busybox
+define Package/busybox/Default
   SECTION:=base
   CATEGORY:=Base system
   MAINTAINER:=Felix Fietkau <nbd@nbd.name>
   TITLE:=Core utilities for embedded Linux
   URL:=http://busybox.net/
   DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
-  MENU:=1
+endef
+
+define Package/busybox
+  $(call Package/busybox/Default)
+  CONFLICTS:=busybox-selinux
+  VARIANT:=default
+endef
+
+define Package/busybox-selinux
+  $(call Package/busybox/Default)
+  TITLE += with SELinux support
+  DEPENDS += +libselinux
+  VARIANT:=selinux
+  PROVIDES:=busybox
 endef
 
 define Package/busybox/description
@@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG
 define Package/busybox/conffiles
 /etc/syslog.conf
 endef
+
+Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles)
 endif
 
 # don't create a version string containing the actual timestamp
@@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y)
   LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
 endif
 
+ifeq ($(BUILD_VARIANT),selinux)
+  LDLIBS += selinux sepol
+endif
+
 TARGET_CFLAGS += -flto
 TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin
 
@@ -96,6 +115,9 @@ define Build/Configure
 	touch $(PKG_BUILD_DIR)/.config
 ifeq ($(DEVICE_TYPE),nas)
 	echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config
+endif
+ifeq ($(BUILD_VARIANT),selinux)
+	cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config
 endif
 	grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config
 	yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
@@ -125,4 +147,7 @@ endif
 	-rm -rf $(1)/lib64
 endef
 
+Package/busybox-selinux/install = $(Package/busybox/install)
+
 $(eval $(call BuildPackage,busybox))
+$(eval $(call BuildPackage,busybox-selinux))

package/utils/busybox/selinux.config

@@ -0,0 +1,15 @@
+CONFIG_SELINUX=y
+CONFIG_FEATURE_TAR_SELINUX=y
+CONFIG_CHCON=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RUNCON=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SESTATUS=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_RESTORECON=y
+CONFIG_SETSEBOOL=y
+CONFIG_SETENFORCE=y