Merge pull request #428 from marineam/selinux

build_image: make building selinux policy optional

build_library/board_options.sh

@@ -13,3 +13,14 @@ ARCH=$(get_board_arch ${BOARD})
 
 # What cross-build are we targeting?
 . "${BOARD_ROOT}/etc/portage/make.conf"
+
+# check if any of the given use flags are enabled for a pkg
+pkg_use_enabled() {
+  local pkg="$1"
+  shift
+  # for every flag argument, turn it into `-e ^+flag` for grep
+  local grep_args="${@/#/-e ^+}"
+
+  equery-"${BOARD}" -q uses "${pkg}" | grep -q ${grep_args}
+  return $?
+}

build_library/build_image_util.sh

@@ -299,8 +299,8 @@ finish_image() {
   fi
 
   # Build the selinux policy
-  if [[ "$BOARD" = amd64* ]]; then
+  if pkg_use_enabled coreos-base/coreos selinux; then
-      sudo chroot ${root_fs_dir} bash -c "cd /usr/share/selinux/mcs; semodule -i *.pp"
+      sudo chroot "${root_fs_dir}" bash -c "cd /usr/share/selinux/mcs && semodule -i *.pp"
   fi
 
   # We only need to disable rw and apply dm-verity in prod with a /usr partition

build_packages

@@ -168,17 +168,6 @@ if [[ ${#CROS_WORKON_PKGS[@]} -gt 0 ]]; then
   )
 fi
 
-# check if any of the given use flags are enabled for a pkg
-pkg_use_enabled() {
-  local pkg="$1"
-  shift
-  # for every flag argument, turn it into `-e ^+flag` for grep
-  local grep_args="${@/#/-e ^+}"
-
-  equery-"${BOARD}" -q uses "${pkg}" | grep -q ${grep_args}
-  return $?
-}
-
 # Goo to attempt to resolve dependency loops on individual packages.
 # If this becomes insufficient we will need to move to a full multi-stage
 # bootstrap process like we do with the SDK via catalyst.