2 files changed, 23 insertions, 0 deletions

diff --git a/meta-agl-core/conf/include/agl-selinux.inc b/meta-agl-core/conf/include/agl-selinux.inc
new file mode 100644
index 000000000..aeb26e33d
--- /dev/null
+++ b/meta-agl-core/conf/include/agl-selinux.inc
@@ -0,0 +1,20 @@
+DISTRO_FEATURES:append = " acl xattr selinux"
+
+# Reiterate the upstream default of targeted policy since that
+# is the mostly widely used model, and it will likely be easier
+# to pull policy from other distributions for it.
+# Having an explicit setting here seems useful for documentation
+# purposes, and it is still possible that using one of the other
+# refpolicy package options as the AGL default desirable, and it
+# would be set here.
+PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-targeted"
+
+# Default to permissive mode
+DEFAULT_ENFORCING ?= "permissive"
+
+# Override the base image class to get the SELinux labeling hook
+AGL_BASE_IMAGE ?= "selinux-image"
+
+# Mask out meta-selinux's linux-yocto kernel config bbappend to
+# avoid collision with AGL's own more universal scheme.
+BBMASK += "meta-selinux/recipes-kernel/linux/"
\ No newline at end of file
diff --git a/meta-agl-core/conf/layer.conf b/meta-agl-core/conf/layer.conf
index 2749aec47..ddea256fe 100644
--- a/meta-agl-core/conf/layer.conf
+++ b/meta-agl-core/conf/layer.conf
@@ -13,6 +13,9 @@ BBFILES_DYNAMIC += " \
     openembedded-layer:${LAYERDIR}/dynamic-layers/meta-oe/*/*/*.bb \
     openembedded-layer:${LAYERDIR}/dynamic-layers/meta-oe/*/*/*.bbappend \
     \
+    selinux:${LAYERDIR}/dynamic-layers/meta-selinux/*/*/*.bb \
+    selinux:${LAYERDIR}/dynamic-layers/meta-selinux/*/*/*.bbappend \
+    \
     qt5-layer:${LAYERDIR}/dynamic-layers/meta-qt5/*/*/*.bb \
     qt5-layer:${LAYERDIR}/dynamic-layers/meta-qt5/*/*/*.bbappend \
 "