Integrate parts of meta-intel-iot-security

[AGL/meta-agl.git] / meta-security / recipes-core / packagegroups / packagegroup-security-framework.bb

diff --git a/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb b/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb
new file mode 100644 (file)
index 0000000..c728da3
--- /dev/null
+++ b/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb
@@ -0,0 +1,22 @@
+SUMMARY = "Security middleware components"
+LICENSE = "MIT"
+
+inherit packagegroup
+
+# Install Cynara and security-manager by default if (and only if)
+# Smack is enabled.
+#
+# Cynara does not have a hard dependency on Smack security,
+# but is meant to be used with it. security-manager however
+# links against smack-userspace and expects Smack to be active,
+# so we do not have any choice.
+#
+# Without configuration, security-manager is not usable. We use
+# the policy packaged from the upstream source code here. Adapting
+# it for the distro can be done by patching that source.
+RDEPENDS_${PN}_append_with-lsm-smack = " \
+    cynara \
+    security-manager \
+    security-manager-policy \
+    smacknet \
+"