From e4ca3fb47b1fb21f4bcd39a5ee798a227a1fdd73 Mon Sep 17 00:00:00 2001
From: Naoto Yamaguchi <naoto.yamaguchi@aisin.co.jp>
Date: Mon, 1 Jan 2024 00:34:40 +0900
Subject: [PATCH] Remove auditd and policy tool in guest

The SELinux policy set at host in boot time, the guest container shall
not overwrite SELinux policy.  On the other hand, existing guest
integration install SELinux policy tool in guest.
The auditd has same issue. That shall work in host, shall not work in guest.

This patch fix these issue.

Bug-AGL: SPEC-5039

Change-Id: I3887d4f64d31a833f5e47fd9fb41e8fbbf6efe1e
Signed-off-by: Naoto Yamaguchi <naoto.yamaguchi@aisin.co.jp>
---
 .../packagegroup-agl-core-selinux-guest.bb         | 24 ++++++++++++++++++++++
 .../recipes-platform/images/guest-image-minimal.bb |  8 ++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb

diff --git a/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
new file mode 100644
index 00000000..d58d9013
--- /dev/null
+++ b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
@@ -0,0 +1,24 @@
+SUMMARY = "SELinux packages for container guest"
+DESCRIPTION = "SELinux packages required for AGL"
+LICENSE = "MIT"
+
+inherit packagegroup features_check
+
+REQUIRED_DISTRO_FEATURES = "selinux"
+
+PACKAGES = " \
+    packagegroup-agl-core-selinux-guest \
+"
+
+# The packagegroup-agl-core-selinux is including auditd.
+# But it shall run in host, shall not run in guest.
+# This package group remove from host only package from packagegroup-agl-core-selinux
+
+RDEPENDS:${PN} = " \
+    coreutils \
+    libsepol \
+    libselinux \
+    libselinux-bin \
+    libsemanage \
+    refpolicy \
+"
diff --git a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
index ea66f248..8dcdb3fb 100644
--- a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
+++ b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
@@ -8,4 +8,12 @@ IMAGE_INSTALL += " \
     packagegroup-agl-container-feature-logging-guest \
 "
 
+FEATURE_PACKAGES_selinux:remove = " \
+    packagegroup-agl-core-selinux \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', 'packagegroup-agl-core-selinux-devel', '', d)} \
+"
+FEATURE_PACKAGES_selinux:append = " \
+    packagegroup-agl-core-selinux-guest \
+"
+
 NO_RECOMMENDATIONS = "1"
-- 
2.16.6