linux-dey: add config fragment to enable SELinux configuration options

These options should only be enabled when using SELinux, so apply them only
when "selinux" is in the DISTRO_FEATURES. The fragment is a copy of the one in
meta-selinux with the addition of DEFAULT_SECURITY_DAC and LSM.

https://onedigi.atlassian.net/browse/DEL-7641

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>

meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey/selinux.cfg

@@ -0,0 +1,32 @@
+..........................................................................
+.                                WARNING
+.
+. This file is a kernel configuration fragment, and not a full kernel
+. configuration file.  The final kernel configuration is made up of
+. an assembly of processed fragments, each of which is designed to
+. capture a specific part of the final configuration (e.g. platform
+. configuration, feature configuration, and board specific hardware
+. configuration).  For more information on kernel configuration, please
+. consult the product documentation.
+.
+..........................................................................
+CONFIG_AUDIT=y
+CONFIG_NETWORK_SECMARK=y
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_JFS_SECURITY=y
+CONFIG_REISERFS_FS_SECURITY=y
+CONFIG_JFFS2_FS_SECURITY=y
+CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_AUDIT_GENERIC=y
+CONFIG_DEFAULT_SECURITY_DAC=n
+CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"

meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey_5.4.bbappend

@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+
+SRC_URI += " ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"