-
Alex Klyubin authored
Default HAL implementations are built from the platform tree and get placed into the vendor image. The SELinux rules needed for these HAL implementations to operate thus need to reside on the vendor partition. Up to now, the only place to define such rules in the source tree was the system/sepolicy/public directory. These rules are placed into the vendor partition. Unfortunately, they are also placed into the system/root partition, which thus unnecessarily grants these rules to all HAL implementations of the specified service, default/in-process shims or not. This commit adds a new directory, system/sepolicy/vendor, whose rules are concatenated with the device-specific rules at build time. These rules are thus placed into the vendor partition and are not placed into the system/root partition. Test: No change to SELinux policy. Test: Rules placed into vendor directory end up in nonplat* artefacts, but not in plat* artefacts. Bug: 34715716 Change-Id: Iab14aa7a3311ed6d53afff673e5d112428941f1c5596172d
