From 052b0bbb267d7629770184a6c53dd59a1eb0b671 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Thu, 2 Mar 2017 12:39:25 -0800
Subject: [PATCH] Move split sepolicy to correct locations

This moves the CIL files comprising the split sepolicy to the
directories/partitions based on whether the file is part of
platform/system or non-platform/vendor. In particular:
* plat_sepolicy.cil is moved to /system/etc/selinux,
* nonplat_sepolicy.cil is moved to /vendor/etc/selinux, and
* mapping_sepolicy.cil is moved to /vendor/etc/selinux.

Test: Device boots, no additional denials. The test is performed both
      for a device without the CIL files and with the three CIL files.
Bug: 31363362

Change-Id: Ia760d7eb32c80ba72f6409da75d99eb5aae71cd9
---
 Android.mk | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Android.mk b/Android.mk
index cdfb55422..75957ab78 100644
--- a/Android.mk
+++ b/Android.mk
@@ -210,7 +210,7 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := plat_sepolicy.cil
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -257,7 +257,8 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := mapping_sepolicy.cil
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -290,7 +291,8 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := nonplat_sepolicy.cil
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
-- 
GitLab