From 1633da06afc155342b66c581668f52951a1278d7 Mon Sep 17 00:00:00 2001
From: Dan Cashman <dcashman@google.com>
Date: Tue, 23 May 2017 14:47:16 -0700
Subject: [PATCH] Restrict BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to one
 dir.

These directories were added to allow for partner extensions to the
android framework without needing to add changes to the AOSP global
sepolicy.  There should only ever be one owner of the framework and
corresponding updates, so enforce this restriction to prevent
accidental accrual of policy in the system image.

Bug: 36467375
Test: Add public and private files to policy and verify that they are
added to the appropriate policy files.  Also test that specifying
multiple directories for public or private results in an error.

Change-Id: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
---
 Android.mk | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Android.mk b/Android.mk
index 42b343878..ccb66e523 100644
--- a/Android.mk
+++ b/Android.mk
@@ -80,9 +80,21 @@ endif
 #    - compile output binary policy file
 
 PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
-PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIRS)
+ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
+ifneq (1, $(words $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)))
+$(error BOARD_PLAT_PUBLIC_SEPOLICY_DIR must only contain one directory)
+else
+PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
+endif
+endif
 PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
-PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIRS)
+ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
+ifneq (1, $(words $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)))
+$(error BOARD_PLAT_PRIVATE_SEPOLICY_DIR must only contain one directory)
+else
+PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
+endif
+endif
 PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
 REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
 
-- 
GitLab