Skip to content
Snippets Groups Projects
Commit 33d7e90b authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes I397ca4e7,I38efe224 into oc-dev 

* changes:
  Restrict BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to one dir.
  Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS
parents 62022c71 51455fe9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 29 additions and 11 deletions
Android.mk
+ 29
11
View file @ 33d7e90b
...@@ -80,7 +80,21 @@ endif ...@@ -80,7 +80,21 @@ endif
# - compile output binary policy file # - compile output binary policy file
PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
ifneq (1, $(words $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)))
$(error BOARD_PLAT_PUBLIC_SEPOLICY_DIR must only contain one directory)
else
PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
endif
endif
PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
ifneq (1, $(words $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)))
$(error BOARD_PLAT_PRIVATE_SEPOLICY_DIR must only contain one directory)
else
PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
endif
endif
PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
...@@ -344,22 +358,25 @@ LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping ...@@ -344,22 +358,25 @@ LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
current_mapping.cil := $(intermediates)/mapping/$(PLATFORM_SEPOLICY_VERSION).cil
ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION))
# auto-generate the mapping file for current platform policy, since it needs to # auto-generate the mapping file for current platform policy, since it needs to
# track platform policy development # track platform policy development
current_mapping.cil := $(intermediates)/mapping/$(PLATFORM_SEPOLICY_VERSION).cil
$(current_mapping.cil) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION) $(current_mapping.cil) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
$(current_mapping.cil) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy $(current_mapping.cil) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@ $(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
else # ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION))
prebuilt_mapping_files := $(wildcard $(addsuffix /mapping/$(BOARD_SEPOLICY_VERS).cil, $(PLAT_PRIVATE_POLICY)))
$(current_mapping.cil) : $(prebuilt_mapping_files)
@mkdir -p $(dir $@)
cat $^ > $@
ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION)) prebuilt_mapping_files :=
mapping_policy := $(current_mapping.cil)
else
mapping_policy := $(addsuffix /$(BOARD_SEPOLICY_VERS).cil, $(PLAT_PRIVATE_POLICY)/mapping)
endif endif
$(LOCAL_BUILT_MODULE): $(mapping_policy) $(ACP) $(LOCAL_BUILT_MODULE): $(current_mapping.cil) $(ACP)
$(hide) $(ACP) $< $@ $(hide) $(ACP) $< $@
built_mapping_cil := $(LOCAL_BUILT_MODULE) built_mapping_cil := $(LOCAL_BUILT_MODULE)
...@@ -610,9 +627,10 @@ include $(BUILD_SYSTEM)/base_rules.mk ...@@ -610,9 +627,10 @@ include $(BUILD_SYSTEM)/base_rules.mk
# Note: That a newline file is placed between each file_context file found to # Note: That a newline file is placed between each file_context file found to
# ensure a proper build when an fc file is missing an ending newline. # ensure a proper build when an fc file is missing an ending newline.
local_fc_files := $(PLAT_PRIVATE_POLICY)/file_contexts local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
ifneq ($(filter address,$(SANITIZE_TARGET)),) ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files := $(local_fc_files) $(PLAT_PRIVATE_POLICY)/file_contexts_asan local_fc_files := $(local_fc_files) $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif endif
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl)) local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
...@@ -682,9 +700,9 @@ LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux ...@@ -682,9 +700,9 @@ LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
local_fc_files := $(PLAT_PRIVATE_POLICY)/file_contexts local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
ifneq ($(filter address,$(SANITIZE_TARGET)),) ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(PLAT_PRIVATE_POLICY)/file_contexts_asan local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif endif
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl)) local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
...@@ -767,7 +785,7 @@ endif ...@@ -767,7 +785,7 @@ endif
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
nonplat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) nonplat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
plat_sc_neverallow_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(nonplat_sc_files) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(nonplat_sc_files)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment