Skip to content
Snippets Groups Projects
Commit 3507678d authored by Tri Vo's avatar Tri Vo
Browse files

Separate product_seapp_contexts out of system sepolicy. 

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ia8d69be16011db8dd63fa41672449a4ade7302c2
parent 5da72005
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Android.mk
+ 25
2
View file @ 3507678d
...@@ -288,6 +288,7 @@ LOCAL_REQUIRED_MODULES += \ ...@@ -288,6 +288,7 @@ LOCAL_REQUIRED_MODULES += \
product_file_contexts \ product_file_contexts \
product_hwservice_contexts \ product_hwservice_contexts \
product_property_contexts \ product_property_contexts \
product_seapp_contexts \
endif endif
include $(BUILD_PHONY_PACKAGE) include $(BUILD_PHONY_PACKAGE)
...@@ -1198,8 +1199,7 @@ endif ...@@ -1198,8 +1199,7 @@ endif
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
# TODO(b/119305624): Move product-specific sepolicy out of plat_seapp_contexts plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files)
...@@ -1210,6 +1210,29 @@ $(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES ...@@ -1210,6 +1210,29 @@ $(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES
built_plat_sc := $(LOCAL_BUILT_MODULE) built_plat_sc := $(LOCAL_BUILT_MODULE)
plat_sc_files := plat_sc_files :=
##################################
include $(CLEAR_VARS)
LOCAL_MODULE := product_seapp_contexts
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
product_sc_files := $(call build_policy, seapp_contexts, $(PRODUCT_PRIVATE_POLICY))
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(product_sc_files)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(product_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
@mkdir -p $(dir $@)
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
product_sc_files :=
plat_sc_neverallow_files :=
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
LOCAL_MODULE := vendor_seapp_contexts LOCAL_MODULE := vendor_seapp_contexts
......
private/file_contexts
+ 1
0
View file @ 3507678d
...@@ -377,6 +377,7 @@ ...@@ -377,6 +377,7 @@
/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0 /(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0 /(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0 /(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
############################# #############################
# Product-Services files # Product-Services files
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment