From 9d59041f63b22f3d1b59faa9afeb5bf2a02e3e17 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 8 Mar 2017 13:10:05 -0800
Subject: [PATCH] Correct location of property_contexts for TREBLE devices

This makes the build system, for TREBLE devices only, place
plat_property_contexts under /system/etc/selinux and
nonplat_property_contexts under /vendor/etc/selinux. For other devices
these files are placed under /, same as before.

This change was previously reverted because it affected the location
of property_contexts in recovery. Now that we have separate tagets for
recovery (see ec78c377c006040d14d92f5b1a1a52da779f20aa), this change
no longer affects is recovery.

Test: *_property_contexts in correct locations when
      PRODUCT_FULL_TREBLE is set to true and when it is set to false.

Test: cts-tradefed run singleCommand cts --skip-device-info \
      --skip-preconditions --skip-connectivity-check \
      --abi arm64-v8a --module CtsSecurityHostTestCases \
      -t android.security.cts.SELinuxHostTest#testAospPropertyContexts

      This test was performed on bullhead (non A/B device) and sailfish
      (A/B device).

Test: Clean build, flash, device boots with no additional denials.
      Rebooting to recovery, recovery boots fine with no denials.
      This test was performed on bullhead (non A/B device) and sailfish
      (A/B device).
Bug: 36002573

(cherry picked from commit 4cb628a3be61efbd2abf8e92d38710d76ef828f3)

Change-Id: I0b145c58669fb31bc39d57f36eef1190425a8328
---
 Android.mk | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Android.mk b/Android.mk
index 38da65b35..3b40be09d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -840,8 +840,12 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := plat_property_contexts
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-# TODO: Change module path to TARGET_SYSTEM_OUT after b/27805372
+
+ifeq ($(PRODUCT_FULL_TREBLE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
+else
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+endif
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -871,8 +875,12 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := nonplat_property_contexts
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-# TODO: Change module path to TARGET_SYSTEM_OUT after b/27805372
+
+ifeq ($(PRODUCT_FULL_TREBLE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+else
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+endif
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
-- 
GitLab