From 1067bffabeba5a7f0b2dbfd2f1d4cafbad73bf21 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Wed, 29 Nov 2017 16:06:15 +0800
Subject: [PATCH] Add /odm/etc/selinux/odm_mac_permissions.xml

Bug: 64240127
Test: normal boot a device
Change-Id: I276ba6bc88eabb0d5562e4e96d3860eedb76aed5
Merged-In: I276ba6bc88eabb0d5562e4e96d3860eedb76aed5
(cherry picked from commit af7d85f83f8e73bbb6f087720017fd30707fa37a)
---
 Android.mk            | 31 ++++++++++++++++++++++++++++++-
 private/file_contexts |  1 +
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/Android.mk b/Android.mk
index d2f2fbbe4..c40d7a010 100644
--- a/Android.mk
+++ b/Android.mk
@@ -257,7 +257,8 @@ LOCAL_REQUIRED_MODULES += \
     odm_file_contexts \
     odm_seapp_contexts \
     odm_property_contexts \
-    odm_hwservice_contexts
+    odm_hwservice_contexts \
+    odm_mac_permissions.xml
 endif
 
 include $(BUILD_PHONY_PACKAGE)
@@ -1497,6 +1498,34 @@ $(all_vendor_mac_perms_files)
 vendor_mac_perms_keys.tmp :=
 all_vendor_mac_perms_files :=
 
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_mac_permissions.xml
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# Build keys.conf
+odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
+$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+	@mkdir -p $(dir $@)
+	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+
+all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
+$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
+$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
+$(all_odm_mac_perms_files)
+	@mkdir -p $(dir $@)
+	$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+
+odm_mac_perms_keys.tmp :=
+all_odm_mac_perms_files :=
+
 #################################
 include $(CLEAR_VARS)
 LOCAL_MODULE := sepolicy_tests
diff --git a/private/file_contexts b/private/file_contexts
index 00323cba6..c5169ff60 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -342,6 +342,7 @@
 /(odm|vendor/odm)/etc/selinux/odm_seapp_contexts                u:object_r:seapp_contexts_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_property_contexts             u:object_r:property_contexts_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts            u:object_r:hwservice_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_mac_permissions.xml           u:object_r:mac_perms_file:s0
 
 #############################
 # Product files
-- 
GitLab