diff --git a/Android.mk b/Android.mk
index 44c1ef61af1773398eeece2cc938029870cad339..aad54511ea13d981f183869675a386f6b7a4503d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -25,7 +25,8 @@ $(foreach pf, $(BOARD_SEPOLICY_REPLACE), \
$(error Ambiguous request for sepolicy $(pf). Appears in both \
BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION), \
) \
- $(eval _paths := $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS)))) \
+ $(eval _paths := $(filter-out $(BOARD_SEPOLICY_IGNORE), \
+ $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS))))) \
$(eval _occurrences := $(words $(_paths))) \
$(if $(filter 0,$(_occurrences)), \
$(error No sepolicy file found for $(pf) in $(BOARD_SEPOLICY_DIRS)), \
@@ -45,15 +46,17 @@ $(foreach pf, $(BOARD_SEPOLICY_REPLACE), \
# product variables.
# $(1): the set of policy name paths to build
build_policy = $(foreach type, $(1), \
- $(foreach expanded_type, $(notdir $(wildcard $(addsuffix /$(type), $(LOCAL_PATH)))), \
- $(if $(filter $(expanded_type), $(BOARD_SEPOLICY_REPLACE)), \
- $(wildcard $(addsuffix $(expanded_type), $(sort $(dir $(sepolicy_replace_paths))))), \
- $(LOCAL_PATH)/$(expanded_type) \
+ $(filter-out $(BOARD_SEPOLICY_IGNORE), \
+ $(foreach expanded_type, $(notdir $(wildcard $(addsuffix /$(type), $(LOCAL_PATH)))), \
+ $(if $(filter $(expanded_type), $(BOARD_SEPOLICY_REPLACE)), \
+ $(wildcard $(addsuffix $(expanded_type), $(sort $(dir $(sepolicy_replace_paths))))), \
+ $(LOCAL_PATH)/$(expanded_type) \
+ ) \
) \
- ) \
- $(foreach union_policy, $(wildcard $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS))), \
- $(if $(filter $(notdir $(union_policy)), $(BOARD_SEPOLICY_UNION)), \
- $(union_policy), \
+ $(foreach union_policy, $(wildcard $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS))), \
+ $(if $(filter $(notdir $(union_policy)), $(BOARD_SEPOLICY_UNION)), \
+ $(union_policy), \
+ ) \
) \
) \
)
diff --git a/README b/README
index 5cba383037658c1982efbb66186b91faaad9c721..3cdd01a23f82e4c59e17d7a102d8b86caa4510e1 100644
--- a/README
+++ b/README
@@ -8,6 +8,7 @@ they are:
1. BOARD_SEPOLICY_REPLACE
2. BOARD_SEPOLICY_UNION
3. BOARD_SEPOLICY_DIRS
+4. BOARD_SEPOLICY_IGNORE
The variables should be set in the BoardConfig.mk file in
the device or vendor directories.
@@ -38,7 +39,9 @@ multiple times on the policy search path defined by BOARD_SEPOLICY_DIRS.
eg.) if you specify shell.te in BOARD_SEPOLICY_REPLACE and
BOARD_SEPOLICY_DIRS is set to
"vendor/widget/common/sepolicy device/widget/x/sepolicy" and shell.te
-appears in both locations, it is an error.
+appears in both locations, it is an error. Unless it is in
+BOARD_SEPOLICY_IGNORE to be filtered out. See BOARD_SEPOLICY_IGNORE
+for more details.
It is an error to specify the same file name in both
BOARD_POLICY_REPLACE and BOARD_POLICY_UNION.
@@ -46,7 +49,23 @@ BOARD_POLICY_REPLACE and BOARD_POLICY_UNION.
It is an error to specify a BOARD_SEPOLICY_DIRS that has no entries when
specifying BOARD_SEPOLICY_REPLACE.
-Example Usage:
+BOARD_SEPOLICY_IGNORE is a list of paths (directory + filename) of
+files that are not to be included in the resulting policy. This list
+is passed to filter-out to remove any paths you may want to ignore. This
+is useful if you have numerous config directories that contain a file
+and you want to NOT include a particular file in your resulting
+policy file, either by UNION or REPLACE.
+Eg.) Suppose the follwoing:
+ BOARD_SEPOLICY_DIRS := X Y
+ BOARD_SEPOLICY_REPLACE := A
+ BOARD_SEPOLICY_IGNORE := X/A
+
+ Directories X and Y contain A.
+
+ The resulting policy is created by using Y/A only, thus X/A was
+ ignored.
+
+Example BoardConfig.mk Usage:
From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
BOARD_SEPOLICY_DIRS := \