Skip to content
Snippets Groups Projects
Commit 8b7545bf authored by Robert Craig's avatar Robert Craig Committed by Nick Kralevich
Browse files

Build the selinux_version file. 


The selinux_version file is used to perform policy
versioning checks by libselinux and SELinuxMMAC. When
loading policy a check is first performed to determine
if the policy out in /data/security/current should be
used to override the base policy shipped with the device.
The selinux_version file is used to make that choice. The
contents of the file simply contains the BUILD_FINGERPRINT
that the policy was built against. A simple string comparison
is then performed by libselinux and SELinuxMMAC.

Change-Id: I69d9d071743cfd46bb247c98f94a193396f8ebbd
Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
parent 3235f61a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 3 deletions
Android.mk
+ 22
3
View file @ 8b7545bf
...@@ -153,7 +153,7 @@ $(LOCAL_BUILT_MODULE): $(ALL_FC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES ...@@ -153,7 +153,7 @@ $(LOCAL_BUILT_MODULE): $(ALL_FC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES
$(hide) m4 -s $(ALL_FC_FILES) > $@ $(hide) m4 -s $(ALL_FC_FILES) > $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@ $(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@
file_contexts := built_fc := $(LOCAL_BUILT_MODULE)
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
...@@ -174,7 +174,9 @@ $(LOCAL_BUILT_MODULE) : $(seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECU ...@@ -174,7 +174,9 @@ $(LOCAL_BUILT_MODULE) : $(seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECU
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $< $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $<
built_sc := $(LOCAL_BUILT_MODULE)
seapp_contexts.tmp := seapp_contexts.tmp :=
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
...@@ -193,8 +195,8 @@ $(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES ...@@ -193,8 +195,8 @@ $(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES
$(hide) m4 -s $(ALL_PC_FILES) > $@ $(hide) m4 -s $(ALL_PC_FILES) > $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@ $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
property_contexts := built_pc := $(LOCAL_BUILT_MODULE)
built_sepolicy :=
################################## ##################################
################################## ##################################
...@@ -233,8 +235,25 @@ $(LOCAL_BUILT_MODULE) : $(mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys ...@@ -233,8 +235,25 @@ $(LOCAL_BUILT_MODULE) : $(mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys
mac_perms_keys.tmp := mac_perms_keys.tmp :=
################################## ##################################
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_version
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE) : $(built_sepolicy) $(built_pc) $(built_fc) $(built_sc)
@mkdir -p $(dir $@)
$(hide) echo -n $(BUILD_FINGERPRINT) > $@
##################################
build_policy := build_policy :=
sepolicy_replace_paths := sepolicy_replace_paths :=
built_sepolicy :=
built_sc :=
built_fc :=
built_pc :=
include $(call all-makefiles-under,$(LOCAL_PATH)) include $(call all-makefiles-under,$(LOCAL_PATH))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment