diff --git a/Android.mk b/Android.mk index 9b0fe3787f4637604fbb7c42ef7c5156956cce69..c32bf8422bba2ffc436806daf1003cc686962963 100644 --- a/Android.mk +++ b/Android.mk @@ -706,45 +706,47 @@ nonplat_fcfiles_with_nl := ################################## include $(CLEAR_VARS) -LOCAL_MODULE := seapp_contexts +LOCAL_MODULE := plat_seapp_contexts LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) +plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) -$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files) -$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp +$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files) +$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp @mkdir -p $(dir $@) $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) -built_sc := $(LOCAL_BUILT_MODULE) -all_sc_files := +built_plat_sc := $(LOCAL_BUILT_MODULE) +plat_sc_files := ################################## include $(CLEAR_VARS) -LOCAL_MODULE := general_seapp_contexts +LOCAL_MODULE := nonplat_seapp_contexts LOCAL_MODULE_CLASS := ETC -LOCAL_MODULE_TAGS := tests +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) +nonplat_sc_files := $(call build_policy, seapp_contexts, $(BOARD_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) -$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy) -$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files) -$(LOCAL_BUILT_MODULE): $(built_general_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp +$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) +$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(nonplat_sc_files) +$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(nonplat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp @mkdir -p $(dir $@) - $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILE) + $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) -all_sc_files := +built_nonplat_sc := $(LOCAL_BUILT_MODULE) +nonplat_sc_files := ################################## include $(CLEAR_VARS) -LOCAL_MODULE := general_seapp_neverallows +LOCAL_MODULE := plat_seapp_neverallows LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := tests @@ -934,7 +936,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(built_sepolicy) $(built_pc) $(built_plat_fc) \ -$(buit_nonplat_fc) $(built_sc) $(built_svc) +$(buit_nonplat_fc) $(built_plat_sc) $(built_nonplat_sc) $(built_svc) @mkdir -p $(dir $@) $(hide) echo -n $(BUILD_FINGERPRINT_FROM_FILE) > $@ @@ -949,7 +951,8 @@ built_general_sepolicy := built_general_sepolicy.conf := built_nl := built_pc := -built_sc := +built_nonplat_sc := +built_plat_sc := built_sepolicy := built_svc := mapping_policy_nvr := diff --git a/private/file_contexts b/private/file_contexts index 80e192780ea998f189c59f144171510a5548b790..3fc8129175c97342897350e73e33613220395a9a 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -43,6 +43,8 @@ /plat_sepolicy\.cil u:object_r:rootfs:s0 /property_contexts u:object_r:property_contexts:s0 /seapp_contexts u:object_r:rootfs:s0 +/nonplat_seapp_contexts u:object_r:rootfs:s0 +/plat_seapp_contexts u:object_r:rootfs:s0 /sepolicy u:object_r:rootfs:s0 /service_contexts u:object_r:rootfs:s0 diff --git a/reqd_mask/seapp_contexts b/reqd_mask/seapp_contexts new file mode 100644 index 0000000000000000000000000000000000000000..0f4e0ad0e33cb6300c67139db5dcb13cf7011c3c --- /dev/null +++ b/reqd_mask/seapp_contexts @@ -0,0 +1,2 @@ +# empty seapp_contexts file - used to generate an empty seapp_contexts for +# devices without any non-platform seapp_contexts customizations.