From af56ac19545ff083ceb3c1ddf4bf8e2663d4b934 Mon Sep 17 00:00:00 2001
From: Matt Finifter <finifter@google.com>
Date: Tue, 17 Jul 2012 11:32:22 -0700
Subject: [PATCH] Include su.te only for userdebug/eng builds.

Change-Id: Ia544f13910abbe5e9f6a6cafae397415a41a7a94
---
 Android.mk                 | 17 +++++++++++++++--
 su.te => conditional/su.te |  0
 2 files changed, 15 insertions(+), 2 deletions(-)
 rename su.te => conditional/su.te (100%)

diff --git a/Android.mk b/Android.mk
index ee1a93132..6fc3545e6 100644
--- a/Android.mk
+++ b/Android.mk
@@ -29,11 +29,24 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 include $(BUILD_SYSTEM)/base_rules.mk
 
 sepolicy_policy.conf := $(intermediates)/policy.conf
+
+# Build up the list of policy files (the order matters, since they will all be
+# cat'd together)
+POLICY_DEPENDS := $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te))
+
+# Add extra policy for "su", but only for eng and userdebug builds
+ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+POLICY_DEPENDS += $(wildcard $(addprefix $(LOCAL_PATH)/conditional/, su.te))
+endif
+
+# Add in the rest of the policy
+POLICY_DEPENDS += $(wildcard $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users ocontexts))
+
 $(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
 $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
-$(sepolicy_policy.conf) : $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te) $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users ocontexts))
+$(sepolicy_policy.conf) : $(POLICY_DEPENDS)
 	@mkdir -p $(dir $@)
-	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@
+	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $(POLICY_DEPENDS) > $@
 
 $(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
 	@mkdir -p $(dir $@)
diff --git a/su.te b/conditional/su.te
similarity index 100%
rename from su.te
rename to conditional/su.te
-- 
GitLab