diff --git a/Android.mk b/Android.mk
index 2d5dc45678c713ffe4671f831ace2cfc6b29a40f..bad72579b130c32441defdda41dba762d6564d33 100644
--- a/Android.mk
+++ b/Android.mk
@@ -22,6 +22,10 @@ ifdef BOARD_SEPOLICY_UNION
 $(warning BOARD_SEPOLICY_UNION is no longer required - all files found in BOARD_SEPOLICY_DIRS are implicitly unioned; please remove from your BoardConfig.mk or other .mk file.)
 endif
 
+ifdef BOARD_SEPOLICY_M4DEFS
+LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS))
+endif
+
 # Builds paths for all policy files found in BOARD_SEPOLICY_DIRS.
 # $(1): the set of policy name paths to build
 build_policy = $(foreach type, $(1), $(wildcard $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS))))
@@ -57,9 +61,11 @@ include $(BUILD_SYSTEM)/base_rules.mk
 sepolicy_policy.conf := $(intermediates)/policy.conf
 $(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
 $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files))
 	@mkdir -p $(dir $@)
-	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
+	$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
+		-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
 		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
@@ -84,9 +90,11 @@ include $(BUILD_SYSTEM)/base_rules.mk
 sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf
 $(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
 $(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(sepolicy_policy_recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files))
 	@mkdir -p $(dir $@)
-	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
+	$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
+		-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
 		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
 		-D target_recovery=true \
 		-s $^ > $@
@@ -155,9 +163,10 @@ all_fc_files := $(call build_policy, $(all_fc_files))
 
 $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
 $(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(all_fc_files)
+$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(LOCAL_BUILT_MODULE): $(all_fc_files) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
 	@mkdir -p $(dir $@)
-	$(hide) m4 -s $(PRIVATE_FC_FILES) > $@
+	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@
 
 built_fc := $(LOCAL_BUILT_MODULE)
@@ -246,9 +255,10 @@ include $(BUILD_SYSTEM)/base_rules.mk
 ALL_PC_FILES := $(call build_policy, property_contexts)
 
 $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
 	@mkdir -p $(dir $@)
-	$(hide) m4 -s $(ALL_PC_FILES) > $@
+	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(ALL_PC_FILES) > $@
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
 
 built_pc := $(LOCAL_BUILT_MODULE)
@@ -283,9 +293,10 @@ include $(BUILD_SYSTEM)/base_rules.mk
 ALL_SVC_FILES := $(call build_policy, service_contexts)
 
 $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(LOCAL_BUILT_MODULE): $(ALL_SVC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
 	@mkdir -p $(dir $@)
-	$(hide) m4 -s $(ALL_SVC_FILES) > $@
+	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(ALL_SVC_FILES) > $@
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
 
 built_svc := $(LOCAL_BUILT_MODULE)
@@ -319,9 +330,10 @@ include $(BUILD_SYSTEM)/base_rules.mk
 
 # Build keys.conf
 mac_perms_keys.tmp := $(intermediates)/keys.tmp
+$(mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(mac_perms_keys.tmp): $(call build_policy, keys.conf)
 	@mkdir -p $(dir $@)
-	$(hide) m4 -s $^ > $@
+	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
 
 ALL_MAC_PERMS_FILES := $(call build_policy, $(LOCAL_MODULE))
 
diff --git a/README b/README
index 8202c67af808792dacc2b8bd2ae8bc9b215f67cc..972997a10f7abde07f070d58ae7397165529fe1f 100644
--- a/README
+++ b/README
@@ -26,6 +26,21 @@ From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
 
 BOARD_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
 
+Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4
+definitions during the build. A definition consists of a string in the form
+of macro-name=value. Spaces must NOT be present. This is useful for building modular
+policies, policy generation, conditional file paths, etc. It is supported in
+the following file types:
+ * All *.te and SE Linux policy files as passed to checkpolicy
+ * file_contexts
+ * service_contexts
+ * property_contexts
+ * keys.conf
+
+Example BoardConfig.mk Usage:
+BOARD_SEPOLICY_M4DEFS += btmodule=foomatic \
+                         btdevice=/dev/gps
+
 SPECIFIC POLICY FILE INFORMATION
 
 mac_permissions.xml: