From e693ed7c187804b3b1ae49bf0d31bd43e7a19e08 Mon Sep 17 00:00:00 2001
From: William Roberts <bill.c.roberts@gmail.com>
Date: Fri, 15 Mar 2013 09:30:27 -0400
Subject: [PATCH] Remove the su domain from -user builds.

Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7
---
 Android.mk | 6 ++++++
 su_user.te | 4 ++++
 2 files changed, 10 insertions(+)
 create mode 100644 su_user.te

diff --git a/Android.mk b/Android.mk
index 085a3625e..3af7591d8 100644
--- a/Android.mk
+++ b/Android.mk
@@ -10,6 +10,12 @@ POLICYVERS ?= 24
 MLS_SENS=1
 MLS_CATS=1024
 
+ifeq ($(TARGET_BUILD_VARIANT),user)
+	BOARD_SEPOLICY_IGNORE+=external/sepolicy/su.te
+else
+	BOARD_SEPOLICY_IGNORE+=external/sepolicy/su_user.te
+endif
+
 # Quick edge case error detection for BOARD_SEPOLICY_REPLACE.
 # Builds the singular path for each replace file.
 sepolicy_replace_paths :=
diff --git a/su_user.te b/su_user.te
new file mode 100644
index 000000000..77fc535c9
--- /dev/null
+++ b/su_user.te
@@ -0,0 +1,4 @@
+# File types must be defined for file_contexts.
+type su_exec, file_type;
+
+# No allow rules
-- 
GitLab