From ff2107f88ef78bdff059c74afbe5d5749e2eb0f7 Mon Sep 17 00:00:00 2001
From: Hung-ying Tyan <tyanh@google.com>
Date: Tue, 5 Sep 2017 21:51:52 +0800
Subject: [PATCH] Don't create nonplat_service_contexts on full_treble devices

On full Treble devices, servicemanager should only host services
served from processes on /system; nonplat_service_contexts
should not be created at all in this case.

Bug: 36866029
Test: Build marlin and walleye and make sure nonplat_service_contexts
      is not created.

Change-Id: Id02c314abbb98fc69884198779488c52231d22c3
---
 Android.mk   | 14 +++++++++-----
 CleanSpec.mk |  3 +++
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/Android.mk b/Android.mk
index 8491d6075..7e862dd23 100644
--- a/Android.mk
+++ b/Android.mk
@@ -216,7 +216,6 @@ LOCAL_REQUIRED_MODULES += \
     nonplat_mac_permissions.xml \
     nonplat_property_contexts \
     nonplat_seapp_contexts \
-    nonplat_service_contexts \
     nonplat_hwservice_contexts \
     plat_file_contexts \
     plat_mac_permissions.xml \
@@ -227,6 +226,10 @@ LOCAL_REQUIRED_MODULES += \
     searchpolicy.py \
     vndservice_contexts \
 
+ifneq ($(PRODUCT_FULL_TREBLE),true)
+LOCAL_REQUIRED_MODULES += nonplat_service_contexts
+endif
+
 ifneq ($(with_asan),true)
 LOCAL_REQUIRED_MODULES += \
     sepolicy_tests \
@@ -954,16 +957,15 @@ plat_svcfiles :=
 plat_service_contexts.tmp :=
 
 ##################################
+# nonplat_service_contexts is only allowed on non-full-treble devices
+ifneq ($(PRODUCT_FULL_TREBLE),true)
+
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := nonplat_service_contexts
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
-ifeq ($(PRODUCT_FULL_TREBLE),true)
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-else
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
-endif
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -986,6 +988,8 @@ built_nonplat_svc := $(LOCAL_BUILT_MODULE)
 nonplat_svcfiles :=
 nonplat_service_contexts.tmp :=
 
+endif
+
 ##################################
 include $(CLEAR_VARS)
 
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 09331156f..42d451c96 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -71,3 +71,6 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/mapping_sepolicy
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/plat_sepolicy.cil.sha256)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/precompiled_sepolicy.plat.sha256)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/mapping_sepolicy.cil)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/nonplat_service_contexts)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/ETC/nonplat_service_contexts_intermediates)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/NOTICE_FILES/src/vendor/etc/selinux/nonplat_service_contexts.txt)
-- 
GitLab