delete recovery policy on changing build types

When the build type changes (for example, from "shamu-userdebug"
to "shamu-user"), the build system doesn't delete all files
and start over. Rather, build artifacts from the old build type
are reused for the new build type.

This is problematic for the recovery SELinux policy, which differs
between build types. Reusing a userdebug policy on a user build
is inappropriate and could lead to security bugs.

Force the deletion of the recovery SELinux policy when changing
build types, so it can be properly regenerated. This is consistent
with how we treat the normal SELinux policy (see commit
a8b3d54101eccb9950651103c199edf0ce2520f7).

Change-Id: I4ebafe3712dc121644828f6538865061aad58cc0

diff --git a/core/cleanbuild.mk b/core/cleanbuild.mk
index c5b15bc..0d6a406 100644 (file)
--- a/core/cleanbuild.mk
+++ b/core/cleanbuild.mk
@@ -253,6 +253,7 @@ installclean_files := \
        $(PRODUCT_OUT)/obj/EXECUTABLES/init_intermediates \
        $(PRODUCT_OUT)/obj/ETC/mac_permissions.xml_intermediates \
        $(PRODUCT_OUT)/obj/ETC/sepolicy_intermediates \
+       $(PRODUCT_OUT)/obj/ETC/sepolicy.recovery_intermediates \
        $(PRODUCT_OUT)/obj/ETC/init.environ.rc_intermediates
 
 # The files/dirs to delete during a dataclean, which removes any files