From 086189145caa9b154d02aa3a888a8815bb60a0d5 Mon Sep 17 00:00:00 2001 From: dcashman Date: Mon, 28 Nov 2016 07:19:35 -0800 Subject: [PATCH] Add build dependencies for split sepolicy files. Add build targets for split sepolicy files so they'll appear in the root dir for on-device compilation. nonplat_sepolicy will eventually be removed as it should be provided by a different partition. Also replace sepolicy.recovery with the appropriate split components. Bug: 31363362 Test: Policy builds on-device and boots. Change-Id: I017dabe6940c3cd20de6c00bb5253274d5a9269b --- core/Makefile | 21 ++++++++++++++++----- target/product/embedded.mk | 4 +++- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/core/Makefile b/core/Makefile index c40945811..851c38eac 100644 --- a/core/Makefile +++ b/core/Makefile @@ -900,7 +900,12 @@ INTERNAL_RECOVERYIMAGE_FILES := $(filter $(TARGET_RECOVERY_OUT)/%, \ $(ALL_DEFAULT_INSTALLED_MODULES)) recovery_initrc := $(call include-path-for, recovery)/etc/init.rc -recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery +recovery_mapping_sepolicy := \ + $(call intermediates-dir-for,ETC,mapping_sepolicy.recovery.cil)/mapping_sepolicy.recovery.cil +recovery_nonplat_sepolicy := \ + $(call intermediates-dir-for,ETC,nonplat_sepolicy.recovery.cil)/nonplat_sepolicy.recovery.cil +recovery_plat_sepolicy := \ + $(call intermediates-dir-for,ETC,plat_sepolicy.recovery.cil)/plat_sepolicy.recovery.cil recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_build_prop := $(intermediate_system_build_prop) @@ -1021,8 +1026,12 @@ define build-recoveryimage-target @echo Modifying ramdisk contents... $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc $(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/ - $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy - $(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy + $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/mapping_sepolicy.cil + $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/nonplat_sepolicy.cil + $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/plat_sepolicy.cil + $(hide) cp -f $(recovery_mapping_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/mapping_sepolicy.cil + $(hide) cp -f $(recovery_nonplat_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/nonplat_sepolicy.cil + $(hide) cp -f $(recovery_plat_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/plat_sepolicy.cil $(hide) cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ || true # Ignore error when the src file doesn't exist. $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/res $(hide) rm -rf $(TARGET_RECOVERY_ROOT_OUT)/res/* @@ -1076,7 +1085,8 @@ endif $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ $(INSTALLED_RAMDISK_TARGET) \ $(INTERNAL_RECOVERYIMAGE_FILES) \ - $(recovery_initrc) $(recovery_sepolicy) $(recovery_kernel) \ + $(recovery_initrc) $(recovery_mapping_sepolicy) $(recovery_nonplat_sepolicy) \ + $(recovery_plat_sepolicy) $(recovery_kernel) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) \ $(recovery_fstab) \ @@ -1089,7 +1099,8 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ $(INSTALLED_RAMDISK_TARGET) \ $(INSTALLED_BOOTIMAGE_TARGET) \ $(INTERNAL_RECOVERYIMAGE_FILES) \ - $(recovery_initrc) $(recovery_sepolicy) $(recovery_kernel) \ + $(recovery_initrc) $(recovery_mapping_sepolicy) $(recovery_nonplat_sepolicy) \ + $(recovery_plat_sepolicy) $(recovery_kernel) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) \ $(recovery_fstab) \ diff --git a/target/product/embedded.mk b/target/product/embedded.mk index 48916b2c9..670b30621 100644 --- a/target/product/embedded.mk +++ b/target/product/embedded.mk @@ -80,12 +80,14 @@ PRODUCT_PACKAGES += \ # SELinux packages PRODUCT_PACKAGES += \ file_contexts.bin \ + mapping_sepolicy.cil \ nonplat_mac_permissions.xml \ + nonplat_sepolicy.cil \ plat_mac_permissions.xml \ + plat_sepolicy.cil \ property_contexts \ seapp_contexts \ selinux_version \ - sepolicy \ service_contexts # Ensure that this property is always defined so that bionic_systrace.cpp -- 2.11.0