From 5520f2865354fdf84602e5d111ea1ff1c7e21c68 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 29 May 2014 16:41:03 -0400 Subject: [PATCH] Use a separate policy for the recovery image. Only the recovery image needs to include the recovery domain in its policy, so create a separate policy for the recovery image and replace the root policy with this one when building the recovery image. Depends on the change with the same Change-Id in external/sepolicy. Change-Id: I444107f9821eabf4164ba07a44d03bd71e719989 Signed-off-by: Stephen Smalley --- core/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/Makefile b/core/Makefile index 471dcb41d..bb3e64eaf 100644 --- a/core/Makefile +++ b/core/Makefile @@ -650,6 +650,7 @@ ifeq (,$(filter true, $(TARGET_NO_KERNEL) $(TARGET_NO_RECOVERY))) INSTALLED_RECOVERYIMAGE_TARGET := $(PRODUCT_OUT)/recovery.img recovery_initrc := $(call include-path-for, recovery)/etc/init.rc +recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_build_prop := $(INSTALLED_BUILD_PROP_TARGET) @@ -724,7 +725,7 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ $(INSTALLED_RAMDISK_TARGET) \ $(INSTALLED_BOOTIMAGE_TARGET) \ $(recovery_binary) \ - $(recovery_initrc) $(recovery_kernel) \ + $(recovery_initrc) $(recovery_sepolicy) $(recovery_kernel) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) \ $(recovery_fstab) \ @@ -738,6 +739,8 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ @echo Modifying ramdisk contents... $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc $(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/ + $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy + $(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy $(hide) -cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ $(hide) cp -f $(recovery_binary) $(TARGET_RECOVERY_ROOT_OUT)/sbin/ $(hide) cp -rf $(recovery_resources_common) $(TARGET_RECOVERY_ROOT_OUT)/ -- 2.11.0