From 3cb10bbd3b376aecbbefffbe4d43105665bad345 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sat, 27 Feb 2016 10:41:41 -0800 Subject: [PATCH] delete recovery policy on changing build types When the build type changes (for example, from "shamu-userdebug" to "shamu-user"), the build system doesn't delete all files and start over. Rather, build artifacts from the old build type are reused for the new build type. This is problematic for the recovery SELinux policy, which differs between build types. Reusing a userdebug policy on a user build is inappropriate and could lead to security bugs. Force the deletion of the recovery SELinux policy when changing build types, so it can be properly regenerated. This is consistent with how we treat the normal SELinux policy (see commit a8b3d54101eccb9950651103c199edf0ce2520f7). Change-Id: I4ebafe3712dc121644828f6538865061aad58cc0 --- core/cleanbuild.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/core/cleanbuild.mk b/core/cleanbuild.mk index c5b15bcf0d..0d6a406cea 100644 --- a/core/cleanbuild.mk +++ b/core/cleanbuild.mk @@ -253,6 +253,7 @@ installclean_files := \ $(PRODUCT_OUT)/obj/EXECUTABLES/init_intermediates \ $(PRODUCT_OUT)/obj/ETC/mac_permissions.xml_intermediates \ $(PRODUCT_OUT)/obj/ETC/sepolicy_intermediates \ + $(PRODUCT_OUT)/obj/ETC/sepolicy.recovery_intermediates \ $(PRODUCT_OUT)/obj/ETC/init.environ.rc_intermediates # The files/dirs to delete during a dataclean, which removes any files