diff --git a/Android.mk b/Android.mk index b941bf370..3f691e904 100644 --- a/Android.mk +++ b/Android.mk @@ -15,14 +15,14 @@ LOCAL_REQUIRED_MODULES += \ mapping_sepolicy.cil \ nonplat_sepolicy.cil \ plat_sepolicy.cil \ - plat_sepolicy.cil.sha256 \ + plat_and_mapping_sepolicy.cil.sha256 \ secilc \ nonplat_file_contexts \ plat_file_contexts # Include precompiled policy, unless told otherwise ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false) -LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat.sha256 +LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat_and_mapping.sha256 endif else @@ -310,24 +310,10 @@ plat_policy.conf := ################################# include $(CLEAR_VARS) -LOCAL_MODULE := plat_sepolicy.cil.sha256 -LOCAL_MODULE_CLASS := ETC -LOCAL_MODULE_TAGS := optional -LOCAL_MODULE_PATH = $(TARGET_OUT)/etc/selinux - -include $(BUILD_SYSTEM)/base_rules.mk - -$(LOCAL_BUILT_MODULE): $(built_plat_cil) - sha256sum $^ | cut -d' ' -f1 > $@ - -################################# -include $(CLEAR_VARS) - LOCAL_MODULE := mapping_sepolicy.cil LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional -LOCAL_PROPRIETARY_MODULE := true -LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux +LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux include $(BUILD_SYSTEM)/base_rules.mk @@ -357,6 +343,19 @@ current_mapping.cil := ################################# include $(CLEAR_VARS) +LOCAL_MODULE := plat_and_mapping_sepolicy.cil.sha256 +LOCAL_MODULE_CLASS := ETC +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE_PATH = $(TARGET_OUT)/etc/selinux + +include $(BUILD_SYSTEM)/base_rules.mk + +$(LOCAL_BUILT_MODULE): $(built_plat_cil) $(built_mapping_cil) + cat $^ | sha256sum | cut -d' ' -f1 > $@ + +################################# +include $(CLEAR_VARS) + LOCAL_MODULE := nonplat_sepolicy.cil LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -444,10 +443,11 @@ $(built_plat_cil) $(built_mapping_cil) $(built_nonplat_cil) built_precompiled_sepolicy := $(LOCAL_BUILT_MODULE) ################################# -# SHA-256 digest of the plat_sepolicy.cil file against which precompiled_policy was built. +# SHA-256 digest of the plat_sepolicy.cil and mapping_sepolicy.cil files against +# which precompiled_policy was built. ################################# include $(CLEAR_VARS) -LOCAL_MODULE := precompiled_sepolicy.plat.sha256 +LOCAL_MODULE := precompiled_sepolicy.plat_and_mapping.sha256 LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -455,9 +455,9 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux include $(BUILD_SYSTEM)/base_rules.mk -$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILE := $(built_plat_cil) -$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) - sha256sum $(PRIVATE_CIL_FILE) | cut -d' ' -f1 > $@ +$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_plat_cil) $(built_mapping_cil) +$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_mapping_cil) + cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@ ################################# include $(CLEAR_VARS) diff --git a/CleanSpec.mk b/CleanSpec.mk index 496214943..9e2c464c1 100644 --- a/CleanSpec.mk +++ b/CleanSpec.mk @@ -65,4 +65,8 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/property_contexts) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/property_contexts) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/plat_property_contexts) + $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/nonplat_property_contexts) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/mapping_sepolicy.cil) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/plat_sepolicy.cil.sha256) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/precompiled_sepolicy.plat.sha256) diff --git a/private/file_contexts b/private/file_contexts index 9feeef9cf..e0b7e1c49 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -247,13 +247,14 @@ /system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 /system/bin/vr_wm u:object_r:vr_wm_exec:s0 /system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0 +/system/etc/selinux/mapping_sepolicy.cil u:object_r:sepolicy_file:s0 /system/etc/selinux/plat_mac_permissions.xml u:object_r:mac_perms_file:s0 /system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0 /system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0 /system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0 /system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0 /system/etc/selinux/plat_sepolicy.cil u:object_r:sepolicy_file:s0 -/system/etc/selinux/plat_sepolicy.cil.sha256 u:object_r:sepolicy_file:s0 +/system/etc/selinux/plat_and_mapping_sepolicy.cil.sha256 u:object_r:sepolicy_file:s0 /system/bin/vr_hwc u:object_r:vr_hwc_exec:s0 ############################# @@ -273,7 +274,6 @@ # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 -/vendor/etc/selinux/mapping_sepolicy.cil u:object_r:sepolicy_file:s0 /vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0 /vendor/etc/selinux/nonplat_property_contexts u:object_r:property_contexts_file:s0 /vendor/etc/selinux/nonplat_service_contexts u:object_r:service_contexts_file:s0 @@ -281,7 +281,7 @@ /vendor/etc/selinux/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0 /vendor/etc/selinux/nonplat_sepolicy.cil u:object_r:sepolicy_file:s0 /vendor/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0 -/vendor/etc/selinux/precompiled_sepolicy.plat.sha256 u:object_r:sepolicy_file:s0 +/vendor/etc/selinux/precompiled_sepolicy.plat_and_mapping.sha256 u:object_r:sepolicy_file:s0 /vendor/etc/selinux/vndservice_contexts u:object_r:vndservice_contexts_file:s0 #############################