Add BOARD_SEPOLICY_IGNORE

See README for further details.

Change-Id: I4599c7ecd5a552e38de89d0a9e496e047068fe05

Android.mk

@@ -25,7 +25,8 @@ $(foreach pf, $(BOARD_SEPOLICY_REPLACE), \
     $(error Ambiguous request for sepolicy $(pf). Appears in both \
       BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION), \
   ) \
-  $(eval _paths := $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS)))) \
+  $(eval _paths := $(filter-out $(BOARD_SEPOLICY_IGNORE), \
+  $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS))))) \
   $(eval _occurrences := $(words $(_paths))) \
   $(if $(filter 0,$(_occurrences)), \
     $(error No sepolicy file found for $(pf) in $(BOARD_SEPOLICY_DIRS)), \
@@ -45,15 +46,17 @@ $(foreach pf, $(BOARD_SEPOLICY_REPLACE), \
 # product variables.
 # $(1): the set of policy name paths to build
 build_policy = $(foreach type, $(1), \
-  $(foreach expanded_type, $(notdir $(wildcard $(addsuffix /$(type), $(LOCAL_PATH)))), \
-    $(if $(filter $(expanded_type), $(BOARD_SEPOLICY_REPLACE)), \
-      $(wildcard $(addsuffix $(expanded_type), $(sort $(dir $(sepolicy_replace_paths))))), \
-      $(LOCAL_PATH)/$(expanded_type) \
+  $(filter-out $(BOARD_SEPOLICY_IGNORE), \
+    $(foreach expanded_type, $(notdir $(wildcard $(addsuffix /$(type), $(LOCAL_PATH)))), \
+      $(if $(filter $(expanded_type), $(BOARD_SEPOLICY_REPLACE)), \
+        $(wildcard $(addsuffix $(expanded_type), $(sort $(dir $(sepolicy_replace_paths))))), \
+        $(LOCAL_PATH)/$(expanded_type) \
+      ) \
     ) \
-  ) \
-  $(foreach union_policy, $(wildcard $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS))), \
-    $(if $(filter $(notdir $(union_policy)), $(BOARD_SEPOLICY_UNION)), \
-      $(union_policy), \
+    $(foreach union_policy, $(wildcard $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS))), \
+      $(if $(filter $(notdir $(union_policy)), $(BOARD_SEPOLICY_UNION)), \
+        $(union_policy), \
+      ) \
     ) \
   ) \
 )

README

@@ -8,6 +8,7 @@ they are:
 1. BOARD_SEPOLICY_REPLACE
 2. BOARD_SEPOLICY_UNION
 3. BOARD_SEPOLICY_DIRS
+4. BOARD_SEPOLICY_IGNORE
 
 The variables should be set in the BoardConfig.mk file in
 the device or vendor directories.
@@ -38,7 +39,9 @@ multiple times on the policy search path defined by BOARD_SEPOLICY_DIRS.
 eg.) if you specify shell.te in BOARD_SEPOLICY_REPLACE and
 BOARD_SEPOLICY_DIRS is set to
 "vendor/widget/common/sepolicy device/widget/x/sepolicy" and shell.te
-appears in both locations, it is an error.
+appears in both locations, it is an error. Unless it is in
+BOARD_SEPOLICY_IGNORE to be filtered out. See BOARD_SEPOLICY_IGNORE
+for more details.
 
 It is an error to specify the same file name in both
 BOARD_POLICY_REPLACE and BOARD_POLICY_UNION.
@@ -46,7 +49,23 @@ BOARD_POLICY_REPLACE and BOARD_POLICY_UNION.
 It is an error to specify a BOARD_SEPOLICY_DIRS that has no entries when
 specifying BOARD_SEPOLICY_REPLACE.
 
-Example Usage:
+BOARD_SEPOLICY_IGNORE is a list of paths (directory + filename) of
+files that are not to be included in the resulting policy. This list
+is passed to filter-out to remove any paths you may want to ignore. This
+is useful if you have numerous config directories that contain a file
+and you want to NOT include a particular file in your resulting
+policy file, either by UNION or REPLACE.
+Eg.) Suppose the follwoing:
+     BOARD_SEPOLICY_DIRS := X Y
+     BOARD_SEPOLICY_REPLACE := A
+     BOARD_SEPOLICY_IGNORE := X/A
+
+     Directories X and Y contain A.
+
+     The resulting policy is created by using Y/A only, thus X/A was
+     ignored.
+
+Example BoardConfig.mk Usage:
 From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
 
 BOARD_SEPOLICY_DIRS := \