Separate product_mac_permissions.xml out of system sepolicy.

Bug: 119305624
Test: normal/recovery boot aosp_taimen

Change-Id: I46da995886ce421bb87e741d577f659426ff79c4
This commit is contained in:
Tri Vo 2018-12-21 16:07:21 -08:00
parent 6ac0896b90
commit 35650d50a1
2 changed files with 31 additions and 2 deletions

View file

@ -290,6 +290,7 @@ LOCAL_REQUIRED_MODULES += \
product_property_contexts \ product_property_contexts \
product_seapp_contexts \ product_seapp_contexts \
product_service_contexts \ product_service_contexts \
product_mac_permissions.xml \
endif endif
include $(BUILD_PHONY_PACKAGE) include $(BUILD_PHONY_PACKAGE)
@ -1743,8 +1744,7 @@ $(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLIC
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
# TODO(b/119305624): Move product-specific sepolicy out of plat_mac_permissions. all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
# Should be synced with keys.conf. # Should be synced with keys.conf.
all_plat_keys := platform media shared testkey all_plat_keys := platform media shared testkey
@ -1764,6 +1764,34 @@ plat_mac_perms_keys.tmp :=
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
LOCAL_MODULE := product_mac_permissions.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
# Build keys.conf
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_product_mac_perms_files)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
product_mac_perms_keys.tmp :=
all_product_mac_perms_files :=
##################################
include $(CLEAR_VARS)
LOCAL_MODULE := vendor_mac_permissions.xml LOCAL_MODULE := vendor_mac_permissions.xml
LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional LOCAL_MODULE_TAGS := optional

View file

@ -379,6 +379,7 @@
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0 /(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0 /(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0 /(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0
############################# #############################
# Product-Services files # Product-Services files