Separate product_mac_permissions.xml out of system sepolicy.
Bug: 119305624 Test: normal/recovery boot aosp_taimen Change-Id: I46da995886ce421bb87e741d577f659426ff79c4
This commit is contained in:
parent
6ac0896b90
commit
35650d50a1
2 changed files with 31 additions and 2 deletions
32
Android.mk
32
Android.mk
|
@ -290,6 +290,7 @@ LOCAL_REQUIRED_MODULES += \
|
||||||
product_property_contexts \
|
product_property_contexts \
|
||||||
product_seapp_contexts \
|
product_seapp_contexts \
|
||||||
product_service_contexts \
|
product_service_contexts \
|
||||||
|
product_mac_permissions.xml \
|
||||||
|
|
||||||
endif
|
endif
|
||||||
include $(BUILD_PHONY_PACKAGE)
|
include $(BUILD_PHONY_PACKAGE)
|
||||||
|
@ -1743,8 +1744,7 @@ $(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLIC
|
||||||
@mkdir -p $(dir $@)
|
@mkdir -p $(dir $@)
|
||||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||||
|
|
||||||
# TODO(b/119305624): Move product-specific sepolicy out of plat_mac_permissions.
|
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
|
||||||
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
|
||||||
|
|
||||||
# Should be synced with keys.conf.
|
# Should be synced with keys.conf.
|
||||||
all_plat_keys := platform media shared testkey
|
all_plat_keys := platform media shared testkey
|
||||||
|
@ -1764,6 +1764,34 @@ plat_mac_perms_keys.tmp :=
|
||||||
##################################
|
##################################
|
||||||
include $(CLEAR_VARS)
|
include $(CLEAR_VARS)
|
||||||
|
|
||||||
|
LOCAL_MODULE := product_mac_permissions.xml
|
||||||
|
LOCAL_MODULE_CLASS := ETC
|
||||||
|
LOCAL_MODULE_TAGS := optional
|
||||||
|
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||||
|
|
||||||
|
include $(BUILD_SYSTEM)/base_rules.mk
|
||||||
|
|
||||||
|
# Build keys.conf
|
||||||
|
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
|
||||||
|
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
|
$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||||
|
@mkdir -p $(dir $@)
|
||||||
|
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||||
|
|
||||||
|
all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||||
|
|
||||||
|
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
|
||||||
|
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||||
|
$(all_product_mac_perms_files)
|
||||||
|
@mkdir -p $(dir $@)
|
||||||
|
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||||
|
|
||||||
|
product_mac_perms_keys.tmp :=
|
||||||
|
all_product_mac_perms_files :=
|
||||||
|
|
||||||
|
##################################
|
||||||
|
include $(CLEAR_VARS)
|
||||||
|
|
||||||
LOCAL_MODULE := vendor_mac_permissions.xml
|
LOCAL_MODULE := vendor_mac_permissions.xml
|
||||||
LOCAL_MODULE_CLASS := ETC
|
LOCAL_MODULE_CLASS := ETC
|
||||||
LOCAL_MODULE_TAGS := optional
|
LOCAL_MODULE_TAGS := optional
|
||||||
|
|
|
@ -379,6 +379,7 @@
|
||||||
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
|
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
|
||||||
/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
|
/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||||
/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
|
/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
|
||||||
|
/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# Product-Services files
|
# Product-Services files
|
||||||
|
|
Loading…
Reference in a new issue