From 51455fe9773e5b3e920e149c6fc48e34b2ab1327 Mon Sep 17 00:00:00 2001
From: Dan Cashman <dcashman@google.com>
Date: Tue, 23 May 2017 14:47:16 -0700
Subject: [PATCH] Restrict BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to one
 dir.

These directories were added to allow for partner extensions to the
android framework without needing to add changes to the AOSP global
sepolicy.  There should only ever be one owner of the framework and
corresponding updates, so enforce this restriction to prevent
accidental accrual of policy in the system image.

Bug: 36467375
Test: Add public and private files to policy and verify that they are
added to the appropriate policy files.  Also test that specifying
multiple directories for public or private results in an error.

Change-Id: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
Merged-In: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
(cherry picked from commit 1633da06afc155342b66c581668f52951a1278d7)
---
 Android.mk | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Android.mk b/Android.mk
index 8be26c67e..0a2e7b72a 100644
--- a/Android.mk
+++ b/Android.mk
@@ -80,9 +80,21 @@ endif
 #    - compile output binary policy file
 
 PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
-PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIRS)
+ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
+ifneq (1, $(words $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)))
+$(error BOARD_PLAT_PUBLIC_SEPOLICY_DIR must only contain one directory)
+else
+PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
+endif
+endif
 PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
-PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIRS)
+ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
+ifneq (1, $(words $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)))
+$(error BOARD_PLAT_PRIVATE_SEPOLICY_DIR must only contain one directory)
+else
+PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
+endif
+endif
 PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
 REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask