diff --git a/Android.mk b/Android.mk index 9ebe603a5..e487214bb 100644 --- a/Android.mk +++ b/Android.mk @@ -188,7 +188,7 @@ endef # Builds paths for all policy files found in BOARD_VENDOR_SEPOLICY_DIRS. # $(1): the set of policy name paths to build -build_vendor_policy = $(call build_policy, $(1), $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS)) +build_vendor_policy = $(call build_policy, $(1), $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS)) # Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS. build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS)) @@ -1230,7 +1230,7 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux include $(BUILD_SYSTEM)/base_rules.mk -vnd_svcfiles := $(call build_policy, vndservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) +vnd_svcfiles := $(call build_policy, vndservice_contexts, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY)) vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp $(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles) diff --git a/build/soong/filegroup.go b/build/soong/filegroup.go index 0d426afff..9dd4bd981 100644 --- a/build/soong/filegroup.go +++ b/build/soong/filegroup.go @@ -137,7 +137,6 @@ func (fg *fileGroup) DepsMutator(ctx android.BottomUpMutatorContext) {} func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) { fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public")) fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private")) - fg.systemVendorSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "vendor")) fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask")) fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs()) @@ -146,6 +145,11 @@ func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) { fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs()) fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs()) + systemVendorDirs := ctx.DeviceConfig().BoardPlatVendorPolicy() + if len(systemVendorDirs) == 0 || ctx.DeviceConfig().PlatformSepolicyVersion() == ctx.DeviceConfig().BoardSepolicyVers() { + systemVendorDirs = []string{filepath.Join(ctx.ModuleDir(), "vendor")} + } + fg.systemVendorSrcs = fg.findSrcsInDirs(ctx, systemVendorDirs) fg.vendorReqdMaskSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy()) fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs()) fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs()) diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go index fefdd4529..a40716ab1 100644 --- a/build/soong/selinux_contexts.go +++ b/build/soong/selinux_contexts.go @@ -162,9 +162,7 @@ func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleCo if ctx.ProductSpecific() { inputs = append(inputs, segroup.ProductPrivateSrcs()...) } else if ctx.SocSpecific() { - if ctx.DeviceConfig().BoardSepolicyVers() == ctx.DeviceConfig().PlatformSepolicyVersion() { - inputs = append(inputs, segroup.SystemVendorSrcs()...) - } + inputs = append(inputs, segroup.SystemVendorSrcs()...) inputs = append(inputs, segroup.VendorSrcs()...) } else if ctx.DeviceSpecific() { inputs = append(inputs, segroup.OdmSrcs()...) diff --git a/mac_permissions.mk b/mac_permissions.mk index 7827286d1..7c478b46a 100644 --- a/mac_permissions.mk +++ b/mac_permissions.mk @@ -119,8 +119,8 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux include $(BUILD_SYSTEM)/base_rules.mk -all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) -all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) +all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY)) +all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY)) # Build keys.conf vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp diff --git a/seapp_contexts.mk b/seapp_contexts.mk index b33b82087..c0c3abbd2 100644 --- a/seapp_contexts.mk +++ b/seapp_contexts.mk @@ -84,7 +84,7 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux include $(BUILD_SYSTEM)/base_rules.mk -vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) +vendor_sc_files := $(call build_policy, seapp_contexts, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY)) plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)