Reland: Add system_ext_userdebug_plat_sepolicy.cil for GSI
system_ext_userdebug_plat_sepolicy.cil is a copy of userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the system_ext partition. The build rule is gated by a BoardConfig variable, so products other than GSI cannot accidentally install this module. Bug: 188067818 Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash gsi_arm64-user from master, device can boot and `adb root` works Change-Id: I75183e2dfdb434aee0b015b1627c9e23b4f3437f
This commit is contained in:
parent
498df59c64
commit
857ffc429f
2 changed files with 31 additions and 0 deletions
30
Android.bp
30
Android.bp
|
@ -792,6 +792,36 @@ se_policy_cil {
|
|||
debug_ramdisk: true,
|
||||
}
|
||||
|
||||
// A copy of the userdebug_plat_policy in GSI.
|
||||
soong_config_module_type {
|
||||
name: "gsi_se_policy_cil",
|
||||
module_type: "se_policy_cil",
|
||||
config_namespace: "ANDROID",
|
||||
bool_variables: [
|
||||
"PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT",
|
||||
],
|
||||
properties: [
|
||||
"enabled",
|
||||
"installable",
|
||||
],
|
||||
}
|
||||
|
||||
gsi_se_policy_cil {
|
||||
name: "system_ext_userdebug_plat_sepolicy.cil",
|
||||
stem: "userdebug_plat_sepolicy.cil",
|
||||
src: ":userdebug_plat_sepolicy.conf",
|
||||
additional_cil_files: ["private/technical_debt.cil"],
|
||||
system_ext_specific: true,
|
||||
enabled: false,
|
||||
installable: false,
|
||||
soong_config_variables: {
|
||||
PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT: {
|
||||
enabled: true,
|
||||
installable: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
// system_ext_policy.conf - A combination of the private and public system_ext
|
||||
// policy which will ship with the device. System_ext policy is not attributized
|
||||
se_policy_conf {
|
||||
|
|
|
@ -477,6 +477,7 @@
|
|||
/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0
|
||||
/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||
/(system_ext|system/system_ext)/etc/selinux/userdebug_plat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
|
||||
/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
|
||||
/(system_ext|system/system_ext)/bin/aidl_lazy_cb_test_server u:object_r:aidl_lazy_test_server_exec:s0
|
||||
|
|
Loading…
Reference in a new issue