From 8c53a331c39c788fc8f68acd7f0115be089a0e9a Mon Sep 17 00:00:00 2001 From: Felix Date: Tue, 14 Jul 2020 21:28:51 +0200 Subject: [PATCH] Android.mk: Support SYSTEM_EXT* sepolicy The new variable name reflects its actual usage. Keep compatibility with BOARD_PLAT_* because it has been a convention for years. Amend the README to document the new variables. Test: `make selinux_policy` with `SYSTEM_EXT_{PUBLIC,PRIVATE}_SEPOLICY_DIRS` set, observe additions in `$(TARGET_COPY_OUT_SYSTEM_EXT)/etc/selinux` Signed-off-by: Felix Change-Id: If8188feb365eb9e500f2270241fa190a20e9de01 --- Android.mk | 14 ++++++++++++-- README | 11 +++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/Android.mk b/Android.mk index b667fd206..26ec09862 100644 --- a/Android.mk +++ b/Android.mk @@ -52,8 +52,18 @@ PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask -SYSTEM_EXT_PUBLIC_POLICY := $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) -SYSTEM_EXT_PRIVATE_POLICY := $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) + +SYSTEM_EXT_PUBLIC_POLICY := $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) +ifneq (,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)) + # TODO: Disallow BOARD_PLAT_* + SYSTEM_EXT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) +endif +SYSTEM_EXT_PRIVATE_POLICY := $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) +ifneq (,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)) + # TODO: Disallow BOARD_PLAT_* + SYSTEM_EXT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) +endif + PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS) PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS) diff --git a/README b/README index 43d9bbca9..f14ac67e6 100644 --- a/README +++ b/README @@ -34,6 +34,17 @@ From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy +Alongside vendor sepolicy dirs, OEMs can also amend the public and private +policy of the product and system_ext partitions: + +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/systemext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/systemext/private +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/product/public +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/product/private + +The old BOARD_PLAT_PUBLIC_SEPOLICY_DIR and BOARD_PLAT_PRIVATE_SEPOLICY_DIR +variables have been deprecated in favour of SYSTEM_EXT_*. + Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4 definitions during the build. A definition consists of a string in the form of macro-name=value. Spaces must NOT be present. This is useful for building modular