Android.mk: Support SYSTEM_EXT* sepolicy

The new variable name reflects its actual usage.

Keep compatibility with BOARD_PLAT_* because it has been a
convention for years.

Amend the README to document the new variables.

Test: `make selinux_policy` with
      `SYSTEM_EXT_{PUBLIC,PRIVATE}_SEPOLICY_DIRS` set,
      observe additions in `$(TARGET_COPY_OUT_SYSTEM_EXT)/etc/selinux`

Signed-off-by: Felix <google@ix5.org>
Change-Id: If8188feb365eb9e500f2270241fa190a20e9de01
This commit is contained in:
Felix 2020-07-14 21:28:51 +02:00
parent f74fa29aed
commit 8c53a331c3
2 changed files with 23 additions and 2 deletions

View file

@ -52,8 +52,18 @@ PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
SYSTEM_EXT_PUBLIC_POLICY := $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
SYSTEM_EXT_PRIVATE_POLICY := $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) SYSTEM_EXT_PUBLIC_POLICY := $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS)
ifneq (,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
# TODO: Disallow BOARD_PLAT_*
SYSTEM_EXT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
endif
SYSTEM_EXT_PRIVATE_POLICY := $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS)
ifneq (,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
# TODO: Disallow BOARD_PLAT_*
SYSTEM_EXT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
endif
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS) PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS) PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)

11
README
View file

@ -34,6 +34,17 @@ From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
Alongside vendor sepolicy dirs, OEMs can also amend the public and private
policy of the product and system_ext partitions:
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/systemext/public
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/systemext/private
PRODUCT_PUBLIC_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/product/public
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/acme/roadrunner-sepolicy/product/private
The old BOARD_PLAT_PUBLIC_SEPOLICY_DIR and BOARD_PLAT_PRIVATE_SEPOLICY_DIR
variables have been deprecated in favour of SYSTEM_EXT_*.
Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4 Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4
definitions during the build. A definition consists of a string in the form definitions during the build. A definition consists of a string in the form
of macro-name=value. Spaces must NOT be present. This is useful for building modular of macro-name=value. Spaces must NOT be present. This is useful for building modular