Merge "sepolicy: refactor Android.mk"
am: 7d8146bc8a
Change-Id: I9eada04b1df3fa7ea238e983bb0961d957623b88
This commit is contained in:
commit
9ae82c2b10
7 changed files with 761 additions and 753 deletions
759
Android.mk
759
Android.mk
|
@ -1097,654 +1097,21 @@ $(LOCAL_BUILT_MODULE) : $(bug_files)
|
|||
|
||||
bug_files :=
|
||||
endif
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(local_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_plat_fc := $(LOCAL_BUILT_MODULE)
|
||||
local_fc_files :=
|
||||
local_fcfiles_with_nl :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_fc_files := $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
product_fcfiles_with_nl := $(call add_nl, $(product_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(product_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(product_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_product_fc := $(LOCAL_BUILT_MODULE)
|
||||
product_fc_files :=
|
||||
product_fcfiles_with_nl :=
|
||||
include $(LOCAL_PATH)/file_contexts.mk
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_fc_files := $(call build_vendor_policy, file_contexts)
|
||||
vendor_fcfiles_with_nl := $(call add_nl, $(vendor_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(vendor_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(vendor_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_vendor_fc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_fc_files :=
|
||||
vendor_fcfiles_with_nl :=
|
||||
include $(LOCAL_PATH)/seapp_contexts.mk
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_fc_files := $(call build_odm_policy, file_contexts)
|
||||
odm_fcfiles_with_nl := $(call add_nl, $(odm_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(odm_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(odm_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_odm_fc := $(LOCAL_BUILT_MODULE)
|
||||
odm_fc_files :=
|
||||
odm_fcfiles_with_nl :=
|
||||
include $(LOCAL_PATH)/property_contexts.mk
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := plat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_plat_fc)
|
||||
$(hide) cp -f $< $@
|
||||
include $(LOCAL_PATH)/service_contexts.mk
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := product_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_product_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := vendor_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_vendor_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := odm_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_odm_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := plat_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES)
|
||||
|
||||
built_plat_sc := $(LOCAL_BUILT_MODULE)
|
||||
plat_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_sc_files := $(call build_policy, seapp_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(product_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(product_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
product_sc_files :=
|
||||
plat_sc_neverallow_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(vendor_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(vendor_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
built_vendor_sc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(odm_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
built_odm_sc := $(LOCAL_BUILT_MODULE)
|
||||
odm_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := plat_seapp_neverallows
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := tests
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
- $(hide) grep -ihe '^neverallow' $< > $@
|
||||
|
||||
plat_sc_neverallow_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
ifeq ($(PRODUCT_COMPATIBLE_PROPERTY),true)
|
||||
plat_pcfiles += $(LOCAL_PATH)/public/property_contexts
|
||||
endif
|
||||
|
||||
plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
|
||||
$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
|
||||
$(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_property_contexts.tmp): $(plat_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_plat_pc := $(LOCAL_BUILT_MODULE)
|
||||
plat_pcfiles :=
|
||||
plat_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_pcfiles := $(call build_policy, property_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_property_contexts.tmp := $(intermediates)/product_property_contexts.tmp
|
||||
$(product_property_contexts.tmp): PRIVATE_PC_FILES := $(product_pcfiles)
|
||||
$(product_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_property_contexts.tmp): $(product_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_product_pc := $(LOCAL_BUILT_MODULE)
|
||||
product_pcfiles :=
|
||||
product_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_pcfiles := $(call build_policy, property_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_property_contexts.tmp := $(intermediates)/vendor_property_contexts.tmp
|
||||
$(vendor_property_contexts.tmp): PRIVATE_PC_FILES := $(vendor_pcfiles)
|
||||
$(vendor_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_property_contexts.tmp): $(vendor_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $@
|
||||
|
||||
built_vendor_pc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_pcfiles :=
|
||||
vendor_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_pcfiles := $(call build_policy, property_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
|
||||
odm_property_contexts.tmp := $(intermediates)/odm_property_contexts.tmp
|
||||
$(odm_property_contexts.tmp): PRIVATE_PC_FILES := $(odm_pcfiles)
|
||||
$(odm_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_property_contexts.tmp): $(odm_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_VENDOR_PC := $(built_vendor_pc)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(built_vendor_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $(PRIVATE_BUILT_VENDOR_PC) $@
|
||||
|
||||
built_odm_pc := $(LOCAL_BUILT_MODULE)
|
||||
odm_pcfiles :=
|
||||
odm_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := plat_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_plat_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := product_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_product_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := vendor_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_vendor_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := odm_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_odm_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_svcfiles := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
plat_service_contexts.tmp := $(intermediates)/plat_service_contexts.tmp
|
||||
$(plat_service_contexts.tmp): PRIVATE_SVC_FILES := $(plat_svcfiles)
|
||||
$(plat_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_service_contexts.tmp): $(plat_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_plat_svc := $(LOCAL_BUILT_MODULE)
|
||||
plat_svcfiles :=
|
||||
plat_service_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_svcfiles := $(call build_policy, service_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_service_contexts.tmp := $(intermediates)/product_service_contexts.tmp
|
||||
$(product_service_contexts.tmp): PRIVATE_SVC_FILES := $(product_svcfiles)
|
||||
$(product_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_service_contexts.tmp): $(product_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
product_svcfiles :=
|
||||
product_service_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
# nonplat_service_contexts is only allowed on non-full-treble devices
|
||||
ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_svcfiles := $(call build_policy, service_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_service_contexts.tmp := $(intermediates)/vendor_service_contexts.tmp
|
||||
$(vendor_service_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_svcfiles)
|
||||
$(vendor_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_service_contexts.tmp): $(vendor_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_vendor_svc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_svcfiles :=
|
||||
vendor_service_contexts.tmp :=
|
||||
|
||||
endif
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
plat_hwservice_contexts.tmp := $(intermediates)/plat_hwservice_contexts.tmp
|
||||
$(plat_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(plat_hwsvcfiles)
|
||||
$(plat_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_hwservice_contexts.tmp): $(plat_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
plat_hwsvcfiles :=
|
||||
plat_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_hwservice_contexts.tmp := $(intermediates)/product_hwservice_contexts.tmp
|
||||
$(product_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(product_hwsvcfiles)
|
||||
$(product_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_hwservice_contexts.tmp): $(product_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
product_hwsvcfiles :=
|
||||
product_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_hwservice_contexts.tmp := $(intermediates)/vendor_hwservice_contexts.tmp
|
||||
$(vendor_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_hwsvcfiles)
|
||||
$(vendor_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_hwservice_contexts.tmp): $(vendor_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
vendor_hwsvcfiles :=
|
||||
vendor_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_hwsvcfiles := $(call build_policy, hwservice_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
|
||||
odm_hwservice_contexts.tmp := $(intermediates)/odm_hwservice_contexts.tmp
|
||||
$(odm_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(odm_hwsvcfiles)
|
||||
$(odm_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_hwservice_contexts.tmp): $(odm_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
odm_hwsvcfiles :=
|
||||
odm_hwservice_contexts.tmp :=
|
||||
include $(LOCAL_PATH)/hwservice_contexts.mk
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
@ -1773,123 +1140,9 @@ $(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_E
|
|||
|
||||
vnd_svcfiles :=
|
||||
vndservice_contexts.tmp :=
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp
|
||||
$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
# Should be synced with keys.conf.
|
||||
all_plat_keys := platform media shared testkey
|
||||
all_plat_keys := $(all_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_plat_mac_perms_files) $(all_plat_keys)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
|
||||
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
all_mac_perms_files :=
|
||||
all_plat_keys :=
|
||||
plat_mac_perms_keys.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
|
||||
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_product_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
product_mac_perms_keys.tmp :=
|
||||
all_product_mac_perms_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
|
||||
$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_vendor_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
vendor_mac_perms_keys.tmp :=
|
||||
all_vendor_mac_perms_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
|
||||
$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_odm_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
odm_mac_perms_keys.tmp :=
|
||||
all_odm_mac_perms_files :=
|
||||
include $(LOCAL_PATH)/mac_permissions.mk
|
||||
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
|
|
169
file_contexts.mk
Normal file
169
file_contexts.mk
Normal file
|
@ -0,0 +1,169 @@
|
|||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(local_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_plat_fc := $(LOCAL_BUILT_MODULE)
|
||||
local_fc_files :=
|
||||
local_fcfiles_with_nl :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_fc_files := $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
product_fcfiles_with_nl := $(call add_nl, $(product_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(product_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(product_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_product_fc := $(LOCAL_BUILT_MODULE)
|
||||
product_fc_files :=
|
||||
product_fcfiles_with_nl :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_fc_files := $(call build_vendor_policy, file_contexts)
|
||||
vendor_fcfiles_with_nl := $(call add_nl, $(vendor_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(vendor_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(vendor_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_vendor_fc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_fc_files :=
|
||||
vendor_fcfiles_with_nl :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_fc_files := $(call build_odm_policy, file_contexts)
|
||||
odm_fcfiles_with_nl := $(call add_nl, $(odm_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(odm_fcfiles_with_nl)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
|
||||
$(odm_fcfiles_with_nl) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
|
||||
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
|
||||
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
|
||||
|
||||
built_odm_fc := $(LOCAL_BUILT_MODULE)
|
||||
odm_fc_files :=
|
||||
odm_fcfiles_with_nl :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := plat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_plat_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := product_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_product_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := vendor_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_vendor_fc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_file_contexts.recovery
|
||||
LOCAL_MODULE_STEM := odm_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_odm_fc)
|
||||
$(hide) cp -f $< $@
|
110
hwservice_contexts.mk
Normal file
110
hwservice_contexts.mk
Normal file
|
@ -0,0 +1,110 @@
|
|||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
plat_hwservice_contexts.tmp := $(intermediates)/plat_hwservice_contexts.tmp
|
||||
$(plat_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(plat_hwsvcfiles)
|
||||
$(plat_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_hwservice_contexts.tmp): $(plat_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
plat_hwsvcfiles :=
|
||||
plat_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_hwservice_contexts.tmp := $(intermediates)/product_hwservice_contexts.tmp
|
||||
$(product_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(product_hwsvcfiles)
|
||||
$(product_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_hwservice_contexts.tmp): $(product_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
product_hwsvcfiles :=
|
||||
product_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_hwservice_contexts.tmp := $(intermediates)/vendor_hwservice_contexts.tmp
|
||||
$(vendor_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_hwsvcfiles)
|
||||
$(vendor_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_hwservice_contexts.tmp): $(vendor_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
vendor_hwsvcfiles :=
|
||||
vendor_hwservice_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_hwservice_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_hwsvcfiles := $(call build_policy, hwservice_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
|
||||
odm_hwservice_contexts.tmp := $(intermediates)/odm_hwservice_contexts.tmp
|
||||
$(odm_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(odm_hwsvcfiles)
|
||||
$(odm_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_hwservice_contexts.tmp): $(odm_hwsvcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
odm_hwsvcfiles :=
|
||||
odm_hwservice_contexts.tmp :=
|
116
mac_permissions.mk
Normal file
116
mac_permissions.mk
Normal file
|
@ -0,0 +1,116 @@
|
|||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp
|
||||
$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
# Should be synced with keys.conf.
|
||||
all_plat_keys := platform media shared testkey
|
||||
all_plat_keys := $(all_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_plat_mac_perms_files) $(all_plat_keys)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
|
||||
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
all_mac_perms_files :=
|
||||
all_plat_keys :=
|
||||
plat_mac_perms_keys.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
|
||||
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_product_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
product_mac_perms_keys.tmp :=
|
||||
all_product_mac_perms_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
|
||||
$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_vendor_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
vendor_mac_perms_keys.tmp :=
|
||||
all_vendor_mac_perms_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := odm_mac_permissions.xml
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
# Build keys.conf
|
||||
odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
|
||||
$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
|
||||
$(all_odm_mac_perms_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
|
||||
|
||||
odm_mac_perms_keys.tmp :=
|
||||
all_odm_mac_perms_files :=
|
170
property_contexts.mk
Normal file
170
property_contexts.mk
Normal file
|
@ -0,0 +1,170 @@
|
|||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
ifeq ($(PRODUCT_COMPATIBLE_PROPERTY),true)
|
||||
plat_pcfiles += $(LOCAL_PATH)/public/property_contexts
|
||||
endif
|
||||
|
||||
plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
|
||||
$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
|
||||
$(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_property_contexts.tmp): $(plat_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_plat_pc := $(LOCAL_BUILT_MODULE)
|
||||
plat_pcfiles :=
|
||||
plat_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_pcfiles := $(call build_policy, property_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_property_contexts.tmp := $(intermediates)/product_property_contexts.tmp
|
||||
$(product_property_contexts.tmp): PRIVATE_PC_FILES := $(product_pcfiles)
|
||||
$(product_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_property_contexts.tmp): $(product_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_product_pc := $(LOCAL_BUILT_MODULE)
|
||||
product_pcfiles :=
|
||||
product_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_pcfiles := $(call build_policy, property_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_property_contexts.tmp := $(intermediates)/vendor_property_contexts.tmp
|
||||
$(vendor_property_contexts.tmp): PRIVATE_PC_FILES := $(vendor_pcfiles)
|
||||
$(vendor_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_property_contexts.tmp): $(vendor_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $@
|
||||
|
||||
built_vendor_pc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_pcfiles :=
|
||||
vendor_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_pcfiles := $(call build_policy, property_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
|
||||
odm_property_contexts.tmp := $(intermediates)/odm_property_contexts.tmp
|
||||
$(odm_property_contexts.tmp): PRIVATE_PC_FILES := $(odm_pcfiles)
|
||||
$(odm_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_property_contexts.tmp): $(odm_pcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_VENDOR_PC := $(built_vendor_pc)
|
||||
$(LOCAL_BUILT_MODULE): $(odm_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(built_vendor_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) cp -f $< $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $(PRIVATE_BUILT_VENDOR_PC) $@
|
||||
|
||||
built_odm_pc := $(LOCAL_BUILT_MODULE)
|
||||
odm_pcfiles :=
|
||||
odm_property_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := plat_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_plat_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := product_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_product_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := vendor_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_vendor_pc)
|
||||
$(hide) cp -f $< $@
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_property_contexts.recovery
|
||||
LOCAL_MODULE_STEM := odm_property_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(built_odm_pc)
|
||||
$(hide) cp -f $< $@
|
101
seapp_contexts.mk
Normal file
101
seapp_contexts.mk
Normal file
|
@ -0,0 +1,101 @@
|
|||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := plat_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES)
|
||||
|
||||
built_plat_sc := $(LOCAL_BUILT_MODULE)
|
||||
plat_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := product_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_sc_files := $(call build_policy, seapp_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(product_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(product_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
product_sc_files :=
|
||||
plat_sc_neverallow_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := vendor_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(vendor_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(vendor_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
built_vendor_sc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := odm_seapp_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
|
||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
|
||||
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(odm_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
|
||||
|
||||
built_odm_sc := $(LOCAL_BUILT_MODULE)
|
||||
odm_sc_files :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := plat_seapp_neverallows
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := tests
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(plat_sc_neverallow_files)
|
||||
@mkdir -p $(dir $@)
|
||||
- $(hide) grep -ihe '^neverallow' $< > $@
|
||||
|
||||
plat_sc_neverallow_files :=
|
89
service_contexts.mk
Normal file
89
service_contexts.mk
Normal file
|
@ -0,0 +1,89 @@
|
|||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := plat_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_svcfiles := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
plat_service_contexts.tmp := $(intermediates)/plat_service_contexts.tmp
|
||||
$(plat_service_contexts.tmp): PRIVATE_SVC_FILES := $(plat_svcfiles)
|
||||
$(plat_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_service_contexts.tmp): $(plat_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(plat_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_plat_svc := $(LOCAL_BUILT_MODULE)
|
||||
plat_svcfiles :=
|
||||
plat_service_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := product_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
product_svcfiles := $(call build_policy, service_contexts, $(PRODUCT_PRIVATE_POLICY))
|
||||
|
||||
product_service_contexts.tmp := $(intermediates)/product_service_contexts.tmp
|
||||
$(product_service_contexts.tmp): PRIVATE_SVC_FILES := $(product_svcfiles)
|
||||
$(product_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_service_contexts.tmp): $(product_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(product_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
product_svcfiles :=
|
||||
product_service_contexts.tmp :=
|
||||
|
||||
##################################
|
||||
# nonplat_service_contexts is only allowed on non-full-treble devices
|
||||
ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := vendor_service_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
vendor_svcfiles := $(call build_policy, service_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
||||
|
||||
vendor_service_contexts.tmp := $(intermediates)/vendor_service_contexts.tmp
|
||||
$(vendor_service_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_svcfiles)
|
||||
$(vendor_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_service_contexts.tmp): $(vendor_svcfiles)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(vendor_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
|
||||
@mkdir -p $(dir $@)
|
||||
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
|
||||
|
||||
built_vendor_svc := $(LOCAL_BUILT_MODULE)
|
||||
vendor_svcfiles :=
|
||||
vendor_service_contexts.tmp :=
|
||||
|
||||
endif
|
Loading…
Reference in a new issue