From ecf656b06fd6efa33310b5ff793d28559d26c370 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Wed, 29 Nov 2017 16:15:28 +0800
Subject: [PATCH] Add /odm/etc/selinux/odm_seapp_contexts

Bug: 64240127
Test: normal boot a device
Change-Id: I3626357237cc18a99511f1ebd9dd3ff5a7655963
---
 Android.mk            | 27 ++++++++++++++++++++++++++-
 private/file_contexts |  1 +
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/Android.mk b/Android.mk
index f0adc444a..db527a3dd 100644
--- a/Android.mk
+++ b/Android.mk
@@ -254,7 +254,8 @@ endif
 ifdef BOARD_ODM_SEPOLICY_DIRS
 LOCAL_REQUIRED_MODULES += \
     odm_sepolicy.cil \
-    odm_file_contexts
+    odm_file_contexts \
+    odm_seapp_contexts
 endif
 
 include $(BUILD_PHONY_PACKAGE)
@@ -1069,6 +1070,29 @@ $(LOCAL_BUILT_MODULE): $(built_sepolicy) $(vendor_sc_files) $(HOST_OUT_EXECUTABL
 built_vendor_sc := $(LOCAL_BUILT_MODULE)
 vendor_sc_files :=
 
+##################################
+include $(CLEAR_VARS)
+LOCAL_MODULE := odm_seapp_contexts
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
+plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files)
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
+$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(odm_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
+	@mkdir -p $(dir $@)
+	$(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
+	$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
+
+built_odm_sc := $(LOCAL_BUILT_MODULE)
+odm_sc_files :=
+
 ##################################
 include $(CLEAR_VARS)
 LOCAL_MODULE := plat_seapp_neverallows
@@ -1502,6 +1526,7 @@ built_vendor_cil :=
 built_vendor_pc :=
 built_vendor_sc :=
 built_odm_cil :=
+built_odm_sc :=
 built_plat_sc :=
 built_precompiled_sepolicy :=
 built_sepolicy :=
diff --git a/private/file_contexts b/private/file_contexts
index 094f38baf..1a3a929d9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -341,6 +341,7 @@
 
 /(odm|vendor/odm)/etc/selinux/odm_sepolicy.cil                  u:object_r:sepolicy_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_file_contexts                 u:object_r:file_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts                u:object_r:seapp_contexts_file:s0
 
 #############################
 # Product files