diff options
| author | Chris Gross <chrisgross@google.com> | 2020-09-21 15:32:16 -0700 |
|---|---|---|
| committer | LuK1337 <priv.luk@gmail.com> | 2020-09-23 20:03:46 +0200 |
| commit | d0ee5fe50a3d97506408bc82d7d3a05a4f545217 (patch) | |
| tree | c844f597565d2434904ebe339a098c705a9ff3c0 | |
| parent | ad0d11f7a78572e2aa488c99351de2ee9fe98a42 (diff) | |
Only require compat mapping files if they exist.r11.0
Call build_policy when determing which compat mapping files should be
included for a given partition.
Bug: 168637766
Test: Built aosp_bonito-userdebug and saw that the compat mapping files
in product/etc/sepolicy/mapping were no longer present.
Test: Added a test 30.0.cil file to bonito's product private compat
directory and saw that it was present at product/etc/sepolicy/mapping.
Change-Id: I83cc28a159b24c0a2c0717dae461983250ab6c25
| -rw-r--r-- | Android.mk | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/Android.mk b/Android.mk index f545b4156..e8b9be803 100644 --- a/Android.mk +++ b/Android.mk @@ -145,6 +145,9 @@ sepolicy_build_files := security_classes \ genfs_contexts \ port_contexts +sepolicy_compat_files := $(foreach ver, $(PLATFORM_SEPOLICY_COMPAT_VERSIONS), \ + $(addprefix compat/$(ver)/, $(addsuffix .cil, $(ver)))) + # Security classes and permissions defined outside of system/sepolicy. security_class_extension_files := $(call build_policy, security_classes access_vectors, \ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \ @@ -370,8 +373,11 @@ endif ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY LOCAL_REQUIRED_MODULES += \ - system_ext_mapping_file \ - $(addprefix system_ext_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \ + system_ext_mapping_file + +system_ext_compat_files := $(call build_policy, $(sepolicy_compat_files), $(SYSTEM_EXT_PRIVATE_POLICY)) + +LOCAL_REQUIRED_MODULES += $(addprefix system_ext_, $(notdir $(system_ext_compat_files))) endif @@ -396,8 +402,11 @@ endif ifdef HAS_PRODUCT_PUBLIC_SEPOLICY LOCAL_REQUIRED_MODULES += \ - product_mapping_file \ - $(addprefix product_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \ + product_mapping_file + +product_compat_files := $(call build_policy, $(sepolicy_compat_files), $(PRODUCT_PRIVATE_POLICY)) + +LOCAL_REQUIRED_MODULES += $(addprefix product_, $(notdir $(product_compat_files))) endif |