sepolicy: Initial bringup
* Rename BoardSEPolicyConfig.mk to SEPolicy.mk
* Drop useless OTA upgrade sepolicy
* Unconditionally include debug sepolicy
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0c43f3c4783127aad1e5f653bf12b5286cba74ed
diff --git a/BoardSEPolicyConfig.mk b/BoardSEPolicyConfig.mk
deleted file mode 100644
index 934e17b..0000000
--- a/BoardSEPolicyConfig.mk
+++ /dev/null
@@ -1,33 +0,0 @@
-
-# SELinux Policy File Configuration
-BOARD_SEPOLICY_DIRS += \
- device/mediatek/sepolicy/basic/non_plat \
- device/mediatek/sepolicy/bsp/non_plat \
- device/mediatek/sepolicy/modem
-
-ifneq ($(call math_lt,$(PRODUCT_SHIPPING_API_LEVEL),28),)
-BOARD_SEPOLICY_DIRS += $(wildcard device/mediatek/sepolicy/bsp/ota_upgrade)
-endif
-
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
- device/mediatek/sepolicy/basic/plat_private \
- device/mediatek/sepolicy/bsp/plat_private
-
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
- device/mediatek/sepolicy/basic/plat_public \
- device/mediatek/sepolicy/bsp/plat_public
-
-# MTK Debug Rules Configuration
-ifeq ($(strip $(HAVE_MTK_DEBUG_SEPOLICY)), yes)
-BOARD_SEPOLICY_DIRS += \
- device/mediatek/sepolicy/basic/debug/non_plat \
- device/mediatek/sepolicy/bsp/debug/non_plat
-
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
- device/mediatek/sepolicy/basic/debug/plat_public \
- device/mediatek/sepolicy/bsp/debug/plat_public
-
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
- device/mediatek/sepolicy/basic/debug/plat_private \
- device/mediatek/sepolicy/bsp/debug/plat_private
-endif
diff --git a/SEPolicy.mk b/SEPolicy.mk
new file mode 100644
index 0000000..0dc3913
--- /dev/null
+++ b/SEPolicy.mk
@@ -0,0 +1,18 @@
+BOARD_SEPOLICY_DIRS += \
+ device/mediatek/sepolicy/basic/non_plat \
+ device/mediatek/sepolicy/basic/debug/non_plat \
+ device/mediatek/sepolicy/bsp/non_plat \
+ device/mediatek/sepolicy/bsp/debug/non_plat \
+ device/mediatek/sepolicy/modem
+
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+ device/mediatek/sepolicy/basic/plat_private \
+ device/mediatek/sepolicy/basic/debug/plat_private \
+ device/mediatek/sepolicy/bsp/plat_private \
+ device/mediatek/sepolicy/bsp/debug/plat_private
+
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
+ device/mediatek/sepolicy/basic/plat_public \
+ device/mediatek/sepolicy/basic/debug/plat_public \
+ device/mediatek/sepolicy/bsp/plat_public \
+ device/mediatek/sepolicy/bsp/debug/plat_public
diff --git a/bsp/ota_upgrade/file_contexts b/bsp/ota_upgrade/file_contexts
deleted file mode 100644
index 417e8c6..0000000
--- a/bsp/ota_upgrade/file_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-##########################
-# System files
-#
-# OTA upgrade from O to P for widevine data migration
-/system/bin/move_widevine_data\.sh u:object_r:move-widevine-data-sh_exec:s0
-
diff --git a/bsp/ota_upgrade/move-widevine-data-sh.te b/bsp/ota_upgrade/move-widevine-data-sh.te
deleted file mode 100644
index 2453631..0000000
--- a/bsp/ota_upgrade/move-widevine-data-sh.te
+++ /dev/null
@@ -1,23 +0,0 @@
-# ==============================================
-# MTK Attribute declarations
-# ==============================================
-
-type move-widevine-data-sh, domain, coredomain;
-type move-widevine-data-sh_exec, exec_type, file_type, system_file_type;
-typeattribute move-widevine-data-sh data_between_core_and_vendor_violators;
-
-init_daemon_domain(move-widevine-data-sh)
-
-allow move-widevine-data-sh shell_exec:file rx_file_perms;
-allow move-widevine-data-sh toolbox_exec:file rx_file_perms;
-
-allow move-widevine-data-sh file_contexts_file:file { read getattr open };
-
-allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom };
-allow move-widevine-data-sh media_data_file:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom };
-
-allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto };
-
-# for writing files_moved so we only execute the move once
-allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto };
-