Split seapp_contexts into plat and nonplat components.
Bug: 33746381
Test: Device boots with no extra denials.
Change-Id: I2f0da92367851142e0d7df4afec8861ceaed9d3e
diff --git a/Android.mk b/Android.mk
index 9b0fe37..c32bf84 100644
--- a/Android.mk
+++ b/Android.mk
@@ -706,45 +706,47 @@
##################################
include $(CLEAR_VARS)
-LOCAL_MODULE := seapp_contexts
+LOCAL_MODULE := plat_seapp_contexts
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-all_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
+plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files)
-$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files)
+$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES)
-built_sc := $(LOCAL_BUILT_MODULE)
-all_sc_files :=
+built_plat_sc := $(LOCAL_BUILT_MODULE)
+plat_sc_files :=
##################################
include $(CLEAR_VARS)
-LOCAL_MODULE := general_seapp_contexts
+LOCAL_MODULE := nonplat_seapp_contexts
LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-all_sc_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts)
+nonplat_sc_files := $(call build_policy, seapp_contexts, $(BOARD_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files)
-$(LOCAL_BUILT_MODULE): $(built_general_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(nonplat_sc_files)
+$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(nonplat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
@mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILE)
+ $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES)
-all_sc_files :=
+built_nonplat_sc := $(LOCAL_BUILT_MODULE)
+nonplat_sc_files :=
##################################
include $(CLEAR_VARS)
-LOCAL_MODULE := general_seapp_neverallows
+LOCAL_MODULE := plat_seapp_neverallows
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := tests
@@ -934,7 +936,7 @@
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(built_pc) $(built_plat_fc) \
-$(buit_nonplat_fc) $(built_sc) $(built_svc)
+$(buit_nonplat_fc) $(built_plat_sc) $(built_nonplat_sc) $(built_svc)
@mkdir -p $(dir $@)
$(hide) echo -n $(BUILD_FINGERPRINT_FROM_FILE) > $@
@@ -949,7 +951,8 @@
built_general_sepolicy.conf :=
built_nl :=
built_pc :=
-built_sc :=
+built_nonplat_sc :=
+built_plat_sc :=
built_sepolicy :=
built_svc :=
mapping_policy_nvr :=