From 8c91b8dbaca9b2da56d25d5665fa01d9bf7f35a8 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Wed, 11 Sep 2019 17:06:06 +0800
Subject: Add /system_ext sepolicy support to SELinuxMMAC.java

Bug: 137712473
Test: enable system_ext sepolicy, then boot crosshatch
Test: the following log entry is in `adb logcat -s SELinuxMMAC`
      SELinuxMMAC: Using policy file /system_ext/etc/selinux/system_ext_mac_permissions.xml

Change-Id: I684c920f8ecf2b5f29f2ad8901e187b7eae1bc89
---
 services/core/java/com/android/server/pm/SELinuxMMAC.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java
index b94047e119d5..b464988d5871 100644
--- a/services/core/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java
@@ -78,6 +78,13 @@ public final class SELinuxMMAC {
         sMacPermissions.add(new File(
             Environment.getRootDirectory(), "/etc/selinux/plat_mac_permissions.xml"));
 
+        // SystemExt mac permissions (optional).
+        final File systemExtMacPermission = new File(
+                Environment.getSystemExtDirectory(), "/etc/selinux/system_ext_mac_permissions.xml");
+        if (systemExtMacPermission.exists()) {
+            sMacPermissions.add(systemExtMacPermission);
+        }
+
         // Product mac permissions (optional).
         final File productMacPermission = new File(
                 Environment.getProductDirectory(), "/etc/selinux/product_mac_permissions.xml");
-- 
cgit v1.2.3-59-g8ed1b