commit 6fdf938751e3042609e1c2cf3a46fa5dc5fc9f55
author Jiyong Park <jiyong@google.com> Mon Mar 27 20:58:30 2017 +0900
committer Jiyong Park <jiyong@google.com> Thu Mar 30 14:25:41 2017 +0900
tree d1173cb51f163360d8af07c1cfede4a0d9d648be
parent 8f5c5fd7fea911b206ffb8c797e21fcc79b28013

Remove marlin/sailfish specific sepolicy

Don't use sepolicy dir for marlin/sailfish.

Bug: 36231802
Test: aosp_arm64_ab should boot
Change-Id: I0e76841530cec2c51b61251ffde802bd7ec10663

target/board/generic_arm64_ab/BoardConfig.mk

diff --git a/target/board/generic_arm64_ab/BoardConfig.mk b/target/board/generic_arm64_ab/BoardConfig.mk
index 13f2820..4c57f31 100644
--- a/target/board/generic_arm64_ab/BoardConfig.mk
+++ b/target/board/generic_arm64_ab/BoardConfig.mk
@@ -85,10 +85,8 @@
 BOARD_NAND_SPARE_SIZE := 0
 BOARD_FLASH_BLOCK_SIZE := 512
 
-###############################################################################
-# Below are sailfish/marlin specific configs.
-# Must be moved after early-mount is supported.
-###############################################################################
-BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy
-
 BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
+
+# TODO(b/36764215): remove this setting when the generic system image
+# no longer has QCOM-specific directories under /.
+BOARD_SEPOLICY_DIRS += build/target/board/generic_arm64_ab/sepolicy

target/board/generic_arm64_ab/sepolicy/file.te

diff --git a/target/board/generic_arm64_ab/sepolicy/file.te b/target/board/generic_arm64_ab/sepolicy/file.te
new file mode 100644
index 0000000..4645533
--- /dev/null
+++ b/target/board/generic_arm64_ab/sepolicy/file.te
@@ -0,0 +1,7 @@
+# TODO(b/36764215): remove this file when the generic system image
+# no longer has these directories
+type bt_firmware_file, file_type;
+type persist_file, file_type;
+
+# Default type for anything under /firmware.
+type firmware_file, fs_type, contextmount_type;

target/board/generic_arm64_ab/sepolicy/file_contexts

diff --git a/target/board/generic_arm64_ab/sepolicy/file_contexts b/target/board/generic_arm64_ab/sepolicy/file_contexts
new file mode 100644
index 0000000..92a4ff8
--- /dev/null
+++ b/target/board/generic_arm64_ab/sepolicy/file_contexts
@@ -0,0 +1,13 @@
+# TODO(b/36764215): remove this file when the generic system image
+# no longer has these directories. They are specific to QCOM.
+
+# /
+/bt_firmware(/.*)?      u:object_r:bt_firmware_file:s0
+/tombstones             u:object_r:rootfs:s0
+/dsp                    u:object_r:rootfs:s0
+
+# /persist
+/persist(/.*)?          u:object_r:persist_file:s0
+
+# files in firmware
+/firmware(/.*)?         u:object_r:firmware_file:s0