Add a product build var for mainline module certs
OEMs may need to have different device configurations that use different
signing configurations for mainline modules. The network stack mainline
module has a sepolicy context referencing its certificate, so the
generated plat_mac_permission.xml differs based on the module signing
configuration.
The added PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES variable defines a
per-product directory for the certificates, so that which certificate to
use can be configured in the product makefile, instead of replacing the
certificate file itself.
This change is to be submitted together with another change in sepolicy
makefile.
Test: changed certificate path, m, verified plat_mac_permissions.xml has
new certificate.
Bug: 134995443
Bug: 138097611
Change-Id: I863a9904d4a2ea2abad679ae0969d50e374f269d
diff --git a/core/config.mk b/core/config.mk
index db4edcb..9054d52 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -784,6 +784,13 @@
endif
.KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE
+# Certificate for the NetworkStack sepolicy context
+ifdef PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)
+else
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))
+endif
+
BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt)
BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE))
diff --git a/core/product-graph.mk b/core/product-graph.mk
index 9fc8e57..b97a69d 100644
--- a/core/product-graph.mk
+++ b/core/product-graph.mk
@@ -131,6 +131,7 @@
$(hide) echo 'PRODUCT_SDK_ADDON_DOC_MODULES=$$(PRODUCTS.$(strip $(1)).PRODUCT_SDK_ADDON_DOC_MODULES)' >> $$@
$(hide) echo 'PRODUCT_DEFAULT_WIFI_CHANNELS=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_WIFI_CHANNELS)' >> $$@
$(hide) echo 'PRODUCT_DEFAULT_DEV_CERTIFICATE=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_DEV_CERTIFICATE)' >> $$@
+ $(hide) echo 'PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES=$$(PRODUCTS.$(strip $(1)).PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)' >> $$@
$(hide) echo 'PRODUCT_RESTRICT_VENDOR_FILES=$$(PRODUCTS.$(strip $(1)).PRODUCT_RESTRICT_VENDOR_FILES)' >> $$@
$(hide) echo 'PRODUCT_VENDOR_KERNEL_HEADERS=$$(PRODUCTS.$(strip $(1)).PRODUCT_VENDOR_KERNEL_HEADERS)' >> $$@
diff --git a/core/product.mk b/core/product.mk
index c54583d..b7ac105 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -205,6 +205,7 @@
_product_list_vars += PRODUCT_DEFAULT_WIFI_CHANNELS
_product_list_vars += PRODUCT_DEFAULT_DEV_CERTIFICATE
+_product_list_vars += PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
_product_list_vars += PRODUCT_RESTRICT_VENDOR_FILES
# The list of product-specific kernel header dirs