Add a product build var for mainline module certs
OEMs may need to have different device configurations that use different
signing configurations for mainline modules. The network stack mainline
module has a sepolicy context referencing its certificate, so the
generated plat_mac_permission.xml differs based on the module signing
configuration.
The added PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES variable defines a
per-product directory for the certificates, so that which certificate to
use can be configured in the product makefile, instead of replacing the
certificate file itself.
This change is to be submitted together with another change in sepolicy
makefile.
Test: changed certificate path, m, verified plat_mac_permissions.xml has
new certificate.
Bug: 134995443
Bug: 138097611
Change-Id: I863a9904d4a2ea2abad679ae0969d50e374f269d
diff --git a/core/config.mk b/core/config.mk
index db4edcb..9054d52 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -784,6 +784,13 @@
endif
.KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE
+# Certificate for the NetworkStack sepolicy context
+ifdef PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)
+else
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))
+endif
+
BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt)
BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE))