Include secilc and sepolicy conditionally, elsewhere
This removes the unconditional inclusion of secilc and sepolicy.
These artefacts are now conditionally included by system/core/init.
The reason for declaring the conditional inclusion there is because
the desired conditional inclusion based on PRODUCT_FULL_TREBLE cannot
be declared here because PRODUCT_FULL_TREBLE is not yet available when
this file is interpreted.
Test: Device boots, no additional SELinux denials. This test is
performed on a device with PRODUCT_FULL_TREBLE set to true, and
on a device with PRODUCT_FULL_TREBLE set to false.
Test: Device with PRODUCT_FULL_TREBLE set to true contains secilc and
the three *.cil files, but does not contain the sepolicy file.
Device with PRODUCT_FULL_TREBLE set to false contains sepolicy
file but does not contain the secilc file or any *.cil files.
Bug: 31363362
Change-Id: Ia3f38948b71a054918f5f63c594ba62a033e1066
diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index 8b40fe0..e26c628 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -84,7 +84,6 @@
# SELinux packages
PRODUCT_PACKAGES += \
- secilc \
file_contexts.bin \
nonplat_file_contexts \
nonplat_mac_permissions.xml \
@@ -96,8 +95,7 @@
plat_property_contexts \
plat_seapp_contexts \
plat_service_contexts \
- selinux_version \
- sepolicy
+ selinux_version
# AID Generation for
# <pwd.h> and <grp.h>