Add plat_vendor tag to se_build_files for microdroid
plat_vendor tag consists of vendor available policies in system/sepolicy
directory, and is for minimized vendor policies.
Bug: 33691272
Test: boot microdroid
Change-Id: Icb3c1be02ee41b526d7d95f0053e56bf8b34f49d
diff --git a/Android.bp b/Android.bp
index d47c850..15adf7e 100644
--- a/Android.bp
+++ b/Android.bp
@@ -795,32 +795,9 @@
// microdroid's vendor sepolicy is a minimalized sepolicy needed for microdroid to boot. It just
// contains system/sepolicy/public and system/sepolicy/vendor.
-// TODO(b/33691272): update se_build_files to cover this hard-coded srcs
se_policy_conf {
name: "microdroid_vendor_sepolicy.conf",
- srcs: [
- // The order here is important
- "reqd_mask/security_classes",
- "reqd_mask/initial_sids",
- "reqd_mask/access_vectors",
- "public/global_macros",
- "public/neverallow_macros",
- "reqd_mask/mls_macros",
- "reqd_mask/mls_decl",
- "reqd_mask/mls",
- "public/te_macros",
- "public/attributes",
- "public/ioctl_defines",
- "public/ioctl_macros",
- "public/*.te",
- "reqd_mask/*.te",
- "vendor/*.te",
- "reqd_mask/roles_decl",
- "public/roles",
- "reqd_mask/roles",
- "reqd_mask/users",
- "reqd_mask/initial_sid_contexts",
- ],
+ srcs: [":se_build_files{.plat_vendor}"],
installable: false,
}
diff --git a/build/soong/build_files.go b/build/soong/build_files.go
index 1704366..88c07fa 100644
--- a/build/soong/build_files.go
+++ b/build/soong/build_files.go
@@ -188,4 +188,12 @@
// reqd_mask is needed for public policies
b.srcs["."+p.String()+"_public"] = b.findSrcsInDirs(ctx, append(gatherDirsFor(p, public), reqdMaskDir)...)
}
+
+ // A special tag, "plat_vendor", includes minimized vendor policies required to boot.
+ // - system/sepolicy/public
+ // - system/sepolicy/reqd_mask
+ // - system/sepolicy/vendor
+ // This is for minimized vendor partition, e.g. microdroid's vendor
+ platVendorDir := filepath.Join(ctx.ModuleDir(), "vendor")
+ b.srcs[".plat_vendor"] = b.findSrcsInDirs(ctx, append(gatherDirsFor(system, public), reqdMaskDir, platVendorDir)...)
}