Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8b7545bf5745e1e0aba55b0334de40d2334728b1^! / . / Android.mk
commit8b7545bf5745e1e0aba55b0334de40d2334728b1[log] [tgz]
authorRobert Craig <rpcraig@tycho.ncsc.mil>Thu Mar 20 09:35:08 2014 -0400
committerNick Kralevich <nnk@google.com>Fri May 30 20:24:18 2014 +0000
treee2a9beff399f33f1eecaa9e4c1935171d67df637
parent3235f61aa859af1d1c3d060eb55cf1929bc6914f [diff] [blame]
Build the selinux_version file.

The selinux_version file is used to perform policy
versioning checks by libselinux and SELinuxMMAC. When
loading policy a check is first performed to determine
if the policy out in /data/security/current should be
used to override the base policy shipped with the device.
The selinux_version file is used to make that choice. The
contents of the file simply contains the BUILD_FINGERPRINT
that the policy was built against. A simple string comparison
is then performed by libselinux and SELinuxMMAC.

Change-Id: I69d9d071743cfd46bb247c98f94a193396f8ebbd
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

diff --git a/Android.mk b/Android.mk
index 80f5ece..bdf26b3 100644
--- a/Android.mk
+++ b/Android.mk

@@ -153,7 +153,7 @@
 	$(hide) m4 -s $(ALL_FC_FILES) > $@
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@
 
-file_contexts :=
+built_fc := $(LOCAL_BUILT_MODULE)
 
 ##################################
 include $(CLEAR_VARS)
@@ -174,7 +174,9 @@
 	@mkdir -p $(dir $@)
 	$(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $<
 
+built_sc := $(LOCAL_BUILT_MODULE)
 seapp_contexts.tmp :=
+
 ##################################
 include $(CLEAR_VARS)
 
@@ -193,8 +195,8 @@
 	$(hide) m4 -s $(ALL_PC_FILES) > $@
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
 
-property_contexts :=
-built_sepolicy :=
+built_pc := $(LOCAL_BUILT_MODULE)
+
 ##################################
 
 ##################################
@@ -233,8 +235,25 @@
 
 mac_perms_keys.tmp :=
 ##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := selinux_version
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+$(LOCAL_BUILT_MODULE) : $(built_sepolicy) $(built_pc) $(built_fc) $(built_sc)
+	@mkdir -p $(dir $@)
+	$(hide) echo -n $(BUILD_FINGERPRINT) > $@
+
+##################################
 
 build_policy :=
 sepolicy_replace_paths :=
+built_sepolicy :=
+built_sc :=
+built_fc :=
+built_pc :=
 
 include $(call all-makefiles-under,$(LOCAL_PATH))