commit 8cfe1e6128ad4beb8b94048147b7ef9c8ae26d6b
author Anton Hansson <hansson@google.com> Mon Jul 02 14:31:29 2018 +0100
committer Anton Hansson <hansson@google.com> Tue Jul 03 14:04:20 2018 +0100
tree c76eb6d6a7d484b46914eae631db375bef6c91a3
parent c6afcb7fc0e25d32a858d6d0e670310dbc983409

Split selinux_policy module into two.

Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.

The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.

Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)

Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260

Android.mk

diff --git a/Android.mk b/Android.mk
index 729f3b4..5fe11a0 100644
--- a/Android.mk
+++ b/Android.mk
@@ -178,51 +178,32 @@
 SHAREDLIB_EXT=so
 endif
 
+#################################
+
 include $(CLEAR_VARS)
+
 LOCAL_MODULE := selinux_policy
 LOCAL_MODULE_TAGS := optional
-# Include SELinux policy. We do this here because different modules
-# need to be included based on the value of PRODUCT_SEPOLICY_SPLIT. This
-# type of conditional inclusion cannot be done in top-level files such
-# as build/target/product/embedded.mk.
-# This conditional inclusion closely mimics the conditional logic
-# inside init/init.cpp for loading SELinux policy from files.
-
-# Include precompiled policy, unless told otherwise.
-ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
 LOCAL_REQUIRED_MODULES += \
-    precompiled_sepolicy \
-    precompiled_sepolicy.plat_and_mapping.sha256 \
+    selinux_policy_nonsystem \
+    selinux_policy_system \
 
-endif # ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+include $(BUILD_PHONY_PACKAGE)
 
-ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
-# The following files are only allowed for non-Treble devices.
-LOCAL_REQUIRED_MODULES += \
-    sepolicy \
-    vendor_service_contexts \
 
-endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
-
+include $(CLEAR_VARS)
+LOCAL_MODULE := selinux_policy_system
 # These build targets are not used on non-Treble devices. However, we build these to avoid
 # divergence between Treble and non-Treble devices.
 LOCAL_REQUIRED_MODULES += \
     $(platform_mapping_file) \
     $(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
-    plat_pub_versioned.cil \
-    vendor_sepolicy.cil \
     plat_sepolicy.cil \
     plat_and_mapping_sepolicy.cil.sha256 \
     secilc \
-    plat_sepolicy_vers.txt \
 
 LOCAL_REQUIRED_MODULES += \
     build_sepolicy \
-    vendor_file_contexts \
-    vendor_mac_permissions.xml \
-    vendor_property_contexts \
-    vendor_seapp_contexts \
-    vendor_hwservice_contexts \
     plat_file_contexts \
     plat_mac_permissions.xml \
     plat_property_contexts \
@@ -230,7 +211,16 @@
     plat_service_contexts \
     plat_hwservice_contexts \
     searchpolicy \
-    vndservice_contexts \
+
+# This conditional inclusion closely mimics the conditional logic
+# inside init/init.cpp for loading SELinux policy from files.
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+# The following files are only allowed for non-Treble devices.
+LOCAL_REQUIRED_MODULES += \
+    sepolicy \
+    vendor_service_contexts \
+
+endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
 
 ifneq ($(TARGET_BUILD_VARIANT), user)
 LOCAL_REQUIRED_MODULES += \
@@ -248,6 +238,48 @@
 endif
 endif
 
+ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
+LOCAL_REQUIRED_MODULES += \
+    sepolicy_freeze_test \
+
+endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
+
+include $(BUILD_PHONY_PACKAGE)
+
+#################################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := selinux_policy_nonsystem
+# Include precompiled policy, unless told otherwise.
+ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+LOCAL_REQUIRED_MODULES += \
+    precompiled_sepolicy \
+    precompiled_sepolicy.plat_and_mapping.sha256 \
+    vendor_file_contexts \
+    vendor_mac_permissions.xml \
+    vendor_property_contexts \
+    vendor_seapp_contexts \
+    vendor_hwservice_contexts \
+
+endif # ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+
+
+# These build targets are not used on non-Treble devices. However, we build these to avoid
+# divergence between Treble and non-Treble devices.
+LOCAL_REQUIRED_MODULES += \
+    plat_pub_versioned.cil \
+    vendor_sepolicy.cil \
+    plat_sepolicy_vers.txt \
+
+LOCAL_REQUIRED_MODULES += \
+    vendor_file_contexts \
+    vendor_mac_permissions.xml \
+    vendor_property_contexts \
+    vendor_seapp_contexts \
+    vendor_hwservice_contexts \
+    vndservice_contexts \
+
 ifdef BOARD_ODM_SEPOLICY_DIRS
 LOCAL_REQUIRED_MODULES += \
     odm_sepolicy.cil \
@@ -257,13 +289,6 @@
     odm_hwservice_contexts \
     odm_mac_permissions.xml
 endif
-
-ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
-LOCAL_REQUIRED_MODULES += \
-    sepolicy_freeze_test \
-
-endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
-
 include $(BUILD_PHONY_PACKAGE)
 
 #################################