Add /odm/etc/selinux/odm_sepolicy.cil This change adds the support of odm sepolicy customization, which can be configured through the newly added build varaible: - BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS is set. On a DUT, precompiled sepolicy on /odm will override the one in /vendor. This is intentional because /odm is the hardware customization for /vendor and both should be updated together if desired. Bug: 64240127 Test: boot a device with /odm partition Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09 Merged-In: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09 (cherry picked from commit 45457e3a2b26b8c5d4a13b694e9d781ec4438b04)

commit: 95fbf4516cc22ac5e37cb209a89f884f461184d2 [log] [tgz]
author: Bowgo Tsai <bowgotsai@google.com> Mon Nov 27 11:41:33 2017 +0800
committer: Bowgo Tsai <bowgotsai@google.com> Tue Mar 20 17:33:11 2018 +0800
tree: f3c17e0188e160578da0cdd88dec00086528e5a2
parent: 5fbec4b679874203d128ffc60da972c4ccd057fd [diff]
diff --git a/private/file_contexts b/private/file_contexts
index e2d1aa7..ff7eca4 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -332,6 +332,12 @@
 
 /oem(/.*)?              u:object_r:oemfs:s0
 
+# The precompiled monolithic sepolicy will be under /odm only when
+# BOARD_USES_ODMIMAGE is true: a separate odm.img is built.
+/odm/etc/selinux/precompiled_sepolicy                           u:object_r:sepolicy_file:s0
+/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
+
+/(odm|vendor/odm)/etc/selinux/odm_sepolicy.cil                  u:object_r:sepolicy_file:s0
 
 #############################
 # Product files
commit	95fbf4516cc22ac5e37cb209a89f884f461184d2	[log] [tgz]
author	Bowgo Tsai <bowgotsai@google.com>	Mon Nov 27 11:41:33 2017 +0800
committer	Bowgo Tsai <bowgotsai@google.com>	Tue Mar 20 17:33:11 2018 +0800
tree	f3c17e0188e160578da0cdd88dec00086528e5a2
parent	5fbec4b679874203d128ffc60da972c4ccd057fd [diff]