| Bowgo Tsai | 8a86424 | 2020-06-02 22:16:12 +0800 | [diff] [blame] | 1 | # |
| 2 | # Maps an arbitrary tag [TAGNAME] with the string contents found in |
| 3 | # TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and |
| 4 | # name it after the base file name of the pem file. |
| 5 | # |
| 6 | # Each tag (section) then allows one to specify any string found in |
| 7 | # TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another |
| 8 | # option is to use ALL which will match ANY TARGET_BUILD_VARIANT string. |
| 9 | # |
| 10 | |
| 11 | # Some vendor apps are using platform key for signing. |
| 12 | # This moves them to untrusted_app domain when the system partition is |
| 13 | # switched to a Generic System Image (GSI), because the value of platform's |
| 14 | # seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed. |
| 15 | # Duplicating the device-specific platform seinfo into |
| 16 | # /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained |
| 17 | # within the vendor partition. |
| 18 | [@PLATFORM] |
| 19 | ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem |