1ifeq ($(HAVE_SELINUX),true) 2 3LOCAL_PATH:= $(call my-dir) 4include $(CLEAR_VARS) 5 6# SELinux policy version. 7# Must be <= /selinux/policyvers reported by the Android kernel. 8# Must be within the compatibility range reported by checkpolicy -V. 9POLICYVERS := 24 10 11MLS_SENS=1 12MLS_CATS=1024 13 14LOCAL_POLICY_DIRS := $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)/ device/*/$(TARGET_DEVICE)/ vendor/*/$(TARGET_DEVICE)/ 15 16LOCAL_POLICY_FC := $(wildcard $(addsuffix sepolicy.fc, $(LOCAL_POLICY_DIRS))) 17LOCAL_POLICY_TE := $(wildcard $(addsuffix sepolicy.te, $(LOCAL_POLICY_DIRS))) 18LOCAL_POLICY_PC := $(wildcard $(addsuffix sepolicy.pc, $(LOCAL_POLICY_DIRS))) 19 20################################## 21include $(CLEAR_VARS) 22 23LOCAL_MODULE := sepolicy 24LOCAL_MODULE_CLASS := ETC 25LOCAL_MODULE_TAGS := optional 26LOCAL_MODULE_SUFFIX := .$(POLICYVERS) 27LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 28 29include $(BUILD_SYSTEM)/base_rules.mk 30 31sepolicy_policy.conf := $(intermediates)/policy.conf 32$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) 33$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) 34$(sepolicy_policy.conf) : $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te) $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users ocontexts)) 35 @mkdir -p $(dir $@) 36 $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@ 37 38$(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy 39 @mkdir -p $(dir $@) 40 $(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $< 41 42sepolicy_policy.conf := 43################################## 44include $(CLEAR_VARS) 45 46LOCAL_MODULE := file_contexts 47LOCAL_MODULE_CLASS := ETC 48LOCAL_MODULE_TAGS := optional 49LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 50 51include $(BUILD_SYSTEM)/base_rules.mk 52 53file_contexts := $(intermediates)/file_contexts 54$(file_contexts): $(LOCAL_PATH)/file_contexts $(LOCAL_POLICY_FC) 55 @mkdir -p $(dir $@) 56 $(hide) cat $^ > $@ 57 58file_contexts := 59################################## 60include $(CLEAR_VARS) 61 62LOCAL_MODULE := seapp_contexts 63LOCAL_SRC_FILES := $(LOCAL_MODULE) 64LOCAL_MODULE_CLASS := ETC 65LOCAL_MODULE_TAGS := optional 66LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 67 68include $(BUILD_PREBUILT) 69 70################################## 71include $(CLEAR_VARS) 72 73LOCAL_MODULE := property_contexts 74LOCAL_MODULE_CLASS := ETC 75LOCAL_MODULE_TAGS := optional 76LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 77 78include $(BUILD_SYSTEM)/base_rules.mk 79 80property_contexts := $(intermediates)/property_contexts 81$(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC) 82 @mkdir -p $(dir $@) 83 $(hide) cat $^ > $@ 84 85property_contexts := 86################################## 87 88endif #ifeq ($(HAVE_SELINUX),true) 89