1. seandroid
  2. Untitled project
  3. external/sepolicy

Source

external/sepolicy /

Filename Size Date modified Message
tools
5.2 KB
1.0 KB
2.0 KB
9.0 KB
1.4 KB
6.4 KB
1.5 KB
785 B
412 B
1.7 KB
193 B
869 B
1.6 KB
992 B
3.3 KB
636 B
3.5 KB
7.0 KB
775 B
605 B
2.2 KB
560 B
313 B
130 B
973 B
416 B
1.1 KB
106 B
386 B
21.1 KB
1.7 KB
mls
4.7 KB
1.2 KB
427 B
592 B
927 B
334 B
122 B
77 B
552 B
311 B
1.8 KB
158 B
586 B
1.5 KB
29 B
2.2 KB
431 B
2.0 KB
2.5 KB
1.0 KB
577 B
1.2 KB
123 B
882 B
6.5 KB
7.0 KB
397 B
906 B
1.2 KB
55 B
2.1 KB
731 B
1.4 KB
Policy Generation:

Additional, per device, policy files can be added into the
policy build.

They can be configured through the use of three variables,
they are:
1. BOARD_SEPOLICY_REPLACE
2. BOARD_SEPOLICY_UNION
3. BOARD_SEPOLICY_DIRS

The variables should be set in the BoardConfig.mk file in
the device or vendor directories.

BOARD_SEPOLICY_UNION is a list of files that will be
"unioned", IE concatenated, at the END of their respective
file in external/sepolicy. Note, to add a unique file you
would use this variable.

BOARD_SEPOLICY_REPLACE is a list of files that will be
used instead of the corresponding file in external/sepolicy.

BOARD_SEPOLICY_DIRS contains a list of directories to search
for BOARD_SEPOLICY_UNION and BOARD_SEPOLICY_REPLACE files. Order
matters in this list.
eg.) If you have BOARD_SEPOLICY_UNION := widget.te and have 2
instances of widget.te files on BOARD_SEPOLICY_DIRS search path.
The first one found (at the first search dir containing the file)
gets processed first.
Reviewing out/target/product/<device>/etc/sepolicy_intermediates/policy.conf
will help sort out ordering issues.

It is an error to specify a BOARD_POLICY_REPLACE file that does
not exist in external/sepolicy.

It is an error to specify a BOARD_POLICY_REPLACE file that appears
multiple times on the policy search path defined by BOARD_SEPOLICY_DIRS.
eg.) if you specify shell.te in BOARD_SEPOLICY_REPLACE and
BOARD_SEPOLICY_DIRS is set to
"vendor/widget/common/sepolicy device/widget/x/sepolicy" and shell.te
appears in both locations, it is an error.

It is an error to specify the same file name in both
BOARD_POLICY_REPLACE and BOARD_POLICY_UNION.

It is an error to specify a BOARD_SEPOLICY_DIRS that has no entries when
specifying BOARD_SEPOLICY_REPLACE.

Example Usage:
From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk

BOARD_SEPOLICY_DIRS := \
        device/samsung/tuna/sepolicy

BOARD_SEPOLICY_UNION := \
        genfs_contexts \
        file_contexts \
        sepolicy.te