sepolicy: Dynamically build trust policy into system/vendor * Introduce a new board flag TARGET_USES_PREBUILT_VENDOR_SEPOLICY and a sepolicy variant: dynamic * When TARGET_USES_PREBUILT_VENDOR_SEPOLICY=true, dynamic act as private policy, and vendor policy is excluded in order to avoid conflicts (it's not integrated to final builds anyway). When the flag is not set, dynamic acts as vendor policy to survive from system image change i.e. GSI installation. Change-Id: I8bfd078d6064616c88e2c58a9fa3aa045dddf303

commit: 370b40b194a6dcf20dfd6f958a27c5ad7993e5c6 [log] [tgz]
author: dianlujitao <dianlujitao@lineageos.org> Thu Feb 14 13:28:42 2019 +0800
committer: dianlujitao <dianlujitao@lineageos.org> Sat Jun 15 21:59:42 2019 +0800
tree: a75401039823f63ff5b8c41379006b7b2d038b11
parent: 71566b5f54de3c3227a9ea5ab8a6ff90bb01240b [diff] [blame]
diff --git a/common/sepolicy.mk b/common/sepolicy.mk
index 7e8299a..80aa4b2 100644
--- a/common/sepolicy.mk
+++ b/common/sepolicy.mk

@@ -3,11 +3,23 @@
 # inherit from Lineage
 #
 
+ifeq ($(TARGET_COPY_OUT_VENDOR), vendor)
+ifeq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),)
+TARGET_USES_PREBUILT_VENDOR_SEPOLICY ?= true
+endif
+endif
+
 BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
     device/lineage/sepolicy/common/public
 
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
     device/lineage/sepolicy/common/private
 
+ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true)
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+    device/lineage/sepolicy/common/dynamic
+else
 BOARD_SEPOLICY_DIRS += \
+    device/lineage/sepolicy/common/dynamic \
     device/lineage/sepolicy/common/vendor
+endif
commit	370b40b194a6dcf20dfd6f958a27c5ad7993e5c6	[log] [tgz]
author	dianlujitao <dianlujitao@lineageos.org>	Thu Feb 14 13:28:42 2019 +0800
committer	dianlujitao <dianlujitao@lineageos.org>	Sat Jun 15 21:59:42 2019 +0800
tree	a75401039823f63ff5b8c41379006b7b2d038b11
parent	71566b5f54de3c3227a9ea5ab8a6ff90bb01240b [diff] [blame]