msm8937-common: Add selinux/private/service_contexts.

This makes sure that the remaining binder services for radio end up in plat_service_contexts. That in turn allows us to enforce that servicemanager will only serve services from plat_service_contexts on FULL_TREBLE devices. Bug: 36866029 Test: boot, verify radio services still work Change-Id: Ib67b3a03e5599484c5c4fb27a0f323a37dd51636 Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
2017-08-10 17:15:00 +02:00 · 2017-08-10 17:15:00 +02:00 · a85558ea52
commit a85558ea52
parent 5478c86bac
27 changed files with 4 additions and 1 deletions
--- a/board/sepolicy.mk
+++ b/board/sepolicy.mk
@ -2,4 +2,7 @@ include device/qcom/sepolicy/sepolicy.mk

 # SELinux
 BOARD_SEPOLICY_DIRS += \
-    $(VENDOR_PATH)/sepolicy
+    $(VENDOR_PATH)/sepolicy/vendor
+
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+    $(VENDOR_PATH)/sepolicy/private
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
--- a/sepolicy/vendor/bluetooth_loader-qcom.te
+++ b/sepolicy/vendor/bluetooth_loader-qcom.te
--- a/sepolicy/vendor/bluetooth_loader.te
+++ b/sepolicy/vendor/bluetooth_loader.te
--- a/sepolicy/vendor/camera.te
+++ b/sepolicy/vendor/camera.te
--- a/sepolicy/vendor/device.te
+++ b/sepolicy/vendor/device.te
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
--- a/sepolicy/vendor/fsck.te
+++ b/sepolicy/vendor/fsck.te
--- a/sepolicy/vendor/gx_fpd.te
+++ b/sepolicy/vendor/gx_fpd.te
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
--- a/sepolicy/vendor/hal_cas_default.te
+++ b/sepolicy/vendor/hal_cas_default.te
--- a/sepolicy/vendor/hal_fingerprint_msm8937.te
+++ b/sepolicy/vendor/hal_fingerprint_msm8937.te
--- a/sepolicy/vendor/ims.te
+++ b/sepolicy/vendor/ims.te
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
--- a/sepolicy/vendor/location.te
+++ b/sepolicy/vendor/location.te
--- a/sepolicy/vendor/per_mgr.te
+++ b/sepolicy/vendor/per_mgr.te
--- a/sepolicy/vendor/priv_app.te
+++ b/sepolicy/vendor/priv_app.te
--- a/sepolicy/vendor/qti_init_shell.te
+++ b/sepolicy/vendor/qti_init_shell.te
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
--- a/sepolicy/vendor/rmt_storage.te
+++ b/sepolicy/vendor/rmt_storage.te
--- a/sepolicy/vendor/service.te
+++ b/sepolicy/vendor/service.te
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
--- a/sepolicy/vendor/tee.te
+++ b/sepolicy/vendor/tee.te
--- a/sepolicy/vendor/ueventd.te
+++ b/sepolicy/vendor/ueventd.te