diff --git a/BoardSEPolicyConfig.mk b/SEPolicy.mk similarity index 53% rename from BoardSEPolicyConfig.mk rename to SEPolicy.mk index 934e17b..0dc3913 100644 --- a/BoardSEPolicyConfig.mk +++ b/SEPolicy.mk @@ -1,33 +1,18 @@ - -# SELinux Policy File Configuration BOARD_SEPOLICY_DIRS += \ device/mediatek/sepolicy/basic/non_plat \ + device/mediatek/sepolicy/basic/debug/non_plat \ device/mediatek/sepolicy/bsp/non_plat \ + device/mediatek/sepolicy/bsp/debug/non_plat \ device/mediatek/sepolicy/modem -ifneq ($(call math_lt,$(PRODUCT_SHIPPING_API_LEVEL),28),) -BOARD_SEPOLICY_DIRS += $(wildcard device/mediatek/sepolicy/bsp/ota_upgrade) -endif - BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \ device/mediatek/sepolicy/basic/plat_private \ - device/mediatek/sepolicy/bsp/plat_private + device/mediatek/sepolicy/basic/debug/plat_private \ + device/mediatek/sepolicy/bsp/plat_private \ + device/mediatek/sepolicy/bsp/debug/plat_private BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \ device/mediatek/sepolicy/basic/plat_public \ - device/mediatek/sepolicy/bsp/plat_public - -# MTK Debug Rules Configuration -ifeq ($(strip $(HAVE_MTK_DEBUG_SEPOLICY)), yes) -BOARD_SEPOLICY_DIRS += \ - device/mediatek/sepolicy/basic/debug/non_plat \ - device/mediatek/sepolicy/bsp/debug/non_plat - -BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \ device/mediatek/sepolicy/basic/debug/plat_public \ + device/mediatek/sepolicy/bsp/plat_public \ device/mediatek/sepolicy/bsp/debug/plat_public - -BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \ - device/mediatek/sepolicy/basic/debug/plat_private \ - device/mediatek/sepolicy/bsp/debug/plat_private -endif diff --git a/bsp/ota_upgrade/file_contexts b/bsp/ota_upgrade/file_contexts deleted file mode 100644 index 417e8c6..0000000 --- a/bsp/ota_upgrade/file_contexts +++ /dev/null @@ -1,10 +0,0 @@ -# ============================================== -# Common SEPolicy Rule -# ============================================== - -########################## -# System files -# -# OTA upgrade from O to P for widevine data migration -/system/bin/move_widevine_data\.sh u:object_r:move-widevine-data-sh_exec:s0 - diff --git a/bsp/ota_upgrade/move-widevine-data-sh.te b/bsp/ota_upgrade/move-widevine-data-sh.te deleted file mode 100644 index 2453631..0000000 --- a/bsp/ota_upgrade/move-widevine-data-sh.te +++ /dev/null @@ -1,23 +0,0 @@ -# ============================================== -# MTK Attribute declarations -# ============================================== - -type move-widevine-data-sh, domain, coredomain; -type move-widevine-data-sh_exec, exec_type, file_type, system_file_type; -typeattribute move-widevine-data-sh data_between_core_and_vendor_violators; - -init_daemon_domain(move-widevine-data-sh) - -allow move-widevine-data-sh shell_exec:file rx_file_perms; -allow move-widevine-data-sh toolbox_exec:file rx_file_perms; - -allow move-widevine-data-sh file_contexts_file:file { read getattr open }; - -allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom }; -allow move-widevine-data-sh media_data_file:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom }; - -allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto }; - -# for writing files_moved so we only execute the move once -allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto }; -