sepolicy: Initial bringup

* Rename BoardSEPolicyConfig.mk to SEPolicy.mk * Drop useless OTA upgrade sepolicy * Unconditionally include debug sepolicy Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I0c43f3c4783127aad1e5f653bf12b5286cba74ed
2022-08-14 17:01:39 +01:00 · 2022-08-14 17:01:39 +01:00 · 94e69231d7
commit 94e69231d7
parent 820bdb82ff
3 changed files with 6 additions and 54 deletions
--- a/BoardSEPolicyConfig.mk
+++ b/BoardSEPolicyConfig.mk
@ -1,33 +1,18 @@
 # SELinux Policy File Configuration
 BOARD_SEPOLICY_DIRS += \
    device/mediatek/sepolicy/basic/non_plat \
    device/mediatek/sepolicy/basic/debug/non_plat \
    device/mediatek/sepolicy/bsp/non_plat \
    device/mediatek/sepolicy/bsp/debug/non_plat \
    device/mediatek/sepolicy/modem
 ifneq ($(call math_lt,$(PRODUCT_SHIPPING_API_LEVEL),28),)
 BOARD_SEPOLICY_DIRS += $(wildcard device/mediatek/sepolicy/bsp/ota_upgrade)
 endif
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
    device/mediatek/sepolicy/basic/plat_private \
-    device/mediatek/sepolicy/bsp/plat_private
+    device/mediatek/sepolicy/basic/debug/plat_private \
    device/mediatek/sepolicy/bsp/plat_private \
    device/mediatek/sepolicy/bsp/debug/plat_private
 BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
    device/mediatek/sepolicy/basic/plat_public \
    device/mediatek/sepolicy/bsp/plat_public
 # MTK Debug Rules Configuration
 ifeq ($(strip $(HAVE_MTK_DEBUG_SEPOLICY)), yes)
 BOARD_SEPOLICY_DIRS += \
    device/mediatek/sepolicy/basic/debug/non_plat \
    device/mediatek/sepolicy/bsp/debug/non_plat
 BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
    device/mediatek/sepolicy/basic/debug/plat_public \
    device/mediatek/sepolicy/bsp/plat_public \
    device/mediatek/sepolicy/bsp/debug/plat_public
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
    device/mediatek/sepolicy/basic/debug/plat_private \
    device/mediatek/sepolicy/bsp/debug/plat_private
 endif
--- a/bsp/ota_upgrade/file_contexts
+++ b/bsp/ota_upgrade/file_contexts
@ -1,10 +0,0 @@
 # ==============================================
 # Common SEPolicy Rule
 # ==============================================
 ##########################
 # System files
 #
 # OTA upgrade from O to P for widevine data migration
 /system/bin/move_widevine_data\.sh u:object_r:move-widevine-data-sh_exec:s0
--- a/bsp/ota_upgrade/move-widevine-data-sh.te
+++ b/bsp/ota_upgrade/move-widevine-data-sh.te
@ -1,23 +0,0 @@
 # ==============================================
 # MTK Attribute declarations
 # ==============================================
 type move-widevine-data-sh, domain, coredomain;
 type move-widevine-data-sh_exec, exec_type, file_type, system_file_type;
 typeattribute move-widevine-data-sh data_between_core_and_vendor_violators;
 init_daemon_domain(move-widevine-data-sh)
 allow move-widevine-data-sh shell_exec:file rx_file_perms;
 allow move-widevine-data-sh toolbox_exec:file rx_file_perms;
 allow move-widevine-data-sh file_contexts_file:file { read getattr open };
 allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom };
 allow move-widevine-data-sh media_data_file:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom };
 allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto };
 # for writing files_moved so we only execute the move once
 allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto };