diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-29 16:41:03 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-29 16:42:49 -0400 |
commit | 5520f2865354fdf84602e5d111ea1ff1c7e21c68 (patch) | |
tree | 27363e6790135e13a19773c122480b8833e8e747 | |
parent | aae7e3fa66ecf6bf796ba9a107d8f066498ab10b (diff) | |
download | build-5520f2865354fdf84602e5d111ea1ff1c7e21c68.tar.gz |
Use a separate policy for the recovery image.
Only the recovery image needs to include the recovery domain
in its policy, so create a separate policy for the recovery image
and replace the root policy with this one when building the
recovery image.
Depends on the change with the same Change-Id in external/sepolicy.
Change-Id: I444107f9821eabf4164ba07a44d03bd71e719989
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r-- | core/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/Makefile b/core/Makefile index 471dcb41d9..bb3e64eafd 100644 --- a/core/Makefile +++ b/core/Makefile @@ -650,6 +650,7 @@ ifeq (,$(filter true, $(TARGET_NO_KERNEL) $(TARGET_NO_RECOVERY))) INSTALLED_RECOVERYIMAGE_TARGET := $(PRODUCT_OUT)/recovery.img recovery_initrc := $(call include-path-for, recovery)/etc/init.rc +recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_build_prop := $(INSTALLED_BUILD_PROP_TARGET) @@ -724,7 +725,7 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ $(INSTALLED_RAMDISK_TARGET) \ $(INSTALLED_BOOTIMAGE_TARGET) \ $(recovery_binary) \ - $(recovery_initrc) $(recovery_kernel) \ + $(recovery_initrc) $(recovery_sepolicy) $(recovery_kernel) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) \ $(recovery_fstab) \ @@ -738,6 +739,8 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ @echo Modifying ramdisk contents... $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc $(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/ + $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy + $(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy $(hide) -cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ $(hide) cp -f $(recovery_binary) $(TARGET_RECOVERY_ROOT_OUT)/sbin/ $(hide) cp -rf $(recovery_resources_common) $(TARGET_RECOVERY_ROOT_OUT)/ |