Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87d0f270 authored Aug 07, 2019 by Remi NGUYEN VAN

Add a product build var for mainline module certs

OEMs may need to have different device configurations that use different
signing configurations for mainline modules. The network stack mainline
module has a sepolicy context referencing its certificate, so the
generated plat_mac_permission.xml differs based on the module signing
configuration.

The added PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES variable defines a
per-product directory for the certificates, so that which certificate to
use can be configured in the product makefile, instead of replacing the
certificate file itself.

This change is to be submitted together with another change in sepolicy
makefile.

Test: changed certificate path, m, verified plat_mac_permissions.xml has
      new certificate.
Bug: 134995443
Bug: 138097611

Change-Id: I863a9904d4a2ea2abad679ae0969d50e374f269d

parent 3738f37e

core/config.mk

+7 −0

Original line number	Diff line number	Diff line
		@@ -784,6 +784,13 @@ else
		endif
		.KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE

		# Certificate for the NetworkStack sepolicy context
		ifdef PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
		MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)
		else
		MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))
		endif

		BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt)
		BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE))

core/product-graph.mk

+1 −0

Original line number	Diff line number	Diff line
		@@ -131,6 +131,7 @@ $(OUT_DIR)/products/$(strip $(1)).txt: $(this_makefile)
		$(hide) echo 'PRODUCT_SDK_ADDON_DOC_MODULES=$$(PRODUCTS.$(strip $(1)).PRODUCT_SDK_ADDON_DOC_MODULES)' >> $$@
		$(hide) echo 'PRODUCT_DEFAULT_WIFI_CHANNELS=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_WIFI_CHANNELS)' >> $$@
		$(hide) echo 'PRODUCT_DEFAULT_DEV_CERTIFICATE=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_DEV_CERTIFICATE)' >> $$@
		$(hide) echo 'PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES=$$(PRODUCTS.$(strip $(1)).PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)' >> $$@
		$(hide) echo 'PRODUCT_RESTRICT_VENDOR_FILES=$$(PRODUCTS.$(strip $(1)).PRODUCT_RESTRICT_VENDOR_FILES)' >> $$@
		$(hide) echo 'PRODUCT_VENDOR_KERNEL_HEADERS=$$(PRODUCTS.$(strip $(1)).PRODUCT_VENDOR_KERNEL_HEADERS)' >> $$@

core/product.mk

+1 −0

Original line number	Diff line number	Diff line
		@@ -205,6 +205,7 @@ _product_list_vars += PRODUCT_SOONG_NAMESPACES

		_product_list_vars += PRODUCT_DEFAULT_WIFI_CHANNELS
		_product_list_vars += PRODUCT_DEFAULT_DEV_CERTIFICATE
		_product_list_vars += PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
		_product_list_vars += PRODUCT_RESTRICT_VENDOR_FILES

		# The list of product-specific kernel header dirs