Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 955e3649 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Jeffrey Vander Stoep
Browse files

Sepolicy load: use -N flag to skip neverallow checks 

Fixes issue where attributes used exclusively in neverallow
rules were removed from policy.

Bug: 37357742
Test: Force on-device compile by removing precompiled policy.
      Verify no increase in compile time.

Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379
parent 5fb5b81f

init/init.cpp

+1 −1
Original line number Diff line number Diff line
@@ -850,7 +850,7 @@ static bool selinux_load_split_policy() { 
    const char* compile_args[] = {

        "/system/bin/secilc",

        plat_policy_cil_file,

        "-M", "true", "-G",

        "-M", "true", "-G", "-N",

        // Target the highest policy language version supported by the kernel

        "-c", std::to_string(max_policy_version).c_str(),

        mapping_file.c_str(),