Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 955e3649 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Jeffrey Vander Stoep
Browse files

Sepolicy load: use -N flag to skip neverallow checks

Fixes issue where attributes used exclusively in neverallow
rules were removed from policy.

Bug: 37357742
Test: Force on-device compile by removing precompiled policy.
      Verify no increase in compile time.

Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379
parent 5fb5b81f
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -850,7 +850,7 @@ static bool selinux_load_split_policy() {
    const char* compile_args[] = {
        "/system/bin/secilc",
        plat_policy_cil_file,
        "-M", "true", "-G",
        "-M", "true", "-G", "-N",
        // Target the highest policy language version supported by the kernel
        "-c", std::to_string(max_policy_version).c_str(),
        mapping_file.c_str(),