Separate system_ext_sepolicy.cil out of system sepolicy
Currently system sepolicy can be extended via: - BOARD_PLAT_PUBLIC_SEPOLICY_DIR - BOARD_PLAT_PRIVATE_SEPOLICY_DIR To support having a single shared core system sepolicy, those customization should be moved to the newly added system_ext partition. System-ext-specific sepolicy files will be installed into /system_ext/etc/selinux/*. system_ext_sepolicy.cil is merged into precompiled_sepolicy at build-time. In case precompiled_sepolicy can't be used (e.g. system-only-ota), the init will merge this file with the rest of the sepolicy at runtime. Bug: 137712473 Test: boot aosp_crosshatch with system_ext_sepolicy.cil Test: boot aosp_crosshatch without system_ext_sepolicy.cil Change-Id: Ib37622271b559d65462de99ff424be831004508a
Loading
Please register or sign in to comment