From f56c5b14ce8f8989dfc9f89b55ef11ada2ed52a7 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Fri, 21 Dec 2018 16:06:17 -0800 Subject: [PATCH] Add /product sepolicy support to SELinuxMMAC.java Bug: 119305624 Test: normal/recovery boot aosp_taimen Test: this log entry is in logcat SELinuxMMAC: Using policy file /product/etc/selinux/product_mac_permissions.xml Test: wfcactivation app works without denials. Its mac permissions are now in /product. Change-Id: I977ad0d763e46dbcb5bff36fc6361b4e70098c13 --- .../core/java/com/android/server/pm/SELinuxMMAC.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java index b47d96622e961..b4154c7476a1c 100644 --- a/services/core/java/com/android/server/pm/SELinuxMMAC.java +++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java @@ -17,8 +17,8 @@ package com.android.server.pm; import android.content.pm.PackageParser; -import android.content.pm.Signature; import android.content.pm.PackageParser.SigningDetails; +import android.content.pm.Signature; import android.os.Environment; import android.util.Slog; import android.util.Xml; @@ -81,6 +81,13 @@ public final class SELinuxMMAC { sMacPermissions.add(new File( Environment.getRootDirectory(), "/etc/selinux/plat_mac_permissions.xml")); + // Product mac permissions (optional). + final File productMacPermission = new File( + Environment.getProductDirectory(), "/etc/selinux/product_mac_permissions.xml"); + if (productMacPermission.exists()) { + sMacPermissions.add(productMacPermission); + } + // Vendor mac permissions. // The filename has been renamed from nonplat_mac_permissions to // vendor_mac_permissions. Either of them should exist.