1include $(CLEAR_VARS) 2 3LOCAL_MODULE := plat_mac_permissions.xml 4LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 5LOCAL_LICENSE_CONDITIONS := notice unencumbered 6LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 7LOCAL_MODULE_CLASS := ETC 8LOCAL_MODULE_TAGS := optional 9LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux 10 11include $(BUILD_SYSTEM)/base_rules.mk 12 13all_plat_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) 14all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY)) 15 16# Build keys.conf 17plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp 18$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) 19$(plat_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_plat_mac_perms_keys) 20$(plat_mac_perms_keys.tmp): $(all_plat_mac_perms_keys) $(M4) 21 @mkdir -p $(dir $@) 22 $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@ 23 24# Should be synced with keys.conf. 25all_plat_keys := platform media networkstack shared testkey 26all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem) 27 28$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files) 29$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ 30$(all_plat_mac_perms_files) $(all_plat_keys) 31 @mkdir -p $(dir $@) 32 $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \ 33 MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \ 34 $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) 35 36all_plat_keys := 37all_plat_mac_perms_files := 38all_plat_mac_perms_keys := 39plat_mac_perms_keys.tmp := 40 41################################## 42include $(CLEAR_VARS) 43 44LOCAL_MODULE := system_ext_mac_permissions.xml 45LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 46LOCAL_LICENSE_CONDITIONS := notice unencumbered 47LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 48LOCAL_MODULE_CLASS := ETC 49LOCAL_MODULE_TAGS := optional 50LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux 51 52include $(BUILD_SYSTEM)/base_rules.mk 53 54all_system_ext_mac_perms_keys := $(call build_policy, keys.conf, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY)) 55all_system_ext_mac_perms_files := $(call build_policy, mac_permissions.xml, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY)) 56 57# Build keys.conf 58system_ext_mac_perms_keys.tmp := $(intermediates)/system_ext_keys.tmp 59$(system_ext_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) 60$(system_ext_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_system_ext_mac_perms_keys) 61$(system_ext_mac_perms_keys.tmp): $(all_system_ext_mac_perms_keys) $(M4) 62 @mkdir -p $(dir $@) 63 $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@ 64 65$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_system_ext_mac_perms_files) 66$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ 67$(all_system_ext_mac_perms_files) 68 @mkdir -p $(dir $@) 69 $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) 70 71system_ext_mac_perms_keys.tmp := 72all_system_ext_mac_perms_files := 73all_system_ext_mac_perms_keys := 74 75################################## 76include $(CLEAR_VARS) 77 78LOCAL_MODULE := product_mac_permissions.xml 79LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 80LOCAL_LICENSE_CONDITIONS := notice unencumbered 81LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 82LOCAL_MODULE_CLASS := ETC 83LOCAL_MODULE_TAGS := optional 84LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux 85 86include $(BUILD_SYSTEM)/base_rules.mk 87 88all_product_mac_perms_keys := $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY)) 89all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY)) 90 91# Build keys.conf 92product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp 93$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) 94$(product_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_product_mac_perms_keys) 95$(product_mac_perms_keys.tmp): $(all_product_mac_perms_keys) $(M4) 96 @mkdir -p $(dir $@) 97 $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@ 98 99$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files) 100$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ 101$(all_product_mac_perms_files) 102 @mkdir -p $(dir $@) 103 $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) 104 105product_mac_perms_keys.tmp := 106all_product_mac_perms_files := 107all_product_mac_perms_keys := 108 109################################## 110include $(CLEAR_VARS) 111 112LOCAL_MODULE := vendor_mac_permissions.xml 113LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 114LOCAL_LICENSE_CONDITIONS := notice unencumbered 115LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 116LOCAL_MODULE_CLASS := ETC 117LOCAL_MODULE_TAGS := optional 118LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux 119 120include $(BUILD_SYSTEM)/base_rules.mk 121 122all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 123all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 124 125# Build keys.conf 126vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp 127$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) 128$(vendor_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_vendor_mac_perms_keys) 129$(vendor_mac_perms_keys.tmp): $(all_vendor_mac_perms_keys) $(M4) 130 @mkdir -p $(dir $@) 131 $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@ 132 133$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files) 134$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ 135$(all_vendor_mac_perms_files) 136 @mkdir -p $(dir $@) 137 $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \ 138 $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) 139 140vendor_mac_perms_keys.tmp := 141all_vendor_mac_perms_files := 142all_vendor_mac_perms_keys := 143 144################################## 145include $(CLEAR_VARS) 146 147LOCAL_MODULE := odm_mac_permissions.xml 148LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 149LOCAL_LICENSE_CONDITIONS := notice unencumbered 150LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 151LOCAL_MODULE_CLASS := ETC 152LOCAL_MODULE_TAGS := optional 153LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux 154 155include $(BUILD_SYSTEM)/base_rules.mk 156 157all_odm_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 158all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 159 160# Build keys.conf 161odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp 162$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) 163$(odm_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_odm_mac_perms_keys) 164$(odm_mac_perms_keys.tmp): $(all_odm_mac_perms_keys) $(M4) 165 @mkdir -p $(dir $@) 166 $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@ 167 168$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files) 169$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ 170$(all_odm_mac_perms_files) 171 @mkdir -p $(dir $@) 172 $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) 173 174odm_mac_perms_keys.tmp := 175all_odm_mac_perms_files := 176