diff --git a/core/Makefile b/core/Makefile index 5102d2300fd..f351f24b3e5 100644 --- a/core/Makefile +++ b/core/Makefile @@ -895,9 +895,6 @@ INTERNAL_USERIMAGES_DEPS += $(FEC) endif endif -SELINUX_FC := $(TARGET_ROOT_OUT)/file_contexts.bin -INTERNAL_USERIMAGES_DEPS += $(SELINUX_FC) - INTERNAL_USERIMAGES_DEPS += $(BLK_ALLOC_TO_BASE_FS) # $(1): the path of the output dictionary file @@ -932,7 +929,6 @@ $(if $(BOARD_OEMIMAGE_JOURNAL_SIZE),$(hide) echo "oem_journal_size=$(BOARD_OEMIM $(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1)) $(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1)) $(if $(INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG),$(hide) echo "squashfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG)" >> $(1)) -$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER),$(hide) echo "boot_signer=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) @@ -963,7 +959,6 @@ INTERNAL_RECOVERYIMAGE_FILES := $(filter $(TARGET_RECOVERY_OUT)/%, \ $(ALL_DEFAULT_INSTALLED_MODULES)) recovery_initrc := $(call project-path-for,recovery)/etc/init.rc -recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_uncompressed_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.cpio @@ -1118,7 +1113,6 @@ define build-recoveryramdisk $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc $(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/ $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy - $(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy $(hide) cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ || true # Ignore error when the src file doesn't exist. $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/res $(hide) rm -rf $(TARGET_RECOVERY_ROOT_OUT)/res/* @@ -1173,7 +1167,7 @@ endif $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \ $(INSTALLED_RAMDISK_TARGET) \ $(INTERNAL_RECOVERYIMAGE_FILES) \ - $(recovery_initrc) $(recovery_sepolicy) $(recovery_kernel) \ + $(recovery_initrc) $(recovery_kernel) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) \ $(recovery_fstab) @@ -1189,7 +1183,7 @@ $(recovery_uncompressed_ramdisk): $(MKBOOTFS) \ $(INSTALLED_RAMDISK_TARGET_ANDROID) \ $(INSTALLED_BOOTIMAGE_TARGET) \ $(INTERNAL_RECOVERYIMAGE_FILES) \ - $(recovery_initrc) $(recovery_sepolicy) \ + $(recovery_initrc) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ $(recovery_build_prop) $(recovery_resource_deps) $(recovery_root_deps) \ $(recovery_fstab) @@ -1945,7 +1939,6 @@ $(BUILT_TARGET_FILES_PACKAGE): \ $(INSTALLED_SYSTEMOTHERIMAGE_TARGET) \ $(INSTALLED_OEMIMAGE_TARGET) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ - $(SELINUX_FC) \ $(APKCERTS_FILE) \ $(HOST_OUT_EXECUTABLES)/fs_config \ | $(ACP) @@ -2081,7 +2074,6 @@ endif $(hide) $(ACP) $(APKCERTS_FILE) $(zip_root)/META/apkcerts.txt $(hide) if test -e $(tool_extensions)/releasetools.py; then $(ACP) $(tool_extensions)/releasetools.py $(zip_root)/META/; fi $(hide) echo "$(PRODUCT_OTA_PUBLIC_KEYS)" > $(zip_root)/META/otakeys.txt - $(hide) $(ACP) $(SELINUX_FC) $(zip_root)/META/file_contexts.bin $(hide) echo "recovery_api_version=$(PRIVATE_RECOVERY_API_VERSION)" > $(zip_root)/META/misc_info.txt $(hide) echo "fstab_version=$(PRIVATE_RECOVERY_FSTAB_VERSION)" >> $(zip_root)/META/misc_info.txt ifdef BOARD_FLASH_BLOCK_SIZE @@ -2196,17 +2188,17 @@ endif zip -qryXu ../$(notdir $@) .) @# Run fs_config on all the system, vendor, boot ramdisk, @# and recovery ramdisk files in the zip, and save the output - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="SYSTEM/" } /^SYSTEM\// {print "system/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/filesystem_config.txt - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="VENDOR/" } /^VENDOR\// {print "vendor/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/vendor_filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="SYSTEM/" } /^SYSTEM\// {print "system/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="VENDOR/" } /^VENDOR\// {print "vendor/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/vendor_filesystem_config.txt ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="ROOT/" } /^ROOT\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/root_filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="ROOT/" } /^ROOT\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/root_filesystem_config.txt endif - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="BOOT/RAMDISK/" } /^BOOT\/RAMDISK\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/boot_filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="BOOT/RAMDISK/" } /^BOOT\/RAMDISK\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/boot_filesystem_config.txt ifneq ($(INSTALLED_RECOVERYIMAGE_TARGET),) - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="RECOVERY/RAMDISK/" } /^RECOVERY\/RAMDISK\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/recovery_filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="RECOVERY/RAMDISK/" } /^RECOVERY\/RAMDISK\// {print $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/recovery_filesystem_config.txt endif ifdef INSTALLED_SYSTEMOTHERIMAGE_TARGET - $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="SYSTEM_OTHER/" } /^SYSTEM_OTHER\// { print "system/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) -S $(SELINUX_FC) > $(zip_root)/META/system_other_filesystem_config.txt + $(hide) zipinfo -1 $@ | awk 'BEGIN { FS="SYSTEM_OTHER/" } /^SYSTEM_OTHER\// { print "system/" $$2}' | $(HOST_OUT_EXECUTABLES)/fs_config -C -D $(TARGET_OUT) > $(zip_root)/META/system_other_filesystem_config.txt endif $(hide) (cd $(zip_root) && zip -qX ../$(notdir $@) META/*filesystem_config.txt) $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH MKBOOTIMG=$(MKBOOTIMG) \ diff --git a/core/config.mk b/core/config.mk index 41123566fa4..434b427ca8e 100644 --- a/core/config.mk +++ b/core/config.mk @@ -918,7 +918,6 @@ endif ifneq ($(CM_BUILD),) ## We need to be sure the global selinux policies are included ## last, to avoid accidental resetting by device configs -$(eval include vendor/cm/sepolicy/sepolicy.mk) # Include any vendor specific config.mk file -include $(TOPDIR)vendor/*/build/core/config.mk diff --git a/core/main.mk b/core/main.mk index d746abb6c10..a2541d612ed 100644 --- a/core/main.mk +++ b/core/main.mk @@ -552,7 +552,6 @@ subdirs := \ external/protobuf \ external/qemu \ external/scrypt \ - external/sepolicy \ external/sfntly \ external/skia \ external/sonic \ @@ -631,7 +630,6 @@ subdirs := \ system/security/keystore-engine \ system/keymaster \ system/gatekeeper \ - system/sepolicy \ system/tools/aidl \ system/qcom diff --git a/target/product/embedded.mk b/target/product/embedded.mk index 55de3b9e9dd..dd7b6231ad8 100644 --- a/target/product/embedded.mk +++ b/target/product/embedded.mk @@ -76,16 +76,6 @@ PRODUCT_PACKAGES += \ toybox \ tzdatacheck \ -# SELinux packages -PRODUCT_PACKAGES += \ - sepolicy \ - file_contexts.bin \ - seapp_contexts \ - property_contexts \ - mac_permissions.xml \ - selinux_version \ - service_contexts - # Ensure that this property is always defined so that bionic_systrace.cpp # can rely on it being initially set by init. PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \