StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

delete recovery policy on changing build types

Browse Source 
When the build type changes (for example, from "shamu-userdebug"
to "shamu-user"), the build system doesn't delete all files
and start over. Rather, build artifacts from the old build type
are reused for the new build type.

This is problematic for the recovery SELinux policy, which differs
between build types. Reusing a userdebug policy on a user build
is inappropriate and could lead to security bugs.

Force the deletion of the recovery SELinux policy when changing
build types, so it can be properly regenerated. This is consistent
with how we treat the normal SELinux policy (see commit
a8b3d54101).

Change-Id: I4ebafe3712dc121644828f6538865061aad58cc0
This commit is contained in:
Nick Kralevich
2016-02-27 10:41:41 -08:00
parent 5e2e53e421
commit 3cb10bbd3b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/cleanbuild.mk
View File

@@ -253,6 +253,7 @@ installclean_files := \
$(PRODUCT_OUT)/obj/EXECUTABLES/init_intermediates \
$(PRODUCT_OUT)/obj/ETC/mac_permissions.xml_intermediates \
$(PRODUCT_OUT)/obj/ETC/sepolicy_intermediates \
$(PRODUCT_OUT)/obj/ETC/sepolicy.recovery_intermediates \
$(PRODUCT_OUT)/obj/ETC/init.environ.rc_intermediates
# The files/dirs to delete during a dataclean, which removes any files