From 87d0f2703f209dc4200bca96db5ea8eeaff17def Mon Sep 17 00:00:00 2001 From: Remi NGUYEN VAN Date: Wed, 7 Aug 2019 18:13:33 +0900 Subject: [PATCH] Add a product build var for mainline module certs OEMs may need to have different device configurations that use different signing configurations for mainline modules. The network stack mainline module has a sepolicy context referencing its certificate, so the generated plat_mac_permission.xml differs based on the module signing configuration. The added PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES variable defines a per-product directory for the certificates, so that which certificate to use can be configured in the product makefile, instead of replacing the certificate file itself. This change is to be submitted together with another change in sepolicy makefile. Test: changed certificate path, m, verified plat_mac_permissions.xml has new certificate. Bug: 134995443 Bug: 138097611 Change-Id: I863a9904d4a2ea2abad679ae0969d50e374f269d --- core/config.mk | 7 +++++++ core/product-graph.mk | 1 + core/product.mk | 1 + 3 files changed, 9 insertions(+) diff --git a/core/config.mk b/core/config.mk index db4edcb444..9054d528fb 100644 --- a/core/config.mk +++ b/core/config.mk @@ -784,6 +784,13 @@ else endif .KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE +# Certificate for the NetworkStack sepolicy context +ifdef PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES + MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES) +else + MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE)) +endif + BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt) BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE)) diff --git a/core/product-graph.mk b/core/product-graph.mk index 9fc8e574c3..b97a69d644 100644 --- a/core/product-graph.mk +++ b/core/product-graph.mk @@ -131,6 +131,7 @@ $(OUT_DIR)/products/$(strip $(1)).txt: $(this_makefile) $(hide) echo 'PRODUCT_SDK_ADDON_DOC_MODULES=$$(PRODUCTS.$(strip $(1)).PRODUCT_SDK_ADDON_DOC_MODULES)' >> $$@ $(hide) echo 'PRODUCT_DEFAULT_WIFI_CHANNELS=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_WIFI_CHANNELS)' >> $$@ $(hide) echo 'PRODUCT_DEFAULT_DEV_CERTIFICATE=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_DEV_CERTIFICATE)' >> $$@ + $(hide) echo 'PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES=$$(PRODUCTS.$(strip $(1)).PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)' >> $$@ $(hide) echo 'PRODUCT_RESTRICT_VENDOR_FILES=$$(PRODUCTS.$(strip $(1)).PRODUCT_RESTRICT_VENDOR_FILES)' >> $$@ $(hide) echo 'PRODUCT_VENDOR_KERNEL_HEADERS=$$(PRODUCTS.$(strip $(1)).PRODUCT_VENDOR_KERNEL_HEADERS)' >> $$@ diff --git a/core/product.mk b/core/product.mk index c54583dc4c..b7ac105515 100644 --- a/core/product.mk +++ b/core/product.mk @@ -205,6 +205,7 @@ _product_list_vars += PRODUCT_SOONG_NAMESPACES _product_list_vars += PRODUCT_DEFAULT_WIFI_CHANNELS _product_list_vars += PRODUCT_DEFAULT_DEV_CERTIFICATE +_product_list_vars += PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES _product_list_vars += PRODUCT_RESTRICT_VENDOR_FILES # The list of product-specific kernel header dirs