1LOCAL_PATH:= $(call my-dir)
2
3include $(CLEAR_VARS)
4
5# SELinux policy version.
6# Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
7# Must be within the compatibility range reported by checkpolicy -V.
8POLICYVERS ?= 30
9
10MLS_SENS=1
11MLS_CATS=1024
12
13ifdef BOARD_SEPOLICY_REPLACE
14$(error BOARD_SEPOLICY_REPLACE is no longer supported; please remove from your BoardConfig.mk or other .mk file.)
15endif
16
17ifdef BOARD_SEPOLICY_IGNORE
18$(error BOARD_SEPOLICY_IGNORE is no longer supported; please remove from your BoardConfig.mk or other .mk file.)
19endif
20
21ifdef BOARD_SEPOLICY_UNION
22$(warning BOARD_SEPOLICY_UNION is no longer required - all files found in BOARD_SEPOLICY_DIRS are implicitly unioned; please remove from your BoardConfig.mk or other .mk file.)
23endif
24
25ifdef BOARD_SEPOLICY_M4DEFS
26LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS))
27endif
28
29# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS and the LOCAL_PATH.
30# $(1): the set of policy name paths to build
31build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
32
33# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS.
34# $(1): the set of policy name paths to build
35build_device_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
36
37# Add a file containing only a newline in-between each policy configuration
38# 'contexts' file. This will allow OEM policy configuration files without a
39# final newline (0x0A) to be built correctly by the m4(1) macro processor.
40# $(1): the set of contexts file names.
41# $(2): the file containing only 0x0A.
42add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
43
44sepolicy_build_files := security_classes \
45                        initial_sids \
46                        access_vectors \
47                        global_macros \
48                        neverallow_macros \
49                        mls_macros \
50                        mls \
51                        policy_capabilities \
52                        te_macros \
53                        attributes \
54                        ioctl_defines \
55                        ioctl_macros \
56                        *.te \
57                        roles \
58                        users \
59                        initial_sid_contexts \
60                        fs_use \
61                        genfs_contexts \
62                        port_contexts
63
64##################################
65include $(CLEAR_VARS)
66
67LOCAL_MODULE := sectxfile_nl
68LOCAL_MODULE_CLASS := ETC
69LOCAL_MODULE_TAGS := optional
70
71# Create a file containing newline only to add between context config files
72include $(BUILD_SYSTEM)/base_rules.mk
73$(LOCAL_BUILT_MODULE):
74	@mkdir -p $(dir $@)
75	$(hide) echo > $@
76
77built_nl := $(LOCAL_BUILT_MODULE)
78
79#################################
80include $(CLEAR_VARS)
81
82LOCAL_MODULE := sepolicy
83LOCAL_MODULE_CLASS := ETC
84LOCAL_MODULE_TAGS := optional
85LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
86
87include $(BUILD_SYSTEM)/base_rules.mk
88
89sepolicy_policy.conf := $(intermediates)/policy.conf
90$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
91$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
92$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
93$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files))
94	@mkdir -p $(dir $@)
95	$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
96		-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
97		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
98		-s $^ > $@
99	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
100
101$(LOCAL_BUILT_MODULE): $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy $(HOST_OUT_EXECUTABLES)/sepolicy-analyze
102	@mkdir -p $(dir $@)
103	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@.tmp $<
104	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $(dir $<)/$(notdir $@).dontaudit $<.dontaudit
105	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
106	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
107		echo "==========" 1>&2; \
108		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
109		echo "List of invalid domains:" 1>&2; \
110		cat $@.permissivedomains 1>&2; \
111		exit 1; \
112		fi
113	$(hide) mv $@.tmp $@
114
115built_sepolicy := $(LOCAL_BUILT_MODULE)
116sepolicy_policy.conf :=
117
118##################################
119include $(CLEAR_VARS)
120
121LOCAL_MODULE := sepolicy.recovery
122LOCAL_MODULE_CLASS := ETC
123LOCAL_MODULE_TAGS := eng
124
125include $(BUILD_SYSTEM)/base_rules.mk
126
127sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf
128$(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
129$(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
130$(sepolicy_policy_recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
131$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files))
132	@mkdir -p $(dir $@)
133	$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
134		-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
135		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
136		-D target_recovery=true \
137		-s $^ > $@
138
139$(LOCAL_BUILT_MODULE): $(sepolicy_policy_recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy $(HOST_OUT_EXECUTABLES)/sepolicy-analyze
140	@mkdir -p $(dir $@)
141	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@.tmp $<
142	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
143	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
144		echo "==========" 1>&2; \
145		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
146		echo "List of invalid domains:" 1>&2; \
147		cat $@.permissivedomains 1>&2; \
148		exit 1; \
149		fi
150	$(hide) mv $@.tmp $@
151
152built_sepolicy_recovery := $(LOCAL_BUILT_MODULE)
153sepolicy_policy_recovery.conf :=
154
155##################################
156include $(CLEAR_VARS)
157
158LOCAL_MODULE := general_sepolicy.conf
159LOCAL_MODULE_CLASS := ETC
160LOCAL_MODULE_TAGS := tests
161
162include $(BUILD_SYSTEM)/base_rules.mk
163
164exp_sepolicy_build_files :=\
165  $(foreach file, $(addprefix $(LOCAL_PATH)/, $(sepolicy_build_files)), $(sort $(wildcard $(file))))
166
167$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
168$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
169$(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files)
170	mkdir -p $(dir $@)
171	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
172		-D target_build_variant=user \
173		-s $^ > $@
174	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
175
176built_general_sepolicy.conf := $(LOCAL_BUILT_MODULE)
177exp_sepolicy_build_files :=
178
179##################################
180include $(CLEAR_VARS)
181
182LOCAL_MODULE := sepolicy.general
183LOCAL_MODULE_CLASS := ETC
184LOCAL_MODULE_TAGS := tests
185
186include $(BUILD_SYSTEM)/base_rules.mk
187
188$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_SEPOLICY.CONF := $(built_general_sepolicy.conf)
189$(LOCAL_BUILT_MODULE): $(built_general_sepolicy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
190	@mkdir -p $(dir $@)
191	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $(PRIVATE_BUILT_SEPOLICY.CONF)
192
193built_general_sepolicy := $(LOCAL_BUILT_MODULE)
194##################################
195include $(CLEAR_VARS)
196
197LOCAL_MODULE := file_contexts.bin
198LOCAL_MODULE_CLASS := ETC
199LOCAL_MODULE_TAGS := optional
200LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
201
202include $(BUILD_SYSTEM)/base_rules.mk
203
204# The file_contexts.bin is built in the following way:
205# 1. Collect all file_contexts files in THIS repository and process them with
206#    m4 into a tmp file called file_contexts.local.tmp.
207# 2. Collect all device specific file_contexts files and process them with m4
208#    into a tmp file called file_contexts.device.tmp.
209# 3. Run checkfc -e (allow no device fc entries ie empty) and fc_sort on
210#    file_contexts.device.tmp and output to file_contexts.device.sorted.tmp.
211# 4. Concatenate file_contexts.local.tmp and file_contexts.device.tmp into
212#    file_contexts.concat.tmp.
213# 5. Run checkfc and sefcontext_compile on file_contexts.concat.tmp to produce
214#    file_contexts.bin.
215#
216#  Note: That a newline file is placed between each file_context file found to
217#        ensure a proper build when an fc file is missing an ending newline.
218
219local_fc_files := $(LOCAL_PATH)/file_contexts
220ifneq ($(filter address,$(SANITIZE_TARGET)),)
221  local_fc_files := $(local_fc_files) $(LOCAL_PATH)/file_contexts_asan
222endif
223local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
224
225file_contexts.local.tmp := $(intermediates)/file_contexts.local.tmp
226$(file_contexts.local.tmp): $(local_fcfiles_with_nl)
227	@mkdir -p $(dir $@)
228	$(hide) m4 -s $^ > $@
229
230device_fc_files := $(call build_device_policy, file_contexts)
231device_fcfiles_with_nl := $(call add_nl, $(device_fc_files), $(built_nl))
232
233file_contexts.device.tmp := $(intermediates)/file_contexts.device.tmp
234$(file_contexts.device.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
235$(file_contexts.device.tmp): $(device_fcfiles_with_nl)
236	@mkdir -p $(dir $@)
237	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
238
239file_contexts.device.sorted.tmp := $(intermediates)/file_contexts.device.sorted.tmp
240$(file_contexts.device.sorted.tmp): PRIVATE_SEPOLICY := $(built_sepolicy)
241$(file_contexts.device.sorted.tmp): $(file_contexts.device.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/fc_sort $(HOST_OUT_EXECUTABLES)/checkfc
242	@mkdir -p $(dir $@)
243	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e $(PRIVATE_SEPOLICY) $<
244	$(hide) $(HOST_OUT_EXECUTABLES)/fc_sort $< $@
245
246file_contexts.concat.tmp := $(intermediates)/file_contexts.concat.tmp
247$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
248	@mkdir -p $(dir $@)
249	$(hide) m4 -s $^ > $@
250
251$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
252$(LOCAL_BUILT_MODULE): $(file_contexts.concat.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/sefcontext_compile $(HOST_OUT_EXECUTABLES)/checkfc
253	@mkdir -p $(dir $@)
254	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $<
255	$(hide) $(HOST_OUT_EXECUTABLES)/sefcontext_compile -o $@ $<
256
257built_fc := $(LOCAL_BUILT_MODULE)
258local_fc_files :=
259local_fcfiles_with_nl :=
260device_fc_files :=
261device_fcfiles_with_nl :=
262file_contexts.concat.tmp :=
263file_contexts.device.sorted.tmp :=
264file_contexts.device.tmp :=
265file_contexts.local.tmp :=
266
267##################################
268include $(CLEAR_VARS)
269
270LOCAL_MODULE := general_file_contexts.bin
271LOCAL_MODULE_CLASS := ETC
272LOCAL_MODULE_TAGS := tests
273
274include $(BUILD_SYSTEM)/base_rules.mk
275
276general_file_contexts.tmp := $(intermediates)/general_file_contexts.tmp
277$(general_file_contexts.tmp): $(addprefix $(LOCAL_PATH)/, file_contexts)
278	@mkdir -p $(dir $@)
279	$(hide) m4 -s $< > $@
280
281$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
282$(LOCAL_BUILT_MODULE): $(general_file_contexts.tmp) $(built_general_sepolicy) $(HOST_OUT_EXECUTABLES)/sefcontext_compile $(HOST_OUT_EXECUTABLES)/checkfc
283	@mkdir -p $(dir $@)
284	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $<
285	$(hide) $(HOST_OUT_EXECUTABLES)/sefcontext_compile -o $@ $<
286
287general_file_contexts.tmp :=
288
289##################################
290include $(CLEAR_VARS)
291LOCAL_MODULE := seapp_contexts
292LOCAL_MODULE_CLASS := ETC
293LOCAL_MODULE_TAGS := optional
294LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
295
296include $(BUILD_SYSTEM)/base_rules.mk
297
298all_sc_files := $(call build_policy, seapp_contexts)
299
300$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
301$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files)
302$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
303	@mkdir -p $(dir $@)
304	$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES)
305
306built_sc := $(LOCAL_BUILT_MODULE)
307all_sc_files :=
308
309##################################
310include $(CLEAR_VARS)
311LOCAL_MODULE := general_seapp_contexts
312LOCAL_MODULE_CLASS := ETC
313LOCAL_MODULE_TAGS := tests
314
315include $(BUILD_SYSTEM)/base_rules.mk
316
317all_sc_files := $(addprefix $(LOCAL_PATH)/, seapp_contexts)
318
319$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
320$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files)
321$(LOCAL_BUILT_MODULE): $(built_general_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp
322	@mkdir -p $(dir $@)
323	$(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILE)
324
325all_sc_files :=
326
327##################################
328include $(CLEAR_VARS)
329LOCAL_MODULE := general_seapp_neverallows
330LOCAL_MODULE_CLASS := ETC
331LOCAL_MODULE_TAGS := tests
332
333include $(BUILD_SYSTEM)/base_rules.mk
334
335$(LOCAL_BUILT_MODULE): $(addprefix $(LOCAL_PATH)/, seapp_contexts)
336	@mkdir -p $(dir $@)
337	- $(hide) grep -ie '^neverallow' $< > $@
338
339
340##################################
341include $(CLEAR_VARS)
342
343LOCAL_MODULE := property_contexts
344LOCAL_MODULE_CLASS := ETC
345LOCAL_MODULE_TAGS := optional
346LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
347
348include $(BUILD_SYSTEM)/base_rules.mk
349
350all_pc_files := $(call build_policy, property_contexts)
351all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))
352
353property_contexts.tmp := $(intermediates)/property_contexts.tmp
354$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pcfiles_with_nl)
355$(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
356$(property_contexts.tmp): $(all_pcfiles_with_nl)
357	@mkdir -p $(dir $@)
358	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
359
360
361$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
362$(LOCAL_BUILT_MODULE): $(property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
363	@mkdir -p $(dir $@)
364	$(hide) $(ACP) $< $@
365	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $<
366
367built_pc := $(LOCAL_BUILT_MODULE)
368all_pc_files :=
369all_pcfiles_with_nl :=
370property_contexts.tmp :=
371
372##################################
373include $(CLEAR_VARS)
374
375LOCAL_MODULE := general_property_contexts
376LOCAL_MODULE_CLASS := ETC
377LOCAL_MODULE_TAGS := tests
378
379include $(BUILD_SYSTEM)/base_rules.mk
380
381general_property_contexts.tmp := $(intermediates)/general_property_contexts.tmp
382$(general_property_contexts.tmp): $(addprefix $(LOCAL_PATH)/, property_contexts)
383	@mkdir -p $(dir $@)
384	$(hide) m4 -s $< > $@
385
386$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
387$(LOCAL_BUILT_MODULE): $(general_property_contexts.tmp) $(built_general_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
388	@mkdir -p $(dir $@)
389	$(hide) $(ACP) $< $@
390	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $<
391
392general_property_contexts.tmp :=
393
394##################################
395include $(CLEAR_VARS)
396
397LOCAL_MODULE := service_contexts
398LOCAL_MODULE_CLASS := ETC
399LOCAL_MODULE_TAGS := optional
400LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
401
402include $(BUILD_SYSTEM)/base_rules.mk
403
404all_svc_files := $(call build_policy, service_contexts)
405all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl))
406
407service_contexts.tmp := $(intermediates)/service_contexts.tmp
408$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svcfiles_with_nl)
409$(service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
410$(service_contexts.tmp): $(all_svcfiles_with_nl)
411	@mkdir -p $(dir $@)
412	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
413
414$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
415$(LOCAL_BUILT_MODULE): $(service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
416	@mkdir -p $(dir $@)
417	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $<
418	$(hide) $(ACP) $< $@
419
420built_svc := $(LOCAL_BUILT_MODULE)
421all_svc_files :=
422all_svcfiles_with_nl :=
423service_contexts.tmp :=
424
425##################################
426include $(CLEAR_VARS)
427
428LOCAL_MODULE := general_service_contexts
429LOCAL_MODULE_CLASS := ETC
430LOCAL_MODULE_TAGS := tests
431
432include $(BUILD_SYSTEM)/base_rules.mk
433
434general_service_contexts.tmp := $(intermediates)/general_service_contexts.tmp
435$(general_service_contexts.tmp): $(addprefix $(LOCAL_PATH)/, service_contexts)
436	@mkdir -p $(dir $@)
437	$(hide) m4 -s $< > $@
438
439$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
440$(LOCAL_BUILT_MODULE): $(general_service_contexts.tmp) $(built_general_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
441	@mkdir -p $(dir $@)
442	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $<
443	$(hide) $(ACP) $< $@
444
445general_service_contexts.tmp :=
446
447##################################
448include $(CLEAR_VARS)
449
450LOCAL_MODULE := mac_permissions.xml
451LOCAL_MODULE_CLASS := ETC
452LOCAL_MODULE_TAGS := optional
453LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security
454
455include $(BUILD_SYSTEM)/base_rules.mk
456
457# Build keys.conf
458mac_perms_keys.tmp := $(intermediates)/keys.tmp
459$(mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
460$(mac_perms_keys.tmp): $(call build_policy, keys.conf)
461	@mkdir -p $(dir $@)
462	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
463
464all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE))
465
466$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_mac_perms_files)
467$(LOCAL_BUILT_MODULE): $(mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py $(all_mac_perms_files)
468	@mkdir -p $(dir $@)
469	$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
470		$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
471
472mac_perms_keys.tmp :=
473all_mac_perms_files :=
474
475##################################
476include $(CLEAR_VARS)
477
478LOCAL_MODULE := selinux_version
479LOCAL_MODULE_CLASS := ETC
480LOCAL_MODULE_TAGS := optional
481LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
482
483include $(BUILD_SYSTEM)/base_rules.mk
484$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(built_pc) $(built_fc) $(built_sc) $(built_svc)
485	@mkdir -p $(dir $@)
486	$(hide) echo -n $(BUILD_FINGERPRINT_FROM_FILE) > $@
487
488##################################
489
490build_policy :=
491build_device_policy :=
492sepolicy_build_files :=
493built_sepolicy :=
494built_sepolicy_recovery :=
495built_sc :=
496built_fc :=
497built_pc :=
498built_svc :=
499built_general_sepolicy :=
500built_general_sepolicy.conf :=
501built_nl :=
502add_nl :=
503
504include $(call all-makefiles-under,$(LOCAL_PATH))
505