1*e4a36f41SAndroid Build Coastguard Worker// Copyright (C) 2021 The Android Open Source Project 2*e4a36f41SAndroid Build Coastguard Worker// 3*e4a36f41SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*e4a36f41SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*e4a36f41SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*e4a36f41SAndroid Build Coastguard Worker// 7*e4a36f41SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*e4a36f41SAndroid Build Coastguard Worker// 9*e4a36f41SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*e4a36f41SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*e4a36f41SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e4a36f41SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*e4a36f41SAndroid Build Coastguard Worker// limitations under the License. 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Workerpackage { 16*e4a36f41SAndroid Build Coastguard Worker // http://go/android-license-faq 17*e4a36f41SAndroid Build Coastguard Worker // A large-scale-change added 'default_applicable_licenses' to import 18*e4a36f41SAndroid Build Coastguard Worker // the below license kinds from "system_sepolicy_license": 19*e4a36f41SAndroid Build Coastguard Worker // SPDX-license-identifier-Apache-2.0 20*e4a36f41SAndroid Build Coastguard Worker default_applicable_licenses: ["system_sepolicy_license"], 21*e4a36f41SAndroid Build Coastguard Worker} 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Workersystem_policy_files = [ 24*e4a36f41SAndroid Build Coastguard Worker "system/private/security_classes", 25*e4a36f41SAndroid Build Coastguard Worker "system/private/initial_sids", 26*e4a36f41SAndroid Build Coastguard Worker "system/private/access_vectors", 27*e4a36f41SAndroid Build Coastguard Worker "system/public/global_macros", 28*e4a36f41SAndroid Build Coastguard Worker "system/public/neverallow_macros", 29*e4a36f41SAndroid Build Coastguard Worker "system/private/mls_macros", 30*e4a36f41SAndroid Build Coastguard Worker "system/private/mls_decl", 31*e4a36f41SAndroid Build Coastguard Worker "system/private/mls", 32*e4a36f41SAndroid Build Coastguard Worker "system/private/policy_capabilities", 33*e4a36f41SAndroid Build Coastguard Worker "system/public/te_macros", 34*e4a36f41SAndroid Build Coastguard Worker "system/public/attributes", 35*e4a36f41SAndroid Build Coastguard Worker "system/private/attributes", 36*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_defines", 37*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_macros", 38*e4a36f41SAndroid Build Coastguard Worker "system/public/*.te", 39*e4a36f41SAndroid Build Coastguard Worker "system/private/*.te", 40*e4a36f41SAndroid Build Coastguard Worker "system/private/roles_decl", 41*e4a36f41SAndroid Build Coastguard Worker "system/public/roles", 42*e4a36f41SAndroid Build Coastguard Worker "system/private/users", 43*e4a36f41SAndroid Build Coastguard Worker "system/private/initial_sid_contexts", 44*e4a36f41SAndroid Build Coastguard Worker "system/private/fs_use", 45*e4a36f41SAndroid Build Coastguard Worker "system/private/genfs_contexts", 46*e4a36f41SAndroid Build Coastguard Worker "system/private/port_contexts", 47*e4a36f41SAndroid Build Coastguard Worker] 48*e4a36f41SAndroid Build Coastguard Worker 49*e4a36f41SAndroid Build Coastguard Workerreqd_mask_files = [ 50*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/security_classes", 51*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sids", 52*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/access_vectors", 53*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_macros", 54*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_decl", 55*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls", 56*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/reqd_mask.te", 57*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles_decl", 58*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles", 59*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/users", 60*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sid_contexts", 61*e4a36f41SAndroid Build Coastguard Worker] 62*e4a36f41SAndroid Build Coastguard Worker 63*e4a36f41SAndroid Build Coastguard Workersystem_public_policy_files = [ 64*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/security_classes", 65*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sids", 66*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/access_vectors", 67*e4a36f41SAndroid Build Coastguard Worker "system/public/global_macros", 68*e4a36f41SAndroid Build Coastguard Worker "system/public/neverallow_macros", 69*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_macros", 70*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_decl", 71*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls", 72*e4a36f41SAndroid Build Coastguard Worker "system/public/te_macros", 73*e4a36f41SAndroid Build Coastguard Worker "system/public/attributes", 74*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_defines", 75*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_macros", 76*e4a36f41SAndroid Build Coastguard Worker "system/public/*.te", 77*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/reqd_mask.te", 78*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles_decl", 79*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles", 80*e4a36f41SAndroid Build Coastguard Worker "system/public/roles", 81*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/users", 82*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sid_contexts", 83*e4a36f41SAndroid Build Coastguard Worker] 84*e4a36f41SAndroid Build Coastguard Worker 85*e4a36f41SAndroid Build Coastguard Workervendor_policy_files = [ 86*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/security_classes", 87*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sids", 88*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/access_vectors", 89*e4a36f41SAndroid Build Coastguard Worker "system/public/global_macros", 90*e4a36f41SAndroid Build Coastguard Worker "system/public/neverallow_macros", 91*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_macros", 92*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls_decl", 93*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/mls", 94*e4a36f41SAndroid Build Coastguard Worker "system/public/te_macros", 95*e4a36f41SAndroid Build Coastguard Worker "system/public/attributes", 96*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_defines", 97*e4a36f41SAndroid Build Coastguard Worker "system/public/ioctl_macros", 98*e4a36f41SAndroid Build Coastguard Worker "system/public/*.te", 99*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/reqd_mask.te", 100*e4a36f41SAndroid Build Coastguard Worker "vendor/*.te", 101*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles_decl", 102*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/roles", 103*e4a36f41SAndroid Build Coastguard Worker "system/public/roles", 104*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/users", 105*e4a36f41SAndroid Build Coastguard Worker "reqd_mask/initial_sid_contexts", 106*e4a36f41SAndroid Build Coastguard Worker] 107*e4a36f41SAndroid Build Coastguard Worker 108*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 109*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_reqd_policy_mask.conf", 110*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 111*e4a36f41SAndroid Build Coastguard Worker srcs: reqd_mask_files, 112*e4a36f41SAndroid Build Coastguard Worker installable: false, 113*e4a36f41SAndroid Build Coastguard Worker mls_cats: 1, 114*e4a36f41SAndroid Build Coastguard Worker} 115*e4a36f41SAndroid Build Coastguard Worker 116*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 117*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_reqd_policy_mask.cil", 118*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_reqd_policy_mask.conf", 119*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, 120*e4a36f41SAndroid Build Coastguard Worker installable: false, 121*e4a36f41SAndroid Build Coastguard Worker} 122*e4a36f41SAndroid Build Coastguard Worker 123*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 124*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_sepolicy.conf", 125*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 126*e4a36f41SAndroid Build Coastguard Worker srcs: system_policy_files, 127*e4a36f41SAndroid Build Coastguard Worker installable: false, 128*e4a36f41SAndroid Build Coastguard Worker mls_cats: 1, 129*e4a36f41SAndroid Build Coastguard Worker} 130*e4a36f41SAndroid Build Coastguard Worker 131*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 132*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_sepolicy.cil", 133*e4a36f41SAndroid Build Coastguard Worker stem: "plat_sepolicy.cil", 134*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_plat_sepolicy.conf", 135*e4a36f41SAndroid Build Coastguard Worker installable: false, 136*e4a36f41SAndroid Build Coastguard Worker} 137*e4a36f41SAndroid Build Coastguard Worker 138*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 139*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_pub_policy.conf", 140*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 141*e4a36f41SAndroid Build Coastguard Worker srcs: system_public_policy_files, 142*e4a36f41SAndroid Build Coastguard Worker installable: false, 143*e4a36f41SAndroid Build Coastguard Worker mls_cats: 1, 144*e4a36f41SAndroid Build Coastguard Worker} 145*e4a36f41SAndroid Build Coastguard Worker 146*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 147*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_pub_policy.cil", 148*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_plat_pub_policy.conf", 149*e4a36f41SAndroid Build Coastguard Worker filter_out: [":microdroid_reqd_policy_mask.cil"], 150*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, 151*e4a36f41SAndroid Build Coastguard Worker installable: false, 152*e4a36f41SAndroid Build Coastguard Worker} 153*e4a36f41SAndroid Build Coastguard Worker 154*e4a36f41SAndroid Build Coastguard Workerse_versioned_policy { 155*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_mapping_file", 156*e4a36f41SAndroid Build Coastguard Worker base: ":microdroid_plat_pub_policy.cil", 157*e4a36f41SAndroid Build Coastguard Worker mapping: true, 158*e4a36f41SAndroid Build Coastguard Worker version: "current", 159*e4a36f41SAndroid Build Coastguard Worker relative_install_path: "mapping", // install to /system/etc/selinux/mapping 160*e4a36f41SAndroid Build Coastguard Worker installable: false, 161*e4a36f41SAndroid Build Coastguard Worker} 162*e4a36f41SAndroid Build Coastguard Worker 163*e4a36f41SAndroid Build Coastguard Workerse_versioned_policy { 164*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_pub_versioned.cil", 165*e4a36f41SAndroid Build Coastguard Worker stem: "plat_pub_versioned.cil", 166*e4a36f41SAndroid Build Coastguard Worker base: ":microdroid_plat_pub_policy.cil", 167*e4a36f41SAndroid Build Coastguard Worker target_policy: ":microdroid_plat_pub_policy.cil", 168*e4a36f41SAndroid Build Coastguard Worker version: "current", 169*e4a36f41SAndroid Build Coastguard Worker dependent_cils: [ 170*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_sepolicy.cil", 171*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_mapping_file", 172*e4a36f41SAndroid Build Coastguard Worker ], 173*e4a36f41SAndroid Build Coastguard Worker installable: false, 174*e4a36f41SAndroid Build Coastguard Worker} 175*e4a36f41SAndroid Build Coastguard Worker 176*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 177*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_vendor_sepolicy.conf", 178*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 179*e4a36f41SAndroid Build Coastguard Worker srcs: vendor_policy_files, 180*e4a36f41SAndroid Build Coastguard Worker installable: false, 181*e4a36f41SAndroid Build Coastguard Worker mls_cats: 1, 182*e4a36f41SAndroid Build Coastguard Worker} 183*e4a36f41SAndroid Build Coastguard Worker 184*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 185*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_vendor_sepolicy.cil.raw", 186*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_vendor_sepolicy.conf", 187*e4a36f41SAndroid Build Coastguard Worker filter_out: [":microdroid_reqd_policy_mask.cil"], 188*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, // will be done in se_versioned_policy module 189*e4a36f41SAndroid Build Coastguard Worker installable: false, 190*e4a36f41SAndroid Build Coastguard Worker} 191*e4a36f41SAndroid Build Coastguard Worker 192*e4a36f41SAndroid Build Coastguard Workerse_versioned_policy { 193*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_vendor_sepolicy.cil", 194*e4a36f41SAndroid Build Coastguard Worker stem: "vendor_sepolicy.cil", 195*e4a36f41SAndroid Build Coastguard Worker base: ":microdroid_plat_pub_policy.cil", 196*e4a36f41SAndroid Build Coastguard Worker target_policy: ":microdroid_vendor_sepolicy.cil.raw", 197*e4a36f41SAndroid Build Coastguard Worker version: "current", // microdroid is bundled to system 198*e4a36f41SAndroid Build Coastguard Worker dependent_cils: [ 199*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_sepolicy.cil", 200*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_pub_versioned.cil", 201*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_mapping_file", 202*e4a36f41SAndroid Build Coastguard Worker ], 203*e4a36f41SAndroid Build Coastguard Worker filter_out: [":microdroid_plat_pub_versioned.cil"], 204*e4a36f41SAndroid Build Coastguard Worker installable: false, 205*e4a36f41SAndroid Build Coastguard Worker} 206*e4a36f41SAndroid Build Coastguard Worker 207*e4a36f41SAndroid Build Coastguard Workersepolicy_vers { 208*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_sepolicy_vers.txt", 209*e4a36f41SAndroid Build Coastguard Worker version: "platform", 210*e4a36f41SAndroid Build Coastguard Worker stem: "plat_sepolicy_vers.txt", 211*e4a36f41SAndroid Build Coastguard Worker installable: false, 212*e4a36f41SAndroid Build Coastguard Worker} 213*e4a36f41SAndroid Build Coastguard Worker 214*e4a36f41SAndroid Build Coastguard Worker// sepolicy sha256 for vendor 215*e4a36f41SAndroid Build Coastguard Workerjava_genrule { 216*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_sepolicy_and_mapping.sha256_gen", 217*e4a36f41SAndroid Build Coastguard Worker srcs: [ 218*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_sepolicy.cil", 219*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_mapping_file", 220*e4a36f41SAndroid Build Coastguard Worker ], 221*e4a36f41SAndroid Build Coastguard Worker out: ["microdroid_plat_sepolicy_and_mapping.sha256"], 222*e4a36f41SAndroid Build Coastguard Worker cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)", 223*e4a36f41SAndroid Build Coastguard Worker} 224*e4a36f41SAndroid Build Coastguard Worker 225*e4a36f41SAndroid Build Coastguard Workerprebuilt_etc { 226*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_plat_sepolicy_and_mapping.sha256", 227*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen", 228*e4a36f41SAndroid Build Coastguard Worker filename: "plat_sepolicy_and_mapping.sha256", 229*e4a36f41SAndroid Build Coastguard Worker relative_install_path: "selinux", 230*e4a36f41SAndroid Build Coastguard Worker installable: false, 231*e4a36f41SAndroid Build Coastguard Worker} 232*e4a36f41SAndroid Build Coastguard Worker 233*e4a36f41SAndroid Build Coastguard Workerprebuilt_etc { 234*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256", 235*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen", 236*e4a36f41SAndroid Build Coastguard Worker filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256", 237*e4a36f41SAndroid Build Coastguard Worker relative_install_path: "selinux", 238*e4a36f41SAndroid Build Coastguard Worker installable: false, 239*e4a36f41SAndroid Build Coastguard Worker} 240*e4a36f41SAndroid Build Coastguard Worker 241*e4a36f41SAndroid Build Coastguard Workerse_policy_binary { 242*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_precompiled_sepolicy", 243*e4a36f41SAndroid Build Coastguard Worker stem: "microdroid_precompiled_sepolicy", 244*e4a36f41SAndroid Build Coastguard Worker srcs: [ 245*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_sepolicy.cil", 246*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_mapping_file", 247*e4a36f41SAndroid Build Coastguard Worker ":microdroid_plat_pub_versioned.cil", 248*e4a36f41SAndroid Build Coastguard Worker ":microdroid_vendor_sepolicy.cil", 249*e4a36f41SAndroid Build Coastguard Worker ], 250*e4a36f41SAndroid Build Coastguard Worker no_full_install: true, 251*e4a36f41SAndroid Build Coastguard Worker 252*e4a36f41SAndroid Build Coastguard Worker // b/259729287. In Microdroid, su is allowed to be in permissive mode. 253*e4a36f41SAndroid Build Coastguard Worker // This is to support fully debuggable VMs on user builds. This is safe 254*e4a36f41SAndroid Build Coastguard Worker // because we don't start adbd at all on non-debuggable VMs. 255*e4a36f41SAndroid Build Coastguard Worker permissive_domains_on_user_builds: ["su"], 256*e4a36f41SAndroid Build Coastguard Worker} 257*e4a36f41SAndroid Build Coastguard Worker 258*e4a36f41SAndroid Build Coastguard Workergenrule { 259*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_file_contexts.gen", 260*e4a36f41SAndroid Build Coastguard Worker srcs: ["system/private/file_contexts"], 261*e4a36f41SAndroid Build Coastguard Worker tools: ["fc_sort"], 262*e4a36f41SAndroid Build Coastguard Worker out: ["file_contexts"], 263*e4a36f41SAndroid Build Coastguard Worker cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " + 264*e4a36f41SAndroid Build Coastguard Worker "$(location fc_sort) -i $(out).tmp -o $(out)", 265*e4a36f41SAndroid Build Coastguard Worker} 266*e4a36f41SAndroid Build Coastguard Worker 267*e4a36f41SAndroid Build Coastguard Workerprebuilt_etc { 268*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_file_contexts", 269*e4a36f41SAndroid Build Coastguard Worker filename: "plat_file_contexts", 270*e4a36f41SAndroid Build Coastguard Worker src: ":microdroid_file_contexts.gen", 271*e4a36f41SAndroid Build Coastguard Worker relative_install_path: "selinux", 272*e4a36f41SAndroid Build Coastguard Worker no_full_install: true, 273*e4a36f41SAndroid Build Coastguard Worker} 274*e4a36f41SAndroid Build Coastguard Worker 275*e4a36f41SAndroid Build Coastguard Workergenrule { 276*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_vendor_file_contexts.gen", 277*e4a36f41SAndroid Build Coastguard Worker srcs: ["vendor/file_contexts"], 278*e4a36f41SAndroid Build Coastguard Worker tools: ["fc_sort"], 279*e4a36f41SAndroid Build Coastguard Worker out: ["file_contexts"], 280*e4a36f41SAndroid Build Coastguard Worker cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " + 281*e4a36f41SAndroid Build Coastguard Worker "$(location fc_sort) -i $(out).tmp -o $(out)", 282*e4a36f41SAndroid Build Coastguard Worker} 283*e4a36f41SAndroid Build Coastguard Worker 284*e4a36f41SAndroid Build Coastguard Workerprebuilt_etc { 285*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_property_contexts", 286*e4a36f41SAndroid Build Coastguard Worker filename: "plat_property_contexts", 287*e4a36f41SAndroid Build Coastguard Worker src: "system/private/property_contexts", 288*e4a36f41SAndroid Build Coastguard Worker relative_install_path: "selinux", 289*e4a36f41SAndroid Build Coastguard Worker no_full_install: true, 290*e4a36f41SAndroid Build Coastguard Worker} 291*e4a36f41SAndroid Build Coastguard Worker 292*e4a36f41SAndroid Build Coastguard Worker// For CTS 293*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 294*e4a36f41SAndroid Build Coastguard Worker name: "microdroid_general_sepolicy.conf", 295*e4a36f41SAndroid Build Coastguard Worker srcs: system_policy_files, 296*e4a36f41SAndroid Build Coastguard Worker exclude_build_test: true, 297*e4a36f41SAndroid Build Coastguard Worker installable: false, 298*e4a36f41SAndroid Build Coastguard Worker mls_cats: 1, 299*e4a36f41SAndroid Build Coastguard Worker} 300