Add /odm/etc/selinux/odm_sepolicy.cil

This change adds the support of odm sepolicy customization, which can be configured through the newly added build varaible: - BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS is set. On a DUT, precompiled sepolicy on /odm will override the one in /vendor. This is intentional because /odm is the hardware customization for /vendor and both should be updated together if desired. Bug: 64240127 Test: boot a device with /odm partition Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
author: Bowgo Tsai 2017-11-26 21:41:33 -0600
committer: Bowgo Tsai 2018-03-16 02:44:23 -0500
commit: 45457e3a2b26b8c5d4a13b694e9d781ec4438b04 (patch)
tree: 40a3a9d70031efc3697bd7909be332821733f244 /Android.mk
parent: 4eb10d809ab4294da21e41199df3eb943fc1bd75 (diff)
download: system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.tar.gz
system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.tar.xz
system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.zip
1 files changed, 84 insertions, 5 deletions
diff --git a/Android.mk b/Android.mk
index ccddace1..f02c6211 100644
--- a/Android.mk
+++ b/Android.mk
@@ -100,14 +100,20 @@ $(warning Be careful when using the SELINUX_IGNORE_NEVERALLOWS flag. \
 NEVERALLOW_ARG := -N
 endif
-# BOARD_SEPOLICY_DIRS was used for vendor sepolicy customization before.
+# BOARD_SEPOLICY_DIRS was used for vendor/odm sepolicy customization before.
-# It has been replaced by BOARD_VENDOR_SEPOLICY_DIRS. BOARD_SEPOLICY_DIRS is
+# It has been replaced by BOARD_VENDOR_SEPOLICY_DIRS (mandatory) and
-# still allowed for backward compatibility, which will be merged into
+# BOARD_ODM_SEPOLICY_DIRS (optional). BOARD_SEPOLICY_DIRS is still allowed for
-# BOARD_VENDOR_SEPOLICY_DIRS.
+# backward compatibility, which will be merged into BOARD_VENDOR_SEPOLICY_DIRS.
 ifdef BOARD_SEPOLICY_DIRS
 BOARD_VENDOR_SEPOLICY_DIRS += $(BOARD_SEPOLICY_DIRS)
 endif
+ifdef BOARD_ODM_SEPOLICY_DIRS
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+$(error PRODUCT_SEPOLICY_SPLIT needs to be true when using BOARD_ODM_SEPOLICY_DIRS)
+endif
+endif
 platform_mapping_file := $(BOARD_SEPOLICY_VERS).cil
 ###########################################################
@@ -242,6 +248,10 @@ LOCAL_REQUIRED_MODULES += \
 endif
 endif
+ifdef BOARD_ODM_SEPOLICY_DIRS
+LOCAL_REQUIRED_MODULES += odm_sepolicy.cil
+endif
 include $(BUILD_PHONY_PACKAGE)
 #################################
@@ -554,11 +564,65 @@ vendor_policy.conf :=
 #################################
 include $(CLEAR_VARS)
+# odm_policy.cil - the odm sepolicy. This needs attributization and to be combined
+# with the platform-provided policy.  It makes use of the reqd_policy_mask files from private
+# policy and the platform public policy files in order to use checkpolicy.
+LOCAL_MODULE := odm_sepolicy.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+include $(BUILD_SYSTEM)/base_rules.mk
+odm_policy.conf := $(intermediates)/odm_policy.conf
+$(odm_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(odm_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(odm_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(odm_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(odm_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+  $(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
+  $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+        $(transform-policy-to-conf)
+        $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(odm_policy.conf)
+$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_plat_pub_vers_cil) \
+  $(built_mapping_cil) $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_plat_pub_vers_cil) $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
+  $(odm_policy.conf) $(reqd_policy_mask.cil) $(plat_pub_policy.cil) \
+  $(built_plat_cil) $(built_plat_pub_vers_cil) $(built_mapping_cil) $(built_vendor_cil)
+        @mkdir -p $(dir $@)
+        $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
+                -i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
+                -b $(PRIVATE_BASE_CIL) -d $(PRIVATE_DEP_CIL_FILES) -f $(PRIVATE_FILTER_CIL_FILES) \
+                -t $(PRIVATE_VERS) -p $(POLICYVERS) -o $@
+built_odm_cil := $(LOCAL_BUILT_MODULE)
+odm_policy.conf :=
+odm_policy_raw :=
+#################################
+include $(CLEAR_VARS)
 LOCAL_MODULE := precompiled_sepolicy
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
 LOCAL_PROPRIETARY_MODULE := true
+ifeq ($(BOARD_USES_ODMIMAGE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+else
 LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+endif
 include $(BUILD_SYSTEM)/base_rules.mk
@@ -568,6 +632,10 @@ all_cil_files := \
    $(built_plat_pub_vers_cil) \
    $(built_vendor_cil)
+ifdef BOARD_ODM_SEPOLICY_DIRS
+all_cil_files += $(built_odm_cil)
+endif
 $(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
 $(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
 $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(all_cil_files) $(built_sepolicy_neverallows)
@@ -586,7 +654,12 @@ LOCAL_MODULE := precompiled_sepolicy.plat_and_mapping.sha256
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
 LOCAL_PROPRIETARY_MODULE := true
+ifeq ($(BOARD_USES_ODMIMAGE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+else
 LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+endif
 include $(BUILD_SYSTEM)/base_rules.mk
@@ -611,6 +684,10 @@ all_cil_files := \
    $(built_plat_pub_vers_cil) \
    $(built_vendor_cil)
+ifdef BOARD_ODM_SEPOLICY_DIRS
+all_cil_files += $(built_odm_cil)
+endif
 $(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
 $(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
 $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files) \
@@ -654,7 +731,8 @@ $(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEF
 $(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
 $(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
                           $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
-                           $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
+                           $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
+                           $(BOARD_ODM_SEPOLICY_DIRS))
        $(transform-policy-to-conf)
        $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
 ifeq ($(SELINUX_IGNORE_NEVERALLOWS),true)
@@ -1365,6 +1443,7 @@ built_plat_pc :=
 built_vendor_cil :=
 built_vendor_pc :=
 built_vendor_sc :=
+built_odm_cil :=
 built_plat_sc :=
 built_precompiled_sepolicy :=
 built_sepolicy :=
author	Bowgo Tsai	2017-11-26 21:41:33 -0600
committer	Bowgo Tsai	2018-03-16 02:44:23 -0500
commit	45457e3a2b26b8c5d4a13b694e9d781ec4438b04 (patch)
tree	40a3a9d70031efc3697bd7909be332821733f244 /Android.mk
parent	4eb10d809ab4294da21e41199df3eb943fc1bd75 (diff)
download	system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.tar.gz system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.tar.xz system-sepolicy-45457e3a2b26b8c5d4a13b694e9d781ec4438b04.zip

diff --git a/Android.mk b/Android.mk index ccddace1..f02c6211 100644 --- a/Android.mk +++ b/Android.mk
@@ -100,14 +100,20 @@ $(warning Be careful when using the SELINUX_IGNORE_NEVERALLOWS flag. \
100	NEVERALLOW_ARG := -N	100	NEVERALLOW_ARG := -N
101	endif	101	endif
102		102
103	# BOARD_SEPOLICY_DIRS was used for vendor sepolicy customization before.	103	# BOARD_SEPOLICY_DIRS was used for vendor/odm sepolicy customization before.
104	# It has been replaced by BOARD_VENDOR_SEPOLICY_DIRS. BOARD_SEPOLICY_DIRS is	104	# It has been replaced by BOARD_VENDOR_SEPOLICY_DIRS (mandatory) and
105	# still allowed for backward compatibility, which will be merged into	105	# BOARD_ODM_SEPOLICY_DIRS (optional). BOARD_SEPOLICY_DIRS is still allowed for
106	# BOARD_VENDOR_SEPOLICY_DIRS.	106	# backward compatibility, which will be merged into BOARD_VENDOR_SEPOLICY_DIRS.
107	ifdef BOARD_SEPOLICY_DIRS	107	ifdef BOARD_SEPOLICY_DIRS
108	BOARD_VENDOR_SEPOLICY_DIRS += $(BOARD_SEPOLICY_DIRS)	108	BOARD_VENDOR_SEPOLICY_DIRS += $(BOARD_SEPOLICY_DIRS)
109	endif	109	endif
110		110
		111	ifdef BOARD_ODM_SEPOLICY_DIRS
		112	ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
		113	$(error PRODUCT_SEPOLICY_SPLIT needs to be true when using BOARD_ODM_SEPOLICY_DIRS)
		114	endif
		115	endif
		116
111	platform_mapping_file := $(BOARD_SEPOLICY_VERS).cil	117	platform_mapping_file := $(BOARD_SEPOLICY_VERS).cil
112		118
113	###########################################################	119	###########################################################
@@ -242,6 +248,10 @@ LOCAL_REQUIRED_MODULES += \
242	endif	248	endif
243	endif	249	endif
244		250
		251	ifdef BOARD_ODM_SEPOLICY_DIRS
		252	LOCAL_REQUIRED_MODULES += odm_sepolicy.cil
		253	endif
		254
245	include $(BUILD_PHONY_PACKAGE)	255	include $(BUILD_PHONY_PACKAGE)
246		256
247	#################################	257	#################################
@@ -554,11 +564,65 @@ vendor_policy.conf :=
554	#################################	564	#################################
555	include $(CLEAR_VARS)	565	include $(CLEAR_VARS)
556		566
		567	# odm_policy.cil - the odm sepolicy. This needs attributization and to be combined
		568	# with the platform-provided policy. It makes use of the reqd_policy_mask files from private
		569	# policy and the platform public policy files in order to use checkpolicy.
		570	LOCAL_MODULE := odm_sepolicy.cil
		571	LOCAL_MODULE_CLASS := ETC
		572	LOCAL_MODULE_TAGS := optional
		573	LOCAL_PROPRIETARY_MODULE := true
		574	LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
		575
		576	include $(BUILD_SYSTEM)/base_rules.mk
		577
		578	odm_policy.conf := $(intermediates)/odm_policy.conf
		579	$(odm_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
		580	$(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
		581	$(odm_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
		582	$(odm_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
		583	$(odm_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
		584	$(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
		585	$(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
		586	$(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
		587	$(odm_policy.conf): $(call build_policy, $(sepolicy_build_files), \
		588	$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
		589	$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
		590	$(transform-policy-to-conf)
		591	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
		592
		593	$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(odm_policy.conf)
		594	$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
		595	$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(plat_pub_policy.cil)
		596	$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
		597	$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_plat_pub_vers_cil) \
		598	$(built_mapping_cil) $(built_vendor_cil)
		599	$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_plat_pub_vers_cil) $(built_vendor_cil)
		600	$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
		601	$(odm_policy.conf) $(reqd_policy_mask.cil) $(plat_pub_policy.cil) \
		602	$(built_plat_cil) $(built_plat_pub_vers_cil) $(built_mapping_cil) $(built_vendor_cil)
		603	@mkdir -p $(dir $@)
		604	$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
		605	-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
		606	-b $(PRIVATE_BASE_CIL) -d $(PRIVATE_DEP_CIL_FILES) -f $(PRIVATE_FILTER_CIL_FILES) \
		607	-t $(PRIVATE_VERS) -p $(POLICYVERS) -o $@
		608
		609	built_odm_cil := $(LOCAL_BUILT_MODULE)
		610	odm_policy.conf :=
		611	odm_policy_raw :=
		612
		613	#################################
		614	include $(CLEAR_VARS)
		615
557	LOCAL_MODULE := precompiled_sepolicy	616	LOCAL_MODULE := precompiled_sepolicy
558	LOCAL_MODULE_CLASS := ETC	617	LOCAL_MODULE_CLASS := ETC
559	LOCAL_MODULE_TAGS := optional	618	LOCAL_MODULE_TAGS := optional
560	LOCAL_PROPRIETARY_MODULE := true	619	LOCAL_PROPRIETARY_MODULE := true
		620
		621	ifeq ($(BOARD_USES_ODMIMAGE),true)
		622	LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
		623	else
561	LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux	624	LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
		625	endif
562		626
563	include $(BUILD_SYSTEM)/base_rules.mk	627	include $(BUILD_SYSTEM)/base_rules.mk
564		628
@@ -568,6 +632,10 @@ all_cil_files := \
568	$(built_plat_pub_vers_cil) \	632	$(built_plat_pub_vers_cil) \
569	$(built_vendor_cil)	633	$(built_vendor_cil)
570		634
		635	ifdef BOARD_ODM_SEPOLICY_DIRS
		636	all_cil_files += $(built_odm_cil)
		637	endif
		638
571	$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)	639	$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
572	$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)	640	$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
573	$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(all_cil_files) $(built_sepolicy_neverallows)	641	$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(all_cil_files) $(built_sepolicy_neverallows)
@@ -586,7 +654,12 @@ LOCAL_MODULE := precompiled_sepolicy.plat_and_mapping.sha256
586	LOCAL_MODULE_CLASS := ETC	654	LOCAL_MODULE_CLASS := ETC
587	LOCAL_MODULE_TAGS := optional	655	LOCAL_MODULE_TAGS := optional
588	LOCAL_PROPRIETARY_MODULE := true	656	LOCAL_PROPRIETARY_MODULE := true
		657
		658	ifeq ($(BOARD_USES_ODMIMAGE),true)
		659	LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
		660	else
589	LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux	661	LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
		662	endif
590		663
591	include $(BUILD_SYSTEM)/base_rules.mk	664	include $(BUILD_SYSTEM)/base_rules.mk
592		665
@@ -611,6 +684,10 @@ all_cil_files := \
611	$(built_plat_pub_vers_cil) \	684	$(built_plat_pub_vers_cil) \
612	$(built_vendor_cil)	685	$(built_vendor_cil)
613		686
		687	ifdef BOARD_ODM_SEPOLICY_DIRS
		688	all_cil_files += $(built_odm_cil)
		689	endif
		690
614	$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)	691	$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
615	$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)	692	$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
616	$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files) \	693	$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files) \
@@ -654,7 +731,8 @@ $(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEF
654	$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true	731	$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
655	$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \	732	$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
656	$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \	733	$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
657	$(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))	734	$(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
		735	$(BOARD_ODM_SEPOLICY_DIRS))
658	$(transform-policy-to-conf)	736	$(transform-policy-to-conf)
659	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit	737	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
660	ifeq ($(SELINUX_IGNORE_NEVERALLOWS),true)	738	ifeq ($(SELINUX_IGNORE_NEVERALLOWS),true)
@@ -1365,6 +1443,7 @@ built_plat_pc :=
1365	built_vendor_cil :=	1443	built_vendor_cil :=
1366	built_vendor_pc :=	1444	built_vendor_pc :=
1367	built_vendor_sc :=	1445	built_vendor_sc :=
		1446	built_odm_cil :=
1368	built_plat_sc :=	1447	built_plat_sc :=
1369	built_precompiled_sepolicy :=	1448	built_precompiled_sepolicy :=
1370	built_sepolicy :=	1449	built_sepolicy :=