Union sepolicy within TWRP to make SELinux permissive
This patch set should make it easier to build TWRP in non-Omni
trees as it allows TWRP to modify the sepolicy instead of having
to merge a patch in external/sepolicy to meet TWRP's needs.
Change-Id: I73205343556abb0852ff4c5f8cbf293d840b95d9
diff --git a/Android.mk b/Android.mk
index ed32528..dab1b17 100644
--- a/Android.mk
+++ b/Android.mk
@@ -17,15 +17,20 @@
ifdef project-path-for
ifeq ($(LOCAL_PATH),$(call project-path-for,recovery))
PROJECT_PATH_AGREES := true
+ BOARD_SEPOLICY_DIRS += bootable/recovery-twrp/sepolicy
endif
else
ifeq ($(LOCAL_PATH),bootable/recovery)
PROJECT_PATH_AGREES := true
+ BOARD_SEPOLICY_DIRS += bootable/recovery/sepolicy
endif
endif
ifeq ($(PROJECT_PATH_AGREES),true)
+# Make recovery domain permissive for TWRP
+BOARD_SEPOLICY_UNION += twrp.te
+
include $(CLEAR_VARS)
TWRES_PATH := "/twres/"
diff --git a/sepolicy/twrp.te b/sepolicy/twrp.te
new file mode 100644
index 0000000..3ebdc4b
--- /dev/null
+++ b/sepolicy/twrp.te
@@ -0,0 +1 @@
+permissive recovery;