Add a product build var for mainline module certs

OEMs may need to have different device configurations that use different signing configurations for mainline modules. The network stack mainline module has a sepolicy context referencing its certificate, so the generated plat_mac_permission.xml differs based on the module signing configuration. The added PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES variable defines a per-product directory for the certificates, so that which certificate to use can be configured in the product makefile, instead of replacing the certificate file itself. This change is to be submitted together with another change in sepolicy makefile. Test: changed certificate path, m, verified plat_mac_permissions.xml has new certificate. Bug: 134995443 Bug: 138097611 Change-Id: I863a9904d4a2ea2abad679ae0969d50e374f269d
2019-08-07 18:13:33 +09:00 · 2019-08-07 18:13:33 +09:00 · 87d0f2703f
parent 3738f37e22
commit 87d0f2703f
3 changed files with 9 additions and 0 deletions
--- a/core/config.mk
+++ b/core/config.mk
@ -784,6 +784,13 @@ else
 endif
 .KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE

+# Certificate for the NetworkStack sepolicy context
+ifdef PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
+  MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)
+else
+  MAINLINE_SEPOLICY_DEV_CERTIFICATES := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))
+endif
+
 BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt)
 BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE))

--- a/core/product-graph.mk
+++ b/core/product-graph.mk
@ -131,6 +131,7 @@ $(OUT_DIR)/products/$(strip $(1)).txt: $(this_makefile)
 	$(hide) echo 'PRODUCT_SDK_ADDON_DOC_MODULES=$$(PRODUCTS.$(strip $(1)).PRODUCT_SDK_ADDON_DOC_MODULES)' >> $$@
 	$(hide) echo 'PRODUCT_DEFAULT_WIFI_CHANNELS=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_WIFI_CHANNELS)' >> $$@
 	$(hide) echo 'PRODUCT_DEFAULT_DEV_CERTIFICATE=$$(PRODUCTS.$(strip $(1)).PRODUCT_DEFAULT_DEV_CERTIFICATE)' >> $$@
+	$(hide) echo 'PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES=$$(PRODUCTS.$(strip $(1)).PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES)' >> $$@
 	$(hide) echo 'PRODUCT_RESTRICT_VENDOR_FILES=$$(PRODUCTS.$(strip $(1)).PRODUCT_RESTRICT_VENDOR_FILES)' >> $$@
 	$(hide) echo 'PRODUCT_VENDOR_KERNEL_HEADERS=$$(PRODUCTS.$(strip $(1)).PRODUCT_VENDOR_KERNEL_HEADERS)' >> $$@

--- a/core/product.mk
+++ b/core/product.mk
@ -205,6 +205,7 @@ _product_list_vars += PRODUCT_SOONG_NAMESPACES

 _product_list_vars += PRODUCT_DEFAULT_WIFI_CHANNELS
 _product_list_vars += PRODUCT_DEFAULT_DEV_CERTIFICATE
+_product_list_vars += PRODUCT_MAINLINE_SEPOLICY_DEV_CERTIFICATES
 _product_list_vars += PRODUCT_RESTRICT_VENDOR_FILES

 # The list of product-specific kernel header dirs