sm8550-common: Initial enforcing sepolicy

Change-Id: If928cb2d9e24a6639df4e555492209722162ed05
2024-09-02 23:53:14 +08:00
parent 2cf9d45a3c
commit 34b23b3a8c
46 changed files with 821 additions and 1 deletions
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -72,7 +72,6 @@ BOARD_MKBOOTIMG_INIT_ARGS += --header_version $(BOARD_INIT_BOOT_HEADER_VERSION)
 BOARD_BOOTCONFIG := \
    androidboot.hardware=qcom \
    androidboot.memcg=1 \
-    androidboot.selinux=permissive \
    androidboot.usbcontroller=a600000.dwc3

 BOARD_KERNEL_CMDLINE := \
@@ -167,6 +166,9 @@ VENDOR_SECURITY_PATCH := $(BOOT_SECURITY_PATCH)
 # SEPolicy
 include device/qcom/sepolicy_vndr/SEPolicy.mk
 include device/lineage/sepolicy/libperfmgr/sepolicy.mk
+BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
+PRODUCT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private
+PRODUCT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public

 # Verified Boot
 BOARD_AVB_ENABLE := true