On Fri, 2012-03-02 at 16:16 -0600, Bryan Hinton wrote: > I agree. A per-device file_contexts file makes sense given the > variation in radio types between ICS based devices. Support for per-device .te and .fc files has been added to the sepolicy Android.mk file. Thus, you can place your device-specific additions for file_contexts in a sepolicy.fc file or for policy rules in a sepolicy.te file under target/board/<device>, device/<vendor>/<device>, or vendor/<vendor>/<device> and have it automatically included into the policy. Since the device-specific .fc files are appended to the end of file_contexts, they will take precedence over less specific entries in the base file_contexts file (e.g. no need to change the /dev/tty[0-9] entry in file_contexts in order to override the context for /dev/tty03; you can just add the latter to your .fc file and it should take precedence). The device-specific .te files are likewise appended after the base set of .te files, although order there shouldn't matter. This is still experimental and may change further. For example, if we wanted to support multiple .fc or .te files per device, we might introduce an optional sepolicy subdirectory under the device directories that could contain any number of such files. These changes are available in our sepolicy tree, but not yet in the AOSP one. In order to ensure that you use our sepolicy tree, you may need to update your local_manifest.xml file. I have placed updated local_manifest.xml (for git-based access) and local_manifest_http.xml (for http-based access) files under http://selinuxproject.org/~seandroid/ -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
