diff options
| author | Alex Klyubin <klyubin@google.com> | 2017-03-02 12:53:32 -0800 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2017-03-02 13:25:17 -0800 |
| commit | b51f9abf45a58c1ec3a1917eb19b9b8bc6886b8f (patch) | |
| tree | 78d2339c216c4f5fcbaa53436e2ce4565a084b3b /libutils/ProcessCallStack.cpp | |
| parent | 8c3549115100c258b9b99c46c6f8cce782540d4f (diff) | |
Include correct type of SELinux policy
This makes the build system include split SELinux policy (three CIL
files and the secilc compiler needed to compile them) if
PRODUCT_FULL_TREBLE is set to true. Otherwise, the monolitic SELinux
policy is included.
Split policy currently adds around 400 ms to boot time (measured on
marlin/sailfish and bullhead) because the policy needs to be compiled
during boot. This is the main reason why we include split policy only
on devices which require it.
Test: Device boots, no additional SELinux denials. This test is
performed on a device with PRODUCT_FULL_TREBLE set to true, and
on a device with PRODUCT_FULL_TREBLE set to false.
Test: Device with PRODUCT_FULL_TREBLE set to true contains secilc and
the three *.cil files, but does not contain the sepolicy file.
Device with PRODUCT_FULL_TREBLE set to false contains sepolicy
file but does not contain the secilc file or any *.cil files.
Bug: 31363362
Change-Id: I419aa35bad6efbc7f936bddbdc776de5633846fc
Diffstat (limited to 'libutils/ProcessCallStack.cpp')
0 files changed, 0 insertions, 0 deletions