From f591c87993d8b4dca79e4c6c78e938e0a2c996c9 Mon Sep 17 00:00:00 2001
From: Andrea Mennillo <handymenny@outlook.com>
Date: Tue, 3 Nov 2015 20:58:11 +0100
Subject: Fixup union sepolicy

This change solve two issue:
1) Policies related to recovery should be only included in recovery
policy
2) In CM trees the sepolicy dir was always bootable/recovery-
twrp/sepolicy, even if recovery path was bootable/recovery

Change-Id: I9466d22293074ba5f5240abe8b97a5d1bf30982d
---
 Android.mk       | 2 +-
 sepolicy/twrp.te | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Android.mk b/Android.mk
index 9dc31a542..47c4aa1d0 100644
--- a/Android.mk
+++ b/Android.mk
@@ -17,7 +17,7 @@ LOCAL_PATH := $(call my-dir)
 ifdef project-path-for
     ifeq ($(LOCAL_PATH),$(call project-path-for,recovery))
         PROJECT_PATH_AGREES := true
-        BOARD_SEPOLICY_DIRS += bootable/recovery-twrp/sepolicy
+        BOARD_SEPOLICY_DIRS += $(call project-path-for,recovery)/sepolicy
     endif
 else
     ifeq ($(LOCAL_PATH),bootable/recovery)
diff --git a/sepolicy/twrp.te b/sepolicy/twrp.te
index 3ebdc4b3b..d81b9e191 100644
--- a/sepolicy/twrp.te
+++ b/sepolicy/twrp.te
@@ -1 +1,4 @@
-permissive recovery;
+recovery_only(`
+  # Allow recovery to set permissive mode
+  permissive recovery;
+')
-- 
cgit v1.2.3