marlin: add selinux/private/service_contexts.
This makes sure that the remaining binder services
for radio end up in plat_service_contexts.
That in turn allows us to enforce that servicemanager
will only serve services from plat_service_contexts
on FULL_TREBLE devices.
Bug: 36866029
Test: boot marlin, verify radio services still work
Change-Id: Ib67b3a03e5599484c5c4fb27a0f323a37dd51636
diff --git a/marlin/BoardConfig.mk b/marlin/BoardConfig.mk
index 250fbcf..56ac136 100644
--- a/marlin/BoardConfig.mk
+++ b/marlin/BoardConfig.mk
@@ -107,6 +107,7 @@
ifneq ($(filter marlin marlinf, $(TARGET_PRODUCT)),)
BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy/verizon
endif
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/marlin/sepolicy/private
BOARD_EGL_CFG := device/google/marlin/egl.cfg
diff --git a/sailfish/BoardConfig.mk b/sailfish/BoardConfig.mk
index ca031a7..cb8aff2 100644
--- a/sailfish/BoardConfig.mk
+++ b/sailfish/BoardConfig.mk
@@ -97,6 +97,7 @@
ifneq ($(filter sailfish sailfishf, $(TARGET_PRODUCT)),)
BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy/verizon
endif
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/marlin/sepolicy/private
BOARD_EGL_CFG := device/google/marlin/egl.cfg
diff --git a/sepolicy/service_contexts b/sepolicy/private/service_contexts
similarity index 100%
rename from sepolicy/service_contexts
rename to sepolicy/private/service_contexts
