Sepolicy load: use -N flag to skip neverallow checks Fixes issue where attributes used exclusively in neverallow rules were removed from policy. Bug: 37357742 Test: Force on-device compile by removing precompiled policy. Verify no increase in compile time. Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379

commit: c7c91cab51ecf488dbcf0ec847ae3bf38a951566 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Apr 21 16:35:43 2017 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Mon Apr 24 21:12:13 2017 +0000
tree: 9438f19be39fac98efc1aa50b5c099b2f344b252
parent: 6d1f5a9a6e89de74fa5c0c3a0ca8a5cdc95ccc85 [diff]
diff --git a/init/init.cpp b/init/init.cpp
index a75ced5..9cdbd19 100644
--- a/init/init.cpp
+++ b/init/init.cpp

@@ -850,7 +850,7 @@
     const char* compile_args[] = {
         "/system/bin/secilc",
         plat_policy_cil_file,
-        "-M", "true", "-G",
+        "-M", "true", "-G", "-N",
         // Target the highest policy language version supported by the kernel
         "-c", std::to_string(max_policy_version).c_str(),
         mapping_file.c_str(),
commit	c7c91cab51ecf488dbcf0ec847ae3bf38a951566	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Apr 21 16:35:43 2017 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Mon Apr 24 21:12:13 2017 +0000
tree	9438f19be39fac98efc1aa50b5c099b2f344b252
parent	6d1f5a9a6e89de74fa5c0c3a0ca8a5cdc95ccc85 [diff]