From 955e36492e02726767ec9f9d9b90bd165aee90b0 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 21 Apr 2017 16:35:43 -0700
Subject: [PATCH] Sepolicy load: use -N flag to skip neverallow checks

Fixes issue where attributes used exclusively in neverallow
rules were removed from policy.

Bug: 37357742
Test: Force on-device compile by removing precompiled policy.
      Verify no increase in compile time.

Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379
---
 init/init.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init/init.cpp b/init/init.cpp
index a75ced5ef..9cdbd1983 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -850,7 +850,7 @@ static bool selinux_load_split_policy() {
     const char* compile_args[] = {
         "/system/bin/secilc",
         plat_policy_cil_file,
-        "-M", "true", "-G",
+        "-M", "true", "-G", "-N",
         // Target the highest policy language version supported by the kernel
         "-c", std::to_string(max_policy_version).c_str(),
         mapping_file.c_str(),