Run apex_sepolicy_tests with erofs apexes
This turns on apex_sepolicy_tests for erofs apexes. The test now uses
`apex-ls` (a new tool to print security contexts for apex contents).
Bug: 353896817
Test: OVERRIDE_PRODUCT_DEFAULT_APEX_PAYLOAD_TYPE=erofs m run_apex_sepolicy_tests
Change-Id: I8b8238be4d7a5099da5453c6bf563ea8252bb604
diff --git a/core/Makefile b/core/Makefile
index 80ad33c..c56c782 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -5159,8 +5159,7 @@
# Run apex_sepolicy_tests for all installed APEXes
ifeq (,$(TARGET_BUILD_UNBUNDLED))
-# TODO(b/353896817) apex_sepolicy_tests supports only ext4
-ifeq (ext4,$(PRODUCT_DEFAULT_APEX_PAYLOAD_TYPE))
+ifneq (,$(filter ext4 erofs,$(PRODUCT_DEFAULT_APEX_PAYLOAD_TYPE)))
intermediate := $(call intermediates-dir-for,PACKAGING,apex_sepolicy_tests)
apex_dirs := \
$(TARGET_OUT)/apex/% \
@@ -5177,11 +5176,10 @@
define _run_apex_sepolicy_tests
$2: $1 \
$(HOST_OUT_EXECUTABLES)/apex_sepolicy_tests \
- $(HOST_OUT_EXECUTABLES)/deapexer \
- $(HOST_OUT_EXECUTABLES)/debugfs_static
+ $(HOST_OUT_EXECUTABLES)/apex-ls
@rm -rf $$@
@mkdir -p $(dir $$@)
- $(HOST_OUT_EXECUTABLES)/apex_sepolicy_tests --all -f <($(HOST_OUT_EXECUTABLES)/deapexer --debugfs_path $(HOST_OUT_EXECUTABLES)/debugfs_static list -Z $$<)
+ $(HOST_OUT_EXECUTABLES)/apex_sepolicy_tests --all -f <($(HOST_OUT_EXECUTABLES)/apex-ls -Z $$<)
@touch $$@
endef