commit 28dddd8e07169cfc1180ac39f562d96be50aacd2
author Inseob Kim <inseob@google.com> Thu Mar 11 17:51:22 2021 +0900
committer Inseob Kim <inseob@google.com> Thu Mar 11 17:57:59 2021 +0900
tree e3bdf59fae2b5549cc9fc3d8dcd5bd5efc1d383d
parent c07748120d8d27d085cb8366bf01c34bf1fdfa5f

Add precompiled sepolicy for microdroid

Bug: 181640066
Test: boot microdroid and see kernel log
Change-Id: I01747bd820e14df14c1c67bd95c9efe96ded24f4

microdroid/Android.bp

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index c654600..a8ecc75 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -56,10 +56,11 @@
         "tombstoned",
         "cgroups.json",
 
-        // These two files are temporary and only for test.
+        // These files are temporary and only for test.
         // TODO(b/178993690): migrate cil files to Soong
         "microdroid_plat_sepolicy.cil",
         "microdroid_plat_mapping_file",
+        "microdroid_plat_sepolicy_and_mapping.sha256",
     ] + microdroid_shell_and_utilities,
     multilib: {
         common: {
@@ -94,6 +95,8 @@
         "microdroid_plat_sepolicy_vers.txt",
         "microdroid_vendor_sepolicy.cil",
         "microdroid_plat_pub_versioned.cil",
+        "microdroid_precompiled_sepolicy",
+        "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
     ],
     avb_private_key: "microdroid.pem",
     avb_algorithm: "SHA256_RSA4096",
@@ -244,3 +247,52 @@
     out: ["output.img"],
     cmd: "$(location mkenvimage_host) -s 4096 -o $(out) $(in)",
 }
+
+genrule {
+    name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
+    srcs: [
+        ":microdroid_plat_sepolicy.cil",
+        ":microdroid_plat_mapping_file",
+    ],
+    out: ["plat_sepolicy_and_mapping.sha256"],
+    cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
+}
+
+// sepolicy sha256 for system
+prebuilt_etc {
+    name: "microdroid_plat_sepolicy_and_mapping.sha256",
+    src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
+    filename: "plat_sepolicy_and_mapping.sha256",
+    relative_install_path: "selinux",
+    installable: false,
+}
+
+// sepolicy sha256 for vendor (filename differs)
+prebuilt_etc {
+    name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
+    src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
+    filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
+    relative_install_path: "selinux",
+    installable: false,
+}
+
+genrule {
+    name: "microdroid_precompiled_sepolicy_gen",
+    tools: ["secilc"],
+    srcs: [
+        ":microdroid_plat_sepolicy.cil",
+        ":microdroid_plat_mapping_file",
+        ":microdroid_plat_pub_versioned.cil",
+        ":microdroid_vendor_sepolicy.cil",
+    ],
+    out: ["precompiled_sepolicy"],
+    cmd: "$(location secilc) -m -M true -G -c 30 $(in) -o $(out) -f /dev/null",
+}
+
+prebuilt_etc {
+    name: "microdroid_precompiled_sepolicy",
+    src: ":microdroid_precompiled_sepolicy_gen",
+    filename: "precompiled_sepolicy",
+    relative_install_path: "selinux",
+    installable: false,
+}