Merge "Revert "Convert selinux_policy_system to Android.bp"" into main
diff --git a/Android.bp b/Android.bp
index 7d36b86..9ef7e5a 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1086,79 +1086,3 @@
default: [],
}),
}
-
-phony {
- name: "selinux_policy_system",
- required: [
- "29.0.compat.cil",
- "30.0.compat.cil",
- "31.0.compat.cil",
- "32.0.compat.cil",
- "33.0.compat.cil",
- "34.0.compat.cil",
- "build_sepolicy",
- "fuzzer_bindings_test",
- "plat_29.0.cil",
- "plat_30.0.cil",
- "plat_31.0.cil",
- "plat_32.0.cil",
- "plat_33.0.cil",
- "plat_34.0.cil",
- "plat_bug_map",
- "plat_file_contexts",
- "plat_file_contexts_data_test",
- "plat_file_contexts_test",
- "plat_hwservice_contexts",
- "plat_hwservice_contexts_test",
- "plat_keystore2_key_contexts",
- "plat_mac_permissions.xml",
- "plat_mapping_file",
- "plat_property_contexts",
- "plat_property_contexts_test",
- "plat_seapp_contexts",
- "plat_sepolicy.cil",
- "plat_service_contexts",
- "plat_service_contexts_test",
- "searchpolicy",
- "secilc",
- ] + select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
- "202404": [],
- default: [
- "202404.compat.cil",
- "plat_202404.cil",
- ],
- }) + select(soong_config_variable("ANDROID", "PRODUCT_PRECOMPILED_SEPOLICY"), {
- true: ["plat_sepolicy_and_mapping.sha256"],
- default: [],
- }) + select((
- soong_config_variable("ANDROID", "ASAN_ENABLED"),
- product_variable("selinux_ignore_neverallows"),
- ), {
- (true, true): [
- ],
- (default, default): [
- "sepolicy_compat_test",
- "sepolicy_test",
- "sepolicy_dev_type_test",
- "treble_sepolicy_tests_29.0",
- "treble_sepolicy_tests_30.0",
- "treble_sepolicy_tests_31.0",
- "treble_sepolicy_tests_32.0",
- "treble_sepolicy_tests_33.0",
- "treble_sepolicy_tests_34.0",
- ],
- }) + select((
- soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"),
- soong_config_variable("ANDROID", "ASAN_ENABLED"),
- product_variable("selinux_ignore_neverallows"),
- ), {
- ("202404", true, true): [],
- (default, true, true): [],
- (default, default, default): [
- "treble_sepolicy_tests_202404",
- ],
- }) + select(soong_config_variable("ANDROID", "RELEASE_BOARD_API_LEVEL_FROZEN"), {
- true: ["se_freeze_test"],
- default: [],
- }),
-}
diff --git a/Android.mk b/Android.mk
index 9dfc531..6655919 100644
--- a/Android.mk
+++ b/Android.mk
@@ -201,6 +201,66 @@
# By setting as droidcore's dependency, tests will run on normal builds.
droidcore: selinux_policy
+include $(CLEAR_VARS)
+LOCAL_MODULE := selinux_policy_system
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+# These build targets are not used on non-Treble devices. However, we build these to avoid
+# divergence between Treble and non-Treble devices.
+LOCAL_REQUIRED_MODULES += \
+ plat_mapping_file \
+ $(addprefix plat_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+ $(addsuffix .compat.cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+ plat_sepolicy.cil \
+ secilc \
+
+ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
+endif
+
+LOCAL_REQUIRED_MODULES += \
+ build_sepolicy \
+ plat_file_contexts \
+ plat_file_contexts_test \
+ plat_file_contexts_data_test \
+ plat_keystore2_key_contexts \
+ plat_mac_permissions.xml \
+ plat_property_contexts \
+ plat_property_contexts_test \
+ plat_seapp_contexts \
+ plat_service_contexts \
+ plat_service_contexts_test \
+ plat_hwservice_contexts \
+ plat_hwservice_contexts_test \
+ fuzzer_bindings_test \
+ plat_bug_map \
+ searchpolicy \
+
+ifneq ($(with_asan),true)
+ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
+LOCAL_REQUIRED_MODULES += \
+ sepolicy_compat_test \
+
+# HACK: sepolicy_test is implemented as genrule
+# genrule modules aren't installable, so LOCAL_REQUIRED_MODULES doesn't work.
+# Instead, use LOCAL_ADDITIONAL_DEPENDENCIES with intermediate output
+LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_test)/sepolicy_test
+LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_dev_type_test)/sepolicy_dev_type_test
+
+LOCAL_REQUIRED_MODULES += \
+ $(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+
+endif # SELINUX_IGNORE_NEVERALLOWS
+endif # with_asan
+
+ifeq ($(RELEASE_BOARD_API_LEVEL_FROZEN),true)
+LOCAL_REQUIRED_MODULES += \
+ se_freeze_test
+endif
+
+include $(BUILD_PHONY_PACKAGE)
+
##################################
# Policy files are now built with Android.bp. Grab them from intermediate.
# See Android.bp for details of policy files.
@@ -305,6 +365,30 @@
file_contexts.device.tmp :=
file_contexts.local.tmp :=
+##################################
+# Tests for Treble compatibility of current platform policy and vendor policy of
+# given release version.
+
+ver := $(PLATFORM_SEPOLICY_VERSION)
+ifneq ($(wildcard $(LOCAL_PATH)/prebuilts/api/$(PLATFORM_SEPOLICY_VERSION)),)
+# If PLATFORM_SEPOLICY_VERSION is already frozen, use prebuilts for compat test
+base_plat_pub_policy.cil := $(call intermediates-dir-for,ETC,$(ver)_plat_pub_policy.cil)/$(ver)_plat_pub_policy.cil
+base_product_pub_policy.cil := $(call intermediates-dir-for,ETC,$(ver)_product_pub_policy.cil)/$(ver)_product_pub_policy.cil
+else
+# If not, use ToT for compat test
+base_plat_pub_policy.cil := $(call intermediates-dir-for,ETC,base_plat_pub_policy.cil)/base_plat_pub_policy.cil
+base_product_pub_policy.cil := $(call intermediates-dir-for,ETC,base_product_pub_policy.cil)/base_product_pub_policy.cil
+endif
+ver :=
+
+$(foreach v,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS), \
+ $(eval version_under_treble_tests := $(v)) \
+ $(eval include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk) \
+)
+
+base_plat_pub_policy.cil :=
+base_product_pub_policy.cil :=
+
#################################
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
new file mode 100644
index 0000000..2e9d68f
--- /dev/null
+++ b/treble_sepolicy_tests_for_release.mk
@@ -0,0 +1,81 @@
+version := $(version_under_treble_tests)
+
+include $(CLEAR_VARS)
+# For Treble builds run tests verifying that processes are properly labeled and
+# permissions granted do not violate the treble model. Also ensure that treble
+# compatibility guarantees are upheld between SELinux version bumps.
+LOCAL_MODULE := treble_sepolicy_tests_$(version)
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+IS_TREBLE_TEST_ENABLED_PARTNER := false
+ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
+ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR))
+IS_TREBLE_TEST_ENABLED_PARTNER := true
+endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR))
+endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# $(version)_plat - the platform policy shipped as part of the $(version) release. This is
+# built to enable us to determine the diff between the current policy and the
+# $(version) policy, which will be used in tests to make sure that compatibility has
+# been maintained by our mapping files.
+built_$(version)_plat_sepolicy_cil := $(call intermediates-dir-for,ETC,$(version)_plat_policy.cil)/$(version)_plat_policy.cil
+
+$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
+$(version)_mapping.ignore.cil := \
+ $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR))
+$(version)_mapping.cil += \
+ $(call intermediates-dir-for,ETC,system_ext_$(version).cil)/system_ext_$(version).cil
+$(version)_mapping.ignore.cil += \
+ $(call intermediates-dir-for,ETC,system_ext_$(version).ignore.cil)/system_ext_$(version).ignore.cil
+endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR))
+ifneq (,$(BOARD_PRODUCT_PREBUILT_DIR))
+$(version)_mapping.cil += \
+ $(call intermediates-dir-for,ETC,product_$(version).cil)/product_$(version).cil
+$(version)_mapping.ignore.cil += \
+ $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
+endif # (,$(BOARD_PRODUCT_PREBUILT_DIR))
+endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+
+# $(version)_mapping.combined.cil - a combination of the mapping file used when
+# combining the current platform policy with nonplatform policy based on the
+# $(version) policy release and also a special ignored file that exists purely for
+# these tests.
+intermediates := $(TARGET_OUT_INTERMEDIATES)/ETC/$(LOCAL_MODULE)_intermediates
+$(version)_mapping.combined.cil := $(intermediates)/$(version)_mapping.combined.cil
+$($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mapping.ignore.cil)
+ mkdir -p $(dir $@)
+ cat $^ > $@
+
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+public_cil_files := $(base_product_pub_policy.cil)
+else
+public_cil_files := $(base_plat_pub_policy.cil)
+endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
+ $(public_cil_files) \
+ $(built_$(version)_plat_sepolicy_cil) $($(version)_mapping.combined.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
+ -b $(PRIVATE_PLAT_PUB_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
+ -o $(PRIVATE_SEPOLICY_OLD)
+ $(hide) touch $@
+
+built_sepolicy_files :=
+public_cil_files :=
+$(version)_mapping.cil :=
+$(version)_mapping.combined.cil :=
+$(version)_mapping.ignore.cil :=
+built_$(version)_plat_sepolicy :=
+version :=
+version_under_treble_tests :=
diff --git a/treble_sepolicy_tests_for_release/Android.bp b/treble_sepolicy_tests_for_release/Android.bp
deleted file mode 100644
index d087da6..0000000
--- a/treble_sepolicy_tests_for_release/Android.bp
+++ /dev/null
@@ -1,438 +0,0 @@
-// Copyright (C) 2024 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- default_applicable_licenses: [
- "Android-Apache-2.0",
- "system_sepolicy_license",
- ],
-}
-
-//////////////////////////////////
-// Tests for Treble compatibility of current platform policy and vendor policy of
-// given release version.
-//////////////////////////////////
-genrule {
- name: "29.0_mapping.combined.cil",
- srcs: [
- ":plat_29.0.cil",
- ":29.0.ignore.cil",
- ],
- out: ["29.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_29.0.cil) $(location :29.0.ignore.cil) > $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_29.0",
- srcs: [
- ":29.0_plat_policy.cil",
- ":29.0_mapping.combined.cil",
- ":29.0_plat_pub_policy.cil",
- ],
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_29.0"],
- cmd: "$(location treble_sepolicy_tests) " +
- "-b $(location :29.0_plat_pub_policy.cil) " +
- "-m $(location :29.0_mapping.combined.cil) " +
- "-o $(location :29.0_plat_policy.cil) && " +
- "touch $(out)",
-}
-
-genrule {
- name: "30.0_mapping.combined.cil",
- srcs: [
- ":plat_30.0.cil",
- ":30.0.ignore.cil",
- ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_30.0.cil",
- ":system_ext_30.0.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_30.0.cil",
- ":product_30.0.ignore.cil",
- ],
- default: [],
- }),
- out: ["30.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_30.0.cil) " +
- "$(location :30.0.ignore.cil) " +
- select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: "$(location :system_ext_30.0.cil) " +
- "$(location :system_ext_30.0.ignore.cil) ",
- default: "",
- }) +
- select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: "$(location :product_30.0.cil) " +
- "$(location :product_30.0.ignore.cil) ",
- default: "",
- }) +
- "> $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_30.0",
- srcs: [
- ":30.0_plat_policy.cil",
- ":30.0_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":30.0_plat_pub_policy.cil"],
- (default, default): [":30.0_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_30.0"],
- cmd: select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :30.0_plat_pub_policy.cil) " +
- "-m $(location :30.0_mapping.combined.cil) " +
- "-o $(location :30.0_plat_policy.cil) && " +
- "touch $(out)",
- (default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :30.0_product_pub_policy.cil) " +
- "-m $(location :30.0_mapping.combined.cil) " +
- "-o $(location :30.0_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}
-
-genrule {
- name: "31.0_mapping.combined.cil",
- srcs: [
- ":plat_31.0.cil",
- ":31.0.ignore.cil",
- ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_31.0.cil",
- ":system_ext_31.0.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_31.0.cil",
- ":product_31.0.ignore.cil",
- ],
- default: [],
- }),
- out: ["31.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_31.0.cil) " +
- "$(location :31.0.ignore.cil) " +
- select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: "$(location :system_ext_31.0.cil) " +
- "$(location :system_ext_31.0.ignore.cil) ",
- default: "",
- }) +
- select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: "$(location :product_31.0.cil) " +
- "$(location :product_31.0.ignore.cil) ",
- default: "",
- }) +
- "> $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_31.0",
- srcs: [
- ":31.0_plat_policy.cil",
- ":31.0_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":31.0_plat_pub_policy.cil"],
- (default, default): [":31.0_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_31.0"],
- cmd: select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :31.0_plat_pub_policy.cil) " +
- "-m $(location :31.0_mapping.combined.cil) " +
- "-o $(location :31.0_plat_policy.cil) && " +
- "touch $(out)",
- (default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :31.0_product_pub_policy.cil) " +
- "-m $(location :31.0_mapping.combined.cil) " +
- "-o $(location :31.0_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}
-
-genrule {
- name: "32.0_mapping.combined.cil",
- srcs: [
- ":plat_32.0.cil",
- ":32.0.ignore.cil",
- ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_32.0.cil",
- ":system_ext_32.0.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_32.0.cil",
- ":product_32.0.ignore.cil",
- ],
- default: [],
- }),
- out: ["32.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_32.0.cil) " +
- "$(location :32.0.ignore.cil) " +
- select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: "$(location :system_ext_32.0.cil) " +
- "$(location :system_ext_32.0.ignore.cil) ",
- default: "",
- }) +
- select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: "$(location :product_32.0.cil) " +
- "$(location :product_32.0.ignore.cil) ",
- default: "",
- }) +
- "> $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_32.0",
- srcs: [
- ":32.0_plat_policy.cil",
- ":32.0_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":32.0_plat_pub_policy.cil"],
- (default, default): [":32.0_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_32.0"],
- cmd: select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :32.0_plat_pub_policy.cil) " +
- "-m $(location :32.0_mapping.combined.cil) " +
- "-o $(location :32.0_plat_policy.cil) && " +
- "touch $(out)",
- (default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :32.0_product_pub_policy.cil) " +
- "-m $(location :32.0_mapping.combined.cil) " +
- "-o $(location :32.0_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}
-
-genrule {
- name: "33.0_mapping.combined.cil",
- srcs: [
- ":plat_33.0.cil",
- ":33.0.ignore.cil",
- ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_33.0.cil",
- ":system_ext_33.0.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_33.0.cil",
- ":product_33.0.ignore.cil",
- ],
- default: [],
- }),
- out: ["33.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_33.0.cil) " +
- "$(location :33.0.ignore.cil) " +
- select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: "$(location :system_ext_33.0.cil) " +
- "$(location :system_ext_33.0.ignore.cil) ",
- default: "",
- }) +
- select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: "$(location :product_33.0.cil) " +
- "$(location :product_33.0.ignore.cil) ",
- default: "",
- }) +
- "> $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_33.0",
- srcs: [
- ":33.0_plat_policy.cil",
- ":33.0_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":33.0_plat_pub_policy.cil"],
- (default, default): [":33.0_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_33.0"],
- cmd: select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :33.0_plat_pub_policy.cil) " +
- "-m $(location :33.0_mapping.combined.cil) " +
- "-o $(location :33.0_plat_policy.cil) && " +
- "touch $(out)",
- (default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :33.0_product_pub_policy.cil) " +
- "-m $(location :33.0_mapping.combined.cil) " +
- "-o $(location :33.0_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}
-
-genrule {
- name: "34.0_mapping.combined.cil",
- srcs: [
- ":plat_34.0.cil",
- ":34.0.ignore.cil",
- ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_34.0.cil",
- ":system_ext_34.0.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_34.0.cil",
- ":product_34.0.ignore.cil",
- ],
- default: [],
- }),
- out: ["34.0_mapping.combined.cil"],
- cmd: "cat $(location :plat_34.0.cil) " +
- "$(location :34.0.ignore.cil) " +
- select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: "$(location :system_ext_34.0.cil) " +
- "$(location :system_ext_34.0.ignore.cil) ",
- default: "",
- }) +
- select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: "$(location :product_34.0.cil) " +
- "$(location :product_34.0.ignore.cil) ",
- default: "",
- }) +
- "> $(out)",
-}
-
-genrule {
- name: "treble_sepolicy_tests_34.0",
- srcs: [
- ":34.0_plat_policy.cil",
- ":34.0_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":34.0_plat_pub_policy.cil"],
- (default, default): [":34.0_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_34.0"],
- cmd: select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :34.0_plat_pub_policy.cil) " +
- "-m $(location :34.0_mapping.combined.cil) " +
- "-o $(location :34.0_plat_policy.cil) && " +
- "touch $(out)",
- (default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :34.0_product_pub_policy.cil) " +
- "-m $(location :34.0_mapping.combined.cil) " +
- "-o $(location :34.0_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}
-
-genrule {
- name: "202404_mapping.combined.cil",
- srcs: select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
- "202404": [
- ],
- default: [
- ":plat_202404.cil",
- ":202404.ignore.cil",
- ],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
- true: [
- ":system_ext_202404.cil",
- ":system_ext_202404.ignore.cil",
- ],
- default: [],
- }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
- true: [
- ":product_202404.cil",
- ":product_202404.ignore.cil",
- ],
- default: [],
- }),
- out: ["202404_mapping.combined.cil"],
- cmd: select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
- "202404": "touch $(out)",
- default: "cat $(in) > $(out)",
- }),
-}
-
-genrule {
- name: "treble_sepolicy_tests_202404",
- srcs: [
- ":202404_plat_policy.cil",
- ":202404_mapping.combined.cil",
- ] + select((
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- (false, false): [":202404_plat_pub_policy.cil"],
- (default, default): [":202404_product_pub_policy.cil"],
- }),
- tools: ["treble_sepolicy_tests"],
- out: ["treble_sepolicy_tests_202404"],
- cmd: select((
- soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"),
- soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
- soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
- ), {
- ("202404", false, false): "touch $(out)",
- ("202404", default, default): "touch $(out)",
- (default, false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :202404_plat_pub_policy.cil) " +
- "-m $(location :202404_mapping.combined.cil) " +
- "-o $(location :202404_plat_policy.cil) && " +
- "touch $(out)",
- (default, default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :202404_product_pub_policy.cil) " +
- "-m $(location :202404_mapping.combined.cil) " +
- "-o $(location :202404_plat_policy.cil) && " +
- "touch $(out)",
- }),
-}