Use board api level for seapp coredomain check
Rather than PRODUCT_SHIPPING_API_LEVEL, use board api level
(BOARD_API_LEVEL or BOARD_SHIPPING_API_LEVEL) to determine whether we
check coredomain violations or not.
Bug: 280547417
Test: see build command of vendor_seapp_contexts
Change-Id: I20859d6054ab85f464b29631bdfd55ade3e78f53
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index f3fb33c..a7a2436 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -419,6 +419,14 @@
return builtCtxFile
}
+func (m *selinuxContextsModule) shouldCheckCoredomain(ctx android.ModuleContext) bool {
+ if !ctx.SocSpecific() && !ctx.DeviceSpecific() {
+ return false
+ }
+
+ return ctx.DeviceConfig().CheckVendorSeappViolations()
+}
+
func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
neverallowFile := pathForModuleOut(ctx, "neverallow")
ret := pathForModuleOut(ctx, m.stem())
@@ -440,10 +448,8 @@
Inputs(inputs).
Input(neverallowFile)
- shippingApiLevel := ctx.DeviceConfig().ShippingApiLevel()
- ApiLevelU := android.ApiLevelOrPanic(ctx, "UpsideDownCake")
- if (ctx.SocSpecific() || ctx.DeviceSpecific()) && shippingApiLevel.GreaterThan(ApiLevelU) {
- checkCmd.Flag("-c") // check coredomain for V (or later) launching devices
+ if m.shouldCheckCoredomain(ctx) {
+ checkCmd.Flag("-c") // check coredomain for vendor contexts
}
rule.Build("seapp_contexts", "Building seapp_contexts: "+m.Name())