Migrate neverallow tests to Android.bp
A new module type se_neverallow_test is added, to migrate
sepolicy_neverallow modules. se_neverallow_test is affected by
SELINUX_IGNORE_NEVERALLOWS.
Bug: 33691272
Test: m selinux_policy
Test: intentionally create neverallow violations and m selinux_policy
Change-Id: I1582353f99f064ff78f3c547a0c13f2b772d54df
diff --git a/Android.bp b/Android.bp
index f22a1ac..874e96f 100644
--- a/Android.bp
+++ b/Android.bp
@@ -811,6 +811,10 @@
},
},
},
+ required: [
+ "sepolicy_neverallows",
+ "sepolicy_neverallows_vendor",
+ ],
}
//////////////////////////////////
@@ -987,6 +991,25 @@
vendor: true,
}
+se_neverallow_test {
+ name: "sepolicy_neverallows",
+ srcs: plat_public_policy +
+ plat_private_policy +
+ system_ext_public_policy +
+ system_ext_private_policy +
+ product_public_policy +
+ product_private_policy,
+}
+
+se_neverallow_test {
+ name: "sepolicy_neverallows_vendor",
+ srcs: plat_policies_for_vendor + [
+ ":se_build_files{.plat_vendor_for_vendor}",
+ ":se_build_files{.vendor}",
+ ":se_build_files{.odm}",
+ ],
+}
+
//////////////////////////////////
// se_freeze_test compares the plat sepolicy with the prebuilt sepolicy
// Additional directories can be specified via Makefile variables: