commit 113f4d6fed0e4abd94841ef8d8fabdf2c9951759
author Inseob Kim <inseob@google.com> Thu Jul 18 11:29:51 2024 +0900
committer Inseob Kim <inseob@google.com> Thu Jul 18 11:30:19 2024 +0900
tree c9f9b620c7c51fa8c96840bdf6b79ae7a11a579f
parent 007f0aed1de96d26cfe938074a84e69824edae23

Reapply "Expose starting_at_board_api to access_vectors"

This reverts commit d0c0e15cf16c812dd20e98da2a56e703cf149151.

Reason for revert: breakage fixed

Test: m selinux_policy
Change-Id: Ic3baccc83fd5369a62746910efe5be084a32883b

build/soong/policy.go

diff --git a/build/soong/policy.go b/build/soong/policy.go
index 5611ed0..4476f94 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@@ -33,6 +33,7 @@
 
 // This order should be kept. checkpolicy syntax requires it.
 var policyConfOrder = []string{
+	"flagging_macros",
 	"security_classes",
 	"initial_sids",
 	"access_vectors",

flagging/Android.bp

diff --git a/flagging/Android.bp b/flagging/Android.bp
index cf6ded1..ce20323 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -55,5 +55,5 @@
 
 filegroup {
     name: "sepolicy_flagging_macros",
-    srcs: ["te_macros"],
+    srcs: ["flagging_macros"],
 }

flagging/flagging_macros

diff --git a/flagging/te_macros b/flagging/flagging_macros
similarity index 100%
rename from flagging/te_macros
rename to flagging/flagging_macros

microdroid/Android.bp

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index dce4898..e9b4b1e 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -107,6 +107,7 @@
 
 se_policy_conf {
     name: "microdroid_reqd_policy_mask.conf",
+    defaults: ["se_policy_conf_flags_defaults"],
     srcs: reqd_mask_files,
     installable: false,
     mls_cats: 1,
@@ -121,6 +122,7 @@
 
 se_policy_conf {
     name: "microdroid_plat_sepolicy.conf",
+    defaults: ["se_policy_conf_flags_defaults"],
     srcs: system_policy_files,
     installable: false,
     mls_cats: 1,
@@ -135,6 +137,7 @@
 
 se_policy_conf {
     name: "microdroid_plat_pub_policy.conf",
+    defaults: ["se_policy_conf_flags_defaults"],
     srcs: system_public_policy_files,
     installable: false,
     mls_cats: 1,
@@ -172,6 +175,7 @@
 
 se_policy_conf {
     name: "microdroid_vendor_sepolicy.conf",
+    defaults: ["se_policy_conf_flags_defaults"],
     srcs: vendor_policy_files,
     installable: false,
     mls_cats: 1,

private/access_vectors

diff --git a/private/access_vectors b/private/access_vectors
index 7a280c5..9d82ac8 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -139,8 +139,8 @@
 	block_suspend
 	audit_read
 	perfmon
-	checkpoint_restore
-	bpf
+	starting_at_board_api(202504, `checkpoint_restore')
+	starting_at_board_api(202504, `bpf')
 }
 
 #