Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 16d3be3dacf55c5326a811c0ef694542b5ef5c4b^! / . / Android.mk
commit16d3be3dacf55c5326a811c0ef694542b5ef5c4b[log] [tgz]
authorInseob Kim <inseob@google.com>Fri Jan 07 09:15:27 2022 +0900
committerInseob Kim <inseob@google.com>Fri Jan 07 18:53:46 2022 +0900
treece4ab88d231dc70cdb7a469e5909db503b78408c
parentb6a6ff20efa97ae203de9366e7237fb54771795f [diff] [blame]
Migrate sepolicy compat test to Android.bp

compat_test tests whether {ver}.compat.cil is compatible to current
policy or not. This commit migrates all tests into a single module named
"sepolicy_compat_tests".

A minor issue is also resolved with this migration. Suppose that the
vendor's speolicy version is {VER}. Then the following cil files are
compiled in runtime.

- system/etc/selinux/plat_sepolicy.cil
- system/etc/selinux/mapping/{VER}.cil
- system/etc/selinux/mapping/{VER}.compat.cil (optional)
- system_ext/etc/selinux/system_ext_sepolicy.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.compat.cil (optional)
- product/etc/selinux/product_sepolicy.cil (optional)
- product/etc/selinux/mapping/{VER}.cil (optional)
- product/etc/selinux/mapping/{VER}.compat.cil (optional)
- vendor/etc/selinux/vendor_sepolicy.cil
- vendor/etc/selinux/plat_pub_versioned.cil
- odm/etc/selinux/odm_sepolicy.cil (optional)

That is, the vendor policy of version {VER} (vendor_sepolicy.cil,
plat_pub_versioned.cil, and odm_sepolicy.cil) is required to be
compatible only to {VER}.compat.cil. So, the vendor policy is included
only to $(BOARD_SEPOLICY_VERS)_compat_test. The other tests will be
built only with platform side policies.

Bug: 33691272
Test: boot
Test: manually edit {ver}.compat.cil files and try build
Change-Id: I16b30a9171f10ee8f08fc03b7bd7c047eec12b19

diff --git a/Android.mk b/Android.mk
index e235bde..fb32c65 100644
--- a/Android.mk
+++ b/Android.mk

@@ -349,7 +349,7 @@
 ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
 LOCAL_REQUIRED_MODULES += \
     sepolicy_tests \
-    $(addsuffix _compat_test,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+    sepolicy_compat_test \
 
 ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
 LOCAL_REQUIRED_MODULES += \
@@ -770,11 +770,6 @@
 )
 endif  # PRODUCT_SEPOLICY_SPLIT
 
-$(foreach v,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS), \
-  $(eval version_under_treble_tests := $(v)) \
-  $(eval include $(LOCAL_PATH)/compat.mk) \
-)
-
 built_plat_sepolicy :=
 built_system_ext_sepolicy :=
 built_product_sepolicy :=