Fix policy file order for hal_attributes
Partners should be able to add hal_attributes to system_ext or product's
public/attributes file. However, if system_ext or product's
public/attributes contain any domain sets, numbers for base_typeattr
become inconsistent. It's because the order is now:
...
te_macros
attributes
ioctl_defines
ioctl_macros
*.te
roles_decl
...
That is, system_ext/public/attributes and product/public/attributes are
included prior to system/sepolicy/**/*.te. Thus, plat_sepolicy.cil and
system_ext_sepolicy.cil/product_sepolicy.cil can conflict.
This change fixes this issue by making attributes and *.te files have
the same rank. This way, system_ext/public/attributes is included after
system/sepolicy/**/*.te.
Bug: 234137981
Test: m selinux_policy after adding hal_attribute to
system_ext/public/attributes
Change-Id: I85e1f6b8e4ab47c723724684d1938297a3305fe8
diff --git a/build/soong/policy.go b/build/soong/policy.go
index b1840da..3946a04 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@@ -45,10 +45,9 @@
"mls",
"policy_capabilities",
"te_macros",
- "attributes",
"ioctl_defines",
"ioctl_macros",
- "*.te",
+ "attributes|*.te",
"roles_decl",
"roles",
"users",
@@ -198,7 +197,10 @@
func findPolicyConfOrder(name string) int {
for idx, pattern := range policyConfOrder {
- if pattern == name || (pattern == "*.te" && strings.HasSuffix(name, ".te")) {
+ // We could use regexp but it seems like an overkill
+ if pattern == "attributes|*.te" && (name == "attributes" || strings.HasSuffix(name, ".te")) {
+ return idx
+ } else if pattern == name {
return idx
}
}