commit 2dac267daeee580b3a4d465adc76d78f7bbad8a5
author Inseob Kim <inseob@google.com> Wed Dec 29 17:54:57 2021 +0900
committer Inseob Kim <inseob@google.com> Wed Dec 29 17:54:57 2021 +0900
tree a5a844adb6d1aa686cb66051bc8c0f8a5879e640
parent 5bbcd68dccdfdd96d8408c858835790769e5d7ba

Migrate seapp_contexts to Android.bp

Bug: 33691272
Test: build and boot
Test: atest SELinuxHostTest#testValidSeappContexts
Change-Id: I86f9d010d1628f9756cc152b4ee74dea1b9ff955

contexts/Android.bp

diff --git a/contexts/Android.bp b/contexts/Android.bp
index ed98683..4679589 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -222,3 +222,70 @@
     ],
     soc_specific: true,
 }
+
+seapp_contexts {
+    name: "plat_seapp_contexts",
+    srcs: [":seapp_contexts_files{.plat_private}"],
+    sepolicy: ":precompiled_sepolicy",
+}
+
+seapp_contexts {
+    name: "system_ext_seapp_contexts",
+    srcs: [":seapp_contexts_files{.system_ext_private}"],
+    neverallow_files: [":seapp_contexts_files{.plat_private}"],
+    system_ext_specific: true,
+    sepolicy: ":precompiled_sepolicy",
+}
+
+seapp_contexts {
+    name: "product_seapp_contexts",
+    srcs: [":seapp_contexts_files{.product_private}"],
+    neverallow_files: [
+        ":seapp_contexts_files{.plat_private}",
+        ":seapp_contexts_files{.system_ext_private}",
+    ],
+    product_specific: true,
+    sepolicy: ":precompiled_sepolicy",
+}
+
+seapp_contexts {
+    name: "vendor_seapp_contexts",
+    srcs: [
+        ":seapp_contexts_files{.plat_vendor_for_vendor}",
+        ":seapp_contexts_files{.vendor}",
+        ":seapp_contexts_files{.reqd_mask_for_vendor}",
+    ],
+    neverallow_files: [
+        ":seapp_contexts_files{.plat_private_for_vendor}",
+        ":seapp_contexts_files{.system_ext_private_for_vendor}",
+        ":seapp_contexts_files{.product_private_for_vendor}",
+    ],
+    soc_specific: true,
+    sepolicy: ":precompiled_sepolicy",
+}
+
+seapp_contexts {
+    name: "odm_seapp_contexts",
+    srcs: [
+        ":seapp_contexts_files{.odm}",
+    ],
+    neverallow_files: [
+        ":seapp_contexts_files{.plat_private_for_vendor}",
+        ":seapp_contexts_files{.system_ext_private_for_vendor}",
+        ":seapp_contexts_files{.product_private_for_vendor}",
+    ],
+    device_specific: true,
+    sepolicy: ":precompiled_sepolicy",
+}
+
+// for CTS
+genrule {
+    name: "plat_seapp_neverallows",
+    srcs: [
+        ":seapp_contexts_files{.plat_private}",
+        ":seapp_contexts_files{.system_ext_private}",
+        ":seapp_contexts_files{.product_private}",
+    ],
+    out: ["plat_seapp_neverallows"],
+    cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
+}