Change sepolicy version format for vFRC
sepolicy versioning is for system <-> vendor compatibility. This changes
sepolicy version format from sdk version (e.g. 34.0) to vendor api
version (e.g. 202404.0).
Bug: 314010177
Test: build and boot
Change-Id: I2422c416b7fb85af64c8c835497bbecd2e10e2ab
diff --git a/Android.bp b/Android.bp
index 88107cc..fe755d4 100644
--- a/Android.bp
+++ b/Android.bp
@@ -337,6 +337,36 @@
product_specific: true,
}
+// HACK to support pre-vFRC vendor blobs
+// TODO(b/314010177): remove after new ToT (1000000.0) fully propagates
+se_versioned_policy {
+ name: "plat_mapping_file_10000.0",
+ base: ":plat_pub_policy.cil",
+ mapping: true,
+ version: "10000.0",
+ relative_install_path: "mapping", // install to /system/etc/selinux/mapping
+}
+
+se_versioned_policy {
+ name: "system_ext_mapping_file_10000.0",
+ base: ":system_ext_pub_policy.cil",
+ mapping: true,
+ version: "10000.0",
+ filter_out: [":plat_mapping_file"],
+ relative_install_path: "mapping", // install to /system_ext/etc/selinux/mapping
+ system_ext_specific: true,
+}
+
+se_versioned_policy {
+ name: "product_mapping_file_10000.0",
+ base: ":pub_policy.cil",
+ mapping: true,
+ version: "10000.0",
+ filter_out: [":plat_mapping_file", ":system_ext_mapping_file"],
+ relative_install_path: "mapping", // install to /product/etc/selinux/mapping
+ product_specific: true,
+}
+
//////////////////////////////////
// vendor/odm sepolicy
//////////////////////////////////
diff --git a/Android.mk b/Android.mk
index 63b74aa..8cdedbe 100644
--- a/Android.mk
+++ b/Android.mk
@@ -210,6 +210,12 @@
plat_sepolicy.cil \
secilc \
+# HACK to support pre-vFRC vendor blobs
+# TODO(b/314010177): remove after new ToT (1000000.0) fully propagates
+ifneq (true,$(BOARD_API_LEVEL_FROZEN))
+LOCAL_REQUIRED_MODULES += plat_mapping_file_10000.0
+endif
+
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
endif
@@ -278,6 +284,12 @@
LOCAL_REQUIRED_MODULES += \
system_ext_mapping_file
+# HACK to support pre-vFRC vendor blobs
+# TODO(b/314010177): remove after new ToT (1000000.0) fully propagates
+ifneq (true,$(BOARD_API_LEVEL_FROZEN))
+LOCAL_REQUIRED_MODULES += system_ext_mapping_file_10000.0
+endif
+
system_ext_compat_files := $(call build_policy, $(sepolicy_compat_files), $(SYSTEM_EXT_PRIVATE_POLICY))
LOCAL_REQUIRED_MODULES += $(addprefix system_ext_, $(notdir $(system_ext_compat_files)))
@@ -326,6 +338,12 @@
LOCAL_REQUIRED_MODULES += \
product_mapping_file
+# HACK to support pre-vFRC vendor blobs
+# TODO(b/314010177): remove after new ToT (1000000.0) fully propagates
+ifneq (true,$(BOARD_API_LEVEL_FROZEN))
+LOCAL_REQUIRED_MODULES += product_mapping_file_10000.0
+endif
+
product_compat_files := $(call build_policy, $(sepolicy_compat_files), $(PRODUCT_PRIVATE_POLICY))
LOCAL_REQUIRED_MODULES += $(addprefix product_, $(notdir $(product_compat_files)))
diff --git a/build/soong/sepolicy_freeze.go b/build/soong/sepolicy_freeze.go
index 385d6af..e1e8956 100644
--- a/build/soong/sepolicy_freeze.go
+++ b/build/soong/sepolicy_freeze.go
@@ -45,18 +45,16 @@
freezeTestTimestamp android.ModuleOutPath
}
-func (f *freezeTestModule) shouldSkip(ctx android.EarlyModuleContext) bool {
- platformVersion := ctx.DeviceConfig().PlatformSepolicyVersion()
- totVersion := ctx.DeviceConfig().TotSepolicyVersion()
-
- return platformVersion == totVersion
+func (f *freezeTestModule) shouldRunTest(ctx android.EarlyModuleContext) bool {
+ val, _ := ctx.Config().GetBuildFlag("RELEASE_BOARD_API_LEVEL_FROZEN")
+ return val == "true"
}
func (f *freezeTestModule) loadHook(ctx android.LoadHookContext) {
extraDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraDirs()
extraPrebuiltDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraPrebuiltDirs()
- if f.shouldSkip(ctx) {
+ if !f.shouldRunTest(ctx) {
if len(extraDirs) > 0 || len(extraPrebuiltDirs) > 0 {
ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS cannot be set before system/sepolicy freezes.")
return
@@ -76,7 +74,7 @@
}
func (f *freezeTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
- if f.shouldSkip(ctx) {
+ if !f.shouldRunTest(ctx) {
return
}
@@ -118,7 +116,7 @@
func (f *freezeTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
f.freezeTestTimestamp = android.PathForModuleOut(ctx, "freeze_test")
- if f.shouldSkip(ctx) {
+ if !f.shouldRunTest(ctx) {
// we still build a rule to prevent possible regression
android.WriteFileRule(ctx, f.freezeTestTimestamp, ";; no freeze tests needed before system/sepolicy freezes")
return