commit 42e732c861be1e7a31a132514677fa21a6a1bc8f
author Yuntao Xu <yuntaoxu@google.com> Thu Nov 18 22:33:02 2021 +0000
committer Inseob Kim <inseob@google.com> Fri Nov 19 18:23:12 2021 +0900
tree 765440e8d95a886e2eb4d8a6a37b45310dfc687d
parent b8f39c49f5ef7f6d8e7ce5d31bb8f010eb16c0c2

Split property/file/service contexts modules

1. Splitted plat_property_contexts, plat_file_contexts, and
plat_service_contexts so they can be included by the
CtsSecurityHostTestCases module.

2. Add temporary seapp_contexts Soong module, which are needed by the
CtsSecurityHostTestCases, and makefile_goal is an interim solution before
migrating both of them to Soong.

Bug: 194096505
Test: m CtsSecurityHostTestCases
Change-Id: I99ba55b1a89f196b3c8504e623b65960a9262165

Android.bp

diff --git a/Android.bp b/Android.bp
index b9c5808..a353831 100644
--- a/Android.bp
+++ b/Android.bp
@@ -494,8 +494,26 @@
     flatten_apex: {
         srcs: ["apex/*-file_contexts"],
     },
+}
 
-    recovery_available: true,
+file_contexts {
+    name: "plat_file_contexts.recovery",
+    srcs: [":file_contexts_files"],
+    stem: "plat_file_contexts",
+    product_variables: {
+        address_sanitize: {
+            srcs: [":file_contexts_asan_files"],
+        },
+        debuggable: {
+            srcs: [":file_contexts_overlayfs_files"],
+        },
+    },
+
+    flatten_apex: {
+        srcs: ["apex/*-file_contexts"],
+    },
+
+    recovery: true,
 }
 
 file_contexts {
@@ -559,7 +577,13 @@
 property_contexts {
     name: "plat_property_contexts",
     srcs: [":property_contexts_files"],
-    recovery_available: true,
+}
+
+property_contexts {
+    name: "plat_property_contexts.recovery",
+    srcs: [":property_contexts_files"],
+    stem: "plat_property_contexts",
+    recovery: true,
 }
 
 property_contexts {
@@ -594,7 +618,13 @@
 service_contexts {
     name: "plat_service_contexts",
     srcs: [":service_contexts_files"],
-    recovery_available: true,
+}
+
+service_contexts {
+    name: "plat_service_contexts.recovery",
+    srcs: [":service_contexts_files"],
+    stem: "plat_service_contexts",
+    recovery: true,
 }
 
 service_contexts {
@@ -1195,3 +1225,17 @@
 se_freeze_test {
     name: "sepolicy_freeze_test",
 }
+
+//////////////////////////////////
+// Makefile rules temporary imported to Soong
+// TODO(b/33691272): remove these after migrating seapp to Soong
+//////////////////////////////////
+makefile_goal {
+    name: "plat_seapp_contexts_rule",
+    product_out_path: "obj/ETC/plat_seapp_contexts_intermediates/plat_seapp_contexts",
+}
+
+makefile_goal {
+    name: "plat_seapp_neverallows_rule",
+    product_out_path: "obj/ETC/plat_seapp_neverallows_intermediates/plat_seapp_neverallows",
+}

build/soong/selinux_contexts.go

diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 5859fc1..fefdd45 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -30,6 +30,9 @@
 	// Filenames under sepolicy directories, which will be used to generate contexts file.
 	Srcs []string `android:"path"`
 
+	// Output file name. Defaults to module name
+	Stem *string
+
 	Product_variables struct {
 		Debuggable struct {
 			Srcs []string
@@ -120,6 +123,10 @@
 	}
 }
 
+func (m *selinuxContextsModule) stem() string {
+	return proptools.StringDefault(m.properties.Stem, m.Name())
+}
+
 func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 	if m.InRecovery() {
 		// Installing context files at the root of the recovery partition
@@ -133,7 +140,7 @@
 
 		if reuseDeps, ok := dep.(*selinuxContextsModule); ok {
 			m.outputPath = reuseDeps.outputPath
-			ctx.InstallFile(m.installPath, m.Name(), m.outputPath)
+			ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
 			return
 		}
 	}
@@ -185,7 +192,7 @@
 	}
 
 	m.outputPath = m.build(ctx, inputs)
-	ctx.InstallFile(m.installPath, ctx.ModuleName(), m.outputPath)
+	ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
 }
 
 func newModule() *selinuxContextsModule {
@@ -230,21 +237,21 @@
 		Extra: []android.AndroidMkExtraFunc{
 			func(w io.Writer, outputFile android.Path) {
 				fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.ToMakePath().String())
-				fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.Name())
+				fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.stem())
 			},
 		},
 	}
 }
 
 func (m *selinuxContextsModule) ImageMutatorBegin(ctx android.BaseModuleContext) {
-	if proptools.Bool(m.properties.Recovery_available) && m.InstallInRecovery() {
+	if proptools.Bool(m.properties.Recovery_available) && m.ModuleBase.InstallInRecovery() {
 		ctx.PropertyErrorf("recovery_available",
 			"doesn't make sense at the same time as `recovery: true`")
 	}
 }
 
 func (m *selinuxContextsModule) CoreVariantNeeded(ctx android.BaseModuleContext) bool {
-	return !m.InstallInRecovery()
+	return !m.ModuleBase.InstallInRecovery()
 }
 
 func (m *selinuxContextsModule) RamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
@@ -260,7 +267,7 @@
 }
 
 func (m *selinuxContextsModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool {
-	return m.InstallInRecovery() || proptools.Bool(m.properties.Recovery_available)
+	return m.ModuleBase.InstallInRecovery() || proptools.Bool(m.properties.Recovery_available)
 }
 
 func (m *selinuxContextsModule) ExtraImageVariations(ctx android.BaseModuleContext) []string {
@@ -273,7 +280,7 @@
 var _ android.ImageInterface = (*selinuxContextsModule)(nil)
 
 func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
-	ret := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
+	builtContext := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
 
 	rule := android.NewRuleBuilder(pctx, ctx)
 
@@ -282,37 +289,40 @@
 		Text("--fatal-warnings -s").
 		FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
 		Inputs(inputs).
-		FlagWithOutput("> ", ret)
+		FlagWithOutput("> ", builtContext)
 
 	if proptools.Bool(m.properties.Remove_comment) {
-		rule.Temporary(ret)
+		rule.Temporary(builtContext)
 
 		remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
 
 		rule.Command().
 			Text("sed -e 's/#.*$//' -e '/^$/d'").
-			Input(ret).
+			Input(builtContext).
 			FlagWithOutput("> ", remove_comment_output)
 
-		ret = remove_comment_output
+		builtContext = remove_comment_output
 	}
 
 	if proptools.Bool(m.properties.Fc_sort) {
-		rule.Temporary(ret)
+		rule.Temporary(builtContext)
 
 		sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
 
 		rule.Command().
 			Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
-			FlagWithInput("-i ", ret).
+			FlagWithInput("-i ", builtContext).
 			FlagWithOutput("-o ", sorted_output)
 
-		ret = sorted_output
+		builtContext = sorted_output
 	}
 
-	rule.Build("selinux_contexts", "building contexts: "+m.Name())
+	ret := android.PathForModuleGen(ctx, m.stem())
+	rule.Temporary(builtContext)
+	rule.Command().Text("cp").Input(builtContext).Output(ret)
 
 	rule.DeleteTemporaryFiles()
+	rule.Build("selinux_contexts", "building contexts: "+m.Name())
 
 	return ret
 }
@@ -500,3 +510,13 @@
 	m.build = m.buildGeneralContexts
 	return m
 }
+
+var _ android.OutputFileProducer = (*selinuxContextsModule)(nil)
+
+// Implements android.OutputFileProducer
+func (m *selinuxContextsModule) OutputFiles(tag string) (android.Paths, error) {
+	if tag == "" {
+		return []android.Path{m.outputPath}, nil
+	}
+	return nil, fmt.Errorf("unsupported module reference tag %q", tag)
+}