Only maintain maps between current and previous selinux versions.
New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.
Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.
Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 5f4950c..7e3fdbc 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -1,9 +1,11 @@
;; new_objects - a collection of types that have been introduced that have no
;; analogue in older policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
- ( activity_task_service
+ ( new_objects
+ activity_task_service
adb_service
adbd_exec
app_binding_service
@@ -182,8 +184,9 @@
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
(typeattribute priv_objects)
(typeattributeset priv_objects
- ( adbd_tmpfs
- untrusted_app_27_tmpfs
- ))
+ ( priv_objects
+ adbd_tmpfs
+ untrusted_app_27_tmpfs))