Only maintain maps between current and previous selinux versions.
New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.
Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.
Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 891f1a3..7d5017d 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -1,9 +1,11 @@
;; new_objects - a collection of types that have been introduced that have no
;; analogue in older policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
- ( activity_task_service
+ ( new_objects
+ activity_task_service
adb_service
app_binding_service
atrace
@@ -160,5 +162,8 @@
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
(typeattribute priv_objects)
-(typeattributeset priv_objects (untrusted_app_27_tmpfs))
+(typeattributeset priv_objects
+ ( priv_objects
+ untrusted_app_27_tmpfs))