Revert^4 "Build userdebug_plat_sepolicy.cil with Android.bp"
This reverts commit a46d61cd3fae9f11c4a7fb1980d807afc0da8f62.
Reason for revert: fixed debug_ramdisk partition problem
Change-Id: If2350f115f5ff74ee50dac4e5a87c4d171067282
diff --git a/Android.bp b/Android.bp
index 999333d..3c99744 100644
--- a/Android.bp
+++ b/Android.bp
@@ -687,6 +687,21 @@
additional_cil_files: ["private/technical_debt.cil"],
}
+// userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
+se_policy_conf {
+ name: "userdebug_plat_sepolicy.conf",
+ srcs: [":se_build_files{.plat}"],
+ build_variant: "userdebug",
+ installable: false,
+}
+
+se_policy_cil {
+ name: "userdebug_plat_sepolicy.cil",
+ src: ":userdebug_plat_sepolicy.conf",
+ additional_cil_files: ["private/technical_debt.cil"],
+ debug_ramdisk: true,
+}
+
// system_ext_policy.conf - A combination of the private and public system_ext
// policy which will ship with the device. System_ext policy is not attributized
se_policy_conf {
diff --git a/Android.mk b/Android.mk
index 7e83f70..9feb392 100644
--- a/Android.mk
+++ b/Android.mk
@@ -795,55 +795,6 @@
#################################
include $(CLEAR_VARS)
-LOCAL_MODULE := userdebug_plat_sepolicy.cil
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_DEBUG_RAMDISK_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-# userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
-policy_files := $(call build_policy, $(sepolicy_build_files), \
- $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
-userdebug_plat_policy.conf := $(intermediates)/userdebug_plat_policy.conf
-$(userdebug_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
-$(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
-$(userdebug_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := userdebug
-$(userdebug_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
-$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
-$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
-$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(userdebug_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
-$(userdebug_plat_policy.conf): PRIVATE_ENFORCE_SYSPROP_OWNER := $(enforce_sysprop_owner)
-$(userdebug_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
-$(userdebug_plat_policy.conf): $(policy_files) $(M4)
- $(transform-policy-to-conf)
- $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
-
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CIL_FILES := \
- $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
-$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
-$(LOCAL_BUILT_MODULE): $(userdebug_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
- $(HOST_OUT_EXECUTABLES)/secilc \
- $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
- $(built_sepolicy_neverallows)
- @mkdir -p $(dir $@)
- $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
- $(POLICYVERS) -o $@.tmp $<
- $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@.tmp
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@.tmp -o /dev/null -f /dev/null
- $(hide) mv $@.tmp $@
-
-userdebug_plat_policy.conf :=
-
-#################################
-include $(CLEAR_VARS)
-
# vendor_policy.cil - the vendor sepolicy. This needs attributization and to be combined
# with the platform-provided policy. It makes use of the reqd_policy_mask files from private
# policy and the platform public policy files in order to use checkpolicy.
diff --git a/build/soong/policy.go b/build/soong/policy.go
index d734c97..9d574c9 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@@ -317,7 +317,12 @@
conf := android.PathForModuleSrc(ctx, *c.properties.Src)
cil := c.compileConfToCil(ctx, conf)
- c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+ if c.InstallInDebugRamdisk() {
+ // for userdebug_plat_sepolicy.cil
+ c.installPath = android.PathForModuleInstall(ctx)
+ } else {
+ c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+ }
c.installSource = cil
ctx.InstallFile(c.installPath, c.stem(), c.installSource)
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index d7a0798..a9aed60 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -257,6 +257,10 @@
return false
}
+func (m *selinuxContextsModule) DebugRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
+ return false
+}
+
func (m *selinuxContextsModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool {
return m.InstallInRecovery() || proptools.Bool(m.properties.Recovery_available)
}