Convert selinux_policy_system to Android.bp
Also convert treble_sepolicy_tests_for_release.mk to
treble_sepolicy_tests_for_release/Android.bp
Bug: 350881031
Test: m selinux_policy_system
Change-Id: I246246fe6d7a9ab108e3f5262f28dd0fb1b930ca
diff --git a/Android.bp b/Android.bp
index 9ef7e5a..7d36b86 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1086,3 +1086,79 @@
default: [],
}),
}
+
+phony {
+ name: "selinux_policy_system",
+ required: [
+ "29.0.compat.cil",
+ "30.0.compat.cil",
+ "31.0.compat.cil",
+ "32.0.compat.cil",
+ "33.0.compat.cil",
+ "34.0.compat.cil",
+ "build_sepolicy",
+ "fuzzer_bindings_test",
+ "plat_29.0.cil",
+ "plat_30.0.cil",
+ "plat_31.0.cil",
+ "plat_32.0.cil",
+ "plat_33.0.cil",
+ "plat_34.0.cil",
+ "plat_bug_map",
+ "plat_file_contexts",
+ "plat_file_contexts_data_test",
+ "plat_file_contexts_test",
+ "plat_hwservice_contexts",
+ "plat_hwservice_contexts_test",
+ "plat_keystore2_key_contexts",
+ "plat_mac_permissions.xml",
+ "plat_mapping_file",
+ "plat_property_contexts",
+ "plat_property_contexts_test",
+ "plat_seapp_contexts",
+ "plat_sepolicy.cil",
+ "plat_service_contexts",
+ "plat_service_contexts_test",
+ "searchpolicy",
+ "secilc",
+ ] + select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
+ "202404": [],
+ default: [
+ "202404.compat.cil",
+ "plat_202404.cil",
+ ],
+ }) + select(soong_config_variable("ANDROID", "PRODUCT_PRECOMPILED_SEPOLICY"), {
+ true: ["plat_sepolicy_and_mapping.sha256"],
+ default: [],
+ }) + select((
+ soong_config_variable("ANDROID", "ASAN_ENABLED"),
+ product_variable("selinux_ignore_neverallows"),
+ ), {
+ (true, true): [
+ ],
+ (default, default): [
+ "sepolicy_compat_test",
+ "sepolicy_test",
+ "sepolicy_dev_type_test",
+ "treble_sepolicy_tests_29.0",
+ "treble_sepolicy_tests_30.0",
+ "treble_sepolicy_tests_31.0",
+ "treble_sepolicy_tests_32.0",
+ "treble_sepolicy_tests_33.0",
+ "treble_sepolicy_tests_34.0",
+ ],
+ }) + select((
+ soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"),
+ soong_config_variable("ANDROID", "ASAN_ENABLED"),
+ product_variable("selinux_ignore_neverallows"),
+ ), {
+ ("202404", true, true): [],
+ (default, true, true): [],
+ (default, default, default): [
+ "treble_sepolicy_tests_202404",
+ ],
+ }) + select(soong_config_variable("ANDROID", "RELEASE_BOARD_API_LEVEL_FROZEN"), {
+ true: ["se_freeze_test"],
+ default: [],
+ }),
+}
diff --git a/Android.mk b/Android.mk
index 6655919..9dfc531 100644
--- a/Android.mk
+++ b/Android.mk
@@ -201,66 +201,6 @@
# By setting as droidcore's dependency, tests will run on normal builds.
droidcore: selinux_policy
-include $(CLEAR_VARS)
-LOCAL_MODULE := selinux_policy_system
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-# These build targets are not used on non-Treble devices. However, we build these to avoid
-# divergence between Treble and non-Treble devices.
-LOCAL_REQUIRED_MODULES += \
- plat_mapping_file \
- $(addprefix plat_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
- $(addsuffix .compat.cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
- plat_sepolicy.cil \
- secilc \
-
-ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
-LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
-endif
-
-LOCAL_REQUIRED_MODULES += \
- build_sepolicy \
- plat_file_contexts \
- plat_file_contexts_test \
- plat_file_contexts_data_test \
- plat_keystore2_key_contexts \
- plat_mac_permissions.xml \
- plat_property_contexts \
- plat_property_contexts_test \
- plat_seapp_contexts \
- plat_service_contexts \
- plat_service_contexts_test \
- plat_hwservice_contexts \
- plat_hwservice_contexts_test \
- fuzzer_bindings_test \
- plat_bug_map \
- searchpolicy \
-
-ifneq ($(with_asan),true)
-ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
-LOCAL_REQUIRED_MODULES += \
- sepolicy_compat_test \
-
-# HACK: sepolicy_test is implemented as genrule
-# genrule modules aren't installable, so LOCAL_REQUIRED_MODULES doesn't work.
-# Instead, use LOCAL_ADDITIONAL_DEPENDENCIES with intermediate output
-LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_test)/sepolicy_test
-LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_dev_type_test)/sepolicy_dev_type_test
-
-LOCAL_REQUIRED_MODULES += \
- $(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
-
-endif # SELINUX_IGNORE_NEVERALLOWS
-endif # with_asan
-
-ifeq ($(RELEASE_BOARD_API_LEVEL_FROZEN),true)
-LOCAL_REQUIRED_MODULES += \
- se_freeze_test
-endif
-
-include $(BUILD_PHONY_PACKAGE)
-
##################################
# Policy files are now built with Android.bp. Grab them from intermediate.
# See Android.bp for details of policy files.
@@ -365,30 +305,6 @@
file_contexts.device.tmp :=
file_contexts.local.tmp :=
-##################################
-# Tests for Treble compatibility of current platform policy and vendor policy of
-# given release version.
-
-ver := $(PLATFORM_SEPOLICY_VERSION)
-ifneq ($(wildcard $(LOCAL_PATH)/prebuilts/api/$(PLATFORM_SEPOLICY_VERSION)),)
-# If PLATFORM_SEPOLICY_VERSION is already frozen, use prebuilts for compat test
-base_plat_pub_policy.cil := $(call intermediates-dir-for,ETC,$(ver)_plat_pub_policy.cil)/$(ver)_plat_pub_policy.cil
-base_product_pub_policy.cil := $(call intermediates-dir-for,ETC,$(ver)_product_pub_policy.cil)/$(ver)_product_pub_policy.cil
-else
-# If not, use ToT for compat test
-base_plat_pub_policy.cil := $(call intermediates-dir-for,ETC,base_plat_pub_policy.cil)/base_plat_pub_policy.cil
-base_product_pub_policy.cil := $(call intermediates-dir-for,ETC,base_product_pub_policy.cil)/base_product_pub_policy.cil
-endif
-ver :=
-
-$(foreach v,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS), \
- $(eval version_under_treble_tests := $(v)) \
- $(eval include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk) \
-)
-
-base_plat_pub_policy.cil :=
-base_product_pub_policy.cil :=
-
#################################
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
deleted file mode 100644
index 2e9d68f..0000000
--- a/treble_sepolicy_tests_for_release.mk
+++ /dev/null
@@ -1,81 +0,0 @@
-version := $(version_under_treble_tests)
-
-include $(CLEAR_VARS)
-# For Treble builds run tests verifying that processes are properly labeled and
-# permissions granted do not violate the treble model. Also ensure that treble
-# compatibility guarantees are upheld between SELinux version bumps.
-LOCAL_MODULE := treble_sepolicy_tests_$(version)
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := FAKE
-LOCAL_MODULE_TAGS := optional
-
-IS_TREBLE_TEST_ENABLED_PARTNER := false
-ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
-ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR))
-IS_TREBLE_TEST_ENABLED_PARTNER := true
-endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR))
-endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-# $(version)_plat - the platform policy shipped as part of the $(version) release. This is
-# built to enable us to determine the diff between the current policy and the
-# $(version) policy, which will be used in tests to make sure that compatibility has
-# been maintained by our mapping files.
-built_$(version)_plat_sepolicy_cil := $(call intermediates-dir-for,ETC,$(version)_plat_policy.cil)/$(version)_plat_policy.cil
-
-$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
-$(version)_mapping.ignore.cil := \
- $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
-ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR))
-$(version)_mapping.cil += \
- $(call intermediates-dir-for,ETC,system_ext_$(version).cil)/system_ext_$(version).cil
-$(version)_mapping.ignore.cil += \
- $(call intermediates-dir-for,ETC,system_ext_$(version).ignore.cil)/system_ext_$(version).ignore.cil
-endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR))
-ifneq (,$(BOARD_PRODUCT_PREBUILT_DIR))
-$(version)_mapping.cil += \
- $(call intermediates-dir-for,ETC,product_$(version).cil)/product_$(version).cil
-$(version)_mapping.ignore.cil += \
- $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
-endif # (,$(BOARD_PRODUCT_PREBUILT_DIR))
-endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-
-# $(version)_mapping.combined.cil - a combination of the mapping file used when
-# combining the current platform policy with nonplatform policy based on the
-# $(version) policy release and also a special ignored file that exists purely for
-# these tests.
-intermediates := $(TARGET_OUT_INTERMEDIATES)/ETC/$(LOCAL_MODULE)_intermediates
-$(version)_mapping.combined.cil := $(intermediates)/$(version)_mapping.combined.cil
-$($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mapping.ignore.cil)
- mkdir -p $(dir $@)
- cat $^ > $@
-
-ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-public_cil_files := $(base_product_pub_policy.cil)
-else
-public_cil_files := $(base_plat_pub_policy.cil)
-endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy_cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files)
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
- $(public_cil_files) \
- $(built_$(version)_plat_sepolicy_cil) $($(version)_mapping.combined.cil)
- @mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
- -b $(PRIVATE_PLAT_PUB_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
- -o $(PRIVATE_SEPOLICY_OLD)
- $(hide) touch $@
-
-built_sepolicy_files :=
-public_cil_files :=
-$(version)_mapping.cil :=
-$(version)_mapping.combined.cil :=
-$(version)_mapping.ignore.cil :=
-built_$(version)_plat_sepolicy :=
-version :=
-version_under_treble_tests :=
diff --git a/treble_sepolicy_tests_for_release/Android.bp b/treble_sepolicy_tests_for_release/Android.bp
new file mode 100644
index 0000000..d087da6
--- /dev/null
+++ b/treble_sepolicy_tests_for_release/Android.bp
@@ -0,0 +1,438 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: [
+ "Android-Apache-2.0",
+ "system_sepolicy_license",
+ ],
+}
+
+//////////////////////////////////
+// Tests for Treble compatibility of current platform policy and vendor policy of
+// given release version.
+//////////////////////////////////
+genrule {
+ name: "29.0_mapping.combined.cil",
+ srcs: [
+ ":plat_29.0.cil",
+ ":29.0.ignore.cil",
+ ],
+ out: ["29.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_29.0.cil) $(location :29.0.ignore.cil) > $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_29.0",
+ srcs: [
+ ":29.0_plat_policy.cil",
+ ":29.0_mapping.combined.cil",
+ ":29.0_plat_pub_policy.cil",
+ ],
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_29.0"],
+ cmd: "$(location treble_sepolicy_tests) " +
+ "-b $(location :29.0_plat_pub_policy.cil) " +
+ "-m $(location :29.0_mapping.combined.cil) " +
+ "-o $(location :29.0_plat_policy.cil) && " +
+ "touch $(out)",
+}
+
+genrule {
+ name: "30.0_mapping.combined.cil",
+ srcs: [
+ ":plat_30.0.cil",
+ ":30.0.ignore.cil",
+ ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_30.0.cil",
+ ":system_ext_30.0.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_30.0.cil",
+ ":product_30.0.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["30.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_30.0.cil) " +
+ "$(location :30.0.ignore.cil) " +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: "$(location :system_ext_30.0.cil) " +
+ "$(location :system_ext_30.0.ignore.cil) ",
+ default: "",
+ }) +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: "$(location :product_30.0.cil) " +
+ "$(location :product_30.0.ignore.cil) ",
+ default: "",
+ }) +
+ "> $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_30.0",
+ srcs: [
+ ":30.0_plat_policy.cil",
+ ":30.0_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":30.0_plat_pub_policy.cil"],
+ (default, default): [":30.0_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_30.0"],
+ cmd: select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :30.0_plat_pub_policy.cil) " +
+ "-m $(location :30.0_mapping.combined.cil) " +
+ "-o $(location :30.0_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :30.0_product_pub_policy.cil) " +
+ "-m $(location :30.0_mapping.combined.cil) " +
+ "-o $(location :30.0_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}
+
+genrule {
+ name: "31.0_mapping.combined.cil",
+ srcs: [
+ ":plat_31.0.cil",
+ ":31.0.ignore.cil",
+ ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_31.0.cil",
+ ":system_ext_31.0.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_31.0.cil",
+ ":product_31.0.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["31.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_31.0.cil) " +
+ "$(location :31.0.ignore.cil) " +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: "$(location :system_ext_31.0.cil) " +
+ "$(location :system_ext_31.0.ignore.cil) ",
+ default: "",
+ }) +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: "$(location :product_31.0.cil) " +
+ "$(location :product_31.0.ignore.cil) ",
+ default: "",
+ }) +
+ "> $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_31.0",
+ srcs: [
+ ":31.0_plat_policy.cil",
+ ":31.0_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":31.0_plat_pub_policy.cil"],
+ (default, default): [":31.0_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_31.0"],
+ cmd: select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :31.0_plat_pub_policy.cil) " +
+ "-m $(location :31.0_mapping.combined.cil) " +
+ "-o $(location :31.0_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :31.0_product_pub_policy.cil) " +
+ "-m $(location :31.0_mapping.combined.cil) " +
+ "-o $(location :31.0_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}
+
+genrule {
+ name: "32.0_mapping.combined.cil",
+ srcs: [
+ ":plat_32.0.cil",
+ ":32.0.ignore.cil",
+ ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_32.0.cil",
+ ":system_ext_32.0.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_32.0.cil",
+ ":product_32.0.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["32.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_32.0.cil) " +
+ "$(location :32.0.ignore.cil) " +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: "$(location :system_ext_32.0.cil) " +
+ "$(location :system_ext_32.0.ignore.cil) ",
+ default: "",
+ }) +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: "$(location :product_32.0.cil) " +
+ "$(location :product_32.0.ignore.cil) ",
+ default: "",
+ }) +
+ "> $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_32.0",
+ srcs: [
+ ":32.0_plat_policy.cil",
+ ":32.0_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":32.0_plat_pub_policy.cil"],
+ (default, default): [":32.0_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_32.0"],
+ cmd: select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :32.0_plat_pub_policy.cil) " +
+ "-m $(location :32.0_mapping.combined.cil) " +
+ "-o $(location :32.0_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :32.0_product_pub_policy.cil) " +
+ "-m $(location :32.0_mapping.combined.cil) " +
+ "-o $(location :32.0_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}
+
+genrule {
+ name: "33.0_mapping.combined.cil",
+ srcs: [
+ ":plat_33.0.cil",
+ ":33.0.ignore.cil",
+ ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_33.0.cil",
+ ":system_ext_33.0.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_33.0.cil",
+ ":product_33.0.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["33.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_33.0.cil) " +
+ "$(location :33.0.ignore.cil) " +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: "$(location :system_ext_33.0.cil) " +
+ "$(location :system_ext_33.0.ignore.cil) ",
+ default: "",
+ }) +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: "$(location :product_33.0.cil) " +
+ "$(location :product_33.0.ignore.cil) ",
+ default: "",
+ }) +
+ "> $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_33.0",
+ srcs: [
+ ":33.0_plat_policy.cil",
+ ":33.0_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":33.0_plat_pub_policy.cil"],
+ (default, default): [":33.0_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_33.0"],
+ cmd: select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :33.0_plat_pub_policy.cil) " +
+ "-m $(location :33.0_mapping.combined.cil) " +
+ "-o $(location :33.0_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :33.0_product_pub_policy.cil) " +
+ "-m $(location :33.0_mapping.combined.cil) " +
+ "-o $(location :33.0_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}
+
+genrule {
+ name: "34.0_mapping.combined.cil",
+ srcs: [
+ ":plat_34.0.cil",
+ ":34.0.ignore.cil",
+ ] + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_34.0.cil",
+ ":system_ext_34.0.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_34.0.cil",
+ ":product_34.0.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["34.0_mapping.combined.cil"],
+ cmd: "cat $(location :plat_34.0.cil) " +
+ "$(location :34.0.ignore.cil) " +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: "$(location :system_ext_34.0.cil) " +
+ "$(location :system_ext_34.0.ignore.cil) ",
+ default: "",
+ }) +
+ select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: "$(location :product_34.0.cil) " +
+ "$(location :product_34.0.ignore.cil) ",
+ default: "",
+ }) +
+ "> $(out)",
+}
+
+genrule {
+ name: "treble_sepolicy_tests_34.0",
+ srcs: [
+ ":34.0_plat_policy.cil",
+ ":34.0_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":34.0_plat_pub_policy.cil"],
+ (default, default): [":34.0_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_34.0"],
+ cmd: select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :34.0_plat_pub_policy.cil) " +
+ "-m $(location :34.0_mapping.combined.cil) " +
+ "-o $(location :34.0_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :34.0_product_pub_policy.cil) " +
+ "-m $(location :34.0_mapping.combined.cil) " +
+ "-o $(location :34.0_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}
+
+genrule {
+ name: "202404_mapping.combined.cil",
+ srcs: select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
+ "202404": [
+ ],
+ default: [
+ ":plat_202404.cil",
+ ":202404.ignore.cil",
+ ],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"), {
+ true: [
+ ":system_ext_202404.cil",
+ ":system_ext_202404.ignore.cil",
+ ],
+ default: [],
+ }) + select(soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"), {
+ true: [
+ ":product_202404.cil",
+ ":product_202404.ignore.cil",
+ ],
+ default: [],
+ }),
+ out: ["202404_mapping.combined.cil"],
+ cmd: select(soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"), {
+ "202404": "touch $(out)",
+ default: "cat $(in) > $(out)",
+ }),
+}
+
+genrule {
+ name: "treble_sepolicy_tests_202404",
+ srcs: [
+ ":202404_plat_policy.cil",
+ ":202404_mapping.combined.cil",
+ ] + select((
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ (false, false): [":202404_plat_pub_policy.cil"],
+ (default, default): [":202404_product_pub_policy.cil"],
+ }),
+ tools: ["treble_sepolicy_tests"],
+ out: ["treble_sepolicy_tests_202404"],
+ cmd: select((
+ soong_config_variable("ANDROID", "PLATFORM_SEPOLICY_VERSION"),
+ soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
+ soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
+ ), {
+ ("202404", false, false): "touch $(out)",
+ ("202404", default, default): "touch $(out)",
+ (default, false, false): "$(location treble_sepolicy_tests) " +
+ "-b $(location :202404_plat_pub_policy.cil) " +
+ "-m $(location :202404_mapping.combined.cil) " +
+ "-o $(location :202404_plat_policy.cil) && " +
+ "touch $(out)",
+ (default, default, default): "$(location treble_sepolicy_tests) " +
+ "-b $(location :202404_product_pub_policy.cil) " +
+ "-m $(location :202404_mapping.combined.cil) " +
+ "-o $(location :202404_plat_policy.cil) && " +
+ "touch $(out)",
+ }),
+}