Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 7a68c5ae4ca81778f222c2817b698463878e5700^! / .
commit7a68c5ae4ca81778f222c2817b698463878e5700[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Thu Jun 08 13:24:15 2017 -0700
committerJeffrey Vander Stoep <jeffv@google.com>Sat Jun 10 15:14:10 2017 +0000
treee4c53538d26e53b7ed96b830e40ec1ec087f0044
parente546e81be4f57bde02b5e01d9b53fe766665e475 [diff]
Move non-treble devices to split file_contexts

This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.

Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.

Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1

diff --git a/Android.mk b/Android.mk
index 1a01644..afc983c 100644
--- a/Android.mk
+++ b/Android.mk

@@ -190,8 +190,6 @@
     plat_sepolicy.cil \
     plat_and_mapping_sepolicy.cil.sha256 \
     secilc \
-    nonplat_file_contexts \
-    plat_file_contexts \
     plat_sepolicy_vers.txt \
     treble_sepolicy_tests
 
@@ -199,12 +197,15 @@
 ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
 LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat_and_mapping.sha256
 endif
-
 else
 # Use monolithic SELinux policy
-LOCAL_REQUIRED_MODULES += sepolicy \
-    file_contexts.bin
+LOCAL_REQUIRED_MODULES += sepolicy
 endif
+
+LOCAL_REQUIRED_MODULES += \
+    nonplat_file_contexts \
+    plat_file_contexts
+
 include $(BUILD_PHONY_PACKAGE)
 
 ##################################
@@ -697,7 +698,11 @@
 LOCAL_MODULE := plat_file_contexts
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
+ifeq ($(PRODUCT_FULL_TREBLE),true)
 LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
+else
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+endif
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -727,7 +732,11 @@
 LOCAL_MODULE := nonplat_file_contexts
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
+ifeq ($(PRODUCT_FULL_TREBLE),true)
 LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+else
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
+endif
 
 include $(BUILD_SYSTEM)/base_rules.mk
 

diff --git a/private/file_contexts b/private/file_contexts
index aefd95f..903574e 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -38,7 +38,6 @@
 /sdcard             u:object_r:rootfs:s0
 
 # SELinux policy files
-/file_contexts\.bin     u:object_r:file_contexts_file:s0
 /nonplat_file_contexts  u:object_r:file_contexts_file:s0
 /plat_file_contexts     u:object_r:file_contexts_file:s0
 /mapping_sepolicy\.cil   u:object_r:sepolicy_file:s0