Add macro for board API level guard
'starting_at_board_api' macro is added to guard system/sepolicy/public
types and attributes. The macro will work only when compiling vendor/odm
sepolicy. When compiling platform sepolicy (system / system_ext /
product), rules will always be included, regardless of board API level.
Policy authors should guard new public types and attributes with this
macro, similar to LLNDK. The new types and attributes will be exposed
since next vFRC release.
Bug: 330671090
Test: manually build with various board API level, see output
Change-Id: I03c601ce8fe1f77c7608dc488317d20276fd2d47
diff --git a/build/soong/policy.go b/build/soong/policy.go
index cbcc57a..be9d34e 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@@ -90,6 +90,9 @@
// Desired number of MLS categories. Defaults to 1024
Mls_cats *int64
+
+ // Whether to turn on board_api_level guard or not. Defaults to false
+ Board_api_level_guard *bool
}
type policyConf struct {
@@ -220,6 +223,14 @@
return proptools.IntDefault(c.properties.Mls_cats, MlsCats)
}
+func (c *policyConf) boardApiLevel(ctx android.ModuleContext) string {
+ if proptools.Bool(c.properties.Board_api_level_guard) {
+ return ctx.Config().VendorApiLevel()
+ }
+ // aribtrary value greater than any other vendor API levels
+ return "1000000"
+}
+
func findPolicyConfOrder(name string) int {
for idx, pattern := range policyConfOrder {
// We could use regexp but it seems like an overkill
@@ -261,6 +272,7 @@
FlagWithArg("-D target_requires_insecure_execmem_for_swiftshader=", strconv.FormatBool(ctx.DeviceConfig().RequiresInsecureExecmemForSwiftshader())).
FlagWithArg("-D target_enforce_debugfs_restriction=", c.enforceDebugfsRestrictions(ctx)).
FlagWithArg("-D target_recovery=", strconv.FormatBool(c.isTargetRecovery())).
+ FlagWithArg("-D target_board_api_level=", c.boardApiLevel(ctx)).
Flags(flagsToM4Macros(flags)).
Flag("-s").
Inputs(srcs).