Merge changes I9deb367b,I8c88622e,I18747dc6,I4e94db4a
* changes:
Generate compat files and modules with scripts
Fix wrongly hardcoded version
Remove deprecated distutils dependency
Remove redundant comments
diff --git a/compat/Android.bp b/compat/Android.bp
index 895b5e7..61acd40 100644
--- a/compat/Android.bp
+++ b/compat/Android.bp
@@ -188,7 +188,6 @@
name: "plat_33.0.cil",
stem: "33.0.cil",
bottom_half: [":33.0.board.compat.map{.plat_private}"],
- // top_half: "plat_34.0.cil",
}
se_cil_compat_map {
@@ -235,7 +234,6 @@
name: "system_ext_33.0.cil",
stem: "33.0.cil",
bottom_half: [":33.0.board.compat.map{.system_ext_private}"],
- // top_half: "system_ext_34.0.cil",
system_ext_specific: true,
}
@@ -283,7 +281,6 @@
name: "product_33.0.cil",
stem: "33.0.cil",
bottom_half: [":33.0.board.compat.map{.product_private}"],
- // top_half: "product_34.0.cil",
product_specific: true,
}
@@ -320,7 +317,6 @@
se_cil_compat_map {
name: "33.0.ignore.cil",
bottom_half: [":33.0.board.ignore.map{.plat_private}"],
- // top_half: "34.0.ignore.cil",
}
se_cil_compat_map {
@@ -347,7 +343,6 @@
se_cil_compat_map {
name: "system_ext_33.0.ignore.cil",
bottom_half: [":33.0.board.ignore.map{.system_ext_private}"],
- // top_half: "system_ext_34.0.ignore.cil",
system_ext_specific: true,
}
@@ -375,7 +370,6 @@
se_cil_compat_map {
name: "product_33.0.ignore.cil",
bottom_half: [":33.0.board.ignore.map{.product_private}"],
- // top_half: "product_34.0.ignore.cil",
product_specific: true,
}
diff --git a/tools/sepolicy_generate_compat.py b/tools/sepolicy_generate_compat.py
index 17a4d75..ca5ae91 100644
--- a/tools/sepolicy_generate_compat.py
+++ b/tools/sepolicy_generate_compat.py
@@ -14,8 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from pathlib import Path
import argparse
-import distutils.ccompiler
import glob
import logging
import mini_parser
@@ -41,6 +41,7 @@
))
"""
+SHARED_LIB_EXTENSION = '.dylib' if sys.platform == 'darwin' else '.so'
def check_run(cmd, cwd=None):
if cwd:
@@ -105,7 +106,7 @@
path = os.path.join(destination, '%s.cil' % ver)
with open(path, 'wb') as f:
logging.debug('Extracting %s.cil to %s' % (ver, destination))
- f.write(check_output(cmd).stdout.replace(b'10000.0',b'33.0').replace(b'10000_0',b'33_0'))
+ f.write(check_output(cmd).stdout.replace(b'10000_0', ver.replace('.', '_').encode()))
return path
@@ -190,6 +191,122 @@
return versioned_type.removesuffix(old_suffix) + new_suffix
+def create_target_compat_modules(bp_path, target_ver):
+ """ Creates compat modules to Android.bp.
+
+ Args:
+ bp_path: string, path to Android.bp
+ target_ver: string, api version to generate
+ """
+
+ module_template = """
+se_build_files {{
+ name: "{ver}.board.compat.map",
+ srcs: ["compat/{ver}/{ver}.cil"],
+}}
+
+se_build_files {{
+ name: "{ver}.board.compat.cil",
+ srcs: ["compat/{ver}/{ver}.compat.cil"],
+}}
+
+se_build_files {{
+ name: "{ver}.board.ignore.map",
+ srcs: ["compat/{ver}/{ver}.ignore.cil"],
+}}
+
+se_cil_compat_map {{
+ name: "plat_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.plat_private}}"],
+}}
+
+se_cil_compat_map {{
+ name: "system_ext_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "product_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.product_private}}"],
+ product_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.plat_private}}"],
+}}
+
+se_cil_compat_map {{
+ name: "system_ext_{ver}.ignore.cil",
+ stem: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "product_{ver}.ignore.cil",
+ stem: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.product_private}}"],
+ product_specific: true,
+}}
+
+se_compat_cil {{
+ name: "{ver}.compat.cil",
+ srcs: [":{ver}.board.compat.cil{{.plat_private}}"],
+}}
+
+se_compat_cil {{
+ name: "system_ext_{ver}.compat.cil",
+ stem: "{ver}.compat.cil",
+ srcs: [":{ver}.board.compat.cil{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+"""
+
+ with open(bp_path, 'a') as f:
+ f.write(module_template.format(ver=target_ver))
+
+
+def patch_top_half_of_latest_compat_modules(bp_path, latest_ver, target_ver):
+ """ Adds top_half property to latest compat modules in Android.bp.
+
+ Args:
+ bp_path: string, path to Android.bp
+ latest_ver: string, previous api version
+ target_ver: string, api version to generate
+ """
+
+ modules_to_patch = [
+ "plat_{ver}.cil",
+ "system_ext_{ver}.cil",
+ "product_{ver}.cil",
+ "{ver}.ignore.cil",
+ "system_ext_{ver}.ignore.cil",
+ "product_{ver}.ignore.cil",
+ ]
+
+ for module in modules_to_patch:
+ # set latest_ver module's top_half property to target_ver
+ # e.g.
+ #
+ # se_cil_compat_map {
+ # name: "plat_33.0.cil",
+ # top_half: "plat_34.0.cil", <== this
+ # ...
+ # }
+ check_run([
+ "bpmodify",
+ "-m", module.format(ver=latest_ver),
+ "-property", "top_half",
+ "-str", module.format(ver=target_ver),
+ "-w",
+ bp_path
+ ])
+
def get_args():
parser = argparse.ArgumentParser()
parser.add_argument(
@@ -227,8 +344,7 @@
try:
libpath = os.path.join(
- os.path.dirname(os.path.realpath(__file__)), 'libsepolwrap' +
- distutils.ccompiler.new_compiler().shared_lib_extension)
+ os.path.dirname(os.path.realpath(__file__)), 'libsepolwrap' + SHARED_LIB_EXTENSION)
if not os.path.exists(libpath):
sys.exit(
'Error: libsepolwrap does not exist. Is this binary corrupted?\n'
@@ -237,6 +353,26 @@
build_top = get_android_build_top()
sepolicy_path = os.path.join(build_top, 'system', 'sepolicy')
+ # Step 0. Create a placeholder files and compat modules
+ # These are needed to build base policy files below.
+ compat_bp_path = os.path.join(sepolicy_path, 'compat', 'Android.bp')
+ create_target_compat_modules(compat_bp_path, args.target_version)
+ patch_top_half_of_latest_compat_modules(compat_bp_path, args.latest_version,
+ args.target_version)
+
+ target_compat_path = os.path.join(sepolicy_path, 'private', 'compat',
+ args.target_version)
+ target_mapping_file = os.path.join(target_compat_path,
+ args.target_version + '.cil')
+ target_compat_file = os.path.join(target_compat_path,
+ args.target_version + '.compat.cil')
+ target_ignore_file = os.path.join(target_compat_path,
+ args.target_version + '.ignore.cil')
+ Path(target_compat_path).mkdir(parents=True, exist_ok=True)
+ Path(target_mapping_file).touch()
+ Path(target_compat_file).touch()
+ Path(target_ignore_file).touch()
+
# Step 1. Download system/etc/selinux/mapping/{ver}.cil, and remove types/typeattributes
mapping_file = download_mapping_file(
args.branch, args.build, args.target_version, destination=temp_dir)
@@ -342,15 +478,6 @@
sys.exit(error_msg)
# Step 5. Write to system/sepolicy/private/compat
- target_compat_path = os.path.join(sepolicy_path, 'private', 'compat',
- args.target_version)
- target_mapping_file = os.path.join(target_compat_path,
- args.target_version + '.cil')
- target_compat_file = os.path.join(target_compat_path,
- args.target_version + '.compat.cil')
- target_ignore_file = os.path.join(target_compat_path,
- args.target_version + '.ignore.cil')
-
with open(target_mapping_file, 'w') as f:
logging.info('writing %s' % target_mapping_file)
if removed_types: