Make coredomain violation as a build error
Also add how to fix the volations.
Bug: 280547417
Test: m selinux_policy with violations
Change-Id: Icdce73bf0c3b3d98297606958e45e5dd9192f8a0
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 41a713d..b80d0e6 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -1312,10 +1312,23 @@
}
}
+ bool coredomain_violation = false;
list_for_each(&coredomain_violation_list, cursor) {
c = list_entry(cursor, typeof(*c), listify);
fprintf(stderr, "Forbidden attribute " COREDOMAIN " assigned to domain \"%s\" in "
- "File \"%s\" on line %d\n", c->domain, c->filename, c->lineno);
+ "File \"%s\" on line %d\n", c->domain, c->filename, c->lineno);
+ coredomain_violation = true;
+ }
+
+ if (coredomain_violation) {
+ fprintf(stderr, "********************************************************************************\n");
+ fprintf(stderr, "You tried to assign coredomain with vendor seapp_contexts, which is not allowed.\n"
+ "Either move offending entries to system, system_ext, or product seapp_contexts,\n"
+ "or remove 'coredomain' attribute from the domains.\n"
+ "See an example of how to fix this:\n"
+ "https://android-review.googlesource.com/2671075\n");
+ fprintf(stderr, "********************************************************************************\n");
+ found_issues = true;
}
if (found_issues) {