Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / a6a3726ed273f105fd7dc994931066491b0d4fdd^! / .
commita6a3726ed273f105fd7dc994931066491b0d4fdd[log] [tgz]
authorInseob Kim <inseob@google.com>Tue Mar 12 11:25:14 2024 +0900
committerInseob Kim <inseob@google.com>Tue Mar 12 11:25:14 2024 +0900
treeb16d8588087e54eab3d29821b4af6cd21a46446a
parentd3afbdfffa801f9f143a095fb3a4360920d4d2cf [diff]
Check added types/attributes on freeze test too

Without this check, a release build may accidentally include additional
public types and attributes after "freeze".

Also this adds a detailed error message for how to fix.

Bug: 296875906
Test: manual
Change-Id: Iabc6bc8c8616089207acfff8ec4f05445fe7b2b3

diff --git a/tests/sepolicy_freeze_test.py b/tests/sepolicy_freeze_test.py
index 72c8fde..f72340a 100644
--- a/tests/sepolicy_freeze_test.py
+++ b/tests/sepolicy_freeze_test.py

@@ -37,20 +37,46 @@
 
     current_policy = mini_parser.MiniCilParser(options.current)
     prebuilt_policy = mini_parser.MiniCilParser(options.prebuilt)
+    current_policy.typeattributes = set(filter(lambda x: "base_typeattr_" not in x,
+                                               current_policy.typeattributes))
+    prebuilt_policy.typeattributes = set(filter(lambda x: "base_typeattr_" not in x,
+                                                prebuilt_policy.typeattributes))
 
     results = ""
     removed_types = prebuilt_policy.types - current_policy.types
+    added_types = current_policy.types - prebuilt_policy.types
     removed_attributes = prebuilt_policy.typeattributes - current_policy.typeattributes
-    removed_attributes = set(filter(lambda x: "base_typeattr_" not in x, removed_attributes))
+    added_attributes = current_policy.typeattributes - prebuilt_policy.typeattributes
 
     if removed_types:
         results += "The following public types were removed:\n" + ", ".join(removed_types) + "\n"
 
+    if added_types:
+        results += "The following public types were added:\n" + ", ".join(added_types) + "\n"
+
     if removed_attributes:
         results += "The following public attributes were removed:\n" + ", ".join(removed_attributes) + "\n"
 
-    if len(results) > 0:
-        sys.exit(results)
+    if added_attributes:
+        results += "The following public attributes were added:\n" + ", ".join(added_attributes) + "\n"
+
+    if results:
+        sys.exit(f'''{results}
+******************************
+You have tried to change system/sepolicy/public after vendor API freeze.
+To make these errors go away, you have two choices:
+    1. You can flag-guard types and attributes listed above, so they won't be
+       included to the release build. See examples of how to flag-guard them:
+           https://android-review.googlesource.com/2854391
+           https://android-review.googlesource.com/2967637
+    2. You can update prebuilts by executing the following command:
+           $ cd $ANDROID_BUILD_TOP
+           $ cp -r system/sepolicy/public system/sepolicy/private \\
+                 system/sepolicy/prebuilts/api/$(get_build_var BOARD_API_LEVEL)
+       To submit the revised prebuilts to the main Android repository,
+       you will need approval.
+******************************
+''')
 
 if __name__ == '__main__':
     do_main()