Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / aaf65c2d6503a422a258c80cdaf4307873e9265d^1..aaf65c2d6503a422a258c80cdaf4307873e9265d / .
commitaaf65c2d6503a422a258c80cdaf4307873e9265d[log] [tgz]
authorInseob Kim <inseob@google.com>Mon Mar 14 04:59:27 2022 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon Mar 14 04:59:27 2022 +0000
tree360e51824b3e64e1a7ace9c0f0db4869acc2259e
parent2c905846fa53e28a28bcde3aa1ca435f3ef48a42 [diff]
parent35e87367b888ecc0511452334a1fde3c0b66b871 [diff]
Merge changes Iace4a45c,I007d3bab

* changes:
  microdroid: Set mls_cats to 1
  Add mls_cats property to se_policy_conf

diff --git a/build/soong/policy.go b/build/soong/policy.go
index 390c439..b1840da 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go

@@ -88,6 +88,9 @@
 
 	// Whether this module is directly installable to one of the partitions. Default is true
 	Installable *bool
+
+	// Desired number of MLS categories. Defaults to 1024
+	Mls_cats *int64
 }
 
 type policyConf struct {
@@ -189,6 +192,10 @@
 	return strconv.FormatBool(ctx.DeviceConfig().BuildDebugfsRestrictionsEnabled())
 }
 
+func (c *policyConf) mlsCats() int {
+	return proptools.IntDefault(c.properties.Mls_cats, MlsCats)
+}
+
 func findPolicyConfOrder(name string) int {
 	for idx, pattern := range policyConfOrder {
 		if pattern == name || (pattern == "*.te" && strings.HasSuffix(name, ".te")) {
@@ -212,7 +219,7 @@
 		Flag("--fatal-warnings").
 		FlagForEachArg("-D ", ctx.DeviceConfig().SepolicyM4Defs()).
 		FlagWithArg("-D mls_num_sens=", strconv.Itoa(MlsSens)).
-		FlagWithArg("-D mls_num_cats=", strconv.Itoa(MlsCats)).
+		FlagWithArg("-D mls_num_cats=", strconv.Itoa(c.mlsCats())).
 		FlagWithArg("-D target_arch=", ctx.DeviceConfig().DeviceArch()).
 		FlagWithArg("-D target_with_asan=", c.withAsan(ctx)).
 		FlagWithArg("-D target_with_dexpreopt=", strconv.FormatBool(ctx.DeviceConfig().WithDexpreopt())).

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 0600207..0628a5b 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp

@@ -109,6 +109,7 @@
     name: "microdroid_reqd_policy_mask.conf",
     srcs: reqd_mask_files,
     installable: false,
+    mls_cats: 1,
 }
 
 se_policy_cil {
@@ -122,6 +123,7 @@
     name: "microdroid_plat_sepolicy.conf",
     srcs: system_policy_files,
     installable: false,
+    mls_cats: 1,
 }
 
 se_policy_cil {
@@ -135,6 +137,7 @@
     name: "microdroid_plat_pub_policy.conf",
     srcs: system_public_policy_files,
     installable: false,
+    mls_cats: 1,
 }
 
 se_policy_cil {
@@ -171,6 +174,7 @@
     name: "microdroid_vendor_sepolicy.conf",
     srcs: vendor_policy_files,
     installable: false,
+    mls_cats: 1,
 }
 
 se_policy_cil {
@@ -287,4 +291,5 @@
     srcs: system_policy_files,
     exclude_build_test: true,
     installable: false,
+    mls_cats: 1,
 }