commit bee558e4bb1f7920dc292c00a8880d76f27920aa
author Inseob Kim <inseob@google.com> Tue Nov 30 14:58:10 2021 +0900
committer Inseob Kim <inseob@google.com> Wed Dec 01 10:58:25 2021 +0900
tree 7253aacdf22b541b91f3f49cc3653121f35d53ea
parent 43b6a317bc5e25475548343d1a839ca1a6a483f2

Add 32.0 mapping files

Steps taken to produce the mapping files:

1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.

When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.

2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.

Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687

Android.bp

diff --git a/Android.bp b/Android.bp
index a353831..4ae3acb 100644
--- a/Android.bp
+++ b/Android.bp
@@ -87,6 +87,13 @@
 }
 
 se_filegroup {
+    name: "32.0.board.compat.map",
+    srcs: [
+        "compat/32.0/32.0.cil",
+    ],
+}
+
+se_filegroup {
     name: "26.0.board.compat.cil",
     srcs: [
         "compat/26.0/26.0.compat.cil",
@@ -129,6 +136,13 @@
 }
 
 se_filegroup {
+    name: "32.0.board.compat.cil",
+    srcs: [
+        "compat/32.0/32.0.compat.cil",
+    ],
+}
+
+se_filegroup {
     name: "26.0.board.ignore.map",
     srcs: [
         "compat/26.0/26.0.ignore.cil",
@@ -170,6 +184,13 @@
     ],
 }
 
+se_filegroup {
+    name: "32.0.board.ignore.map",
+    srcs: [
+        "compat/32.0/32.0.ignore.cil",
+    ],
+}
+
 se_cil_compat_map {
     name: "plat_26.0.cil",
     stem: "26.0.cil",
@@ -209,7 +230,14 @@
     name: "plat_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "plat_32.0.cil",
+    top_half: "plat_32.0.cil",
+}
+
+se_cil_compat_map {
+    name: "plat_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "plat_33.0.cil",
 }
 
 se_cil_compat_map {
@@ -256,7 +284,15 @@
     name: "system_ext_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "system_ext_32.0.cil",
+    top_half: "system_ext_32.0.cil",
+    system_ext_specific: true,
+}
+
+se_cil_compat_map {
+    name: "system_ext_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "system_ext_33.0.cil",
     system_ext_specific: true,
 }
 
@@ -304,7 +340,15 @@
     name: "product_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "product_32.0.cil",
+    top_half: "product_32.0.cil",
+    product_specific: true,
+}
+
+se_cil_compat_map {
+    name: "product_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "product_33.0.cil",
     product_specific: true,
 }
 
@@ -341,7 +385,13 @@
 se_cil_compat_map {
     name: "31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "32.0.ignore.cil",
+    top_half: "32.0.ignore.cil",
+}
+
+se_cil_compat_map {
+    name: "32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "33.0.ignore.cil",
 }
 
 se_cil_compat_map {
@@ -354,7 +404,14 @@
 se_cil_compat_map {
     name: "system_ext_31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "system_ext_32.0.ignore.cil",
+    top_half: "system_ext_32.0.ignore.cil",
+    system_ext_specific: true,
+}
+
+se_cil_compat_map {
+    name: "system_ext_32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "system_ext_33.0.ignore.cil",
     system_ext_specific: true,
 }
 
@@ -368,7 +425,14 @@
 se_cil_compat_map {
     name: "product_31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "product_32.0.ignore.cil",
+    top_half: "product_32.0.ignore.cil",
+    product_specific: true,
+}
+
+se_cil_compat_map {
+    name: "product_32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "product_33.0.ignore.cil",
     product_specific: true,
 }
 
@@ -403,6 +467,11 @@
 }
 
 se_compat_cil {
+    name: "32.0.compat.cil",
+    srcs: [":32.0.board.compat.cil"],
+}
+
+se_compat_cil {
     name: "system_ext_26.0.compat.cil",
     srcs: [":26.0.board.compat.cil"],
     stem: "26.0.compat.cil",
@@ -444,6 +513,13 @@
     system_ext_specific: true,
 }
 
+se_compat_cil {
+    name: "system_ext_32.0.compat.cil",
+    srcs: [":32.0.board.compat.cil"],
+    stem: "32.0.compat.cil",
+    system_ext_specific: true,
+}
+
 se_filegroup {
     name: "file_contexts_files",
     srcs: ["file_contexts"],