Merge "Revert "Migrate contexts tests to Android.bp"" am: 8bd664ba28 am: b9e7afda53 am: 24c0c93ae6 am: c6c7a7ff70
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949061
Change-Id: Id7a02638043fb3ea7250d21b42b4a406f220a1c4
diff --git a/Android.mk b/Android.mk
index b8ad3ca..361c7c4 100644
--- a/Android.mk
+++ b/Android.mk
@@ -341,6 +341,7 @@
# The following files are only allowed for non-Treble devices.
LOCAL_REQUIRED_MODULES += \
sepolicy \
+ vendor_service_contexts \
endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
@@ -499,7 +500,6 @@
vendor_property_contexts_test \
vendor_seapp_contexts \
vendor_service_contexts \
- vendor_service_contexts_test \
vendor_hwservice_contexts \
vendor_hwservice_contexts_test \
vendor_bug_map \
@@ -680,6 +680,9 @@
file_contexts.modules.tmp :=
##################################
+include $(LOCAL_PATH)/contexts_tests.mk
+
+##################################
include $(CLEAR_VARS)
LOCAL_MODULE := vndservice_contexts
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 7424001..c55fba2 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -93,11 +93,6 @@
android.RegisterModuleType("service_contexts", serviceFactory)
android.RegisterModuleType("keystore2_key_contexts", keystoreKeyFactory)
android.RegisterModuleType("seapp_contexts", seappFactory)
-
- android.RegisterModuleType("file_contexts_test", fileContextsTestFactory)
- android.RegisterModuleType("property_contexts_test", propertyContextsTestFactory)
- android.RegisterModuleType("hwservice_contexts_test", hwserviceContextsTestFactory)
- android.RegisterModuleType("service_contexts_test", serviceContextsTestFactory)
}
func (m *selinuxContextsModule) InstallInRoot() bool {
@@ -504,142 +499,3 @@
}
return nil, fmt.Errorf("unsupported module reference tag %q", tag)
}
-
-type contextsTestProperties struct {
- // Contexts files to be tested.
- Srcs []string `android:"path"`
-
- // Precompiled sepolicy binary to be tesed together.
- Sepolicy *string `android:"path"`
-}
-
-type contextsTestModule struct {
- android.ModuleBase
-
- // Name of the test tool. "checkfc" or "property_info_checker"
- tool string
-
- // Additional flags to be passed to the tool.
- flags []string
-
- properties contextsTestProperties
- testTimestamp android.ModuleOutPath
-}
-
-// checkfc parses a context file and checks for syntax errors.
-// If -s is specified, the service backend is used to verify binder services.
-// If -l is specified, the service backend is used to verify hwbinder services.
-// Otherwise, context_file is assumed to be a file_contexts file
-// If -e is specified, then the context_file is allowed to be empty.
-
-// file_contexts_test tests given file_contexts files with checkfc.
-func fileContextsTestFactory() android.Module {
- m := &contextsTestModule{tool: "checkfc" /* no flags: file_contexts file check */}
- m.AddProperties(&m.properties)
- android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
- return m
-}
-
-// property_contexts_test tests given property_contexts files with property_info_checker.
-func propertyContextsTestFactory() android.Module {
- m := &contextsTestModule{tool: "property_info_checker"}
- m.AddProperties(&m.properties)
- android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
- return m
-}
-
-// hwservice_contexts_test tests given hwservice_contexts files with checkfc.
-func hwserviceContextsTestFactory() android.Module {
- m := &contextsTestModule{tool: "checkfc", flags: []string{"-e" /* allow empty */, "-l" /* hwbinder services */}}
- m.AddProperties(&m.properties)
- android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
- return m
-}
-
-// service_contexts_test tests given service_contexts files with checkfc.
-func serviceContextsTestFactory() android.Module {
- // checkfc -s: service_contexts test
- m := &contextsTestModule{tool: "checkfc", flags: []string{"-s" /* binder services */}}
- m.AddProperties(&m.properties)
- android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
- return m
-}
-
-func (m *contextsTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
- tool := m.tool
- if tool != "checkfc" && tool != "property_info_checker" {
- panic(fmt.Errorf("%q: unknown tool name: %q", ctx.ModuleName(), tool))
- }
-
- if len(m.properties.Srcs) == 0 {
- ctx.PropertyErrorf("srcs", "can't be empty")
- return
- }
-
- if proptools.String(m.properties.Sepolicy) == "" {
- ctx.PropertyErrorf("sepolicy", "can't be empty")
- return
- }
-
- srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs)
- sepolicy := android.PathForModuleSrc(ctx, proptools.String(m.properties.Sepolicy))
-
- rule := android.NewRuleBuilder(pctx, ctx)
- rule.Command().BuiltTool(tool).
- Flags(m.flags).
- Input(sepolicy).
- Inputs(srcs)
-
- m.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
- rule.Command().Text("touch").Output(m.testTimestamp)
- rule.Build("contexts_test", "running contexts test: "+ctx.ModuleName())
-}
-
-func (m *contextsTestModule) AndroidMkEntries() []android.AndroidMkEntries {
- return []android.AndroidMkEntries{android.AndroidMkEntries{
- Class: "FAKE",
- // OutputFile is needed, even though BUILD_PHONY_PACKAGE doesn't use it.
- // Without OutputFile this module won't be exported to Makefile.
- OutputFile: android.OptionalPathForPath(m.testTimestamp),
- Include: "$(BUILD_PHONY_PACKAGE)",
- ExtraEntries: []android.AndroidMkExtraEntriesFunc{
- func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
- entries.SetString("LOCAL_ADDITIONAL_DEPENDENCIES", m.testTimestamp.String())
- },
- },
- }}
-}
-
-// contextsTestModule implements ImageInterface to be able to include recovery_available contexts
-// modules as its sources.
-func (m *contextsTestModule) ImageMutatorBegin(ctx android.BaseModuleContext) {
-}
-
-func (m *contextsTestModule) CoreVariantNeeded(ctx android.BaseModuleContext) bool {
- return true
-}
-
-func (m *contextsTestModule) RamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
- return false
-}
-
-func (m *contextsTestModule) VendorRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
- return false
-}
-
-func (m *contextsTestModule) DebugRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
- return false
-}
-
-func (m *contextsTestModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool {
- return false
-}
-
-func (m *contextsTestModule) ExtraImageVariations(ctx android.BaseModuleContext) []string {
- return nil
-}
-
-func (m *contextsTestModule) SetImageVariation(ctx android.BaseModuleContext, variation string, module android.Module) {
-}
-
-var _ android.ImageInterface = (*contextsTestModule)(nil)
diff --git a/contexts/Android.bp b/contexts/Android.bp
index 3062a61..1dc710a 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -298,137 +298,3 @@
out: ["plat_seapp_neverallows"],
cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
}
-
-//////////////////////////////////
-// Run host-side test with contexts files and the sepolicy file
-file_contexts_test {
- name: "plat_file_contexts_test",
- srcs: [":plat_file_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-file_contexts_test {
- name: "system_ext_file_contexts_test",
- srcs: [":system_ext_file_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-file_contexts_test {
- name: "product_file_contexts_test",
- srcs: [":product_file_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-file_contexts_test {
- name: "vendor_file_contexts_test",
- srcs: [":vendor_file_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-file_contexts_test {
- name: "odm_file_contexts_test",
- srcs: [":odm_file_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-hwservice_contexts_test {
- name: "plat_hwservice_contexts_test",
- srcs: [":plat_hwservice_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-hwservice_contexts_test {
- name: "system_ext_hwservice_contexts_test",
- srcs: [":system_ext_hwservice_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-hwservice_contexts_test {
- name: "product_hwservice_contexts_test",
- srcs: [":product_hwservice_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-hwservice_contexts_test {
- name: "vendor_hwservice_contexts_test",
- srcs: [":vendor_hwservice_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-hwservice_contexts_test {
- name: "odm_hwservice_contexts_test",
- srcs: [":odm_hwservice_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-property_contexts_test {
- name: "plat_property_contexts_test",
- srcs: [":plat_property_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-property_contexts_test {
- name: "system_ext_property_contexts_test",
- srcs: [
- ":plat_property_contexts",
- ":system_ext_property_contexts",
- ],
- sepolicy: ":precompiled_sepolicy",
-}
-
-property_contexts_test {
- name: "product_property_contexts_test",
- srcs: [
- ":plat_property_contexts",
- ":system_ext_property_contexts",
- ":product_property_contexts",
- ],
- sepolicy: ":precompiled_sepolicy",
-}
-
-property_contexts_test {
- name: "vendor_property_contexts_test",
- srcs: [
- ":plat_property_contexts",
- ":system_ext_property_contexts",
- ":product_property_contexts",
- ":vendor_property_contexts",
- ],
- sepolicy: ":precompiled_sepolicy",
-}
-
-property_contexts_test {
- name: "odm_property_contexts_test",
- srcs: [
- ":plat_property_contexts",
- ":system_ext_property_contexts",
- ":product_property_contexts",
- ":vendor_property_contexts",
- ":odm_property_contexts",
- ],
- sepolicy: ":precompiled_sepolicy",
-}
-
-service_contexts_test {
- name: "plat_service_contexts_test",
- srcs: [":plat_service_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-service_contexts_test {
- name: "system_ext_service_contexts_test",
- srcs: [":system_ext_service_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-service_contexts_test {
- name: "product_service_contexts_test",
- srcs: [":product_service_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
-
-service_contexts_test {
- name: "vendor_service_contexts_test",
- srcs: [":vendor_service_contexts"],
- sepolicy: ":precompiled_sepolicy",
-}
diff --git a/contexts_tests.mk b/contexts_tests.mk
new file mode 100644
index 0000000..1189b83
--- /dev/null
+++ b/contexts_tests.mk
@@ -0,0 +1,337 @@
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include $(CLEAR_VARS)
+
+# TODO: move tests into Soong after refactoring sepolicy module (b/130693869)
+
+# Run host-side test with contexts files and the sepolicy file.
+# $(1): names of modules containing context files
+# $(2): path to the host tool
+# $(3): additional argument to be passed to the tool
+define run_contexts_test
+my_contexts := $(foreach m,$(1),$$(call intermediates-dir-for,ETC,$(m))/$(m))
+$$(LOCAL_BUILT_MODULE): PRIVATE_CONTEXTS := $$(my_contexts)
+$$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $$(built_sepolicy)
+$$(LOCAL_BUILT_MODULE): $(2) $$(my_contexts) $$(built_sepolicy)
+ $$(hide) $$< $(3) $$(PRIVATE_SEPOLICY) $$(PRIVATE_CONTEXTS)
+ $$(hide) mkdir -p $$(dir $$@)
+ $$(hide) touch $$@
+my_contexts :=
+endef
+
+checkfc := $(HOST_OUT_EXECUTABLES)/checkfc
+property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker
+
+##################################
+LOCAL_MODULE := plat_file_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+$(eval $(call run_contexts_test, plat_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_file_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, system_ext_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_file_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, product_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_file_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, vendor_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_file_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, odm_file_contexts, $(checkfc),))
+
+##################################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_hwservice_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, plat_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_hwservice_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, system_ext_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_hwservice_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, product_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_hwservice_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, vendor_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_hwservice_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, odm_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+
+pc_modules := plat_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_property_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),))
+
+##################################
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+
+pc_modules += system_ext_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_property_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),))
+
+endif
+
+##################################
+
+pc_modules += vendor_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_property_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),))
+
+##################################
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+
+pc_modules += odm_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_property_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),))
+
+endif
+
+##################################
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+
+pc_modules += product_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_property_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),))
+
+endif
+
+pc_modules :=
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_service_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, plat_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_service_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, system_ext_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_service_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, product_service_contexts, $(checkfc), -s))
+
+##################################
+# nonplat_service_contexts is only allowed on non-full-treble devices
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_service_contexts_test
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, vendor_service_contexts, $(checkfc), -s))
+
+endif
+
+checkfc :=
+property_info_checker :=
+run_contexts_test :=
diff --git a/tools/checkfc.c b/tools/checkfc.c
index 83c631e..9cbd912 100644
--- a/tools/checkfc.c
+++ b/tools/checkfc.c
@@ -171,12 +171,6 @@
const char *type_name = sepol_context_get_type(ctx);
- // Temporarily exempt hal_power_stats_vendor_service from the check.
- // TODO(b/211953546): remove this
- if (strcmp(type_name, "hal_power_stats_vendor_service") == 0) {
- goto out;
- }
-
uint32_t len = ebitmap_length(&global_state.assert.set);
if (len > 0) {
res = !is_type_of_attribute_set(global_state.sepolicy.pdb, type_name,