commit d4103eed2b83cc54ad5273d19aa76a42b365c8d4
author Yiming Jing <yimingjing@google.com> Thu Oct 08 14:39:42 2020 -0700
committer Yiming Jing <yimingjing@google.com> Tue Oct 13 22:51:56 2020 +0000
tree c167288cdc7cba07ab7d20d55ee00c9e31ff4ca1
parent b4a08cb2cc185c56b2724741884dc9832799eadb

Expand the scope of sepolicy_freeze_test

The existing freeze test only covers the policy files in system/sepolicy
alone. There's demand from product teams that would like to implement a
freeze test for their sepolicy. Instead of letting them fork the freeze
test, we believe expanding the scope of the exising one is in the best
interest.

$FREEZE_TEST_EXTRA_DIRS and $FREEZE_TEST_EXTRA_PREBUILT_DIRS are added.
These build variables could be appended like $PRODUCT_PUBLIC_POLICY. The
product team are expected to maintain their policy prebuilts.

Bug: 166455099
Test: manual
Change-Id: I6f350e1e3db2807be4dbfd0ceb34f0d89f94d629

Android.mk

diff --git a/Android.mk b/Android.mk
index b9043d7..66a88e9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -57,6 +57,10 @@
 PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
 PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
 
+# Extra sepolicy and prebuilts directories for sepolicy_freeze_test
+FREEZE_TEST_EXTRA_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_DIRS)
+FREEZE_TEST_EXTRA_PREBUILT_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS)
+
 ifneq (,$(SYSTEM_EXT_PUBLIC_POLICY)$(SYSTEM_EXT_PRIVATE_POLICY))
 HAS_SYSTEM_EXT_SEPOLICY_DIR := true
 endif
@@ -314,6 +318,11 @@
 LOCAL_REQUIRED_MODULES += \
     sepolicy_freeze_test \
 
+else
+ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
+$(error SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS\
+cannot be set before system/sepolicy freezes.)
+endif #  (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
 endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
 
 include $(BUILD_PHONY_PACKAGE)
@@ -1694,6 +1703,11 @@
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
+define ziplist
+$(if $(and $1,$2), "$(firstword $1) $(firstword $2)"\
+  $(call ziplist,$(wordlist 2,$(words $1),$1),$(wordlist 2,$(words $2),$2)))
+endef
+
 base_plat_public := $(LOCAL_PATH)/public
 base_plat_private := $(LOCAL_PATH)/private
 base_plat_public_prebuilt := \
@@ -1708,10 +1722,16 @@
 $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE := $(base_plat_private)
 $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PUBLIC_PREBUILT := $(base_plat_public_prebuilt)
 $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE_PREBUILT := $(base_plat_private_prebuilt)
+$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA := $(sort $(FREEZE_TEST_EXTRA_DIRS))
+$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_PREBUILT := $(sort $(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
 $(LOCAL_BUILT_MODULE): $(all_frozen_files)
 ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
 	@diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC)
 	@diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE)
+ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
+	@for pair in $(call ziplist, $(PRIVATE_EXTRA_PREBUILT), $(PRIVATE_EXTRA)); \
+		do diff -rq -x bug_map $$pair; done
+endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
 endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
 	$(hide) touch $@