2019-05-02 22:48:44 +02:00
|
|
|
version := $(version_under_treble_tests)
|
|
|
|
|
|
|
|
include $(CLEAR_VARS)
|
|
|
|
#################################
|
|
|
|
# build this target to ensure the compat permissions files all build against the current policy
|
|
|
|
#
|
|
|
|
LOCAL_MODULE := $(version)_compat_test
|
2021-02-04 08:07:40 +01:00
|
|
|
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
|
|
|
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
|
|
|
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
2019-05-02 22:48:44 +02:00
|
|
|
LOCAL_REQUIRED_MODULES := $(version).compat.cil
|
2019-05-29 18:05:43 +02:00
|
|
|
LOCAL_MODULE_CLASS := FAKE
|
|
|
|
LOCAL_MODULE_TAGS := optional
|
|
|
|
|
|
|
|
include $(BUILD_SYSTEM)/base_rules.mk
|
2019-05-02 22:48:44 +02:00
|
|
|
|
|
|
|
all_cil_files := \
|
|
|
|
$(built_plat_cil) \
|
|
|
|
$(built_plat_mapping_cil) \
|
|
|
|
$(built_pub_vers_cil) \
|
|
|
|
$(ALL_MODULES.$(version).compat.cil.BUILT) \
|
|
|
|
|
2019-08-29 11:12:11 +02:00
|
|
|
ifdef HAS_SYSTEM_EXT_SEPOLICY
|
Allowing system_ext sepolicy to be empty
Some targets just need to extend system_ext context files, e.g.,
file_contexts, service_contexts, etc., without adding any system_ext
policy files, e.g., *.te files.
Currently, this will lead to build errors. This CL allows
system_ext_sepolicy.cil and the system_ext mapping file
to be empty.
It's now also possible to just set BOARD_PLAT_PRIVATE_SEPOLICY_DIR
without setting BOARD_PLAT_PUBLIC_SEPOLICY_DIR.
Bug: 137712473
Bug: 141880898
Test: Only adds system_ext context files without policy files (e.g., *.te),
then `mmma system/sepolicy` can build pass
Change-Id: I72849f2d4aa43e5296cd15c07a8fd058186a6376
2019-10-04 08:34:18 +02:00
|
|
|
all_cil_files += $(built_system_ext_cil)
|
|
|
|
endif
|
2019-08-29 11:12:11 +02:00
|
|
|
|
Allowing system_ext sepolicy to be empty
Some targets just need to extend system_ext context files, e.g.,
file_contexts, service_contexts, etc., without adding any system_ext
policy files, e.g., *.te files.
Currently, this will lead to build errors. This CL allows
system_ext_sepolicy.cil and the system_ext mapping file
to be empty.
It's now also possible to just set BOARD_PLAT_PRIVATE_SEPOLICY_DIR
without setting BOARD_PLAT_PUBLIC_SEPOLICY_DIR.
Bug: 137712473
Bug: 141880898
Test: Only adds system_ext context files without policy files (e.g., *.te),
then `mmma system/sepolicy` can build pass
Change-Id: I72849f2d4aa43e5296cd15c07a8fd058186a6376
2019-10-04 08:34:18 +02:00
|
|
|
ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
|
|
|
|
all_cil_files += $(built_system_ext_mapping_cil)
|
2019-08-29 11:12:11 +02:00
|
|
|
endif
|
|
|
|
|
2019-05-02 22:48:44 +02:00
|
|
|
ifdef HAS_PRODUCT_SEPOLICY
|
2019-10-04 09:36:05 +02:00
|
|
|
all_cil_files += $(built_product_cil)
|
|
|
|
endif
|
2019-05-02 22:48:44 +02:00
|
|
|
|
2019-10-04 09:36:05 +02:00
|
|
|
ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
|
|
|
|
all_cil_files += $(built_product_mapping_cil)
|
2019-05-02 22:48:44 +02:00
|
|
|
endif
|
|
|
|
|
2020-11-09 12:58:58 +01:00
|
|
|
ifneq ($(mixed_sepolicy_build),true)
|
|
|
|
|
|
|
|
all_cil_files += $(built_vendor_cil)
|
|
|
|
|
2019-05-02 22:48:44 +02:00
|
|
|
ifdef BOARD_ODM_SEPOLICY_DIRS
|
|
|
|
all_cil_files += $(built_odm_cil)
|
|
|
|
endif
|
|
|
|
|
2020-11-09 12:58:58 +01:00
|
|
|
endif # ifneq ($(mixed_sepolicy_build),true)
|
|
|
|
|
2019-05-29 18:05:43 +02:00
|
|
|
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
|
|
|
|
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
|
2019-05-02 22:48:44 +02:00
|
|
|
@mkdir -p $(dir $@)
|
2019-05-17 21:39:41 +02:00
|
|
|
$(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@ -f /dev/null
|
2019-05-02 22:48:44 +02:00
|
|
|
|
|
|
|
all_cil_files :=
|
|
|
|
version :=
|
|
|
|
version_under_treble_tests :=
|