2020-11-09 12:58:58 +01:00
|
|
|
# Copyright (C) 2020 The Android Open Source Project
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
# prebuilt_policy.mk generates policy files from prebuilts of BOARD_SEPOLICY_VERS.
|
|
|
|
# The policy files will only be used to compile vendor and odm policies.
|
|
|
|
#
|
|
|
|
# Specifically, the following prebuilts are used...
|
|
|
|
# - system/sepolicy/prebuilts/api/{BOARD_SEPOLICY_VERS}
|
|
|
|
# - BOARD_PLAT_VENDOR_POLICY (copy of system/sepolicy/vendor from a previous release)
|
|
|
|
# - BOARD_REQD_MASK_POLICY (copy of reqd_mask from a previous release)
|
|
|
|
# - BOARD_SYSTEM_EXT_PUBLIC_PREBUILT_DIRS (copy of system_ext public from a previous release)
|
|
|
|
# - BOARD_SYSTEM_EXT_PRIVATE_PREBUILT_DIRS (copy of system_ext private from a previous release)
|
|
|
|
# - BOARD_PRODUCT_PUBLIC_PREBUILT_DIRS (copy of product public from a previous release)
|
|
|
|
# - BOARD_PRODUCT_PRIVATE_PREBUILT_DIRS (copy of product private from a previous release)
|
|
|
|
#
|
|
|
|
# ... to generate following policy files.
|
|
|
|
#
|
|
|
|
# - reqd policy mask
|
|
|
|
# - plat, system_ext, product public policy
|
|
|
|
# - plat, system_ext, product policy
|
|
|
|
# - plat, system_ext, product versioned policy
|
|
|
|
#
|
|
|
|
# These generated policy files will be used only when building vendor policies.
|
|
|
|
# They are not installed to system, system_ext, or product partition.
|
|
|
|
ver := $(BOARD_SEPOLICY_VERS)
|
|
|
|
prebuilt_dir := $(LOCAL_PATH)/prebuilts/api/$(ver)
|
|
|
|
plat_public_policy_$(ver) := $(prebuilt_dir)/public
|
|
|
|
plat_private_policy_$(ver) := $(prebuilt_dir)/private
|
|
|
|
system_ext_public_policy_$(ver) := $(BOARD_SYSTEM_EXT_PUBLIC_PREBUILT_DIRS)
|
|
|
|
system_ext_private_policy_$(ver) := $(BOARD_SYSTEM_EXT_PRIVATE_PREBUILT_DIRS)
|
|
|
|
product_public_policy_$(ver) := $(BOARD_PRODUCT_PUBLIC_PREBUILT_DIRS)
|
|
|
|
product_private_policy_$(ver) := $(BOARD_PRODUCT_PRIVATE_PREBUILT_DIRS)
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# policy-to-conf-rule: a helper macro to transform policy files to conf file.
|
|
|
|
#
|
|
|
|
# This expands to a set of rules which assign variables for transform-policy-to-conf and then call
|
|
|
|
# transform-policy-to-conf. Before calling this, policy_files must be set with build_policy macro.
|
|
|
|
#
|
|
|
|
# $(1): output path (.conf file)
|
|
|
|
define policy-to-conf-rule
|
|
|
|
$(1): PRIVATE_MLS_SENS := $$(MLS_SENS)
|
|
|
|
$(1): PRIVATE_MLS_CATS := $$(MLS_CATS)
|
|
|
|
$(1): PRIVATE_TARGET_BUILD_VARIANT := $$(TARGET_BUILD_VARIANT)
|
|
|
|
$(1): PRIVATE_TGT_ARCH := $$(my_target_arch)
|
|
|
|
$(1): PRIVATE_TGT_WITH_ASAN := $$(with_asan)
|
|
|
|
$(1): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $$(with_native_coverage)
|
|
|
|
$(1): PRIVATE_ADDITIONAL_M4DEFS := $$(LOCAL_ADDITIONAL_M4DEFS)
|
|
|
|
$(1): PRIVATE_SEPOLICY_SPLIT := $$(PRODUCT_SEPOLICY_SPLIT)
|
|
|
|
$(1): PRIVATE_COMPATIBLE_PROPERTY := $$(PRODUCT_COMPATIBLE_PROPERTY)
|
|
|
|
$(1): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $$(treble_sysprop_neverallow)
|
|
|
|
$(1): PRIVATE_ENFORCE_SYSPROP_OWNER := $$(enforce_sysprop_owner)
|
2021-04-27 01:32:17 +02:00
|
|
|
$(1): PRIVATE_ENFORCE_DEBUGFS_RESTRICTION := $$(enforce_debugfs_restriction)
|
2020-11-09 12:58:58 +01:00
|
|
|
$(1): PRIVATE_POLICY_FILES := $$(policy_files)
|
|
|
|
$(1): $$(policy_files) $$(M4)
|
|
|
|
$$(transform-policy-to-conf)
|
|
|
|
endef
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# reqd_policy_mask_$(ver).cil
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), $(BOARD_REQD_MASK_POLICY))
|
|
|
|
reqd_policy_mask_$(ver).conf := $(intermediates)/reqd_policy_mask_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(reqd_policy_mask_$(ver).conf)))
|
|
|
|
|
|
|
|
# b/37755687
|
|
|
|
CHECKPOLICY_ASAN_OPTIONS := ASAN_OPTIONS=detect_leaks=0
|
|
|
|
|
|
|
|
reqd_policy_mask_$(ver).cil := $(intermediates)/reqd_policy_mask_$(ver).cil
|
|
|
|
$(reqd_policy_mask_$(ver).cil): $(reqd_policy_mask_$(ver).conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -C -M -c \
|
|
|
|
$(POLICYVERS) -o $@ $<
|
|
|
|
|
|
|
|
reqd_policy_mask_$(ver).conf :=
|
|
|
|
|
|
|
|
reqd_policy_$(ver) := $(BOARD_REQD_MASK_POLICY)
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# plat_pub_policy_$(ver).cil: exported plat policies
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(reqd_policy_$(ver)))
|
|
|
|
plat_pub_policy_$(ver).conf := $(intermediates)/plat_pub_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(plat_pub_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
plat_pub_policy_$(ver).cil := $(intermediates)/plat_pub_policy_$(ver).cil
|
|
|
|
$(plat_pub_policy_$(ver).cil): PRIVATE_POL_CONF := $(plat_pub_policy_$(ver).conf)
|
|
|
|
$(plat_pub_policy_$(ver).cil): PRIVATE_REQD_MASK := $(reqd_policy_mask_$(ver).cil)
|
|
|
|
$(plat_pub_policy_$(ver).cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(plat_pub_policy_$(ver).conf) $(reqd_policy_mask_$(ver).cil)
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_REQD_MASK) -t $@
|
|
|
|
|
|
|
|
plat_pub_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# plat_mapping_cil_$(ver).cil: versioned exported system policy
|
|
|
|
#
|
|
|
|
plat_mapping_cil_$(ver) := $(intermediates)/plat_mapping_$(ver).cil
|
|
|
|
$(plat_mapping_cil_$(ver)) : PRIVATE_VERS := $(ver)
|
|
|
|
$(plat_mapping_cil_$(ver)) : $(plat_pub_policy_$(ver).cil) $(HOST_OUT_EXECUTABLES)/version_policy
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
|
|
|
|
built_plat_mapping_cil_$(ver) := $(plat_mapping_cil_$(ver))
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# plat_policy_$(ver).cil: system policy
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(plat_private_policy_$(ver)) )
|
|
|
|
plat_policy_$(ver).conf := $(intermediates)/plat_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(plat_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
plat_policy_$(ver).cil := $(intermediates)/plat_policy_$(ver).cil
|
|
|
|
$(plat_policy_$(ver).cil): PRIVATE_ADDITIONAL_CIL_FILES := \
|
|
|
|
$(call build_policy, $(sepolicy_build_cil_workaround_files), $(plat_private_policy_$(ver)))
|
|
|
|
$(plat_policy_$(ver).cil): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
|
|
|
|
$(plat_policy_$(ver).cil): $(plat_policy_$(ver).conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/secilc \
|
|
|
|
$(call build_policy, $(sepolicy_build_cil_workaround_files), $(plat_private_policy_$(ver)))
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
|
|
|
|
$(POLICYVERS) -o $@.tmp $<
|
|
|
|
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@.tmp
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@.tmp -o /dev/null -f /dev/null
|
|
|
|
$(hide) mv $@.tmp $@
|
|
|
|
|
|
|
|
plat_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
built_plat_cil_$(ver) := $(plat_policy_$(ver).cil)
|
|
|
|
|
|
|
|
ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# system_ext_pub_policy_$(ver).cil: exported system and system_ext policy
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(system_ext_public_policy_$(ver)) $(reqd_policy_$(ver)))
|
|
|
|
system_ext_pub_policy_$(ver).conf := $(intermediates)/system_ext_pub_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(system_ext_pub_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
system_ext_pub_policy_$(ver).cil := $(intermediates)/system_ext_pub_policy_$(ver).cil
|
|
|
|
$(system_ext_pub_policy_$(ver).cil): PRIVATE_POL_CONF := $(system_ext_pub_policy_$(ver).conf)
|
|
|
|
$(system_ext_pub_policy_$(ver).cil): PRIVATE_REQD_MASK := $(reqd_policy_mask_$(ver).cil)
|
|
|
|
$(system_ext_pub_policy_$(ver).cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(system_ext_pub_policy_$(ver).conf) $(reqd_policy_mask_$(ver).cil)
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_REQD_MASK) -t $@
|
|
|
|
|
|
|
|
system_ext_pub_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# system_ext_policy_$(ver).cil: system_ext policy
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(plat_private_policy_$(ver)) \
|
|
|
|
$(system_ext_public_policy_$(ver)) $(system_ext_private_policy_$(ver)) )
|
|
|
|
system_ext_policy_$(ver).conf := $(intermediates)/system_ext_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(system_ext_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
system_ext_policy_$(ver).cil := $(intermediates)/system_ext_policy_$(ver).cil
|
|
|
|
$(system_ext_policy_$(ver).cil): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
|
|
|
|
$(system_ext_policy_$(ver).cil): PRIVATE_PLAT_CIL := $(built_plat_cil_$(ver))
|
|
|
|
$(system_ext_policy_$(ver).cil): $(system_ext_policy_$(ver).conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil_$(ver))
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
|
|
|
|
$(POLICYVERS) -o $@ $<
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_PLAT_CIL) -t $@
|
|
|
|
# Line markers (denoted by ;;) are malformed after above cmd. They are only
|
|
|
|
# used for debugging, so we remove them.
|
|
|
|
$(hide) grep -v ';;' $@ > $@.tmp
|
|
|
|
$(hide) mv $@.tmp $@
|
|
|
|
# Combine plat_sepolicy.cil and system_ext_sepolicy.cil to make sure that the
|
|
|
|
# latter doesn't accidentally depend on vendor/odm policies.
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
|
|
|
|
$(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL) $@ -o /dev/null -f /dev/null
|
|
|
|
|
|
|
|
system_ext_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
built_system_ext_cil_$(ver) := $(system_ext_policy_$(ver).cil)
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# system_ext_mapping_cil_$(ver).cil: versioned exported system_ext policy
|
|
|
|
#
|
|
|
|
system_ext_mapping_cil_$(ver) := $(intermediates)/system_ext_mapping_$(ver).cil
|
|
|
|
$(system_ext_mapping_cil_$(ver)) : PRIVATE_VERS := $(ver)
|
|
|
|
$(system_ext_mapping_cil_$(ver)) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil_$(ver))
|
2021-03-29 19:03:29 +02:00
|
|
|
$(system_ext_mapping_cil_$(ver)) : $(HOST_OUT_EXECUTABLES)/version_policy
|
|
|
|
$(system_ext_mapping_cil_$(ver)) : $(HOST_OUT_EXECUTABLES)/build_sepolicy
|
|
|
|
$(system_ext_mapping_cil_$(ver)) : $(built_plat_mapping_cil_$(ver))
|
|
|
|
$(system_ext_mapping_cil_$(ver)) : $(system_ext_pub_policy_$(ver).cil)
|
2020-11-09 12:58:58 +01:00
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
# Generate system_ext mapping file as mapping file of 'system' (plat) and 'system_ext'
|
|
|
|
# sepolicy minus plat_mapping_file.
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
|
|
|
|
|
|
|
|
built_system_ext_mapping_cil_$(ver) := $(system_ext_mapping_cil_$(ver))
|
|
|
|
|
|
|
|
endif # ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
ifdef HAS_PRODUCT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# product_policy_$(ver).cil: product policy
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(plat_private_policy_$(ver)) \
|
|
|
|
$(system_ext_public_policy_$(ver)) $(system_ext_private_policy_$(ver)) \
|
|
|
|
$(product_public_policy_$(ver)) $(product_private_policy_$(ver)) )
|
|
|
|
product_policy_$(ver).conf := $(intermediates)/product_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(product_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
product_policy_$(ver).cil := $(intermediates)/product_policy_$(ver).cil
|
|
|
|
$(product_policy_$(ver).cil): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
|
|
|
|
$(product_policy_$(ver).cil): PRIVATE_PLAT_CIL_FILES := $(built_plat_cil_$(ver)) $(built_system_ext_cil_$(ver))
|
|
|
|
$(product_policy_$(ver).cil): $(product_policy_$(ver).conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc \
|
|
|
|
$(built_plat_cil_$(ver)) $(built_system_ext_cil_$(ver))
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
|
|
|
|
$(POLICYVERS) -o $@ $<
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
2021-05-20 11:26:55 +02:00
|
|
|
-f $(PRIVATE_PLAT_CIL_FILES) -t $@
|
2020-11-09 12:58:58 +01:00
|
|
|
# Line markers (denoted by ;;) are malformed after above cmd. They are only
|
|
|
|
# used for debugging, so we remove them.
|
|
|
|
$(hide) grep -v ';;' $@ > $@.tmp
|
|
|
|
$(hide) mv $@.tmp $@
|
|
|
|
# Combine plat_sepolicy.cil, system_ext_sepolicy.cil and product_sepolicy.cil to
|
|
|
|
# make sure that the latter doesn't accidentally depend on vendor/odm policies.
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
|
|
|
|
$(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL_FILES) $@ -o /dev/null -f /dev/null
|
|
|
|
|
|
|
|
product_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
built_product_cil_$(ver) := $(product_policy_$(ver).cil)
|
|
|
|
|
|
|
|
endif # ifdef HAS_PRODUCT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# pub_policy_$(ver).cil: exported plat, system_ext, and product policies
|
|
|
|
#
|
|
|
|
policy_files := $(call build_policy, $(sepolicy_build_files), \
|
|
|
|
$(plat_public_policy_$(ver)) $(system_ext_public_policy_$(ver)) \
|
|
|
|
$(product_public_policy_$(ver)) $(reqd_policy_$(ver)) )
|
|
|
|
pub_policy_$(ver).conf := $(intermediates)/pub_policy_$(ver).conf
|
|
|
|
$(eval $(call policy-to-conf-rule,$(pub_policy_$(ver).conf)))
|
|
|
|
|
|
|
|
pub_policy_$(ver).cil := $(intermediates)/pub_policy_$(ver).cil
|
|
|
|
$(pub_policy_$(ver).cil): PRIVATE_POL_CONF := $(pub_policy_$(ver).conf)
|
|
|
|
$(pub_policy_$(ver).cil): PRIVATE_REQD_MASK := $(reqd_policy_mask_$(ver).cil)
|
|
|
|
$(pub_policy_$(ver).cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(pub_policy_$(ver).conf) $(reqd_policy_mask_$(ver).cil)
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_REQD_MASK) -t $@
|
|
|
|
|
|
|
|
pub_policy_$(ver).conf :=
|
|
|
|
|
|
|
|
ifdef HAS_PRODUCT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# product_mapping_cil_$(ver).cil: versioned exported product policy
|
|
|
|
#
|
|
|
|
product_mapping_cil_$(ver) := $(intermediates)/product_mapping_cil_$(ver).cil
|
|
|
|
$(product_mapping_cil_$(ver)) : PRIVATE_VERS := $(ver)
|
|
|
|
$(product_mapping_cil_$(ver)) : PRIVATE_FILTER_CIL_FILES := $(built_plat_mapping_cil_$(ver)) $(built_system_ext_mapping_cil_$(ver))
|
2021-03-29 19:03:29 +02:00
|
|
|
$(product_mapping_cil_$(ver)) : $(pub_policy_$(ver).cil)
|
|
|
|
$(product_mapping_cil_$(ver)) : $(HOST_OUT_EXECUTABLES)/build_sepolicy
|
|
|
|
$(product_mapping_cil_$(ver)) : $(HOST_OUT_EXECUTABLES)/version_policy
|
|
|
|
$(product_mapping_cil_$(ver)) : $(built_plat_mapping_cil_$(ver))
|
|
|
|
$(product_mapping_cil_$(ver)) : $(built_system_ext_mapping_cil_$(ver))
|
2020-11-09 12:58:58 +01:00
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
# Generate product mapping file as mapping file of all public sepolicy minus
|
|
|
|
# plat_mapping_file and system_ext_mapping_file.
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
|
|
|
|
-f $(PRIVATE_FILTER_CIL_FILES) -t $@
|
|
|
|
|
|
|
|
built_product_mapping_cil_$(ver) := $(product_mapping_cil_$(ver))
|
|
|
|
|
|
|
|
endif # ifdef HAS_PRODUCT_SEPOLICY_DIR
|
|
|
|
|
|
|
|
##################################
|
|
|
|
# plat_pub_versioned_$(ver).cil - the exported platform policy
|
|
|
|
#
|
|
|
|
plat_pub_versioned_$(ver).cil := $(intermediates)/plat_pub_versioned_$(ver).cil
|
|
|
|
$(plat_pub_versioned_$(ver).cil) : PRIVATE_VERS := $(ver)
|
|
|
|
$(plat_pub_versioned_$(ver).cil) : PRIVATE_TGT_POL := $(pub_policy_$(ver).cil)
|
|
|
|
$(plat_pub_versioned_$(ver).cil) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil_$(ver)) $(built_system_ext_cil_$(ver)) \
|
|
|
|
$(built_product_cil_$(ver)) $(built_plat_mapping_cil_$(ver)) $(built_system_ext_mapping_cil_$(ver)) \
|
|
|
|
$(built_product_mapping_cil_$(ver))
|
|
|
|
$(plat_pub_versioned_$(ver).cil) : $(pub_policy_$(ver).cil) $(HOST_OUT_EXECUTABLES)/version_policy \
|
|
|
|
$(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil_$(ver)) $(built_system_ext_cil_$(ver)) $(built_product_cil_$(ver)) \
|
|
|
|
$(built_plat_mapping_cil_$(ver)) $(built_system_ext_mapping_cil_$(ver)) $(built_product_mapping_cil_$(ver))
|
|
|
|
@mkdir -p $(dir $@)
|
|
|
|
$(HOST_OUT_EXECUTABLES)/version_policy -b $< -t $(PRIVATE_TGT_POL) -n $(PRIVATE_VERS) -o $@
|
|
|
|
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
|
|
|
|
$(PRIVATE_DEP_CIL_FILES) $@ -o /dev/null -f /dev/null
|
|
|
|
|
|
|
|
built_pub_vers_cil_$(ver) := $(plat_pub_versioned_$(ver).cil)
|