diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go index c9daf7c7b..eb7cb06da 100644 --- a/build/soong/cil_compat_map.go +++ b/build/soong/cil_compat_map.go @@ -20,7 +20,6 @@ package selinux import ( "android/soong/android" "fmt" - "io" "github.com/google/blueprint" "github.com/google/blueprint/proptools" @@ -67,18 +66,21 @@ type cilCompatMapProperties struct { Bottom_half []string `android:"path"` // name of the output Stem *string + // Target version that this module supports. This module will be ignored if platform sepolicy + // version is same as this module's version. + Version *string } type cilCompatMap struct { android.ModuleBase properties cilCompatMapProperties // (.intermediate) module output path as installation source. - installSource android.Path + installSource android.OptionalPath installPath android.InstallPath } type CilCompatMapGenerator interface { - GeneratedMapFile() android.Path + GeneratedMapFile() android.OptionalPath } func expandTopHalf(ctx android.ModuleContext) android.OptionalPath { @@ -87,7 +89,7 @@ func expandTopHalf(ctx android.ModuleContext) android.OptionalPath { depTag := ctx.OtherModuleDependencyTag(dep) switch depTag { case TopHalfDepTag: - topHalf = android.OptionalPathForPath(dep.(CilCompatMapGenerator).GeneratedMapFile()) + topHalf = dep.(CilCompatMapGenerator).GeneratedMapFile() } }) return topHalf @@ -97,7 +99,15 @@ func expandSeSources(ctx android.ModuleContext, srcFiles []string) android.Paths return android.PathsForModuleSrc(ctx, srcFiles) } +func (c *cilCompatMap) shouldSkipBuild(ctx android.ModuleContext) bool { + return proptools.String(c.properties.Version) == ctx.DeviceConfig().PlatformSepolicyVersion() +} + func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) { + if c.shouldSkipBuild(ctx) { + return + } + c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux", "mapping") srcFiles := expandSeSources(ctx, c.properties.Bottom_half) @@ -130,9 +140,9 @@ func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) { "bottomHalf": bottomHalf.String(), }, }) - c.installSource = out + c.installSource = android.OptionalPathForPath(out) } else { - c.installSource = bottomHalf + c.installSource = android.OptionalPathForPath(bottomHalf) } } @@ -142,30 +152,38 @@ func (c *cilCompatMap) DepsMutator(ctx android.BottomUpMutatorContext) { } } -func (c *cilCompatMap) AndroidMk() android.AndroidMkData { - ret := android.AndroidMkData{ - OutputFile: android.OptionalPathForPath(c.installSource), - Class: "ETC", +func (c *cilCompatMap) AndroidMkEntries() []android.AndroidMkEntries { + if !c.installSource.Valid() { + return nil } - ret.Extra = append(ret.Extra, func(w io.Writer, outputFile android.Path) { - fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", c.installPath.String()) - if c.properties.Stem != nil { - fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", String(c.properties.Stem)) - } - }) - return ret + return []android.AndroidMkEntries{android.AndroidMkEntries{ + Class: "ETC", + OutputFile: c.installSource, + ExtraEntries: []android.AndroidMkExtraEntriesFunc{ + func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) { + entries.SetPath("LOCAL_MODULE_PATH", c.installPath) + if c.properties.Stem != nil { + entries.SetString("LOCAL_INSTALLED_MODULE_STEM", String(c.properties.Stem)) + } + }, + }, + }} } var _ CilCompatMapGenerator = (*cilCompatMap)(nil) var _ android.OutputFileProducer = (*cilCompatMap)(nil) -func (c *cilCompatMap) GeneratedMapFile() android.Path { +func (c *cilCompatMap) GeneratedMapFile() android.OptionalPath { return c.installSource } func (c *cilCompatMap) OutputFiles(tag string) (android.Paths, error) { if tag == "" { - return android.Paths{c.installSource}, nil + if c.installSource.Valid() { + return android.Paths{c.installSource.Path()}, nil + } else { + return nil, nil + } } return nil, fmt.Errorf("Unknown tag %q", tag) } diff --git a/build/soong/compat_cil.go b/build/soong/compat_cil.go index 881f7daeb..1f7901b6c 100644 --- a/build/soong/compat_cil.go +++ b/build/soong/compat_cil.go @@ -43,7 +43,7 @@ func compatCilFactory() android.Module { type compatCil struct { android.ModuleBase properties compatCilProperties - installSource android.Path + installSource android.OptionalPath installPath android.InstallPath } @@ -53,6 +53,10 @@ type compatCilProperties struct { // Output file name. Defaults to module name if unspecified. Stem *string + + // Target version that this module supports. This module will be ignored if platform sepolicy + // version is same as this module's version. + Version *string } func (c *compatCil) stem() string { @@ -63,11 +67,19 @@ func (c *compatCil) expandSeSources(ctx android.ModuleContext) android.Paths { return android.PathsForModuleSrc(ctx, c.properties.Srcs) } +func (c *compatCil) shouldSkipBuild(ctx android.ModuleContext) bool { + return proptools.String(c.properties.Version) == ctx.DeviceConfig().PlatformSepolicyVersion() +} + func (c *compatCil) GenerateAndroidBuildActions(ctx android.ModuleContext) { if c.ProductSpecific() || c.SocSpecific() || c.DeviceSpecific() { ctx.ModuleErrorf("Compat cil files only support system and system_ext partitions") } + if c.shouldSkipBuild(ctx) { + return + } + srcPaths := c.expandSeSources(ctx) out := android.PathForModuleGen(ctx, c.Name()) ctx.Build(pctx, android.BuildParams{ @@ -78,14 +90,17 @@ func (c *compatCil) GenerateAndroidBuildActions(ctx android.ModuleContext) { }) c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux", "mapping") - c.installSource = out - ctx.InstallFile(c.installPath, c.stem(), c.installSource) + c.installSource = android.OptionalPathForPath(out) + ctx.InstallFile(c.installPath, c.stem(), out) } func (c *compatCil) AndroidMkEntries() []android.AndroidMkEntries { + if !c.installSource.Valid() { + return nil + } return []android.AndroidMkEntries{android.AndroidMkEntries{ Class: "ETC", - OutputFile: android.OptionalPathForPath(c.installSource), + OutputFile: c.installSource, ExtraEntries: []android.AndroidMkExtraEntriesFunc{ func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) { entries.SetPath("LOCAL_MODULE_PATH", c.installPath) @@ -98,7 +113,11 @@ func (c *compatCil) AndroidMkEntries() []android.AndroidMkEntries { func (c *compatCil) OutputFiles(tag string) (android.Paths, error) { switch tag { case "": - return android.Paths{c.installSource}, nil + if c.installSource.Valid() { + return android.Paths{c.installSource.Path()}, nil + } else { + return nil, nil + } default: return nil, fmt.Errorf("unsupported module reference tag %q", tag) } diff --git a/compat/Android.bp b/compat/Android.bp index 39da7fdec..9768eb131 100644 --- a/compat/Android.bp +++ b/compat/Android.bp @@ -133,6 +133,7 @@ se_cil_compat_map { stem: "29.0.cil", bottom_half: [":29.0.board.compat.map{.plat_private}"], top_half: "plat_30.0.cil", + version: "29.0", } se_cil_compat_map { @@ -140,6 +141,7 @@ se_cil_compat_map { stem: "30.0.cil", bottom_half: [":30.0.board.compat.map{.plat_private}"], top_half: "plat_31.0.cil", + version: "30.0", } se_cil_compat_map { @@ -147,6 +149,7 @@ se_cil_compat_map { stem: "31.0.cil", bottom_half: [":31.0.board.compat.map{.plat_private}"], top_half: "plat_32.0.cil", + version: "31.0", } se_cil_compat_map { @@ -154,6 +157,7 @@ se_cil_compat_map { stem: "32.0.cil", bottom_half: [":32.0.board.compat.map{.plat_private}"], top_half: "plat_33.0.cil", + version: "32.0", } se_cil_compat_map { @@ -161,6 +165,7 @@ se_cil_compat_map { stem: "33.0.cil", bottom_half: [":33.0.board.compat.map{.plat_private}"], top_half: "plat_34.0.cil", + version: "33.0", } se_cil_compat_map { @@ -169,6 +174,7 @@ se_cil_compat_map { bottom_half: [":29.0.board.compat.map{.system_ext_private}"], top_half: "system_ext_30.0.cil", system_ext_specific: true, + version: "29.0", } se_cil_compat_map { @@ -177,6 +183,7 @@ se_cil_compat_map { bottom_half: [":30.0.board.compat.map{.system_ext_private}"], top_half: "system_ext_31.0.cil", system_ext_specific: true, + version: "30.0", } se_cil_compat_map { @@ -185,6 +192,7 @@ se_cil_compat_map { bottom_half: [":31.0.board.compat.map{.system_ext_private}"], top_half: "system_ext_32.0.cil", system_ext_specific: true, + version: "31.0", } se_cil_compat_map { @@ -193,6 +201,7 @@ se_cil_compat_map { bottom_half: [":32.0.board.compat.map{.system_ext_private}"], top_half: "system_ext_33.0.cil", system_ext_specific: true, + version: "32.0", } se_cil_compat_map { @@ -201,6 +210,7 @@ se_cil_compat_map { bottom_half: [":33.0.board.compat.map{.system_ext_private}"], system_ext_specific: true, top_half: "system_ext_34.0.cil", + version: "33.0", } se_cil_compat_map { @@ -209,6 +219,7 @@ se_cil_compat_map { bottom_half: [":29.0.board.compat.map{.product_private}"], top_half: "product_30.0.cil", product_specific: true, + version: "29.0", } se_cil_compat_map { @@ -217,6 +228,7 @@ se_cil_compat_map { bottom_half: [":30.0.board.compat.map{.product_private}"], top_half: "product_31.0.cil", product_specific: true, + version: "30.0", } se_cil_compat_map { @@ -225,6 +237,7 @@ se_cil_compat_map { bottom_half: [":31.0.board.compat.map{.product_private}"], top_half: "product_32.0.cil", product_specific: true, + version: "31.0", } se_cil_compat_map { @@ -233,6 +246,7 @@ se_cil_compat_map { bottom_half: [":32.0.board.compat.map{.product_private}"], top_half: "product_33.0.cil", product_specific: true, + version: "32.0", } se_cil_compat_map { @@ -241,36 +255,42 @@ se_cil_compat_map { bottom_half: [":33.0.board.compat.map{.product_private}"], product_specific: true, top_half: "product_34.0.cil", + version: "33.0", } se_cil_compat_map { name: "29.0.ignore.cil", bottom_half: [":29.0.board.ignore.map{.plat_private}"], top_half: "30.0.ignore.cil", + version: "29.0", } se_cil_compat_map { name: "30.0.ignore.cil", bottom_half: [":30.0.board.ignore.map{.plat_private}"], top_half: "31.0.ignore.cil", + version: "30.0", } se_cil_compat_map { name: "31.0.ignore.cil", bottom_half: [":31.0.board.ignore.map{.plat_private}"], top_half: "32.0.ignore.cil", + version: "31.0", } se_cil_compat_map { name: "32.0.ignore.cil", bottom_half: [":32.0.board.ignore.map{.plat_private}"], top_half: "33.0.ignore.cil", + version: "32.0", } se_cil_compat_map { name: "33.0.ignore.cil", bottom_half: [":33.0.board.ignore.map{.plat_private}"], top_half: "34.0.ignore.cil", + version: "33.0", } se_cil_compat_map { @@ -278,6 +298,7 @@ se_cil_compat_map { bottom_half: [":30.0.board.ignore.map{.system_ext_private}"], top_half: "system_ext_31.0.ignore.cil", system_ext_specific: true, + version: "30.0", } se_cil_compat_map { @@ -285,6 +306,7 @@ se_cil_compat_map { bottom_half: [":31.0.board.ignore.map{.system_ext_private}"], top_half: "system_ext_32.0.ignore.cil", system_ext_specific: true, + version: "31.0", } se_cil_compat_map { @@ -292,6 +314,7 @@ se_cil_compat_map { bottom_half: [":32.0.board.ignore.map{.system_ext_private}"], top_half: "system_ext_33.0.ignore.cil", system_ext_specific: true, + version: "32.0", } se_cil_compat_map { @@ -299,6 +322,7 @@ se_cil_compat_map { bottom_half: [":33.0.board.ignore.map{.system_ext_private}"], system_ext_specific: true, top_half: "system_ext_34.0.ignore.cil", + version: "33.0", } se_cil_compat_map { @@ -306,6 +330,7 @@ se_cil_compat_map { bottom_half: [":30.0.board.ignore.map{.product_private}"], top_half: "product_31.0.ignore.cil", product_specific: true, + version: "30.0", } se_cil_compat_map { @@ -313,6 +338,7 @@ se_cil_compat_map { bottom_half: [":31.0.board.ignore.map{.product_private}"], top_half: "product_32.0.ignore.cil", product_specific: true, + version: "31.0", } se_cil_compat_map { @@ -320,6 +346,7 @@ se_cil_compat_map { bottom_half: [":32.0.board.ignore.map{.product_private}"], top_half: "product_33.0.ignore.cil", product_specific: true, + version: "32.0", } se_cil_compat_map { @@ -327,31 +354,37 @@ se_cil_compat_map { bottom_half: [":33.0.board.ignore.map{.product_private}"], product_specific: true, top_half: "product_34.0.ignore.cil", + version: "33.0", } se_compat_cil { name: "29.0.compat.cil", srcs: [":29.0.board.compat.cil{.plat_private}"], + version: "29.0", } se_compat_cil { name: "30.0.compat.cil", srcs: [":30.0.board.compat.cil{.plat_private}"], + version: "30.0", } se_compat_cil { name: "31.0.compat.cil", srcs: [":31.0.board.compat.cil{.plat_private}"], + version: "31.0", } se_compat_cil { name: "32.0.compat.cil", srcs: [":32.0.board.compat.cil{.plat_private}"], + version: "32.0", } se_compat_cil { name: "33.0.compat.cil", srcs: [":33.0.board.compat.cil{.plat_private}"], + version: "33.0", } se_compat_cil { @@ -359,6 +392,7 @@ se_compat_cil { srcs: [":29.0.board.compat.cil{.system_ext_private}"], stem: "29.0.compat.cil", system_ext_specific: true, + version: "29.0", } se_compat_cil { @@ -366,6 +400,7 @@ se_compat_cil { srcs: [":30.0.board.compat.cil{.system_ext_private}"], stem: "30.0.compat.cil", system_ext_specific: true, + version: "30.0", } se_compat_cil { @@ -373,6 +408,7 @@ se_compat_cil { srcs: [":31.0.board.compat.cil{.system_ext_private}"], stem: "31.0.compat.cil", system_ext_specific: true, + version: "31.0", } se_compat_cil { @@ -380,6 +416,7 @@ se_compat_cil { srcs: [":32.0.board.compat.cil{.system_ext_private}"], stem: "32.0.compat.cil", system_ext_specific: true, + version: "32.0", } se_compat_cil { @@ -387,6 +424,7 @@ se_compat_cil { srcs: [":33.0.board.compat.cil{.system_ext_private}"], stem: "33.0.compat.cil", system_ext_specific: true, + version: "33.0", } se_compat_test { @@ -412,6 +450,7 @@ se_cil_compat_map { name: "plat_34.0.cil", stem: "34.0.cil", bottom_half: [":34.0.board.compat.map{.plat_private}"], + version: "34.0", } se_cil_compat_map { @@ -419,6 +458,7 @@ se_cil_compat_map { stem: "34.0.cil", bottom_half: [":34.0.board.compat.map{.system_ext_private}"], system_ext_specific: true, + version: "34.0", } se_cil_compat_map { @@ -426,11 +466,13 @@ se_cil_compat_map { stem: "34.0.cil", bottom_half: [":34.0.board.compat.map{.product_private}"], product_specific: true, + version: "34.0", } se_cil_compat_map { name: "34.0.ignore.cil", bottom_half: [":34.0.board.ignore.map{.plat_private}"], + version: "34.0", } se_cil_compat_map { @@ -438,6 +480,7 @@ se_cil_compat_map { stem: "34.0.ignore.cil", bottom_half: [":34.0.board.ignore.map{.system_ext_private}"], system_ext_specific: true, + version: "34.0", } se_cil_compat_map { @@ -445,11 +488,13 @@ se_cil_compat_map { stem: "34.0.ignore.cil", bottom_half: [":34.0.board.ignore.map{.product_private}"], product_specific: true, + version: "34.0", } se_compat_cil { name: "34.0.compat.cil", srcs: [":34.0.board.compat.cil{.plat_private}"], + version: "34.0", } se_compat_cil { @@ -457,4 +502,5 @@ se_compat_cil { stem: "34.0.compat.cil", srcs: [":34.0.board.compat.cil{.system_ext_private}"], system_ext_specific: true, + version: "34.0", } diff --git a/tools/sepolicy_generate_compat.py b/tools/sepolicy_generate_compat.py index cd61c9aa8..a941d6f78 100644 --- a/tools/sepolicy_generate_compat.py +++ b/tools/sepolicy_generate_compat.py @@ -223,6 +223,7 @@ se_cil_compat_map {{ name: "plat_{ver}.cil", stem: "{ver}.cil", bottom_half: [":{ver}.board.compat.map{{.plat_private}}"], + version: "{ver}", }} se_cil_compat_map {{ @@ -230,6 +231,7 @@ se_cil_compat_map {{ stem: "{ver}.cil", bottom_half: [":{ver}.board.compat.map{{.system_ext_private}}"], system_ext_specific: true, + version: "{ver}", }} se_cil_compat_map {{ @@ -237,11 +239,13 @@ se_cil_compat_map {{ stem: "{ver}.cil", bottom_half: [":{ver}.board.compat.map{{.product_private}}"], product_specific: true, + version: "{ver}", }} se_cil_compat_map {{ name: "{ver}.ignore.cil", bottom_half: [":{ver}.board.ignore.map{{.plat_private}}"], + version: "{ver}", }} se_cil_compat_map {{ @@ -249,6 +253,7 @@ se_cil_compat_map {{ stem: "{ver}.ignore.cil", bottom_half: [":{ver}.board.ignore.map{{.system_ext_private}}"], system_ext_specific: true, + version: "{ver}", }} se_cil_compat_map {{ @@ -256,11 +261,13 @@ se_cil_compat_map {{ stem: "{ver}.ignore.cil", bottom_half: [":{ver}.board.ignore.map{{.product_private}}"], product_specific: true, + version: "{ver}", }} se_compat_cil {{ name: "{ver}.compat.cil", srcs: [":{ver}.board.compat.cil{{.plat_private}}"], + version: "{ver}", }} se_compat_cil {{ @@ -268,6 +275,7 @@ se_compat_cil {{ stem: "{ver}.compat.cil", srcs: [":{ver}.board.compat.cil{{.system_ext_private}}"], system_ext_specific: true, + version: "{ver}", }} """