From 601ebb43a32114b7431cb61de95211f4e7c2a886 Mon Sep 17 00:00:00 2001 From: Bob Badour Date: Wed, 3 Feb 2021 23:07:40 -0800 Subject: [PATCH] [LSC] Add LOCAL_LICENSE_KINDS to system/sepolicy Added SPDX-license-identifier-Apache-2.0 to: build/Android.bp build/soong/Android.bp tests/Android.bp tools/Android.bp Added SPDX-license-identifier-Apache-2.0 legacy_unencumbered to: Android.bp Android.mk compat.mk contexts_tests.mk mac_permissions.mk seapp_contexts.mk treble_sepolicy_tests_for_release.mk Added legacy_unencumbered to: apex/Android.bp tools/sepolicy-analyze/Android.bp Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: I1ab286543ef1bdcb494cf74f2b35e35a08225d28 --- Android.bp | 30 +++++++++ Android.mk | 99 ++++++++++++++++++++++++++++ apex/Android.bp | 8 +++ build/Android.bp | 8 +++ build/soong/Android.bp | 8 +++ compat.mk | 3 + contexts_tests.mk | 57 ++++++++++++++++ mac_permissions.mk | 15 +++++ seapp_contexts.mk | 18 +++++ tests/Android.bp | 8 +++ tools/Android.bp | 8 +++ tools/sepolicy-analyze/Android.bp | 8 +++ treble_sepolicy_tests_for_release.mk | 3 + 13 files changed, 273 insertions(+) diff --git a/Android.bp b/Android.bp index 2ca424d98..ac2e51688 100644 --- a/Android.bp +++ b/Android.bp @@ -12,6 +12,36 @@ // See the License for the specific language governing permissions and // limitations under the License. +package { + default_applicable_licenses: ["system_sepolicy_license"], +} + +// Added automatically by a large-scale-change that took the approach of +// 'apply every license found to every target'. While this makes sure we respect +// every license restriction, it may not be entirely correct. +// +// e.g. GPL in an MIT project might only apply to the contrib/ directory. +// +// Please consider splitting the single license below into multiple licenses, +// taking care not to lose any license_kind information, and overriding the +// default license using the 'licenses: [...]' property on targets as needed. +// +// For unused files, consider creating a 'filegroup' with "//visibility:private" +// to attach the license to, and including a comment whether the files may be +// used in the current project. +// http://go/android-license-faq +license { + name: "system_sepolicy_license", + visibility: [":__subpackages__"], + license_kinds: [ + "SPDX-license-identifier-Apache-2.0", + "legacy_unencumbered", + ], + license_text: [ + "NOTICE", + ], +} + cc_defaults { name: "selinux_policy_version", cflags: ["-DSEPOLICY_VERSION=30"], } se_filegroup { diff --git a/Android.mk b/Android.mk index 8afd5a81a..77513a0b0 100644 --- a/Android.mk +++ b/Android.mk @@ -334,6 +334,9 @@ endef include $(CLEAR_VARS) LOCAL_MODULE := selinux_policy +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_TAGS := optional LOCAL_REQUIRED_MODULES += \ selinux_policy_nonsystem \ @@ -348,6 +351,9 @@ droidcore: selinux_policy include $(CLEAR_VARS) LOCAL_MODULE := selinux_policy_system +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE # These build targets are not used on non-Treble devices. However, we build these to avoid # divergence between Treble and non-Treble devices. LOCAL_REQUIRED_MODULES += \ @@ -418,6 +424,9 @@ include $(BUILD_PHONY_PACKAGE) include $(CLEAR_VARS) LOCAL_MODULE := selinux_policy_system_ext +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE # Include precompiled policy, unless told otherwise. ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false) LOCAL_REQUIRED_MODULES += system_ext_sepolicy_and_mapping.sha256 @@ -459,6 +468,9 @@ include $(BUILD_PHONY_PACKAGE) include $(CLEAR_VARS) LOCAL_MODULE := selinux_policy_product +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE # Include precompiled policy, unless told otherwise. ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false) LOCAL_REQUIRED_MODULES += product_sepolicy_and_mapping.sha256 @@ -500,6 +512,9 @@ include $(BUILD_PHONY_PACKAGE) include $(CLEAR_VARS) LOCAL_MODULE := selinux_policy_nonsystem +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE # Include precompiled policy, unless told otherwise. ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false) LOCAL_REQUIRED_MODULES += \ @@ -573,6 +588,9 @@ endif include $(CLEAR_VARS) LOCAL_MODULE := sepolicy_neverallows +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -651,6 +669,9 @@ ifeq ($(mixed_sepolicy_build),true) include $(CLEAR_VARS) LOCAL_MODULE := sepolicy_neverallows_vendor +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -875,6 +896,9 @@ plat_pub_policy.conf := include $(CLEAR_VARS) LOCAL_MODULE := plat_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux @@ -925,6 +949,9 @@ plat_policy.conf := include $(CLEAR_VARS) LOCAL_MODULE := userdebug_plat_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_DEBUG_RAMDISK_OUT) @@ -972,6 +999,9 @@ include $(CLEAR_VARS) ifdef HAS_SYSTEM_EXT_SEPOLICY LOCAL_MODULE := system_ext_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux @@ -1029,6 +1059,9 @@ include $(CLEAR_VARS) ifdef HAS_PRODUCT_SEPOLICY LOCAL_MODULE := product_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux @@ -1087,6 +1120,9 @@ endif # ifdef HAS_PRODUCT_SEPOLICY include $(CLEAR_VARS) LOCAL_MODULE := plat_sepolicy_vers.txt +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -1103,6 +1139,9 @@ $(LOCAL_BUILT_MODULE) : include $(CLEAR_VARS) LOCAL_MODULE := plat_mapping_file +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1125,6 +1164,9 @@ include $(CLEAR_VARS) ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY LOCAL_MODULE := system_ext_mapping_file +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1152,6 +1194,9 @@ include $(CLEAR_VARS) ifdef HAS_PRODUCT_PUBLIC_SEPOLICY LOCAL_MODULE := product_mapping_file +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1180,6 +1225,9 @@ include $(CLEAR_VARS) # plat_pub_versioned.cil - the exported platform policy associated with the version # that non-platform policy targets. LOCAL_MODULE := plat_pub_versioned.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -1210,6 +1258,9 @@ include $(CLEAR_VARS) # with the platform-provided policy. It makes use of the reqd_policy_mask files from private # policy and the platform public policy files in order to use checkpolicy. LOCAL_MODULE := vendor_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -1271,6 +1322,9 @@ ifdef BOARD_ODM_SEPOLICY_DIRS # with the platform-provided policy. It makes use of the reqd_policy_mask files from private # policy and the platform public policy files in order to use checkpolicy. LOCAL_MODULE := odm_sepolicy.cil +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -1332,6 +1386,9 @@ endif include $(CLEAR_VARS) LOCAL_MODULE := precompiled_sepolicy +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_PROPRIETARY_MODULE := true @@ -1395,6 +1452,9 @@ all_cil_files := include $(CLEAR_VARS) LOCAL_MODULE := plat_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH = $(TARGET_OUT)/etc/selinux @@ -1408,6 +1468,9 @@ $(LOCAL_BUILT_MODULE): $(built_plat_cil) $(built_plat_mapping_cil) include $(CLEAR_VARS) LOCAL_MODULE := system_ext_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH = $(TARGET_OUT_SYSTEM_EXT)/etc/selinux @@ -1421,6 +1484,9 @@ $(LOCAL_BUILT_MODULE): $(built_system_ext_cil) $(built_system_ext_mapping_cil) include $(CLEAR_VARS) LOCAL_MODULE := product_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH = $(TARGET_OUT_PRODUCT)/etc/selinux @@ -1436,6 +1502,9 @@ $(LOCAL_BUILT_MODULE): $(built_product_cil) $(built_product_mapping_cil) ################################# include $(CLEAR_VARS) LOCAL_MODULE := precompiled_sepolicy.plat_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1457,6 +1526,9 @@ $(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_p ################################# include $(CLEAR_VARS) LOCAL_MODULE := precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1478,6 +1550,9 @@ $(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_system_ext_cil) $(b ################################# include $(CLEAR_VARS) LOCAL_MODULE := precompiled_sepolicy.product_sepolicy_and_mapping.sha256 +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1498,6 +1573,9 @@ include $(CLEAR_VARS) # build this target so that we can still perform neverallow checks LOCAL_MODULE := sepolicy +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) @@ -1557,6 +1635,9 @@ include $(CLEAR_VARS) # If SELINUX_IGNORE_NEVERALLOWS is set, we use sed to remove the neverallow lines before compiling. LOCAL_MODULE := sepolicy.recovery +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_STEM := sepolicy LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional @@ -1613,6 +1694,9 @@ sepolicy.recovery.conf := include $(CLEAR_VARS) LOCAL_MODULE := general_sepolicy.conf +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := tests @@ -1641,6 +1725,9 @@ $(LOCAL_BUILT_MODULE): $(policy_files) $(M4) include $(CLEAR_VARS) LOCAL_MODULE := file_contexts.bin +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) @@ -1735,6 +1822,9 @@ file_contexts.modules.tmp := include $(CLEAR_VARS) LOCAL_MODULE := selinux_denial_metadata +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux @@ -1758,6 +1848,9 @@ include $(LOCAL_PATH)/contexts_tests.mk include $(CLEAR_VARS) LOCAL_MODULE := vndservice_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux @@ -1788,6 +1881,9 @@ include $(LOCAL_PATH)/mac_permissions.mk ################################# include $(CLEAR_VARS) LOCAL_MODULE := sepolicy_tests +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -1914,6 +2010,9 @@ all_fc_args := ################################# include $(CLEAR_VARS) LOCAL_MODULE := sepolicy_freeze_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional diff --git a/apex/Android.bp b/apex/Android.bp index 762dd5402..2ffaa9e99 100644 --- a/apex/Android.bp +++ b/apex/Android.bp @@ -13,6 +13,14 @@ // limitations under the License. +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // legacy_unencumbered + default_applicable_licenses: ["system_sepolicy_license"], +} + filegroup { name: "apex.test-file_contexts", srcs: [ diff --git a/build/Android.bp b/build/Android.bp index d3f1fc36b..5298f71a2 100644 --- a/build/Android.bp +++ b/build/Android.bp @@ -12,6 +12,14 @@ // See the License for the specific language governing permissions and // limitations under the License. +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["system_sepolicy_license"], +} + python_binary_host { name: "build_sepolicy", srcs: [ diff --git a/build/soong/Android.bp b/build/soong/Android.bp index 699a2a448..5f951ce18 100644 --- a/build/soong/Android.bp +++ b/build/soong/Android.bp @@ -12,6 +12,14 @@ // See the License for the specific language governing permissions and // limitations under the License. +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["system_sepolicy_license"], +} + bootstrap_go_package { name: "soong-selinux", pkgPath: "android/soong/selinux", diff --git a/compat.mk b/compat.mk index 2b691ec6f..4aed8648f 100644 --- a/compat.mk +++ b/compat.mk @@ -5,6 +5,9 @@ include $(CLEAR_VARS) # build this target to ensure the compat permissions files all build against the current policy # LOCAL_MODULE := $(version)_compat_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_REQUIRED_MODULES := $(version).compat.cil LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional diff --git a/contexts_tests.mk b/contexts_tests.mk index 076408a54..1189b831c 100644 --- a/contexts_tests.mk +++ b/contexts_tests.mk @@ -36,6 +36,9 @@ property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker ################################## LOCAL_MODULE := plat_file_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -46,6 +49,9 @@ $(eval $(call run_contexts_test, plat_file_contexts, $(checkfc),)) include $(CLEAR_VARS) LOCAL_MODULE := system_ext_file_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -57,6 +63,9 @@ $(eval $(call run_contexts_test, system_ext_file_contexts, $(checkfc),)) include $(CLEAR_VARS) LOCAL_MODULE := product_file_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -68,6 +77,9 @@ $(eval $(call run_contexts_test, product_file_contexts, $(checkfc),)) include $(CLEAR_VARS) LOCAL_MODULE := vendor_file_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -79,6 +91,9 @@ $(eval $(call run_contexts_test, vendor_file_contexts, $(checkfc),)) include $(CLEAR_VARS) LOCAL_MODULE := odm_file_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -91,6 +106,9 @@ $(eval $(call run_contexts_test, odm_file_contexts, $(checkfc),)) include $(CLEAR_VARS) LOCAL_MODULE := plat_hwservice_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -102,6 +120,9 @@ $(eval $(call run_contexts_test, plat_hwservice_contexts, $(checkfc), -e -l)) include $(CLEAR_VARS) LOCAL_MODULE := system_ext_hwservice_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -113,6 +134,9 @@ $(eval $(call run_contexts_test, system_ext_hwservice_contexts, $(checkfc), -e - include $(CLEAR_VARS) LOCAL_MODULE := product_hwservice_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -124,6 +148,9 @@ $(eval $(call run_contexts_test, product_hwservice_contexts, $(checkfc), -e -l)) include $(CLEAR_VARS) LOCAL_MODULE := vendor_hwservice_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -135,6 +162,9 @@ $(eval $(call run_contexts_test, vendor_hwservice_contexts, $(checkfc), -e -l)) include $(CLEAR_VARS) LOCAL_MODULE := odm_hwservice_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -149,6 +179,9 @@ pc_modules := plat_property_contexts include $(CLEAR_VARS) LOCAL_MODULE := plat_property_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -165,6 +198,9 @@ pc_modules += system_ext_property_contexts include $(CLEAR_VARS) LOCAL_MODULE := system_ext_property_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -181,6 +217,9 @@ pc_modules += vendor_property_contexts include $(CLEAR_VARS) LOCAL_MODULE := vendor_property_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -197,6 +236,9 @@ pc_modules += odm_property_contexts include $(CLEAR_VARS) LOCAL_MODULE := odm_property_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -215,6 +257,9 @@ pc_modules += product_property_contexts include $(CLEAR_VARS) LOCAL_MODULE := product_property_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -230,6 +275,9 @@ pc_modules := include $(CLEAR_VARS) LOCAL_MODULE := plat_service_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -241,6 +289,9 @@ $(eval $(call run_contexts_test, plat_service_contexts, $(checkfc), -s)) include $(CLEAR_VARS) LOCAL_MODULE := system_ext_service_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -252,6 +303,9 @@ $(eval $(call run_contexts_test, system_ext_service_contexts, $(checkfc), -s)) include $(CLEAR_VARS) LOCAL_MODULE := product_service_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional @@ -266,6 +320,9 @@ ifneq ($(PRODUCT_SEPOLICY_SPLIT),true) include $(CLEAR_VARS) LOCAL_MODULE := vendor_service_contexts_test +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional diff --git a/mac_permissions.mk b/mac_permissions.mk index 02376bc9d..566c82bc4 100644 --- a/mac_permissions.mk +++ b/mac_permissions.mk @@ -1,6 +1,9 @@ include $(CLEAR_VARS) LOCAL_MODULE := plat_mac_permissions.xml +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux @@ -39,6 +42,9 @@ plat_mac_perms_keys.tmp := include $(CLEAR_VARS) LOCAL_MODULE := system_ext_mac_permissions.xml +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux @@ -70,6 +76,9 @@ all_system_ext_mac_perms_keys := include $(CLEAR_VARS) LOCAL_MODULE := product_mac_permissions.xml +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux @@ -101,6 +110,9 @@ all_product_mac_perms_keys := include $(CLEAR_VARS) LOCAL_MODULE := vendor_mac_permissions.xml +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux @@ -133,6 +145,9 @@ all_vendor_mac_perms_keys := include $(CLEAR_VARS) LOCAL_MODULE := odm_mac_permissions.xml +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux diff --git a/seapp_contexts.mk b/seapp_contexts.mk index 462fa2779..b33b82087 100644 --- a/seapp_contexts.mk +++ b/seapp_contexts.mk @@ -1,5 +1,8 @@ include $(CLEAR_VARS) LOCAL_MODULE := plat_seapp_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux @@ -20,6 +23,9 @@ plat_sc_files := ################################## include $(CLEAR_VARS) LOCAL_MODULE := system_ext_seapp_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux @@ -43,6 +49,9 @@ plat_sc_neverallow_files := ################################## include $(CLEAR_VARS) LOCAL_MODULE := product_seapp_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux @@ -66,6 +75,9 @@ plat_sc_neverallow_files := ################################## include $(CLEAR_VARS) LOCAL_MODULE := vendor_seapp_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux @@ -89,6 +101,9 @@ vendor_sc_files := ################################## include $(CLEAR_VARS) LOCAL_MODULE := odm_seapp_contexts +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := optional LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux @@ -112,6 +127,9 @@ odm_sc_files := ################################## include $(CLEAR_VARS) LOCAL_MODULE := plat_seapp_neverallows +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_TAGS := tests diff --git a/tests/Android.bp b/tests/Android.bp index 926b5e414..5925fc289 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -1,3 +1,11 @@ +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["system_sepolicy_license"], +} + cc_library_host_shared { name: "libsepolwrap", srcs: ["sepol_wrap.cpp"], diff --git a/tools/Android.bp b/tools/Android.bp index 2809c9d25..a6a15a5b2 100644 --- a/tools/Android.bp +++ b/tools/Android.bp @@ -14,6 +14,14 @@ * limitations under the License. */ +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["system_sepolicy_license"], +} + cc_defaults { name: "sepolicy_tools_defaults", cflags: [ diff --git a/tools/sepolicy-analyze/Android.bp b/tools/sepolicy-analyze/Android.bp index ff40c1628..bb6b70119 100644 --- a/tools/sepolicy-analyze/Android.bp +++ b/tools/sepolicy-analyze/Android.bp @@ -1,3 +1,11 @@ +package { + // http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // the below license kinds from "system_sepolicy_license": + // legacy_unencumbered + default_applicable_licenses: ["system_sepolicy_license"], +} + cc_binary_host { name: "sepolicy-analyze", defaults: ["sepolicy_tools_defaults"], diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk index 0195e5f26..fdfe9ee60 100644 --- a/treble_sepolicy_tests_for_release.mk +++ b/treble_sepolicy_tests_for_release.mk @@ -5,6 +5,9 @@ include $(CLEAR_VARS) # permissions granted do not violate the treble model. Also ensure that treble # compatibility guarantees are upheld between SELinux version bumps. LOCAL_MODULE := treble_sepolicy_tests_$(version) +LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE LOCAL_MODULE_CLASS := FAKE LOCAL_MODULE_TAGS := optional