Add sepolicy_vers for plat_sepolicy_vers.txt

plat_sepolicy_vers.txt stores the version of vendor policy. This change
adds sepolicy_vers module to migrate plat_sepolicy_vers.txt to
Android.bp.

- Device's plat_sepolicy_vers: should be BOARD_SEPOLICY_VERS
- Microdroid's plat_sepolicy_vers: should be PLATFORM_SEPOLICY_VERSION
because all microdroid artifacts are bound to platform

Bug: 33691272
Test: boot device && boot microdroid
Change-Id: Ida293e1cb785b44fa1d01543d52d3f8e15b055c2

Android.bp

@@ -824,6 +824,12 @@ prebuilt_etc {
     product_specific: true,
 }
 
+sepolicy_vers {
+    name: "plat_sepolicy_vers.txt",
+    version: "vendor",
+    vendor: true,
+}
+
 //////////////////////////////////
 // SELinux policy embedded into CTS.
 // CTS checks neverallow rules of this policy against the policy of the device under test.
@@ -888,3 +894,10 @@ se_versioned_policy {
     filter_out: [":microdroid_plat_pub_versioned.cil"],
     installable: false,
 }
+
+sepolicy_vers {
+    name: "microdroid_plat_sepolicy_vers.txt",
+    version: "platform",
+    stem: "plat_sepolicy_vers.txt",
+    installable: false,
+}

Android.mk

@@ -834,25 +834,6 @@ userdebug_plat_policy.conf :=
 #################################
 include $(CLEAR_VARS)
 
-LOCAL_MODULE := plat_sepolicy_vers.txt
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_PROPRIETARY_MODULE := true
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_SEPOL_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE) :
-	mkdir -p $(dir $@)
-	echo $(PRIVATE_PLAT_SEPOL_VERS) > $@
-
-#################################
-include $(CLEAR_VARS)
-
 # vendor_policy.cil - the vendor sepolicy. This needs attributization and to be combined
 # with the platform-provided policy.  It makes use of the reqd_policy_mask files from private
 # policy and the platform public policy files in order to use checkpolicy.

build/soong/Android.bp

@@ -38,6 +38,7 @@ bootstrap_go_package {
         "policy.go",
         "selinux.go",
         "selinux_contexts.go",
+        "sepolicy_vers.go",
         "versioned_policy.go",
     ],
     pluginFor: ["soong_build"],

build/soong/sepolicy_vers.go

@@ -0,0 +1,114 @@
+// Copyright 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+	"fmt"
+
+	"github.com/google/blueprint/proptools"
+
+	"android/soong/android"
+)
+
+func init() {
+	android.RegisterModuleType("sepolicy_vers", sepolicyVersFactory)
+}
+
+// sepolicy_vers prints sepolicy version string to {partition}/etc/selinux.
+func sepolicyVersFactory() android.Module {
+	v := &sepolicyVers{}
+	v.AddProperties(&v.properties)
+	android.InitAndroidArchModule(v, android.DeviceSupported, android.MultilibCommon)
+	return v
+}
+
+type sepolicyVers struct {
+	android.ModuleBase
+	properties    sepolicyVersProperties
+	installSource android.Path
+	installPath   android.InstallPath
+}
+
+type sepolicyVersProperties struct {
+	// Version to output. Can be "platform" for PLATFORM_SEPOLICY_VERSION, "vendor" for
+	// BOARD_SEPOLICY_VERS
+	Version *string
+
+	// Output file name. Defaults to module name if unspecified.
+	Stem *string
+
+	// Whether this module is directly installable to one of the partitions. Default is true
+	Installable *bool
+}
+
+func (v *sepolicyVers) installable() bool {
+	return proptools.BoolDefault(v.properties.Installable, true)
+}
+
+func (v *sepolicyVers) stem() string {
+	return proptools.StringDefault(v.properties.Stem, v.Name())
+}
+
+func (v *sepolicyVers) DepsMutator(ctx android.BottomUpMutatorContext) {
+	// do nothing
+}
+
+func (v *sepolicyVers) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+	var ver string
+	switch proptools.String(v.properties.Version) {
+	case "platform":
+		ver = ctx.DeviceConfig().PlatformSepolicyVersion()
+	case "vendor":
+		ver = ctx.DeviceConfig().BoardSepolicyVers()
+	default:
+		ctx.PropertyErrorf("version", `should be either "platform" or "vendor"`)
+	}
+
+	out := android.PathForModuleGen(ctx, v.stem())
+
+	rule := android.NewRuleBuilder(pctx, ctx)
+	rule.Command().Text("echo").Text(ver).Text(">").Output(out)
+	rule.Build("sepolicy_vers", v.Name())
+
+	v.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+	v.installSource = out
+	ctx.InstallFile(v.installPath, v.stem(), v.installSource)
+
+	if !v.installable() {
+		v.SkipInstall()
+	}
+}
+
+func (v *sepolicyVers) AndroidMkEntries() []android.AndroidMkEntries {
+	return []android.AndroidMkEntries{android.AndroidMkEntries{
+		Class:      "ETC",
+		OutputFile: android.OptionalPathForPath(v.installSource),
+		ExtraEntries: []android.AndroidMkExtraEntriesFunc{
+			func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
+				entries.SetPath("LOCAL_MODULE_PATH", v.installPath.ToMakePath())
+				entries.SetString("LOCAL_INSTALLED_MODULE_STEM", v.stem())
+			},
+		},
+	}}
+}
+
+func (v *sepolicyVers) OutputFiles(tag string) (android.Paths, error) {
+	if tag == "" {
+		return android.Paths{v.installSource}, nil
+	}
+	return nil, fmt.Errorf("Unknown tag %q", tag)
+}
+
+var _ android.OutputFileProducer = (*sepolicyVers)(nil)