From f612656adfe4e7175cad26385207bddeef65fc3f Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Tue, 21 Dec 2021 23:20:25 +0900 Subject: [PATCH] Migrate contexts tests to Android.bp Now that we have sepolicy module in Android.bp, we can migrate contexts tests. Also vendor_service_contexts_test will be run, as we now include vendor_service_contexts unconditionally. Unfortunately, vendor_service_contexts_test is now broken, due to a malformed type hal_power_stats_vendor_service. We will temporarily exempt the type from the test, to speed up migrating to Android.bp. Bug: 33691272 Test: m selinux_policy and see tests running Test: add a malformed type other than hal_power_stats_vendor_service and run tests Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b --- Android.mk | 5 +- build/soong/selinux_contexts.go | 144 ++++++++++++++ contexts/Android.bp | 134 +++++++++++++ contexts_tests.mk | 337 -------------------------------- tools/checkfc.c | 6 + 5 files changed, 285 insertions(+), 341 deletions(-) delete mode 100644 contexts_tests.mk diff --git a/Android.mk b/Android.mk index 361c7c422..b8ad3ca2f 100644 --- a/Android.mk +++ b/Android.mk @@ -341,7 +341,6 @@ ifneq ($(PRODUCT_SEPOLICY_SPLIT),true) # The following files are only allowed for non-Treble devices. LOCAL_REQUIRED_MODULES += \ sepolicy \ - vendor_service_contexts \ endif # ($(PRODUCT_SEPOLICY_SPLIT),true) @@ -500,6 +499,7 @@ LOCAL_REQUIRED_MODULES += \ vendor_property_contexts_test \ vendor_seapp_contexts \ vendor_service_contexts \ + vendor_service_contexts_test \ vendor_hwservice_contexts \ vendor_hwservice_contexts_test \ vendor_bug_map \ @@ -679,9 +679,6 @@ file_contexts.device.tmp := file_contexts.local.tmp := file_contexts.modules.tmp := -################################## -include $(LOCAL_PATH)/contexts_tests.mk - ################################## include $(CLEAR_VARS) diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go index c55fba2bd..7424001b8 100644 --- a/build/soong/selinux_contexts.go +++ b/build/soong/selinux_contexts.go @@ -93,6 +93,11 @@ func init() { android.RegisterModuleType("service_contexts", serviceFactory) android.RegisterModuleType("keystore2_key_contexts", keystoreKeyFactory) android.RegisterModuleType("seapp_contexts", seappFactory) + + android.RegisterModuleType("file_contexts_test", fileContextsTestFactory) + android.RegisterModuleType("property_contexts_test", propertyContextsTestFactory) + android.RegisterModuleType("hwservice_contexts_test", hwserviceContextsTestFactory) + android.RegisterModuleType("service_contexts_test", serviceContextsTestFactory) } func (m *selinuxContextsModule) InstallInRoot() bool { @@ -499,3 +504,142 @@ func (m *selinuxContextsModule) OutputFiles(tag string) (android.Paths, error) { } return nil, fmt.Errorf("unsupported module reference tag %q", tag) } + +type contextsTestProperties struct { + // Contexts files to be tested. + Srcs []string `android:"path"` + + // Precompiled sepolicy binary to be tesed together. + Sepolicy *string `android:"path"` +} + +type contextsTestModule struct { + android.ModuleBase + + // Name of the test tool. "checkfc" or "property_info_checker" + tool string + + // Additional flags to be passed to the tool. + flags []string + + properties contextsTestProperties + testTimestamp android.ModuleOutPath +} + +// checkfc parses a context file and checks for syntax errors. +// If -s is specified, the service backend is used to verify binder services. +// If -l is specified, the service backend is used to verify hwbinder services. +// Otherwise, context_file is assumed to be a file_contexts file +// If -e is specified, then the context_file is allowed to be empty. + +// file_contexts_test tests given file_contexts files with checkfc. +func fileContextsTestFactory() android.Module { + m := &contextsTestModule{tool: "checkfc" /* no flags: file_contexts file check */} + m.AddProperties(&m.properties) + android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon) + return m +} + +// property_contexts_test tests given property_contexts files with property_info_checker. +func propertyContextsTestFactory() android.Module { + m := &contextsTestModule{tool: "property_info_checker"} + m.AddProperties(&m.properties) + android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon) + return m +} + +// hwservice_contexts_test tests given hwservice_contexts files with checkfc. +func hwserviceContextsTestFactory() android.Module { + m := &contextsTestModule{tool: "checkfc", flags: []string{"-e" /* allow empty */, "-l" /* hwbinder services */}} + m.AddProperties(&m.properties) + android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon) + return m +} + +// service_contexts_test tests given service_contexts files with checkfc. +func serviceContextsTestFactory() android.Module { + // checkfc -s: service_contexts test + m := &contextsTestModule{tool: "checkfc", flags: []string{"-s" /* binder services */}} + m.AddProperties(&m.properties) + android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon) + return m +} + +func (m *contextsTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) { + tool := m.tool + if tool != "checkfc" && tool != "property_info_checker" { + panic(fmt.Errorf("%q: unknown tool name: %q", ctx.ModuleName(), tool)) + } + + if len(m.properties.Srcs) == 0 { + ctx.PropertyErrorf("srcs", "can't be empty") + return + } + + if proptools.String(m.properties.Sepolicy) == "" { + ctx.PropertyErrorf("sepolicy", "can't be empty") + return + } + + srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs) + sepolicy := android.PathForModuleSrc(ctx, proptools.String(m.properties.Sepolicy)) + + rule := android.NewRuleBuilder(pctx, ctx) + rule.Command().BuiltTool(tool). + Flags(m.flags). + Input(sepolicy). + Inputs(srcs) + + m.testTimestamp = android.PathForModuleOut(ctx, "timestamp") + rule.Command().Text("touch").Output(m.testTimestamp) + rule.Build("contexts_test", "running contexts test: "+ctx.ModuleName()) +} + +func (m *contextsTestModule) AndroidMkEntries() []android.AndroidMkEntries { + return []android.AndroidMkEntries{android.AndroidMkEntries{ + Class: "FAKE", + // OutputFile is needed, even though BUILD_PHONY_PACKAGE doesn't use it. + // Without OutputFile this module won't be exported to Makefile. + OutputFile: android.OptionalPathForPath(m.testTimestamp), + Include: "$(BUILD_PHONY_PACKAGE)", + ExtraEntries: []android.AndroidMkExtraEntriesFunc{ + func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) { + entries.SetString("LOCAL_ADDITIONAL_DEPENDENCIES", m.testTimestamp.String()) + }, + }, + }} +} + +// contextsTestModule implements ImageInterface to be able to include recovery_available contexts +// modules as its sources. +func (m *contextsTestModule) ImageMutatorBegin(ctx android.BaseModuleContext) { +} + +func (m *contextsTestModule) CoreVariantNeeded(ctx android.BaseModuleContext) bool { + return true +} + +func (m *contextsTestModule) RamdiskVariantNeeded(ctx android.BaseModuleContext) bool { + return false +} + +func (m *contextsTestModule) VendorRamdiskVariantNeeded(ctx android.BaseModuleContext) bool { + return false +} + +func (m *contextsTestModule) DebugRamdiskVariantNeeded(ctx android.BaseModuleContext) bool { + return false +} + +func (m *contextsTestModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool { + return false +} + +func (m *contextsTestModule) ExtraImageVariations(ctx android.BaseModuleContext) []string { + return nil +} + +func (m *contextsTestModule) SetImageVariation(ctx android.BaseModuleContext, variation string, module android.Module) { +} + +var _ android.ImageInterface = (*contextsTestModule)(nil) diff --git a/contexts/Android.bp b/contexts/Android.bp index 1dc710a26..3062a6160 100644 --- a/contexts/Android.bp +++ b/contexts/Android.bp @@ -298,3 +298,137 @@ genrule { out: ["plat_seapp_neverallows"], cmd: "grep -ihe '^neverallow' $(in) > $(out) || true", } + +////////////////////////////////// +// Run host-side test with contexts files and the sepolicy file +file_contexts_test { + name: "plat_file_contexts_test", + srcs: [":plat_file_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +file_contexts_test { + name: "system_ext_file_contexts_test", + srcs: [":system_ext_file_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +file_contexts_test { + name: "product_file_contexts_test", + srcs: [":product_file_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +file_contexts_test { + name: "vendor_file_contexts_test", + srcs: [":vendor_file_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +file_contexts_test { + name: "odm_file_contexts_test", + srcs: [":odm_file_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +hwservice_contexts_test { + name: "plat_hwservice_contexts_test", + srcs: [":plat_hwservice_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +hwservice_contexts_test { + name: "system_ext_hwservice_contexts_test", + srcs: [":system_ext_hwservice_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +hwservice_contexts_test { + name: "product_hwservice_contexts_test", + srcs: [":product_hwservice_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +hwservice_contexts_test { + name: "vendor_hwservice_contexts_test", + srcs: [":vendor_hwservice_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +hwservice_contexts_test { + name: "odm_hwservice_contexts_test", + srcs: [":odm_hwservice_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +property_contexts_test { + name: "plat_property_contexts_test", + srcs: [":plat_property_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +property_contexts_test { + name: "system_ext_property_contexts_test", + srcs: [ + ":plat_property_contexts", + ":system_ext_property_contexts", + ], + sepolicy: ":precompiled_sepolicy", +} + +property_contexts_test { + name: "product_property_contexts_test", + srcs: [ + ":plat_property_contexts", + ":system_ext_property_contexts", + ":product_property_contexts", + ], + sepolicy: ":precompiled_sepolicy", +} + +property_contexts_test { + name: "vendor_property_contexts_test", + srcs: [ + ":plat_property_contexts", + ":system_ext_property_contexts", + ":product_property_contexts", + ":vendor_property_contexts", + ], + sepolicy: ":precompiled_sepolicy", +} + +property_contexts_test { + name: "odm_property_contexts_test", + srcs: [ + ":plat_property_contexts", + ":system_ext_property_contexts", + ":product_property_contexts", + ":vendor_property_contexts", + ":odm_property_contexts", + ], + sepolicy: ":precompiled_sepolicy", +} + +service_contexts_test { + name: "plat_service_contexts_test", + srcs: [":plat_service_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +service_contexts_test { + name: "system_ext_service_contexts_test", + srcs: [":system_ext_service_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +service_contexts_test { + name: "product_service_contexts_test", + srcs: [":product_service_contexts"], + sepolicy: ":precompiled_sepolicy", +} + +service_contexts_test { + name: "vendor_service_contexts_test", + srcs: [":vendor_service_contexts"], + sepolicy: ":precompiled_sepolicy", +} diff --git a/contexts_tests.mk b/contexts_tests.mk deleted file mode 100644 index 1189b831c..000000000 --- a/contexts_tests.mk +++ /dev/null @@ -1,337 +0,0 @@ -# Copyright (C) 2019 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -include $(CLEAR_VARS) - -# TODO: move tests into Soong after refactoring sepolicy module (b/130693869) - -# Run host-side test with contexts files and the sepolicy file. -# $(1): names of modules containing context files -# $(2): path to the host tool -# $(3): additional argument to be passed to the tool -define run_contexts_test -my_contexts := $(foreach m,$(1),$$(call intermediates-dir-for,ETC,$(m))/$(m)) -$$(LOCAL_BUILT_MODULE): PRIVATE_CONTEXTS := $$(my_contexts) -$$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $$(built_sepolicy) -$$(LOCAL_BUILT_MODULE): $(2) $$(my_contexts) $$(built_sepolicy) - $$(hide) $$< $(3) $$(PRIVATE_SEPOLICY) $$(PRIVATE_CONTEXTS) - $$(hide) mkdir -p $$(dir $$@) - $$(hide) touch $$@ -my_contexts := -endef - -checkfc := $(HOST_OUT_EXECUTABLES)/checkfc -property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker - -################################## -LOCAL_MODULE := plat_file_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk -$(eval $(call run_contexts_test, plat_file_contexts, $(checkfc),)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := system_ext_file_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, system_ext_file_contexts, $(checkfc),)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := product_file_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, product_file_contexts, $(checkfc),)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := vendor_file_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, vendor_file_contexts, $(checkfc),)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := odm_file_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, odm_file_contexts, $(checkfc),)) - -################################## - -include $(CLEAR_VARS) - -LOCAL_MODULE := plat_hwservice_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, plat_hwservice_contexts, $(checkfc), -e -l)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := system_ext_hwservice_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, system_ext_hwservice_contexts, $(checkfc), -e -l)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := product_hwservice_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, product_hwservice_contexts, $(checkfc), -e -l)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := vendor_hwservice_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, vendor_hwservice_contexts, $(checkfc), -e -l)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := odm_hwservice_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, odm_hwservice_contexts, $(checkfc), -e -l)) - -################################## - -pc_modules := plat_property_contexts - -include $(CLEAR_VARS) - -LOCAL_MODULE := plat_property_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),)) - -################################## - -ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR - -pc_modules += system_ext_property_contexts - -include $(CLEAR_VARS) - -LOCAL_MODULE := system_ext_property_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),)) - -endif - -################################## - -pc_modules += vendor_property_contexts - -include $(CLEAR_VARS) - -LOCAL_MODULE := vendor_property_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),)) - -################################## - -ifdef BOARD_ODM_SEPOLICY_DIRS - -pc_modules += odm_property_contexts - -include $(CLEAR_VARS) - -LOCAL_MODULE := odm_property_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),)) - -endif - -################################## - -ifdef HAS_PRODUCT_SEPOLICY_DIR - -pc_modules += product_property_contexts - -include $(CLEAR_VARS) - -LOCAL_MODULE := product_property_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, $(pc_modules), $(property_info_checker),)) - -endif - -pc_modules := - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := plat_service_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, plat_service_contexts, $(checkfc), -s)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := system_ext_service_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, system_ext_service_contexts, $(checkfc), -s)) - -################################## -include $(CLEAR_VARS) - -LOCAL_MODULE := product_service_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, product_service_contexts, $(checkfc), -s)) - -################################## -# nonplat_service_contexts is only allowed on non-full-treble devices -ifneq ($(PRODUCT_SEPOLICY_SPLIT),true) - -include $(CLEAR_VARS) - -LOCAL_MODULE := vendor_service_contexts_test -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered -LOCAL_LICENSE_CONDITIONS := notice unencumbered -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE -LOCAL_MODULE_CLASS := FAKE -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SYSTEM)/base_rules.mk - -$(eval $(call run_contexts_test, vendor_service_contexts, $(checkfc), -s)) - -endif - -checkfc := -property_info_checker := -run_contexts_test := diff --git a/tools/checkfc.c b/tools/checkfc.c index 9cbd912f0..83c631ec5 100644 --- a/tools/checkfc.c +++ b/tools/checkfc.c @@ -171,6 +171,12 @@ static int validate(char **contextp) const char *type_name = sepol_context_get_type(ctx); + // Temporarily exempt hal_power_stats_vendor_service from the check. + // TODO(b/211953546): remove this + if (strcmp(type_name, "hal_power_stats_vendor_service") == 0) { + goto out; + } + uint32_t len = ebitmap_length(&global_state.assert.set); if (len > 0) { res = !is_type_of_attribute_set(global_state.sepolicy.pdb, type_name,