From 43e188ae3ef97ff5f6280e87b63df26c6362a431 Mon Sep 17 00:00:00 2001 From: Yiming Jing Date: Wed, 14 Oct 2020 20:37:13 +0000 Subject: [PATCH] Merge "Expand the scope of sepolicy_freeze_test" am: 8fea06a779 am: c3aaa34721 am: 3d9c9292ba Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1455040 Expand the scope of sepolicy_freeze_test The existing freeze test only covers the policy files in system/sepolicy alone. There's demand from product teams that would like to implement a freeze test for their sepolicy. Instead of letting them fork the freeze test, we believe expanding the scope of the exising one is in the best interest. $FREEZE_TEST_EXTRA_DIRS and $FREEZE_TEST_EXTRA_PREBUILT_DIRS are added. These build variables could be appended like $PRODUCT_PUBLIC_POLICY. The product team are expected to maintain their policy prebuilts. Bug:171055159 Change-Id: I5558c30f7832a13aaa04f713dd916b74ca05c923 Merged-In: d4103eed2b83cc54ad5273d19aa76a42b365c8d4 (cherry picked from commit 42802445bfae39ca3df8c0fcbb7b872685167213) --- Android.mk | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/Android.mk b/Android.mk index f545b4156..33a08eed0 100644 --- a/Android.mk +++ b/Android.mk @@ -57,6 +57,10 @@ SYSTEM_EXT_PRIVATE_POLICY := $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS) PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS) +# Extra sepolicy and prebuilts directories for sepolicy_freeze_test +FREEZE_TEST_EXTRA_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_DIRS) +FREEZE_TEST_EXTRA_PREBUILT_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS) + ifneq (,$(SYSTEM_EXT_PUBLIC_POLICY)$(SYSTEM_EXT_PRIVATE_POLICY)) HAS_SYSTEM_EXT_SEPOLICY_DIR := true endif @@ -310,6 +314,11 @@ ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) LOCAL_REQUIRED_MODULES += \ sepolicy_freeze_test \ +else +ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) +$(error SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS\ +cannot be set before system/sepolicy freezes.) +endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) include $(BUILD_PHONY_PACKAGE) @@ -1662,6 +1671,11 @@ LOCAL_MODULE_TAGS := optional include $(BUILD_SYSTEM)/base_rules.mk +define ziplist +$(if $(and $1,$2), "$(firstword $1) $(firstword $2)"\ + $(call ziplist,$(wordlist 2,$(words $1),$1),$(wordlist 2,$(words $2),$2))) +endef + base_plat_public := $(LOCAL_PATH)/public base_plat_private := $(LOCAL_PATH)/private base_plat_public_prebuilt := \ @@ -1676,10 +1690,16 @@ $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PUBLIC := $(base_plat_public) $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE := $(base_plat_private) $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PUBLIC_PREBUILT := $(base_plat_public_prebuilt) $(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE_PREBUILT := $(base_plat_private_prebuilt) +$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA := $(sort $(FREEZE_TEST_EXTRA_DIRS)) +$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_PREBUILT := $(sort $(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) $(LOCAL_BUILT_MODULE): $(all_frozen_files) ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC) @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE) +ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) + @for pair in $(call ziplist, $(PRIVATE_EXTRA_PREBUILT), $(PRIVATE_EXTRA)); \ + do diff -rq -x bug_map $$pair; done +endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) $(hide) touch $@