Use target specific intermediate paths am: 6c6f53b1a8
am: 01cf7fedc3
am: da9ba4e30c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2563992 Change-Id: I9ad490bf13aafb24c00185dbd995e6e57c0679bc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
4e554b8023
6 changed files with 52 additions and 21 deletions
19
Android.bp
19
Android.bp
|
@ -142,6 +142,7 @@ se_policy_conf {
|
|||
system_ext_public_policy +
|
||||
product_public_policy +
|
||||
reqd_mask_policy,
|
||||
vendor: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -150,6 +151,7 @@ se_policy_cil {
|
|||
src: ":pub_policy.conf",
|
||||
filter_out: [":reqd_policy_mask.cil"],
|
||||
secilc_check: false,
|
||||
vendor: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -158,6 +160,7 @@ se_policy_conf {
|
|||
srcs: plat_public_policy +
|
||||
system_ext_public_policy +
|
||||
reqd_mask_policy,
|
||||
system_ext_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -166,6 +169,7 @@ se_policy_cil {
|
|||
src: ":system_ext_pub_policy.conf",
|
||||
filter_out: [":reqd_policy_mask.cil"],
|
||||
secilc_check: false,
|
||||
system_ext_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -290,6 +294,7 @@ se_policy_conf {
|
|||
plat_private_policy +
|
||||
system_ext_public_policy +
|
||||
system_ext_private_policy,
|
||||
system_ext_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -311,6 +316,7 @@ se_policy_conf {
|
|||
system_ext_private_policy +
|
||||
product_public_policy +
|
||||
product_private_policy,
|
||||
product_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -476,6 +482,7 @@ se_policy_conf {
|
|||
":se_build_files{.plat_vendor_for_vendor}",
|
||||
":se_build_files{.vendor}",
|
||||
],
|
||||
vendor: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -484,6 +491,7 @@ se_policy_cil {
|
|||
src: ":vendor_sepolicy.conf",
|
||||
filter_out: [":reqd_policy_mask_for_vendor.cil"],
|
||||
secilc_check: false, // will be done in se_versioned_policy module
|
||||
vendor: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -511,6 +519,7 @@ se_policy_conf {
|
|||
":se_build_files{.vendor}",
|
||||
":se_build_files{.odm}",
|
||||
],
|
||||
device_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -522,6 +531,7 @@ se_policy_cil {
|
|||
":vendor_sepolicy.cil",
|
||||
],
|
||||
secilc_check: false, // will be done in se_versioned_policy module
|
||||
device_specific: true,
|
||||
installable: false,
|
||||
}
|
||||
|
||||
|
@ -795,6 +805,7 @@ se_policy_conf {
|
|||
],
|
||||
target_recovery: true,
|
||||
installable: false,
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
se_policy_cil {
|
||||
|
@ -802,6 +813,7 @@ se_policy_cil {
|
|||
src: ":recovery_sepolicy.conf",
|
||||
secilc_check: false, // will be done in se_policy_binary module
|
||||
installable: false,
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
se_policy_binary {
|
||||
|
@ -864,6 +876,7 @@ se_policy_conf {
|
|||
system_ext_private_policy,
|
||||
build_variant: "user",
|
||||
installable: false,
|
||||
system_ext_specific: true,
|
||||
}
|
||||
|
||||
se_policy_cil {
|
||||
|
@ -892,6 +905,7 @@ se_policy_conf {
|
|||
product_private_policy,
|
||||
build_variant: "user",
|
||||
installable: false,
|
||||
product_specific: true,
|
||||
}
|
||||
|
||||
se_policy_cil {
|
||||
|
@ -936,6 +950,7 @@ se_policy_conf {
|
|||
reqd_mask_policy,
|
||||
build_variant: "user",
|
||||
installable: false,
|
||||
system_ext_specific: true,
|
||||
}
|
||||
|
||||
se_policy_cil {
|
||||
|
@ -944,6 +959,7 @@ se_policy_cil {
|
|||
filter_out: [":reqd_policy_mask.cil"],
|
||||
secilc_check: false,
|
||||
installable: false,
|
||||
system_ext_specific: true,
|
||||
}
|
||||
|
||||
se_policy_conf {
|
||||
|
@ -954,6 +970,7 @@ se_policy_conf {
|
|||
reqd_mask_policy,
|
||||
build_variant: "user",
|
||||
installable: false,
|
||||
product_specific: true,
|
||||
}
|
||||
|
||||
se_policy_cil {
|
||||
|
@ -962,6 +979,7 @@ se_policy_cil {
|
|||
filter_out: [":reqd_policy_mask.cil"],
|
||||
secilc_check: false,
|
||||
installable: false,
|
||||
product_specific: true,
|
||||
}
|
||||
|
||||
// bug_map - Bug tracking information for selinux denials loaded by auditd.
|
||||
|
@ -1008,6 +1026,7 @@ se_neverallow_test {
|
|||
":se_build_files{.vendor}",
|
||||
":se_build_files{.odm}",
|
||||
],
|
||||
vendor: true,
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
|
|
|
@ -209,7 +209,7 @@ func findPolicyConfOrder(name string) int {
|
|||
}
|
||||
|
||||
func (c *policyConf) transformPolicyToConf(ctx android.ModuleContext) android.OutputPath {
|
||||
conf := android.PathForModuleOut(ctx, c.stem()).OutputPath
|
||||
conf := pathForModuleOut(ctx, c.stem())
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
srcs := android.PathsForModuleSrc(ctx, c.properties.Srcs)
|
||||
|
@ -340,7 +340,7 @@ func (c *policyCil) stem() string {
|
|||
}
|
||||
|
||||
func (c *policyCil) compileConfToCil(ctx android.ModuleContext, conf android.Path) android.OutputPath {
|
||||
cil := android.PathForModuleOut(ctx, c.stem()).OutputPath
|
||||
cil := pathForModuleOut(ctx, c.stem())
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
checkpolicyCmd := rule.Command().BuiltTool("checkpolicy").
|
||||
Flag("-C"). // Write CIL
|
||||
|
@ -496,7 +496,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
ctx.PropertyErrorf("srcs", "must be specified")
|
||||
return
|
||||
}
|
||||
bin := android.PathForModuleOut(ctx, c.stem()+"_policy")
|
||||
bin := pathForModuleOut(ctx, c.stem()+"_policy")
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
secilcCmd := rule.Command().BuiltTool("secilc").
|
||||
Flag("-m"). // Multiple decls
|
||||
|
@ -514,7 +514,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
|
||||
// permissive check is performed only in user build (not debuggable).
|
||||
if !ctx.Config().Debuggable() {
|
||||
permissiveDomains := android.PathForModuleOut(ctx, c.stem()+"_permissive")
|
||||
permissiveDomains := pathForModuleOut(ctx, c.stem()+"_permissive")
|
||||
cmd := rule.Command().BuiltTool("sepolicy-analyze").
|
||||
Input(bin).
|
||||
Text("permissive")
|
||||
|
@ -544,7 +544,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|||
Text("; exit 1; fi")
|
||||
}
|
||||
|
||||
out := android.PathForModuleOut(ctx, c.stem())
|
||||
out := pathForModuleOut(ctx, c.stem())
|
||||
rule.Command().Text("cp").
|
||||
Flag("-f").
|
||||
Input(bin).
|
||||
|
|
|
@ -28,3 +28,15 @@ type dependencyTag struct {
|
|||
var (
|
||||
pctx = android.NewPackageContext("android/soong/selinux")
|
||||
)
|
||||
|
||||
// pathForModuleOut is same as android.PathForModuleOut, except that it uses DeviceName() as its
|
||||
// intermediate directory name for system_ext/product/vendor/odm modules, to avoid rebuilding upon
|
||||
// target change. Contents of system modules (core sepolicy) should be identical across devices, so
|
||||
// they falls back to android.PathForModuleOut.
|
||||
func pathForModuleOut(ctx android.ModuleContext, paths ...string) android.OutputPath {
|
||||
if ctx.Platform() && !ctx.InstallInRecovery() {
|
||||
return android.PathForModuleOut(ctx, paths...).OutputPath
|
||||
}
|
||||
|
||||
return android.PathForModuleOut(ctx, ctx.Config().DeviceName()).Join(ctx, paths...)
|
||||
}
|
||||
|
|
|
@ -243,11 +243,11 @@ func (m *selinuxContextsModule) SetImageVariation(ctx android.BaseModuleContext,
|
|||
var _ android.ImageInterface = (*selinuxContextsModule)(nil)
|
||||
|
||||
func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
|
||||
builtContext := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
|
||||
builtContext := pathForModuleOut(ctx, ctx.ModuleName()+"_m4out")
|
||||
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
newlineFile := android.PathForModuleGen(ctx, "newline")
|
||||
newlineFile := pathForModuleOut(ctx, "newline")
|
||||
|
||||
rule.Command().Text("echo").FlagWithOutput("> ", newlineFile)
|
||||
rule.Temporary(newlineFile)
|
||||
|
@ -267,7 +267,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
|
|||
if proptools.Bool(m.properties.Remove_comment) {
|
||||
rule.Temporary(builtContext)
|
||||
|
||||
remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
|
||||
remove_comment_output := pathForModuleOut(ctx, ctx.ModuleName()+"_remove_comment")
|
||||
|
||||
rule.Command().
|
||||
Text("sed -e 's/#.*$//' -e '/^$/d'").
|
||||
|
@ -280,7 +280,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
|
|||
if proptools.Bool(m.properties.Fc_sort) {
|
||||
rule.Temporary(builtContext)
|
||||
|
||||
sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
|
||||
sorted_output := pathForModuleOut(ctx, ctx.ModuleName()+"_sorted")
|
||||
|
||||
rule.Command().
|
||||
Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
|
||||
|
@ -290,7 +290,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
|
|||
builtContext = sorted_output
|
||||
}
|
||||
|
||||
ret := android.PathForModuleGen(ctx, m.stem())
|
||||
ret := pathForModuleOut(ctx, m.stem())
|
||||
rule.Temporary(builtContext)
|
||||
rule.Command().Text("cp").Input(builtContext).Output(ret)
|
||||
|
||||
|
@ -309,7 +309,7 @@ func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inp
|
|||
|
||||
if ctx.Config().FlattenApex() {
|
||||
for _, path := range android.PathsForModuleSrc(ctx, m.fileContextsProperties.Flatten_apex.Srcs) {
|
||||
out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
|
||||
out := pathForModuleOut(ctx, "flattened_apex", path.Rel())
|
||||
apex_path := "/system/apex/" + strings.Replace(
|
||||
strings.TrimSuffix(path.Base(), "-file_contexts"),
|
||||
".", "\\\\.", -1)
|
||||
|
@ -394,7 +394,7 @@ func (m *selinuxContextsModule) checkVendorPropertyNamespace(ctx android.ModuleC
|
|||
cmd.Flag("--strict")
|
||||
}
|
||||
|
||||
out := android.PathForModuleGen(ctx, "namespace_checked").Join(ctx, input.String())
|
||||
out := pathForModuleOut(ctx, "namespace_checked").Join(ctx, input.String())
|
||||
rule.Command().Text("cp -f").Input(input).Output(out)
|
||||
ret = append(ret, out)
|
||||
}
|
||||
|
@ -426,7 +426,7 @@ func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext,
|
|||
|
||||
// check compatibility with sysprop_library
|
||||
if len(apiFiles) > 0 {
|
||||
out := android.PathForModuleGen(ctx, ctx.ModuleName()+"_api_checked")
|
||||
out := pathForModuleOut(ctx, ctx.ModuleName()+"_api_checked")
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
msg := `\n******************************\n` +
|
||||
|
@ -452,8 +452,8 @@ func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext,
|
|||
}
|
||||
|
||||
func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
|
||||
neverallowFile := android.PathForModuleGen(ctx, "neverallow")
|
||||
ret := android.PathForModuleGen(ctx, m.stem())
|
||||
neverallowFile := pathForModuleOut(ctx, "neverallow")
|
||||
ret := pathForModuleOut(ctx, m.stem())
|
||||
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
rule.Command().Text("(grep").
|
||||
|
@ -547,7 +547,7 @@ type contextsTestModule struct {
|
|||
flags []string
|
||||
|
||||
properties contextsTestProperties
|
||||
testTimestamp android.ModuleOutPath
|
||||
testTimestamp android.OutputPath
|
||||
}
|
||||
|
||||
// checkfc parses a context file and checks for syntax errors.
|
||||
|
@ -622,7 +622,7 @@ func (m *contextsTestModule) GenerateAndroidBuildActions(ctx android.ModuleConte
|
|||
Input(sepolicy).
|
||||
Inputs(srcs)
|
||||
|
||||
m.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
|
||||
m.testTimestamp = pathForModuleOut(ctx, "timestamp")
|
||||
rule.Command().Text("touch").Output(m.testTimestamp)
|
||||
rule.Build("contexts_test", "running contexts test: "+ctx.ModuleName())
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@ type neverallowTestProperties struct {
|
|||
type neverallowTestModule struct {
|
||||
android.ModuleBase
|
||||
properties neverallowTestProperties
|
||||
testTimestamp android.ModuleOutPath
|
||||
testTimestamp android.OutputPath
|
||||
}
|
||||
|
||||
type nameProperties struct {
|
||||
|
@ -98,7 +98,7 @@ func (n *neverallowTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
|
|||
}
|
||||
|
||||
func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
||||
n.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
|
||||
n.testTimestamp = pathForModuleOut(ctx, "timestamp")
|
||||
if ctx.Config().SelinuxIgnoreNeverallows() {
|
||||
// just touch
|
||||
android.WriteFileRule(ctx, n.testTimestamp, "")
|
||||
|
@ -146,7 +146,7 @@ func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleCon
|
|||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
// Step 1. Build a binary policy from the conf file including build test
|
||||
binaryPolicy := android.PathForModuleOut(ctx, "policy")
|
||||
binaryPolicy := pathForModuleOut(ctx, "policy")
|
||||
rule.Command().BuiltTool("checkpolicy").
|
||||
Flag("-M").
|
||||
FlagWithArg("-c ", strconv.Itoa(PolicyVers)).
|
||||
|
|
|
@ -103,7 +103,7 @@ func (m *versionedPolicy) GenerateAndroidBuildActions(ctx android.ModuleContext)
|
|||
stem = ctx.ModuleName()
|
||||
}
|
||||
|
||||
out := android.PathForModuleOut(ctx, stem)
|
||||
out := pathForModuleOut(ctx, stem)
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
if proptools.String(m.properties.Base) == "" {
|
||||
|
|
Loading…
Reference in a new issue