Merge changes from topic "vfrc_as_tot_sepolicy" into main

* changes:
  Add 1000000.0 mapping file temporarily
  Fix freeze test condition to board api
This commit is contained in:
Inseob Kim 2024-02-08 01:12:47 +00:00 committed by Gerrit Code Review
commit 569241f82f
2 changed files with 50 additions and 2 deletions

View file

@ -337,6 +337,36 @@ se_versioned_policy {
product_specific: true,
}
// HACK to support vendor blobs using 1000000.0
// TODO(b/314010177): remove after new ToT (202404) fully propagates
se_versioned_policy {
name: "plat_mapping_file_1000000.0",
base: ":plat_pub_policy.cil",
mapping: true,
version: "1000000.0",
relative_install_path: "mapping", // install to /system/etc/selinux/mapping
}
se_versioned_policy {
name: "system_ext_mapping_file_1000000.0",
base: ":system_ext_pub_policy.cil",
mapping: true,
version: "1000000.0",
filter_out: [":plat_mapping_file"],
relative_install_path: "mapping", // install to /system_ext/etc/selinux/mapping
system_ext_specific: true,
}
se_versioned_policy {
name: "product_mapping_file_1000000.0",
base: ":pub_policy.cil",
mapping: true,
version: "1000000.0",
filter_out: [":plat_mapping_file", ":system_ext_mapping_file"],
relative_install_path: "mapping", // install to /product/etc/selinux/mapping
product_specific: true,
}
//////////////////////////////////
// vendor/odm sepolicy
//////////////////////////////////

View file

@ -210,6 +210,12 @@ LOCAL_REQUIRED_MODULES += \
plat_sepolicy.cil \
secilc \
# HACK to support vendor blobs using 1000000.0
# TODO(b/314010177): remove after new ToT (202404) fully propagates
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
LOCAL_REQUIRED_MODULES += plat_mapping_file_1000000.0
endif
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
endif
@ -248,10 +254,10 @@ LOCAL_REQUIRED_MODULES += \
endif # SELINUX_IGNORE_NEVERALLOWS
endif # with_asan
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
ifeq ($(BOARD_API_LEVEL_FROZEN),true)
LOCAL_REQUIRED_MODULES += \
se_freeze_test
endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
endif
include $(BUILD_PHONY_PACKAGE)
@ -278,6 +284,12 @@ ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
LOCAL_REQUIRED_MODULES += \
system_ext_mapping_file
# HACK to support vendor blobs using 1000000.0
# TODO(b/314010177): remove after new ToT (202404) fully propagates
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
LOCAL_REQUIRED_MODULES += system_ext_mapping_file_1000000.0
endif
system_ext_compat_files := $(call build_policy, $(sepolicy_compat_files), $(SYSTEM_EXT_PRIVATE_POLICY))
LOCAL_REQUIRED_MODULES += $(addprefix system_ext_, $(notdir $(system_ext_compat_files)))
@ -326,6 +338,12 @@ ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
LOCAL_REQUIRED_MODULES += \
product_mapping_file
# HACK to support vendor blobs using 1000000.0
# TODO(b/314010177): remove after new ToT (202404) fully propagates
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
LOCAL_REQUIRED_MODULES += product_mapping_file_1000000.0
endif
product_compat_files := $(call build_policy, $(sepolicy_compat_files), $(PRODUCT_PRIVATE_POLICY))
LOCAL_REQUIRED_MODULES += $(addprefix product_, $(notdir $(product_compat_files)))