Merge changes from topic "vfrc_as_tot_sepolicy" into main
* changes: Add 1000000.0 mapping file temporarily Fix freeze test condition to board api
This commit is contained in:
commit
569241f82f
2 changed files with 50 additions and 2 deletions
30
Android.bp
30
Android.bp
|
@ -337,6 +337,36 @@ se_versioned_policy {
|
||||||
product_specific: true,
|
product_specific: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HACK to support vendor blobs using 1000000.0
|
||||||
|
// TODO(b/314010177): remove after new ToT (202404) fully propagates
|
||||||
|
se_versioned_policy {
|
||||||
|
name: "plat_mapping_file_1000000.0",
|
||||||
|
base: ":plat_pub_policy.cil",
|
||||||
|
mapping: true,
|
||||||
|
version: "1000000.0",
|
||||||
|
relative_install_path: "mapping", // install to /system/etc/selinux/mapping
|
||||||
|
}
|
||||||
|
|
||||||
|
se_versioned_policy {
|
||||||
|
name: "system_ext_mapping_file_1000000.0",
|
||||||
|
base: ":system_ext_pub_policy.cil",
|
||||||
|
mapping: true,
|
||||||
|
version: "1000000.0",
|
||||||
|
filter_out: [":plat_mapping_file"],
|
||||||
|
relative_install_path: "mapping", // install to /system_ext/etc/selinux/mapping
|
||||||
|
system_ext_specific: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
se_versioned_policy {
|
||||||
|
name: "product_mapping_file_1000000.0",
|
||||||
|
base: ":pub_policy.cil",
|
||||||
|
mapping: true,
|
||||||
|
version: "1000000.0",
|
||||||
|
filter_out: [":plat_mapping_file", ":system_ext_mapping_file"],
|
||||||
|
relative_install_path: "mapping", // install to /product/etc/selinux/mapping
|
||||||
|
product_specific: true,
|
||||||
|
}
|
||||||
|
|
||||||
//////////////////////////////////
|
//////////////////////////////////
|
||||||
// vendor/odm sepolicy
|
// vendor/odm sepolicy
|
||||||
//////////////////////////////////
|
//////////////////////////////////
|
||||||
|
|
22
Android.mk
22
Android.mk
|
@ -210,6 +210,12 @@ LOCAL_REQUIRED_MODULES += \
|
||||||
plat_sepolicy.cil \
|
plat_sepolicy.cil \
|
||||||
secilc \
|
secilc \
|
||||||
|
|
||||||
|
# HACK to support vendor blobs using 1000000.0
|
||||||
|
# TODO(b/314010177): remove after new ToT (202404) fully propagates
|
||||||
|
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
|
||||||
|
LOCAL_REQUIRED_MODULES += plat_mapping_file_1000000.0
|
||||||
|
endif
|
||||||
|
|
||||||
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
|
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
|
||||||
LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
|
LOCAL_REQUIRED_MODULES += plat_sepolicy_and_mapping.sha256
|
||||||
endif
|
endif
|
||||||
|
@ -248,10 +254,10 @@ LOCAL_REQUIRED_MODULES += \
|
||||||
endif # SELINUX_IGNORE_NEVERALLOWS
|
endif # SELINUX_IGNORE_NEVERALLOWS
|
||||||
endif # with_asan
|
endif # with_asan
|
||||||
|
|
||||||
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
ifeq ($(BOARD_API_LEVEL_FROZEN),true)
|
||||||
LOCAL_REQUIRED_MODULES += \
|
LOCAL_REQUIRED_MODULES += \
|
||||||
se_freeze_test
|
se_freeze_test
|
||||||
endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
endif
|
||||||
|
|
||||||
include $(BUILD_PHONY_PACKAGE)
|
include $(BUILD_PHONY_PACKAGE)
|
||||||
|
|
||||||
|
@ -278,6 +284,12 @@ ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
|
||||||
LOCAL_REQUIRED_MODULES += \
|
LOCAL_REQUIRED_MODULES += \
|
||||||
system_ext_mapping_file
|
system_ext_mapping_file
|
||||||
|
|
||||||
|
# HACK to support vendor blobs using 1000000.0
|
||||||
|
# TODO(b/314010177): remove after new ToT (202404) fully propagates
|
||||||
|
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
|
||||||
|
LOCAL_REQUIRED_MODULES += system_ext_mapping_file_1000000.0
|
||||||
|
endif
|
||||||
|
|
||||||
system_ext_compat_files := $(call build_policy, $(sepolicy_compat_files), $(SYSTEM_EXT_PRIVATE_POLICY))
|
system_ext_compat_files := $(call build_policy, $(sepolicy_compat_files), $(SYSTEM_EXT_PRIVATE_POLICY))
|
||||||
|
|
||||||
LOCAL_REQUIRED_MODULES += $(addprefix system_ext_, $(notdir $(system_ext_compat_files)))
|
LOCAL_REQUIRED_MODULES += $(addprefix system_ext_, $(notdir $(system_ext_compat_files)))
|
||||||
|
@ -326,6 +338,12 @@ ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
|
||||||
LOCAL_REQUIRED_MODULES += \
|
LOCAL_REQUIRED_MODULES += \
|
||||||
product_mapping_file
|
product_mapping_file
|
||||||
|
|
||||||
|
# HACK to support vendor blobs using 1000000.0
|
||||||
|
# TODO(b/314010177): remove after new ToT (202404) fully propagates
|
||||||
|
ifneq (true,$(BOARD_API_LEVEL_FROZEN))
|
||||||
|
LOCAL_REQUIRED_MODULES += product_mapping_file_1000000.0
|
||||||
|
endif
|
||||||
|
|
||||||
product_compat_files := $(call build_policy, $(sepolicy_compat_files), $(PRODUCT_PRIVATE_POLICY))
|
product_compat_files := $(call build_policy, $(sepolicy_compat_files), $(PRODUCT_PRIVATE_POLICY))
|
||||||
|
|
||||||
LOCAL_REQUIRED_MODULES += $(addprefix product_, $(notdir $(product_compat_files)))
|
LOCAL_REQUIRED_MODULES += $(addprefix product_, $(notdir $(product_compat_files)))
|
||||||
|
|
Loading…
Reference in a new issue