Build recovery policy with Android.bp

Bug: 33691272 Test: enter recovery mode Change-Id: Ifc38ed99e6615431d81ade76ec10ea4d34fbbf90
2021-12-28 14:57:03 +09:00 · 2021-12-28 14:57:03 +09:00 · 5bbcd68dcc
commit 5bbcd68dcc
parent ca043d348f
3 changed files with 56 additions and 61 deletions
--- a/Android.bp
+++ b/Android.bp
@ -817,6 +817,32 @@ precompiled_se_policy_binary {
    ],
 }

+// policy for recovery
+se_policy_conf {
+    name: "recovery_sepolicy.conf",
+    srcs: plat_policies_for_vendor + [
+        ":se_build_files{.plat_vendor_for_vendor}",
+        ":se_build_files{.vendor}",
+        ":se_build_files{.odm}",
+    ],
+    target_recovery: true,
+    installable: false,
+}
+
+se_policy_cil {
+    name: "recovery_sepolicy.cil",
+    src: ":recovery_sepolicy.conf",
+    secilc_check: false, // will be done in se_policy_binary module
+    installable: false,
+}
+
+se_policy_binary {
+    name: "sepolicy.recovery",
+    srcs: [":recovery_sepolicy.cil"],
+    stem: "sepolicy",
+    recovery: true,
+}
+
 //////////////////////////////////
 // SELinux policy embedded into CTS.
 // CTS checks neverallow rules of this policy against the policy of the device under test.
--- a/Android.mk
+++ b/Android.mk
@ -603,66 +603,6 @@ include $(BUILD_SYSTEM)/base_rules.mk
 $(LOCAL_BUILT_MODULE): $(built_sepolicy)
 	$(copy-file-to-target)

-#################################
-include $(CLEAR_VARS)
-
-# keep concrete sepolicy for neverallow checks
-# If SELINUX_IGNORE_NEVERALLOWS is set, we use sed to remove the neverallow lines before compiling.
-
-LOCAL_MODULE := sepolicy.recovery
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_STEM := sepolicy
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-# We use vendor version's policy files because recovery partition is vendor-owned.
-policy_files := $(call build_policy, $(sepolicy_build_files), \
-  $(plat_public_policy_$(BOARD_SEPOLICY_VERS)) $(plat_private_policy_$(BOARD_SEPOLICY_VERS)) \
-  $(system_ext_public_policy_$(BOARD_SEPOLICY_VERS)) $(system_ext_private_policy_$(BOARD_SEPOLICY_VERS)) \
-  $(product_public_policy_$(BOARD_SEPOLICY_VERS)) $(product_private_policy_$(BOARD_SEPOLICY_VERS)) \
-  $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
-sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
-$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
-$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
-$(sepolicy.recovery.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
-$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
-$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
-$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
-$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
-$(sepolicy.recovery.conf): PRIVATE_ENFORCE_DEBUGFS_RESTRICTION := $(enforce_debugfs_restriction)
-$(sepolicy.recovery.conf): PRIVATE_POLICY_FILES := $(policy_files)
-$(sepolicy.recovery.conf): $(policy_files) $(M4)
-	$(transform-policy-to-conf)
-	$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
-
-ifeq ($(SELINUX_IGNORE_NEVERALLOWS),true)
-	$(hide) sed -z 's/\n\s*neverallow[^;]*;/\n/g' $@ > $@.neverallow
-	$(hide) mv $@.neverallow $@
-endif
-
-$(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
-                       $(HOST_OUT_EXECUTABLES)/sepolicy-analyze
-	@mkdir -p $(dir $@)
-	$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \
-		$(POLICYVERS) -o $@.tmp $<
-	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
-	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
-		echo "==========" 1>&2; \
-		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
-		echo "List of invalid domains:" 1>&2; \
-		cat $@.permissivedomains 1>&2; \
-		exit 1; \
-		fi
-	$(hide) mv $@.tmp $@
-
-sepolicy.recovery.conf :=
-
 ##################################
 # TODO - remove this.   Keep around until we get the filesystem creation stuff taken care of.
 #
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@ -83,6 +83,9 @@ type policyConfProperties struct {
 	// Whether to build CTS specific policy or not. Default is false
 	Cts *bool

+	// Whether to build recovery specific policy or not. Default is false
+	Target_recovery *bool
+
 	// Whether this module is directly installable to one of the partitions. Default is true
 	Installable *bool
 }
@ -130,6 +133,10 @@ func (c *policyConf) cts() bool {
 	return proptools.Bool(c.properties.Cts)
 }

+func (c *policyConf) isTargetRecovery() bool {
+	return proptools.Bool(c.properties.Target_recovery)
+}
+
 func (c *policyConf) withAsan(ctx android.ModuleContext) string {
 	isAsanDevice := android.InList("address", ctx.Config().SanitizeDevice())
 	return strconv.FormatBool(proptools.BoolDefault(c.properties.With_asan, isAsanDevice))
@ -139,6 +146,9 @@ func (c *policyConf) sepolicySplit(ctx android.ModuleContext) string {
 	if c.cts() {
 		return "cts"
 	}
+	if c.isTargetRecovery() {
+		return "false"
+	}
 	return strconv.FormatBool(ctx.DeviceConfig().SepolicySplit())
 }

@ -146,6 +156,9 @@ func (c *policyConf) compatibleProperty(ctx android.ModuleContext) string {
 	if c.cts() {
 		return "cts"
 	}
+	if c.isTargetRecovery() {
+		return "false"
+	}
 	return "true"
 }

@ -153,6 +166,9 @@ func (c *policyConf) trebleSyspropNeverallow(ctx android.ModuleContext) string {
 	if c.cts() {
 		return "cts"
 	}
+	if c.isTargetRecovery() {
+		return "false"
+	}
 	return strconv.FormatBool(!ctx.DeviceConfig().BuildBrokenTrebleSyspropNeverallow())
 }

@ -160,6 +176,9 @@ func (c *policyConf) enforceSyspropOwner(ctx android.ModuleContext) string {
 	if c.cts() {
 		return "cts"
 	}
+	if c.isTargetRecovery() {
+		return "false"
+	}
 	return strconv.FormatBool(!ctx.DeviceConfig().BuildBrokenEnforceSyspropOwner())
 }

@ -206,6 +225,7 @@ func (c *policyConf) transformPolicyToConf(ctx android.ModuleContext) android.Ou
 		FlagWithArg("-D target_exclude_build_test=", strconv.FormatBool(proptools.Bool(c.properties.Exclude_build_test))).
 		FlagWithArg("-D target_requires_insecure_execmem_for_swiftshader=", strconv.FormatBool(ctx.DeviceConfig().RequiresInsecureExecmemForSwiftshader())).
 		FlagWithArg("-D target_enforce_debugfs_restriction=", c.enforceDebugfsRestrictions(ctx)).
+		FlagWithArg("-D target_recovery=", strconv.FormatBool(c.isTargetRecovery())).
 		Flag("-s").
 		Inputs(srcs).
 		Text("> ").Output(conf)
@ -439,6 +459,10 @@ func policyBinaryFactory() android.Module {
 	return c
 }

+func (c *policyBinary) InstallInRoot() bool {
+	return c.InstallInRecovery()
+}
+
 func (c *policyBinary) Installable() bool {
 	return proptools.BoolDefault(c.properties.Installable, true)
 }
@ -505,7 +529,12 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 		c.SkipInstall()
 	}

-	c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+	if c.InstallInRecovery() {
+		// install in root
+		c.installPath = android.PathForModuleInstall(ctx)
+	} else {
+		c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+	}
 	c.installSource = out
 	ctx.InstallFile(c.installPath, c.stem(), c.installSource)
 }