Move sepolicy_test to Android.bp
Bug: 33691272 Test: m selinux_policy triggers sepolicy_test Change-Id: I1618c2a35b3ce9d747db3955788427dc422fd532
This commit is contained in:
parent
8ce2e156d0
commit
61257ca545
3 changed files with 62 additions and 23 deletions
26
Android.bp
26
Android.bp
|
@ -1103,3 +1103,29 @@ se_neverallow_test {
|
|||
se_freeze_test {
|
||||
name: "sepolicy_freeze_test",
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
// sepolicy_test checks various types of violations, which can't be easily done
|
||||
// by CIL itself. Refer tests/sepolicy_tests.py for more detail.
|
||||
//////////////////////////////////
|
||||
genrule {
|
||||
name: "sepolicy_test",
|
||||
srcs: [
|
||||
":plat_file_contexts",
|
||||
":vendor_file_contexts",
|
||||
":system_ext_file_contexts",
|
||||
":product_file_contexts",
|
||||
":odm_file_contexts",
|
||||
":precompiled_sepolicy",
|
||||
],
|
||||
tools: ["sepolicy_tests"],
|
||||
out: ["sepolicy_test"],
|
||||
cmd: "$(location sepolicy_tests) " +
|
||||
"-f $(location :plat_file_contexts) " +
|
||||
"-f $(location :vendor_file_contexts) " +
|
||||
"-f $(location :system_ext_file_contexts) " +
|
||||
"-f $(location :product_file_contexts) " +
|
||||
"-f $(location :odm_file_contexts) " +
|
||||
"-p $(location :precompiled_sepolicy) && " +
|
||||
"touch $(out)",
|
||||
}
|
||||
|
|
24
Android.mk
24
Android.mk
|
@ -347,9 +347,13 @@ endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
|
|||
ifneq ($(with_asan),true)
|
||||
ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
|
||||
LOCAL_REQUIRED_MODULES += \
|
||||
sepolicy_tests \
|
||||
sepolicy_compat_test \
|
||||
|
||||
# HACK: sepolicy_test is implemented as genrule
|
||||
# genrule modules aren't installable, so LOCAL_REQUIRED_MODULES doesn't work.
|
||||
# Instead, use LOCAL_ADDITIONAL_DEPENDENCIES with intermediate output
|
||||
LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_test)/sepolicy_test
|
||||
|
||||
ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
|
||||
LOCAL_REQUIRED_MODULES += \
|
||||
$(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
|
||||
|
@ -697,17 +701,6 @@ vndservice_contexts.tmp :=
|
|||
##################################
|
||||
include $(LOCAL_PATH)/mac_permissions.mk
|
||||
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := sepolicy_tests
|
||||
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
||||
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
||||
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
||||
LOCAL_MODULE_CLASS := FAKE
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_fc_files := $(TARGET_OUT)/etc/selinux/plat_file_contexts
|
||||
all_fc_files += $(TARGET_OUT_VENDOR)/etc/selinux/vendor_file_contexts
|
||||
ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
|
||||
|
@ -721,13 +714,6 @@ all_fc_files += $(TARGET_OUT_ODM)/etc/selinux/odm_file_contexts
|
|||
endif
|
||||
all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(ALL_FC_ARGS) -p $(PRIVATE_SEPOLICY)
|
||||
$(hide) touch $@
|
||||
|
||||
##################################
|
||||
# Tests for Treble compatibility of current platform policy and vendor policy of
|
||||
# given release version.
|
||||
|
|
|
@ -67,28 +67,55 @@ file_contexts {
|
|||
":file_contexts_files{.vendor}",
|
||||
],
|
||||
soc_specific: true,
|
||||
recovery_available: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "vendor_file_contexts.recovery",
|
||||
srcs: [
|
||||
":file_contexts_files{.plat_vendor_for_vendor}",
|
||||
":file_contexts_files{.vendor}",
|
||||
],
|
||||
stem: "vendor_file_contexts",
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "system_ext_file_contexts",
|
||||
srcs: [":file_contexts_files{.system_ext_private}"],
|
||||
system_ext_specific: true,
|
||||
recovery_available: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "system_ext_file_contexts.recovery",
|
||||
srcs: [":file_contexts_files{.system_ext_private}"],
|
||||
stem: "system_ext_file_contexts",
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "product_file_contexts",
|
||||
srcs: [":file_contexts_files{.product_private}"],
|
||||
product_specific: true,
|
||||
recovery_available: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "product_file_contexts.recovery",
|
||||
srcs: [":file_contexts_files{.product_private}"],
|
||||
stem: "product_file_contexts",
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "odm_file_contexts",
|
||||
srcs: [":file_contexts_files{.odm}"],
|
||||
device_specific: true,
|
||||
recovery_available: true,
|
||||
}
|
||||
|
||||
file_contexts {
|
||||
name: "odm_file_contexts.recovery",
|
||||
srcs: [":file_contexts_files{.odm}"],
|
||||
stem: "odm_file_contexts",
|
||||
recovery: true,
|
||||
}
|
||||
|
||||
hwservice_contexts {
|
||||
|
|
Loading…
Reference in a new issue