Merge "Add comments on compat files" am: beee8849a6
am: 1dba2f058a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373 Change-Id: I90fb845d98075e0fac17bf45db1f9f5ef099fef8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
6a045a1884
19 changed files with 55 additions and 26 deletions
|
@ -30,6 +30,7 @@
|
|||
;; mapping file compiles with vendor policies without exported_audio_prop type.
|
||||
(typeattribute exported_audio_prop_28_0)
|
||||
|
||||
;; mapping information from ToT policy's types to 28.0 policy's types.
|
||||
(expandtypeattribute (accessibility_service_28_0) true)
|
||||
(expandtypeattribute (account_service_28_0) true)
|
||||
(expandtypeattribute (activity_service_28_0) true)
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
;; complement CIL file for compatibility between ToT policy and 28.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 28.0 vendors.
|
||||
;;
|
||||
|
||||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 28.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
(type sysfs_mac_address)
|
||||
(type wificond_service)
|
||||
|
||||
;; mapping information from ToT policy's types to 29.0 policy's types.
|
||||
(expandtypeattribute (accessibility_service_29_0) true)
|
||||
(expandtypeattribute (account_service_29_0) true)
|
||||
(expandtypeattribute (activity_service_29_0) true)
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
;; complement CIL file for compatibility between ToT policy and 29.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 29.0 vendors.
|
||||
;;
|
||||
|
||||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 29.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
(typeattribute binder_in_vendor_violators)
|
||||
|
||||
;; mapping information from ToT policy's types to 30.0 policy's types.
|
||||
(expandtypeattribute (DockObserver_service_30_0) true)
|
||||
(expandtypeattribute (IProxyService_service_30_0) true)
|
||||
(expandtypeattribute (accessibility_service_30_0) true)
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
;; complement CIL file for compatibility between ToT policy and 30.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 30.0 vendors.
|
||||
;;
|
||||
|
||||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 30.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
(type vr_hwc)
|
||||
(type vr_hwc_exec)
|
||||
|
||||
;; mapping information from ToT policy's types to 31.0 policy's types.
|
||||
(expandtypeattribute (DockObserver_service_31_0) true)
|
||||
(expandtypeattribute (IProxyService_service_31_0) true)
|
||||
(expandtypeattribute (aac_drc_prop_31_0) true)
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
;; This file can't be empty.
|
||||
;; complement CIL file for compatibility between ToT policy and 31.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 31.0 vendors.
|
||||
;;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 31.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
(type vr_hwc)
|
||||
(type vr_hwc_exec)
|
||||
|
||||
;; mapping information from ToT policy's types to 32.0 policy's types.
|
||||
(expandtypeattribute (DockObserver_service_32_0) true)
|
||||
(expandtypeattribute (IProxyService_service_32_0) true)
|
||||
(expandtypeattribute (aac_drc_prop_32_0) true)
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
;; This file can't be empty.
|
||||
;; complement CIL file for compatibility between ToT policy and 32.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 32.0 vendors.
|
||||
;;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 32.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
(type wpantund_service)
|
||||
(type zoneinfo_data_file)
|
||||
|
||||
;; mapping information from ToT policy's types to 33.0 policy's types.
|
||||
(expandtypeattribute (DockObserver_service_33_0) true)
|
||||
(expandtypeattribute (IProxyService_service_33_0) true)
|
||||
(expandtypeattribute (aac_drc_prop_33_0) true)
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
;; This file can't be empty.
|
||||
;; complement CIL file for compatibility between ToT policy and 33.0 vendors.
|
||||
;; will be compiled along with other normal policy files, on 33.0 vendors.
|
||||
;;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in 33.0 policy. Thus, we do not need to map
|
||||
;; these types to previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
|
|
|
@ -29,9 +29,13 @@ import zipfile
|
|||
"""This tool generates a mapping file for {ver} core sepolicy."""
|
||||
|
||||
temp_dir = ''
|
||||
compat_cil_template = ";; This file can't be empty.\n"
|
||||
ignore_cil_template = """;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
mapping_cil_footer = ";; mapping information from ToT policy's types to %s policy's types.\n"
|
||||
compat_cil_template = """;; complement CIL file for compatibility between ToT policy and %s vendors.
|
||||
;; will be compiled along with other normal policy files, on %s vendors.
|
||||
;;
|
||||
"""
|
||||
ignore_cil_template = """;; new_objects - a collection of types that have been introduced with ToT policy
|
||||
;; that have no analogue in %s policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
|
@ -484,16 +488,17 @@ def main():
|
|||
f.write(';; types removed from current policy\n')
|
||||
f.write('\n'.join(f'(type {x})' for x in sorted(target_removed_types)))
|
||||
f.write('\n\n')
|
||||
f.write(mapping_cil_footer % args.target_version)
|
||||
f.write(mapping_file_cil.unparse())
|
||||
|
||||
with open(target_compat_file, 'w') as f:
|
||||
logging.info('writing %s' % target_compat_file)
|
||||
f.write(compat_cil_template)
|
||||
f.write(compat_cil_template % (args.target_version, args.target_version))
|
||||
|
||||
with open(target_ignore_file, 'w') as f:
|
||||
logging.info('writing %s' % target_ignore_file)
|
||||
f.write(ignore_cil_template %
|
||||
('\n '.join(sorted(target_ignored_types))))
|
||||
(args.target_version, '\n '.join(sorted(target_ignored_types))))
|
||||
finally:
|
||||
logging.info('Deleting temporary dir: {}'.format(temp_dir))
|
||||
shutil.rmtree(temp_dir)
|
||||
|
|
Loading…
Reference in a new issue