Use target specific intermediate paths

This won't be harmful and this can help reduce rebuilding sepolicy
artifacts upon lunch target change.

Bug: 279524023
Test: m selinux_policy
Change-Id: I859de6dc0ac1958b44d847159904960bd7f9a0c2

Android.bp

@@ -142,6 +142,7 @@ se_policy_conf {
         system_ext_public_policy +
         product_public_policy +
         reqd_mask_policy,
+    vendor: true,
     installable: false,
 }
 
@@ -150,6 +151,7 @@ se_policy_cil {
     src: ":pub_policy.conf",
     filter_out: [":reqd_policy_mask.cil"],
     secilc_check: false,
+    vendor: true,
     installable: false,
 }
 
@@ -158,6 +160,7 @@ se_policy_conf {
     srcs: plat_public_policy +
         system_ext_public_policy +
         reqd_mask_policy,
+    system_ext_specific: true,
     installable: false,
 }
 
@@ -166,6 +169,7 @@ se_policy_cil {
     src: ":system_ext_pub_policy.conf",
     filter_out: [":reqd_policy_mask.cil"],
     secilc_check: false,
+    system_ext_specific: true,
     installable: false,
 }
 
@@ -290,6 +294,7 @@ se_policy_conf {
         plat_private_policy +
         system_ext_public_policy +
         system_ext_private_policy,
+    system_ext_specific: true,
     installable: false,
 }
 
@@ -311,6 +316,7 @@ se_policy_conf {
         system_ext_private_policy +
         product_public_policy +
         product_private_policy,
+    product_specific: true,
     installable: false,
 }
 
@@ -476,6 +482,7 @@ se_policy_conf {
         ":se_build_files{.plat_vendor_for_vendor}",
         ":se_build_files{.vendor}",
     ],
+    vendor: true,
     installable: false,
 }
 
@@ -484,6 +491,7 @@ se_policy_cil {
     src: ":vendor_sepolicy.conf",
     filter_out: [":reqd_policy_mask_for_vendor.cil"],
     secilc_check: false, // will be done in se_versioned_policy module
+    vendor: true,
     installable: false,
 }
 
@@ -511,6 +519,7 @@ se_policy_conf {
         ":se_build_files{.vendor}",
         ":se_build_files{.odm}",
     ],
+    device_specific: true,
     installable: false,
 }
 
@@ -522,6 +531,7 @@ se_policy_cil {
         ":vendor_sepolicy.cil",
     ],
     secilc_check: false, // will be done in se_versioned_policy module
+    device_specific: true,
     installable: false,
 }
 
@@ -795,6 +805,7 @@ se_policy_conf {
     ],
     target_recovery: true,
     installable: false,
+    recovery: true,
 }
 
 se_policy_cil {
@@ -802,6 +813,7 @@ se_policy_cil {
     src: ":recovery_sepolicy.conf",
     secilc_check: false, // will be done in se_policy_binary module
     installable: false,
+    recovery: true,
 }
 
 se_policy_binary {
@@ -864,6 +876,7 @@ se_policy_conf {
         system_ext_private_policy,
     build_variant: "user",
     installable: false,
+    system_ext_specific: true,
 }
 
 se_policy_cil {
@@ -892,6 +905,7 @@ se_policy_conf {
         product_private_policy,
     build_variant: "user",
     installable: false,
+    product_specific: true,
 }
 
 se_policy_cil {
@@ -936,6 +950,7 @@ se_policy_conf {
         reqd_mask_policy,
     build_variant: "user",
     installable: false,
+    system_ext_specific: true,
 }
 
 se_policy_cil {
@@ -944,6 +959,7 @@ se_policy_cil {
     filter_out: [":reqd_policy_mask.cil"],
     secilc_check: false,
     installable: false,
+    system_ext_specific: true,
 }
 
 se_policy_conf {
@@ -954,6 +970,7 @@ se_policy_conf {
         reqd_mask_policy,
     build_variant: "user",
     installable: false,
+    product_specific: true,
 }
 
 se_policy_cil {
@@ -962,6 +979,7 @@ se_policy_cil {
     filter_out: [":reqd_policy_mask.cil"],
     secilc_check: false,
     installable: false,
+    product_specific: true,
 }
 
 // bug_map - Bug tracking information for selinux denials loaded by auditd.
@@ -1008,6 +1026,7 @@ se_neverallow_test {
         ":se_build_files{.vendor}",
         ":se_build_files{.odm}",
     ],
+    vendor: true,
 }
 
 //////////////////////////////////

build/soong/policy.go

@@ -209,7 +209,7 @@ func findPolicyConfOrder(name string) int {
 }
 
 func (c *policyConf) transformPolicyToConf(ctx android.ModuleContext) android.OutputPath {
-	conf := android.PathForModuleOut(ctx, c.stem()).OutputPath
+	conf := pathForModuleOut(ctx, c.stem())
 	rule := android.NewRuleBuilder(pctx, ctx)
 
 	srcs := android.PathsForModuleSrc(ctx, c.properties.Srcs)
@@ -340,7 +340,7 @@ func (c *policyCil) stem() string {
 }
 
 func (c *policyCil) compileConfToCil(ctx android.ModuleContext, conf android.Path) android.OutputPath {
-	cil := android.PathForModuleOut(ctx, c.stem()).OutputPath
+	cil := pathForModuleOut(ctx, c.stem())
 	rule := android.NewRuleBuilder(pctx, ctx)
 	checkpolicyCmd := rule.Command().BuiltTool("checkpolicy").
 		Flag("-C"). // Write CIL
@@ -496,7 +496,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 		ctx.PropertyErrorf("srcs", "must be specified")
 		return
 	}
-	bin := android.PathForModuleOut(ctx, c.stem()+"_policy")
+	bin := pathForModuleOut(ctx, c.stem()+"_policy")
 	rule := android.NewRuleBuilder(pctx, ctx)
 	secilcCmd := rule.Command().BuiltTool("secilc").
 		Flag("-m").                 // Multiple decls
@@ -514,7 +514,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 
 	// permissive check is performed only in user build (not debuggable).
 	if !ctx.Config().Debuggable() {
-		permissiveDomains := android.PathForModuleOut(ctx, c.stem()+"_permissive")
+		permissiveDomains := pathForModuleOut(ctx, c.stem()+"_permissive")
 		cmd := rule.Command().BuiltTool("sepolicy-analyze").
 			Input(bin).
 			Text("permissive")
@@ -544,7 +544,7 @@ func (c *policyBinary) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 			Text("; exit 1; fi")
 	}
 
-	out := android.PathForModuleOut(ctx, c.stem())
+	out := pathForModuleOut(ctx, c.stem())
 	rule.Command().Text("cp").
 		Flag("-f").
 		Input(bin).

build/soong/selinux.go

@@ -28,3 +28,15 @@ type dependencyTag struct {
 var (
 	pctx = android.NewPackageContext("android/soong/selinux")
 )
+
+// pathForModuleOut is same as android.PathForModuleOut, except that it uses DeviceName() as its
+// intermediate directory name for system_ext/product/vendor/odm modules, to avoid rebuilding upon
+// target change. Contents of system modules (core sepolicy) should be identical across devices, so
+// they falls back to android.PathForModuleOut.
+func pathForModuleOut(ctx android.ModuleContext, paths ...string) android.OutputPath {
+	if ctx.Platform() && !ctx.InstallInRecovery() {
+		return android.PathForModuleOut(ctx, paths...).OutputPath
+	}
+
+	return android.PathForModuleOut(ctx, ctx.Config().DeviceName()).Join(ctx, paths...)
+}

build/soong/selinux_contexts.go

@@ -243,11 +243,11 @@ func (m *selinuxContextsModule) SetImageVariation(ctx android.BaseModuleContext,
 var _ android.ImageInterface = (*selinuxContextsModule)(nil)
 
 func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
-	builtContext := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
+	builtContext := pathForModuleOut(ctx, ctx.ModuleName()+"_m4out")
 
 	rule := android.NewRuleBuilder(pctx, ctx)
 
-	newlineFile := android.PathForModuleGen(ctx, "newline")
+	newlineFile := pathForModuleOut(ctx, "newline")
 
 	rule.Command().Text("echo").FlagWithOutput("> ", newlineFile)
 	rule.Temporary(newlineFile)
@@ -267,7 +267,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
 	if proptools.Bool(m.properties.Remove_comment) {
 		rule.Temporary(builtContext)
 
-		remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
+		remove_comment_output := pathForModuleOut(ctx, ctx.ModuleName()+"_remove_comment")
 
 		rule.Command().
 			Text("sed -e 's/#.*$//' -e '/^$/d'").
@@ -280,7 +280,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
 	if proptools.Bool(m.properties.Fc_sort) {
 		rule.Temporary(builtContext)
 
-		sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
+		sorted_output := pathForModuleOut(ctx, ctx.ModuleName()+"_sorted")
 
 		rule.Command().
 			Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
@@ -290,7 +290,7 @@ func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext,
 		builtContext = sorted_output
 	}
 
-	ret := android.PathForModuleGen(ctx, m.stem())
+	ret := pathForModuleOut(ctx, m.stem())
 	rule.Temporary(builtContext)
 	rule.Command().Text("cp").Input(builtContext).Output(ret)
 
@@ -309,7 +309,7 @@ func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inp
 
 	if ctx.Config().FlattenApex() {
 		for _, path := range android.PathsForModuleSrc(ctx, m.fileContextsProperties.Flatten_apex.Srcs) {
-			out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
+			out := pathForModuleOut(ctx, "flattened_apex", path.Rel())
 			apex_path := "/system/apex/" + strings.Replace(
 				strings.TrimSuffix(path.Base(), "-file_contexts"),
 				".", "\\\\.", -1)
@@ -394,7 +394,7 @@ func (m *selinuxContextsModule) checkVendorPropertyNamespace(ctx android.ModuleC
 			cmd.Flag("--strict")
 		}
 
-		out := android.PathForModuleGen(ctx, "namespace_checked").Join(ctx, input.String())
+		out := pathForModuleOut(ctx, "namespace_checked").Join(ctx, input.String())
 		rule.Command().Text("cp -f").Input(input).Output(out)
 		ret = append(ret, out)
 	}
@@ -426,7 +426,7 @@ func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext,
 
 	// check compatibility with sysprop_library
 	if len(apiFiles) > 0 {
-		out := android.PathForModuleGen(ctx, ctx.ModuleName()+"_api_checked")
+		out := pathForModuleOut(ctx, ctx.ModuleName()+"_api_checked")
 		rule := android.NewRuleBuilder(pctx, ctx)
 
 		msg := `\n******************************\n` +
@@ -452,8 +452,8 @@ func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext,
 }
 
 func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
-	neverallowFile := android.PathForModuleGen(ctx, "neverallow")
+	neverallowFile := pathForModuleOut(ctx, "neverallow")
-	ret := android.PathForModuleGen(ctx, m.stem())
+	ret := pathForModuleOut(ctx, m.stem())
 
 	rule := android.NewRuleBuilder(pctx, ctx)
 	rule.Command().Text("(grep").
@@ -547,7 +547,7 @@ type contextsTestModule struct {
 	flags []string
 
 	properties    contextsTestProperties
-	testTimestamp android.ModuleOutPath
+	testTimestamp android.OutputPath
 }
 
 // checkfc parses a context file and checks for syntax errors.
@@ -622,7 +622,7 @@ func (m *contextsTestModule) GenerateAndroidBuildActions(ctx android.ModuleConte
 		Input(sepolicy).
 		Inputs(srcs)
 
-	m.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
+	m.testTimestamp = pathForModuleOut(ctx, "timestamp")
 	rule.Command().Text("touch").Output(m.testTimestamp)
 	rule.Build("contexts_test", "running contexts test: "+ctx.ModuleName())
 }

build/soong/sepolicy_neverallow.go

@@ -36,7 +36,7 @@ type neverallowTestProperties struct {
 type neverallowTestModule struct {
 	android.ModuleBase
 	properties    neverallowTestProperties
-	testTimestamp android.ModuleOutPath
+	testTimestamp android.OutputPath
 }
 
 type nameProperties struct {
@@ -98,7 +98,7 @@ func (n *neverallowTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
 }
 
 func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
-	n.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
+	n.testTimestamp = pathForModuleOut(ctx, "timestamp")
 	if ctx.Config().SelinuxIgnoreNeverallows() {
 		// just touch
 		android.WriteFileRule(ctx, n.testTimestamp, "")
@@ -146,7 +146,7 @@ func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleCon
 	rule := android.NewRuleBuilder(pctx, ctx)
 
 	// Step 1. Build a binary policy from the conf file including build test
-	binaryPolicy := android.PathForModuleOut(ctx, "policy")
+	binaryPolicy := pathForModuleOut(ctx, "policy")
 	rule.Command().BuiltTool("checkpolicy").
 		Flag("-M").
 		FlagWithArg("-c ", strconv.Itoa(PolicyVers)).

build/soong/versioned_policy.go

@@ -103,7 +103,7 @@ func (m *versionedPolicy) GenerateAndroidBuildActions(ctx android.ModuleContext)
 		stem = ctx.ModuleName()
 	}
 
-	out := android.PathForModuleOut(ctx, stem)
+	out := pathForModuleOut(ctx, stem)
 	rule := android.NewRuleBuilder(pctx, ctx)
 
 	if proptools.String(m.properties.Base) == "" {