Fix vendor contexts files in mixed build
BOARD_PLAT_VENDOR_POLICY should be used for all vendor stuff, when in mixed sepolicy build (BOARD_SEPOLICY_VERS != PLATFORM_SEPOLICY_VERSION). This fixes an issue that system/sepolicy/vendor has been incorrectly used in mixed sepolicy build. Bug: 205924657 Test: Try AOSP + rvc-dev mixed sepolicy build 1) copy cuttlefish sepolicy prebuilts from rvc-dev branch. 2) set prebuilt variables: - BOARD_PLAT_VENDOR_POLICY - BOARD_REQD_MASK_POLICY - BOARD_(SYSTEM_EXT|PRODUCT)_PRIVATE_PREBUILT_DIRS - BOARD_SEPOLICY_VERS 3) lunch aosp_cf_x86_64_phone-userdebug; m selinux_policy 4) compare $OUT/vendor/etc/selinux with rvc-dev's artifacts. Change-Id: I2ed1e25255c825c24dab99ae4903328b0400c414
This commit is contained in:
parent
04a2389d59
commit
7174ffec38
5 changed files with 11 additions and 9 deletions
|
@ -188,7 +188,7 @@ endef
|
||||||
|
|
||||||
# Builds paths for all policy files found in BOARD_VENDOR_SEPOLICY_DIRS.
|
# Builds paths for all policy files found in BOARD_VENDOR_SEPOLICY_DIRS.
|
||||||
# $(1): the set of policy name paths to build
|
# $(1): the set of policy name paths to build
|
||||||
build_vendor_policy = $(call build_policy, $(1), $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
|
build_vendor_policy = $(call build_policy, $(1), $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
|
||||||
|
|
||||||
# Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS.
|
# Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS.
|
||||||
build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS))
|
build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS))
|
||||||
|
@ -1230,7 +1230,7 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||||
|
|
||||||
include $(BUILD_SYSTEM)/base_rules.mk
|
include $(BUILD_SYSTEM)/base_rules.mk
|
||||||
|
|
||||||
vnd_svcfiles := $(call build_policy, vndservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
vnd_svcfiles := $(call build_policy, vndservice_contexts, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
|
||||||
|
|
||||||
vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp
|
vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp
|
||||||
$(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles)
|
$(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles)
|
||||||
|
|
|
@ -137,7 +137,6 @@ func (fg *fileGroup) DepsMutator(ctx android.BottomUpMutatorContext) {}
|
||||||
func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
||||||
fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public"))
|
fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public"))
|
||||||
fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private"))
|
fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private"))
|
||||||
fg.systemVendorSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "vendor"))
|
|
||||||
fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
|
fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
|
||||||
|
|
||||||
fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs())
|
fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs())
|
||||||
|
@ -146,6 +145,11 @@ func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
||||||
fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs())
|
fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs())
|
||||||
fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs())
|
fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs())
|
||||||
|
|
||||||
|
systemVendorDirs := ctx.DeviceConfig().BoardPlatVendorPolicy()
|
||||||
|
if len(systemVendorDirs) == 0 || ctx.DeviceConfig().PlatformSepolicyVersion() == ctx.DeviceConfig().BoardSepolicyVers() {
|
||||||
|
systemVendorDirs = []string{filepath.Join(ctx.ModuleDir(), "vendor")}
|
||||||
|
}
|
||||||
|
fg.systemVendorSrcs = fg.findSrcsInDirs(ctx, systemVendorDirs)
|
||||||
fg.vendorReqdMaskSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy())
|
fg.vendorReqdMaskSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy())
|
||||||
fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
|
fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
|
||||||
fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
|
fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
|
||||||
|
|
|
@ -162,9 +162,7 @@ func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleCo
|
||||||
if ctx.ProductSpecific() {
|
if ctx.ProductSpecific() {
|
||||||
inputs = append(inputs, segroup.ProductPrivateSrcs()...)
|
inputs = append(inputs, segroup.ProductPrivateSrcs()...)
|
||||||
} else if ctx.SocSpecific() {
|
} else if ctx.SocSpecific() {
|
||||||
if ctx.DeviceConfig().BoardSepolicyVers() == ctx.DeviceConfig().PlatformSepolicyVersion() {
|
inputs = append(inputs, segroup.SystemVendorSrcs()...)
|
||||||
inputs = append(inputs, segroup.SystemVendorSrcs()...)
|
|
||||||
}
|
|
||||||
inputs = append(inputs, segroup.VendorSrcs()...)
|
inputs = append(inputs, segroup.VendorSrcs()...)
|
||||||
} else if ctx.DeviceSpecific() {
|
} else if ctx.DeviceSpecific() {
|
||||||
inputs = append(inputs, segroup.OdmSrcs()...)
|
inputs = append(inputs, segroup.OdmSrcs()...)
|
||||||
|
|
|
@ -119,8 +119,8 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||||
|
|
||||||
include $(BUILD_SYSTEM)/base_rules.mk
|
include $(BUILD_SYSTEM)/base_rules.mk
|
||||||
|
|
||||||
all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
|
||||||
all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
|
||||||
|
|
||||||
# Build keys.conf
|
# Build keys.conf
|
||||||
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
|
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
|
||||||
|
|
|
@ -84,7 +84,7 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||||
|
|
||||||
include $(BUILD_SYSTEM)/base_rules.mk
|
include $(BUILD_SYSTEM)/base_rules.mk
|
||||||
|
|
||||||
vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
|
vendor_sc_files := $(call build_policy, seapp_contexts, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
|
||||||
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
|
||||||
|
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||||
|
|
Loading…
Reference in a new issue