Merge "Add mechanism for granting permissions to old vendor images" am: 38bbf3016d am: 27be220863
am: 2bed329c1d
Change-Id: Id58c284b6fc814ebfac1aae32d28598877609778
This commit is contained in:
Jeffrey Vander Stoep
android-build-merger
commit
7b7b87120e
6 changed files with 79 additions and 2 deletions
18
Android.bp
18
Android.bp
|
|
@ -92,6 +92,24 @@ se_cil_compat_map {
|
|||
// top_half: "29.0.ignore.cil",
|
||||
}
|
||||
|
||||
prebuilt_etc {
|
||||
name: "28.0.compat.cil",
|
||||
src: "private/compat/28.0/28.0.compat.cil",
|
||||
sub_dir: "selinux/mapping",
|
||||
}
|
||||
|
||||
prebuilt_etc {
|
||||
name: "27.0.compat.cil",
|
||||
src: "private/compat/27.0/27.0.compat.cil",
|
||||
sub_dir: "selinux/mapping",
|
||||
}
|
||||
|
||||
prebuilt_etc {
|
||||
name: "26.0.compat.cil",
|
||||
src: "private/compat/26.0/26.0.compat.cil",
|
||||
sub_dir: "selinux/mapping",
|
||||
}
|
||||
|
||||
se_filegroup {
|
||||
name: "file_contexts_files",
|
||||
srcs: ["file_contexts"],
|
||||
|
|
|
|||
11
Android.mk
11
Android.mk
|
|
@ -202,6 +202,7 @@ LOCAL_MODULE := selinux_policy_system
|
|||
LOCAL_REQUIRED_MODULES += \
|
||||
plat_mapping_file \
|
||||
$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
|
||||
$(addsuffix .compat.cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
|
||||
plat_sepolicy.cil \
|
||||
plat_sepolicy_and_mapping.sha256 \
|
||||
secilc \
|
||||
|
|
@ -235,6 +236,7 @@ ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
|
|||
LOCAL_REQUIRED_MODULES += \
|
||||
sepolicy_tests \
|
||||
$(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
|
||||
$(addsuffix _compat_test,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
|
||||
|
||||
endif
|
||||
endif
|
||||
|
|
@ -1284,13 +1286,18 @@ $(HOST_OUT_EXECUTABLES)/build_sepolicy $(base_plat_pub_policy.conf) $(reqd_polic
|
|||
# given release version.
|
||||
version_under_treble_tests := 26.0
|
||||
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
|
||||
|
||||
version_under_treble_tests := 27.0
|
||||
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
|
||||
|
||||
version_under_treble_tests := 28.0
|
||||
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
|
||||
|
||||
version_under_treble_tests := 26.0
|
||||
include $(LOCAL_PATH)/compat.mk
|
||||
version_under_treble_tests := 27.0
|
||||
include $(LOCAL_PATH)/compat.mk
|
||||
version_under_treble_tests := 28.0
|
||||
include $(LOCAL_PATH)/compat.mk
|
||||
|
||||
BASE_PLAT_PUBLIC_POLICY :=
|
||||
BASE_PLAT_PRIVATE_POLICY :=
|
||||
base_plat_policy.conf :=
|
||||
|
|
|
|||
40
compat.mk
Normal file
40
compat.mk
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
version := $(version_under_treble_tests)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
#################################
|
||||
# build this target to ensure the compat permissions files all build against the current policy
|
||||
#
|
||||
LOCAL_MODULE := $(version)_compat_test
|
||||
LOCAL_REQUIRED_MODULES := $(version).compat.cil
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := tests
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_cil_files := \
|
||||
$(built_plat_cil) \
|
||||
$(built_plat_mapping_cil) \
|
||||
$(built_pub_vers_cil) \
|
||||
$(built_vendor_cil) \
|
||||
$(ALL_MODULES.$(version).compat.cil.BUILT) \
|
||||
|
||||
ifdef HAS_PRODUCT_SEPOLICY
|
||||
all_cil_files += \
|
||||
$(built_product_cil) \
|
||||
$(built_product_mapping_cil) \
|
||||
|
||||
endif
|
||||
|
||||
ifdef BOARD_ODM_SEPOLICY_DIRS
|
||||
all_cil_files += $(built_odm_cil)
|
||||
endif
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
|
||||
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null
|
||||
$(hide) mv $@.tmp $@
|
||||
|
||||
all_cil_files :=
|
||||
version :=
|
||||
version_under_treble_tests :=
|
||||
4
private/compat/26.0/26.0.compat.cil
Normal file
4
private/compat/26.0/26.0.compat.cil
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
||||
4
private/compat/27.0/27.0.compat.cil
Normal file
4
private/compat/27.0/27.0.compat.cil
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
||||
4
private/compat/28.0/28.0.compat.cil
Normal file
4
private/compat/28.0/28.0.compat.cil
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
||||
Loading…
Reference in a new issue