Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I9b7cb61dfb0dc823d39c8e35d1fff323675a835d
This commit is contained in:
Treehugger Robot 2022-02-17 01:46:44 +00:00 committed by Automerger Merge Worker
commit 7e5a5e8b1f
14 changed files with 10 additions and 22066 deletions

View file

@ -532,33 +532,16 @@ include $(BUILD_PHONY_PACKAGE)
# Policy files are now built with Android.bp. Grab them from intermediate. # Policy files are now built with Android.bp. Grab them from intermediate.
# See Android.bp for details of policy files. # See Android.bp for details of policy files.
# #
reqd_policy_mask.cil := $(call intermediates-dir-for,ETC,reqd_policy_mask.cil)/reqd_policy_mask.cil
pub_policy.cil := $(call intermediates-dir-for,ETC,pub_policy.cil)/pub_policy.cil
system_ext_pub_policy.cil := $(call intermediates-dir-for,ETC,system_ext_pub_policy.cil)/system_ext_pub_policy.cil
plat_pub_policy.cil := $(call intermediates-dir-for,ETC,plat_pub_policy.cil)/plat_pub_policy.cil
built_plat_cil := $(call intermediates-dir-for,ETC,plat_sepolicy.cil)/plat_sepolicy.cil built_plat_cil := $(call intermediates-dir-for,ETC,plat_sepolicy.cil)/plat_sepolicy.cil
built_plat_mapping_cil := $(call intermediates-dir-for,ETC,plat_mapping_file)/plat_mapping_file
ifdef HAS_SYSTEM_EXT_SEPOLICY ifdef HAS_SYSTEM_EXT_SEPOLICY
built_system_ext_cil := $(call intermediates-dir-for,ETC,system_ext_sepolicy.cil)/system_ext_sepolicy.cil built_system_ext_cil := $(call intermediates-dir-for,ETC,system_ext_sepolicy.cil)/system_ext_sepolicy.cil
built_system_ext_mapping_cil := $(call intermediates-dir-for,ETC,system_ext_mapping_file)/system_ext_mapping_file
endif # ifdef HAS_SYSTEM_EXT_SEPOLICY endif # ifdef HAS_SYSTEM_EXT_SEPOLICY
ifdef HAS_PRODUCT_SEPOLICY ifdef HAS_PRODUCT_SEPOLICY
built_product_cil := $(call intermediates-dir-for,ETC,product_sepolicy.cil)/product_sepolicy.cil built_product_cil := $(call intermediates-dir-for,ETC,product_sepolicy.cil)/product_sepolicy.cil
built_product_mapping_cil := $(call intermediates-dir-for,ETC,product_mapping_file)/product_mapping_file
endif # ifdef HAS_PRODUCT_SEPOLICY endif # ifdef HAS_PRODUCT_SEPOLICY
built_pub_vers_cil := $(call intermediates-dir-for,ETC,plat_pub_versioned.cil)/plat_pub_versioned.cil
built_vendor_cil := $(call intermediates-dir-for,ETC,vendor_sepolicy.cil)/vendor_sepolicy.cil
ifdef BOARD_ODM_SEPOLICY_DIRS
built_odm_cil := $(call intermediates-dir-for,ETC,odm_sepolicy.cil)/odm_sepolicy.cil
endif
built_sepolicy := $(call intermediates-dir-for,ETC,precompiled_sepolicy)/precompiled_sepolicy built_sepolicy := $(call intermediates-dir-for,ETC,precompiled_sepolicy)/precompiled_sepolicy
built_sepolicy_neverallows := $(call intermediates-dir-for,ETC,sepolicy_neverallows)/sepolicy_neverallows built_sepolicy_neverallows := $(call intermediates-dir-for,ETC,sepolicy_neverallows)/sepolicy_neverallows
built_sepolicy_neverallows += $(call intermediates-dir-for,ETC,sepolicy_neverallows_vendor)/sepolicy_neverallows_vendor built_sepolicy_neverallows += $(call intermediates-dir-for,ETC,sepolicy_neverallows_vendor)/sepolicy_neverallows_vendor
@ -782,12 +765,6 @@ build_policy :=
built_plat_cil := built_plat_cil :=
built_system_ext_cil := built_system_ext_cil :=
built_product_cil := built_product_cil :=
built_pub_vers_cil :=
built_plat_mapping_cil :=
built_system_ext_mapping_cil :=
built_product_mapping_cil :=
built_vendor_cil :=
built_odm_cil :=
built_sepolicy := built_sepolicy :=
built_sepolicy_neverallows := built_sepolicy_neverallows :=
built_plat_svc := built_plat_svc :=
@ -795,12 +772,7 @@ built_vendor_svc :=
treble_sysprop_neverallow := treble_sysprop_neverallow :=
enforce_sysprop_owner := enforce_sysprop_owner :=
enforce_debugfs_restriction := enforce_debugfs_restriction :=
mapping_policy :=
my_target_arch := my_target_arch :=
pub_policy.cil :=
system_ext_pub_policy.cil :=
plat_pub_policy.cil :=
reqd_policy_mask.cil :=
sepolicy_build_files := sepolicy_build_files :=
sepolicy_build_cil_workaround_files := sepolicy_build_cil_workaround_files :=
with_asan := with_asan :=

View file

@ -125,8 +125,13 @@ func (b *buildFiles) GenerateAndroidBuildActions(ctx android.ModuleContext) {
b.srcs[".product_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPrivatePrebuiltDirs()...) b.srcs[".product_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPrivatePrebuiltDirs()...)
} }
// directories used for compat tests and Treble tests
for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() { for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() {
b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "public")) b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "public"))
b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "private")) b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "private"))
b.srcs[".system_ext_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
b.srcs[".system_ext_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private"))
b.srcs[".product_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
b.srcs[".product_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private"))
} }
} }

View file

@ -154,6 +154,8 @@ func (f *compatTestModule) createPlatPubVersionedModule(ctx android.LoadHookCont
}, &policyConfProperties{ }, &policyConfProperties{
Srcs: []string{ Srcs: []string{
fmt.Sprintf(":se_build_files{.plat_public_%s}", ver), fmt.Sprintf(":se_build_files{.plat_public_%s}", ver),
fmt.Sprintf(":se_build_files{.system_ext_public_%s}", ver),
fmt.Sprintf(":se_build_files{.product_public_%s}", ver),
":se_build_files{.reqd_mask}", ":se_build_files{.reqd_mask}",
}, },
Installable: proptools.BoolPtr(false), Installable: proptools.BoolPtr(false),

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load diff

View file

@ -1 +0,0 @@
;; empty stub

File diff suppressed because it is too large Load diff

View file

@ -1 +0,0 @@
;; empty stub

File diff suppressed because it is too large Load diff

View file

@ -1 +0,0 @@
;; empty stub

File diff suppressed because it is too large Load diff

View file

@ -1 +0,0 @@
;; empty stub

View file

@ -17,19 +17,11 @@ SYSTEM_EXT_PREBUILT_POLICY := $(BOARD_SYSTEM_EXT_PREBUILT_DIR)
# BOARD_PRODUCT_PREBUILT_DIR can be set as product prebuilt dir in sepolicy # BOARD_PRODUCT_PREBUILT_DIR can be set as product prebuilt dir in sepolicy
# make file of the product partition. # make file of the product partition.
PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR) PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR)
# BOARD_PLAT_PUB_VERSIONED_POLICY - path_to_plat_pub_versioned_of_vendor
# plat_pub_versioned.cil should be in
# $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version) dir.
# plat_pub_versioned.cil should have platform, system_ext and product sepolicies
# similar to system/sepolicy/prebuilts/api/$(version/plat_pub_verioned.cil file.
# In order to enable treble sepolicy tests for platform, system_ext and product
# sepolicies SYSTEM_EXT_PREBUILT_POLICY , PRODUCT_PREBUILT_POLICY and
# BOARD_PLAT_PUB_VERSIONED_POLICY should be set.
IS_TREBLE_TEST_ENABLED_PARTNER := false IS_TREBLE_TEST_ENABLED_PARTNER := false
ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),) ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
ifneq (,$(BOARD_PLAT_PUB_VERSIONED_POLICY)) ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
IS_TREBLE_TEST_ENABLED_PARTNER := true IS_TREBLE_TEST_ENABLED_PARTNER := true
endif # (,$(BOARD_PLAT_PUB_VERSIONED_POLICY)) endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),) endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
@ -90,14 +82,9 @@ $(call dist-for-goals,base-sepolicy-files-for-mapping,$(built_$(version)_plat_se
$(version)_plat_policy.conf := $(version)_plat_policy.conf :=
# $(version)_compat - the current plat_sepolicy.cil built with the compatibility file
# targeting the $(version) SELinux release. This ensures that our policy will build
# when used on a device that has non-platform policy targetting the $(version) release.
$(version)_compat := $(intermediates)/$(version)_compat
$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil $(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
$(version)_mapping.ignore.cil := \ $(version)_mapping.ignore.cil := \
$(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
$(version)_prebuilts_dir := $(LOCAL_PATH)/prebuilts/api/$(version)
ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)) ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
$(version)_mapping.cil += \ $(version)_mapping.cil += \
@ -111,29 +98,8 @@ $(version)_mapping.cil += \
$(version)_mapping.ignore.cil += \ $(version)_mapping.ignore.cil += \
$(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
endif # (,$(PRODUCT_PREBUILT_POLICY)) endif # (,$(PRODUCT_PREBUILT_POLICY))
$(version)_prebuilts_dir := $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version)
endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true) endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
# vendor_sepolicy.cil and plat_pub_versioned.cil are the new design to replace
# nonplat_sepolicy.cil.
$(version)_vendor := $($(version)_prebuilts_dir)/vendor_sepolicy.cil \
$($(version)_prebuilts_dir)/plat_pub_versioned.cil
cil_files := $(built_plat_cil)
ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)
cil_files += $(built_system_ext_cil)
endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)
ifneq (,$(PRODUCT_PREBUILT_POLICY)
cil_files += $(built_product_cil)
endif # (,$(PRODUCT_PREBUILT_POLICY)
endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
cil_files += $($(version)_mapping.cil) $($(version)_vendor)
$($(version)_compat): PRIVATE_CIL_FILES := $(cil_files)
$($(version)_compat): $(HOST_OUT_EXECUTABLES)/secilc $(cil_files)
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
$(PRIVATE_CIL_FILES) -o $@ -f /dev/null
# $(version)_mapping.combined.cil - a combination of the mapping file used when # $(version)_mapping.combined.cil - a combination of the mapping file used when
# combining the current platform policy with nonplatform policy based on the # combining the current platform policy with nonplatform policy based on the
# $(version) policy release and also a special ignored file that exists purely for # $(version) policy release and also a special ignored file that exists purely for
@ -165,7 +131,7 @@ $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
$(all_fc_files) $(built_sepolicy) \ $(all_fc_files) $(built_sepolicy) \
$(built_sepolicy_files) \ $(built_sepolicy_files) \
$(public_cil_files) \ $(public_cil_files) \
$(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil) $(built_$(version)_plat_sepolicy) $($(version)_mapping.combined.cil)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests $(ALL_FC_ARGS) \ $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests $(ALL_FC_ARGS) \
-b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \ -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
@ -183,12 +149,9 @@ $(version)_PLAT_PRIVATE_POLICY :=
built_sepolicy_files := built_sepolicy_files :=
public_cil_files := public_cil_files :=
cil_files := cil_files :=
$(version)_compat :=
$(version)_mapping.cil := $(version)_mapping.cil :=
$(version)_mapping.combined.cil := $(version)_mapping.combined.cil :=
$(version)_mapping.ignore.cil := $(version)_mapping.ignore.cil :=
$(version)_vendor :=
$(version)_prebuilts_dir :=
built_$(version)_plat_sepolicy := built_$(version)_plat_sepolicy :=
version := version :=
version_under_treble_tests := version_under_treble_tests :=