Merge "Remove compat test from treble sepolicy tests"

Android.mk

@@ -532,33 +532,16 @@ include $(BUILD_PHONY_PACKAGE)
 # Policy files are now built with Android.bp. Grab them from intermediate.
 # See Android.bp for details of policy files.
 #
-reqd_policy_mask.cil := $(call intermediates-dir-for,ETC,reqd_policy_mask.cil)/reqd_policy_mask.cil
-
-pub_policy.cil := $(call intermediates-dir-for,ETC,pub_policy.cil)/pub_policy.cil
-system_ext_pub_policy.cil := $(call intermediates-dir-for,ETC,system_ext_pub_policy.cil)/system_ext_pub_policy.cil
-plat_pub_policy.cil := $(call intermediates-dir-for,ETC,plat_pub_policy.cil)/plat_pub_policy.cil
-
 built_plat_cil := $(call intermediates-dir-for,ETC,plat_sepolicy.cil)/plat_sepolicy.cil
-built_plat_mapping_cil := $(call intermediates-dir-for,ETC,plat_mapping_file)/plat_mapping_file
 
 ifdef HAS_SYSTEM_EXT_SEPOLICY
 built_system_ext_cil := $(call intermediates-dir-for,ETC,system_ext_sepolicy.cil)/system_ext_sepolicy.cil
-built_system_ext_mapping_cil := $(call intermediates-dir-for,ETC,system_ext_mapping_file)/system_ext_mapping_file
 endif # ifdef HAS_SYSTEM_EXT_SEPOLICY
 
 ifdef HAS_PRODUCT_SEPOLICY
 built_product_cil := $(call intermediates-dir-for,ETC,product_sepolicy.cil)/product_sepolicy.cil
-built_product_mapping_cil := $(call intermediates-dir-for,ETC,product_mapping_file)/product_mapping_file
 endif # ifdef HAS_PRODUCT_SEPOLICY
 
-built_pub_vers_cil := $(call intermediates-dir-for,ETC,plat_pub_versioned.cil)/plat_pub_versioned.cil
-
-built_vendor_cil := $(call intermediates-dir-for,ETC,vendor_sepolicy.cil)/vendor_sepolicy.cil
-
-ifdef BOARD_ODM_SEPOLICY_DIRS
-built_odm_cil := $(call intermediates-dir-for,ETC,odm_sepolicy.cil)/odm_sepolicy.cil
-endif
-
 built_sepolicy := $(call intermediates-dir-for,ETC,precompiled_sepolicy)/precompiled_sepolicy
 built_sepolicy_neverallows := $(call intermediates-dir-for,ETC,sepolicy_neverallows)/sepolicy_neverallows
 built_sepolicy_neverallows += $(call intermediates-dir-for,ETC,sepolicy_neverallows_vendor)/sepolicy_neverallows_vendor
@@ -782,12 +765,6 @@ build_policy :=
 built_plat_cil :=
 built_system_ext_cil :=
 built_product_cil :=
-built_pub_vers_cil :=
-built_plat_mapping_cil :=
-built_system_ext_mapping_cil :=
-built_product_mapping_cil :=
-built_vendor_cil :=
-built_odm_cil :=
 built_sepolicy :=
 built_sepolicy_neverallows :=
 built_plat_svc :=
@@ -795,12 +772,7 @@ built_vendor_svc :=
 treble_sysprop_neverallow :=
 enforce_sysprop_owner :=
 enforce_debugfs_restriction :=
-mapping_policy :=
 my_target_arch :=
-pub_policy.cil :=
-system_ext_pub_policy.cil :=
-plat_pub_policy.cil :=
-reqd_policy_mask.cil :=
 sepolicy_build_files :=
 sepolicy_build_cil_workaround_files :=
 with_asan :=

build/soong/build_files.go

@@ -125,8 +125,13 @@ func (b *buildFiles) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 		b.srcs[".product_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPrivatePrebuiltDirs()...)
 	}
 
+	// directories used for compat tests and Treble tests
 	for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() {
 		b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "public"))
 		b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "private"))
+		b.srcs[".system_ext_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
+		b.srcs[".system_ext_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private"))
+		b.srcs[".product_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
+		b.srcs[".product_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private"))
 	}
 }

build/soong/compat_cil.go

@@ -154,6 +154,8 @@ func (f *compatTestModule) createPlatPubVersionedModule(ctx android.LoadHookCont
 	}, &policyConfProperties{
 		Srcs: []string{
 			fmt.Sprintf(":se_build_files{.plat_public_%s}", ver),
+			fmt.Sprintf(":se_build_files{.system_ext_public_%s}", ver),
+			fmt.Sprintf(":se_build_files{.product_public_%s}", ver),
 			":se_build_files{.reqd_mask}",
 		},
 		Installable: proptools.BoolPtr(false),

prebuilts/api/29.0/vendor_sepolicy.cil

@@ -1 +0,0 @@
-;; empty stub

prebuilts/api/30.0/vendor_sepolicy.cil

@@ -1 +0,0 @@
-;; empty stub

prebuilts/api/31.0/vendor_sepolicy.cil

@@ -1 +0,0 @@
-;; empty stub

prebuilts/api/32.0/vendor_sepolicy.cil

@@ -1 +0,0 @@
-;; empty stub

treble_sepolicy_tests_for_release.mk

@@ -17,19 +17,11 @@ SYSTEM_EXT_PREBUILT_POLICY := $(BOARD_SYSTEM_EXT_PREBUILT_DIR)
 # BOARD_PRODUCT_PREBUILT_DIR can be set as product prebuilt dir in sepolicy
 # make file of the product partition.
 PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR)
-# BOARD_PLAT_PUB_VERSIONED_POLICY - path_to_plat_pub_versioned_of_vendor
-# plat_pub_versioned.cil should be in
-# $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version) dir.
-# plat_pub_versioned.cil should have platform, system_ext and product sepolicies
-# similar to system/sepolicy/prebuilts/api/$(version/plat_pub_verioned.cil file.
-# In order to enable treble sepolicy tests for platform, system_ext and product
-# sepolicies SYSTEM_EXT_PREBUILT_POLICY , PRODUCT_PREBUILT_POLICY and
-# BOARD_PLAT_PUB_VERSIONED_POLICY should be set.
 IS_TREBLE_TEST_ENABLED_PARTNER := false
 ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
-ifneq (,$(BOARD_PLAT_PUB_VERSIONED_POLICY))
+ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
 IS_TREBLE_TEST_ENABLED_PARTNER := true
-endif # (,$(BOARD_PLAT_PUB_VERSIONED_POLICY))
+endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
 endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
 
 include $(BUILD_SYSTEM)/base_rules.mk
@@ -90,14 +82,9 @@ $(call dist-for-goals,base-sepolicy-files-for-mapping,$(built_$(version)_plat_se
 
 $(version)_plat_policy.conf :=
 
-# $(version)_compat - the current plat_sepolicy.cil built with the compatibility file
-# targeting the $(version) SELinux release.  This ensures that our policy will build
-# when used on a device that has non-platform policy targetting the $(version) release.
-$(version)_compat := $(intermediates)/$(version)_compat
 $(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
 $(version)_mapping.ignore.cil := \
     $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
-$(version)_prebuilts_dir := $(LOCAL_PATH)/prebuilts/api/$(version)
 ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
 ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
 $(version)_mapping.cil += \
@@ -111,29 +98,8 @@ $(version)_mapping.cil += \
 $(version)_mapping.ignore.cil += \
     $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
 endif # (,$(PRODUCT_PREBUILT_POLICY))
-$(version)_prebuilts_dir := $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version)
 endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
 
-# vendor_sepolicy.cil and plat_pub_versioned.cil are the new design to replace
-# nonplat_sepolicy.cil.
-$(version)_vendor := $($(version)_prebuilts_dir)/vendor_sepolicy.cil \
-$($(version)_prebuilts_dir)/plat_pub_versioned.cil
-
-cil_files := $(built_plat_cil)
-ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)
-cil_files += $(built_system_ext_cil)
-endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)
-ifneq (,$(PRODUCT_PREBUILT_POLICY)
-cil_files += $(built_product_cil)
-endif # (,$(PRODUCT_PREBUILT_POLICY)
-endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
-cil_files += $($(version)_mapping.cil) $($(version)_vendor)
-$($(version)_compat): PRIVATE_CIL_FILES := $(cil_files)
-$($(version)_compat): $(HOST_OUT_EXECUTABLES)/secilc $(cil_files)
-	$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
-		$(PRIVATE_CIL_FILES) -o $@ -f /dev/null
-
 # $(version)_mapping.combined.cil - a combination of the mapping file used when
 # combining the current platform policy with nonplatform policy based on the
 # $(version) policy release and also a special ignored file that exists purely for
@@ -165,7 +131,7 @@ $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
   $(all_fc_files) $(built_sepolicy) \
   $(built_sepolicy_files) \
   $(public_cil_files) \
-  $(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)
+  $(built_$(version)_plat_sepolicy) $($(version)_mapping.combined.cil)
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests $(ALL_FC_ARGS) \
                 -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
@@ -183,12 +149,9 @@ $(version)_PLAT_PRIVATE_POLICY :=
 built_sepolicy_files :=
 public_cil_files :=
 cil_files :=
-$(version)_compat :=
 $(version)_mapping.cil :=
 $(version)_mapping.combined.cil :=
 $(version)_mapping.ignore.cil :=
-$(version)_vendor :=
-$(version)_prebuilts_dir :=
 built_$(version)_plat_sepolicy :=
 version :=
 version_under_treble_tests :=