Add 32.0 mapping files

Steps taken to produce the mapping files:

1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.

When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.

2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.

Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687

Android.bp

@@ -86,6 +86,13 @@ se_filegroup {
     ],
 }
 
+se_filegroup {
+    name: "32.0.board.compat.map",
+    srcs: [
+        "compat/32.0/32.0.cil",
+    ],
+}
+
 se_filegroup {
     name: "26.0.board.compat.cil",
     srcs: [
@@ -128,6 +135,13 @@ se_filegroup {
     ],
 }
 
+se_filegroup {
+    name: "32.0.board.compat.cil",
+    srcs: [
+        "compat/32.0/32.0.compat.cil",
+    ],
+}
+
 se_filegroup {
     name: "26.0.board.ignore.map",
     srcs: [
@@ -170,6 +184,13 @@ se_filegroup {
     ],
 }
 
+se_filegroup {
+    name: "32.0.board.ignore.map",
+    srcs: [
+        "compat/32.0/32.0.ignore.cil",
+    ],
+}
+
 se_cil_compat_map {
     name: "plat_26.0.cil",
     stem: "26.0.cil",
@@ -209,7 +230,14 @@ se_cil_compat_map {
     name: "plat_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "plat_32.0.cil",
+    top_half: "plat_32.0.cil",
+}
+
+se_cil_compat_map {
+    name: "plat_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "plat_33.0.cil",
 }
 
 se_cil_compat_map {
@@ -256,7 +284,15 @@ se_cil_compat_map {
     name: "system_ext_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "system_ext_32.0.cil",
+    top_half: "system_ext_32.0.cil",
+    system_ext_specific: true,
+}
+
+se_cil_compat_map {
+    name: "system_ext_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "system_ext_33.0.cil",
     system_ext_specific: true,
 }
 
@@ -304,7 +340,15 @@ se_cil_compat_map {
     name: "product_31.0.cil",
     stem: "31.0.cil",
     bottom_half: [":31.0.board.compat.map"],
-    // top_half: "product_32.0.cil",
+    top_half: "product_32.0.cil",
+    product_specific: true,
+}
+
+se_cil_compat_map {
+    name: "product_32.0.cil",
+    stem: "32.0.cil",
+    bottom_half: [":32.0.board.compat.map"],
+    // top_half: "product_33.0.cil",
     product_specific: true,
 }
 
@@ -341,7 +385,13 @@ se_cil_compat_map {
 se_cil_compat_map {
     name: "31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "32.0.ignore.cil",
+    top_half: "32.0.ignore.cil",
+}
+
+se_cil_compat_map {
+    name: "32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "33.0.ignore.cil",
 }
 
 se_cil_compat_map {
@@ -354,7 +404,14 @@ se_cil_compat_map {
 se_cil_compat_map {
     name: "system_ext_31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "system_ext_32.0.ignore.cil",
+    top_half: "system_ext_32.0.ignore.cil",
+    system_ext_specific: true,
+}
+
+se_cil_compat_map {
+    name: "system_ext_32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "system_ext_33.0.ignore.cil",
     system_ext_specific: true,
 }
 
@@ -368,7 +425,14 @@ se_cil_compat_map {
 se_cil_compat_map {
     name: "product_31.0.ignore.cil",
     bottom_half: [":31.0.board.ignore.map"],
-    // top_half: "product_32.0.ignore.cil",
+    top_half: "product_32.0.ignore.cil",
+    product_specific: true,
+}
+
+se_cil_compat_map {
+    name: "product_32.0.ignore.cil",
+    bottom_half: [":32.0.board.ignore.map"],
+    // top_half: "product_33.0.ignore.cil",
     product_specific: true,
 }
 
@@ -402,6 +466,11 @@ se_compat_cil {
     srcs: [":31.0.board.compat.cil"],
 }
 
+se_compat_cil {
+    name: "32.0.compat.cil",
+    srcs: [":32.0.board.compat.cil"],
+}
+
 se_compat_cil {
     name: "system_ext_26.0.compat.cil",
     srcs: [":26.0.board.compat.cil"],
@@ -444,6 +513,13 @@ se_compat_cil {
     system_ext_specific: true,
 }
 
+se_compat_cil {
+    name: "system_ext_32.0.compat.cil",
+    srcs: [":32.0.board.compat.cil"],
+    stem: "32.0.compat.cil",
+    system_ext_specific: true,
+}
+
 se_filegroup {
     name: "file_contexts_files",
     srcs: ["file_contexts"],

Android.mk

@@ -1308,6 +1308,8 @@ version_under_treble_tests := 30.0
 include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
 version_under_treble_tests := 31.0
 include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+version_under_treble_tests := 32.0
+include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
 endif  # PRODUCT_SEPOLICY_SPLIT
 
 version_under_treble_tests := 26.0
@@ -1322,6 +1324,8 @@ version_under_treble_tests := 30.0
 include $(LOCAL_PATH)/compat.mk
 version_under_treble_tests := 31.0
 include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 32.0
+include $(LOCAL_PATH)/compat.mk
 
 built_plat_sepolicy :=
 built_system_ext_sepolicy :=

prebuilts/api/32.0/vendor_sepolicy.cil

@@ -0,0 +1 @@
+;; empty stub

private/compat/32.0/32.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty.

private/compat/32.0/32.0.ignore.cil

@@ -0,0 +1,49 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects
+    apexd_select_prop
+    artd_service
+    attestation_verification_service
+    device_config_nnapi_native_prop
+    dice_maintenance_service
+    dice_node_service
+    diced
+    diced_exec
+    extra_free_kbytes
+    extra_free_kbytes_exec
+    hal_contexthub_service
+    hal_dice_service
+    hal_graphics_composer_service
+    hal_health_service
+    hal_nlinterceptor_service
+    hal_radio_config_service
+    hal_radio_data_service
+    hal_radio_messaging_service
+    hal_radio_modem_service
+    hal_radio_network_service
+    hal_radio_sim_service
+    hal_radio_voice_service
+    hal_sensors_service
+    hal_system_suspend_service
+    hal_tv_tuner_service
+    hal_uwb_service
+    hal_wifi_hostapd_service
+    hal_wifi_supplicant_service
+    locale_service
+    proc_watermark_boost_factor
+    proc_watermark_scale_factor
+    snapuserd_proxy_socket
+    supplemental_process_service
+    sysfs_fs_fuse_bpf
+    tare_service
+    tv_iapp_service
+    untrusted_app_30
+    vendor_uuid_mapping_config_file
+    vendor_vm_data_file
+    vendor_vm_file
+    virtual_device_service
+  ))