Migrate freeze test to Soong
Bug: 33691272 Test: m selinux_policy on sc-dev Change-Id: Ie536d885034e5d888f1329ac189fd0bf9723a6c4
This commit is contained in:
Inseob Kim
parent
e17b985e1c
commit
d58166165a
4 changed files with 132 additions and 60 deletions
|
|
@ -1003,3 +1003,12 @@ se_policy_conf {
|
|||
cts: true,
|
||||
exclude_build_test: true,
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
// se_freeze_test compares the plat sepolicy with the prebuilt sepolicy
|
||||
// Additional directories can be specified via Makefile variables:
|
||||
// SEPOLICY_FREEZE_TEST_EXTRA_DIRS and SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS.
|
||||
//////////////////////////////////
|
||||
se_freeze_test {
|
||||
name: "sepolicy_freeze_test",
|
||||
}
|
||||
|
|
|
|||
61
Android.mk
61
Android.mk
|
|
@ -67,10 +67,6 @@ endif
|
|||
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
|
||||
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
|
||||
|
||||
# Extra sepolicy and prebuilts directories for sepolicy_freeze_test
|
||||
FREEZE_TEST_EXTRA_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_DIRS)
|
||||
FREEZE_TEST_EXTRA_PREBUILT_DIRS := $(SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS)
|
||||
|
||||
ifneq (,$(SYSTEM_EXT_PUBLIC_POLICY)$(SYSTEM_EXT_PRIVATE_POLICY))
|
||||
HAS_SYSTEM_EXT_SEPOLICY_DIR := true
|
||||
endif
|
||||
|
|
@ -413,13 +409,7 @@ endif # with_asan
|
|||
|
||||
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
||||
LOCAL_REQUIRED_MODULES += \
|
||||
sepolicy_freeze_test \
|
||||
|
||||
else
|
||||
ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
|
||||
$(error SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS\
|
||||
cannot be set before system/sepolicy freezes.)
|
||||
endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
|
||||
sepolicy_freeze_test
|
||||
endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
||||
|
||||
include $(BUILD_PHONY_PACKAGE)
|
||||
|
|
@ -1540,55 +1530,6 @@ plat_sepolicy :=
|
|||
all_fc_files :=
|
||||
all_fc_args :=
|
||||
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := sepolicy_freeze_test
|
||||
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
||||
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
||||
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
||||
LOCAL_MODULE_CLASS := FAKE
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
define ziplist
|
||||
$(if $(and $1,$2), "$(firstword $1) $(firstword $2)"\
|
||||
$(call ziplist,$(wordlist 2,$(words $1),$1),$(wordlist 2,$(words $2),$2)))
|
||||
endef
|
||||
|
||||
base_plat_public := $(LOCAL_PATH)/public
|
||||
base_plat_private := $(LOCAL_PATH)/private
|
||||
base_plat_public_prebuilt := \
|
||||
$(LOCAL_PATH)/prebuilts/api/$(PLATFORM_SEPOLICY_VERSION)/public
|
||||
base_plat_private_prebuilt := \
|
||||
$(LOCAL_PATH)/prebuilts/api/$(PLATFORM_SEPOLICY_VERSION)/private
|
||||
|
||||
all_frozen_files := $(call build_policy,$(sepolicy_build_files), \
|
||||
$(base_plat_public) $(base_plat_private) $(base_plat_public_prebuilt) $(base_plat_private_prebuilt))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PUBLIC := $(base_plat_public)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE := $(base_plat_private)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PUBLIC_PREBUILT := $(base_plat_public_prebuilt)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE_PREBUILT := $(base_plat_private_prebuilt)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA := $(sort $(FREEZE_TEST_EXTRA_DIRS))
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_PREBUILT := $(sort $(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
|
||||
$(LOCAL_BUILT_MODULE): $(all_frozen_files)
|
||||
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
||||
@diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC)
|
||||
@diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE)
|
||||
ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
|
||||
@for pair in $(call ziplist, $(PRIVATE_EXTRA_PREBUILT), $(PRIVATE_EXTRA)); \
|
||||
do diff -rq -x bug_map $$pair; done
|
||||
endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS))
|
||||
endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
|
||||
$(hide) touch $@
|
||||
|
||||
base_plat_public :=
|
||||
base_plat_private :=
|
||||
base_plat_public_prebuilt :=
|
||||
base_plat_private_prebuilt :=
|
||||
all_frozen_files :=
|
||||
|
||||
#################################
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ bootstrap_go_package {
|
|||
"policy.go",
|
||||
"selinux.go",
|
||||
"selinux_contexts.go",
|
||||
"sepolicy_freeze.go",
|
||||
"sepolicy_vers.go",
|
||||
"versioned_policy.go",
|
||||
],
|
||||
|
|
|
|||
121
build/soong/sepolicy_freeze.go
Normal file
121
build/soong/sepolicy_freeze.go
Normal file
|
|
@ -0,0 +1,121 @@
|
|||
// Copyright 2021 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package selinux
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"sort"
|
||||
|
||||
"android/soong/android"
|
||||
)
|
||||
|
||||
func init() {
|
||||
ctx := android.InitRegistrationContext
|
||||
ctx.RegisterSingletonModuleType("se_freeze_test", freezeTestFactory)
|
||||
}
|
||||
|
||||
// se_freeze_test compares the plat sepolicy with the prebuilt sepolicy. Additional directories can
|
||||
// be specified via Makefile variables: SEPOLICY_FREEZE_TEST_EXTRA_DIRS and
|
||||
// SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS.
|
||||
func freezeTestFactory() android.SingletonModule {
|
||||
f := &freezeTestModule{}
|
||||
android.InitAndroidModule(f)
|
||||
return f
|
||||
}
|
||||
|
||||
type freezeTestModule struct {
|
||||
android.SingletonModuleBase
|
||||
freezeTestTimestamp android.ModuleOutPath
|
||||
}
|
||||
|
||||
func (f *freezeTestModule) GenerateSingletonBuildActions(ctx android.SingletonContext) {
|
||||
// does nothing; se_freeze_test is a singeton because two freeze test modules don't make sense.
|
||||
}
|
||||
|
||||
func (f *freezeTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
||||
platformVersion := ctx.DeviceConfig().PlatformSepolicyVersion()
|
||||
totVersion := ctx.DeviceConfig().TotSepolicyVersion()
|
||||
|
||||
extraDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraDirs()
|
||||
extraPrebuiltDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraPrebuiltDirs()
|
||||
f.freezeTestTimestamp = android.PathForModuleOut(ctx, "freeze_test")
|
||||
|
||||
if platformVersion == totVersion {
|
||||
if len(extraDirs) > 0 || len(extraPrebuiltDirs) > 0 {
|
||||
ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS cannot be set before system/sepolicy freezes.")
|
||||
return
|
||||
}
|
||||
|
||||
// we still build a rule to prevent possible regression
|
||||
android.WriteFileRule(ctx, f.freezeTestTimestamp, ";; no freeze tests needed before system/sepolicy freezes")
|
||||
return
|
||||
}
|
||||
|
||||
if len(extraDirs) != len(extraPrebuiltDirs) {
|
||||
ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS and SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS must have the same number of directories.")
|
||||
return
|
||||
}
|
||||
|
||||
platPublic := filepath.Join(ctx.ModuleDir(), "public")
|
||||
platPrivate := filepath.Join(ctx.ModuleDir(), "private")
|
||||
prebuiltPublic := filepath.Join(ctx.ModuleDir(), "prebuilts", "api", platformVersion, "public")
|
||||
prebuiltPrivate := filepath.Join(ctx.ModuleDir(), "prebuilts", "api", platformVersion, "private")
|
||||
|
||||
sourceDirs := append(extraDirs, platPublic, platPrivate)
|
||||
prebuiltDirs := append(extraPrebuiltDirs, prebuiltPublic, prebuiltPrivate)
|
||||
|
||||
var implicits []string
|
||||
for _, dir := range append(sourceDirs, prebuiltDirs...) {
|
||||
glob, err := ctx.GlobWithDeps(dir+"/**/*", []string{"bug_map"} /* exclude */)
|
||||
if err != nil {
|
||||
ctx.ModuleErrorf("failed to glob sepolicy dir %q: %s", dir, err.Error())
|
||||
return
|
||||
}
|
||||
implicits = append(implicits, glob...)
|
||||
}
|
||||
sort.Strings(implicits)
|
||||
|
||||
rule := android.NewRuleBuilder(pctx, ctx)
|
||||
|
||||
for idx, _ := range sourceDirs {
|
||||
rule.Command().Text("diff").
|
||||
Flag("-r").
|
||||
Flag("-q").
|
||||
FlagWithArg("-x ", "bug_map"). // exclude
|
||||
Text(sourceDirs[idx]).
|
||||
Text(prebuiltDirs[idx])
|
||||
}
|
||||
|
||||
rule.Command().Text("touch").
|
||||
Output(f.freezeTestTimestamp).
|
||||
Implicits(android.PathsForSource(ctx, implicits))
|
||||
|
||||
rule.Build("sepolicy_freeze_test", "sepolicy_freeze_test")
|
||||
}
|
||||
|
||||
func (f *freezeTestModule) AndroidMkEntries() []android.AndroidMkEntries {
|
||||
return []android.AndroidMkEntries{android.AndroidMkEntries{
|
||||
Class: "FAKE",
|
||||
// OutputFile is needed, even though BUILD_PHONY_PACKAGE doesn't use it.
|
||||
// Without OutputFile this module won't be exported to Makefile.
|
||||
OutputFile: android.OptionalPathForPath(f.freezeTestTimestamp),
|
||||
Include: "$(BUILD_PHONY_PACKAGE)",
|
||||
ExtraEntries: []android.AndroidMkExtraEntriesFunc{
|
||||
func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
|
||||
entries.SetString("LOCAL_ADDITIONAL_DEPENDENCIES", f.freezeTestTimestamp.String())
|
||||
},
|
||||
},
|
||||
}}
|
||||
}
|
||||
Loading…
Reference in a new issue