tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Ensure newlines are added between context config files"

Browse source
This commit is contained in:
Nick Kralevich 2015-12-13 22:38:33 +00:00 committed by Gerrit Code Review
commit d6765a99f3
2 changed files with 44 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
Android.mk
View file

@ -30,6 +30,13 @@ endif
# $(1): the set of policy name paths to build # $(1): the set of policy name paths to build
build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file))))) build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
# Add a file containing only a newline in-between each policy configuration
# 'contexts' file. This will allow OEM policy configuration files without a
# final newline (0x0A) to be built correctly by the m4(1) macro processor.
# $(1): the set of contexts file names.
# $(2): the file containing only 0x0A.
add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
sepolicy_build_files := security_classes \ sepolicy_build_files := security_classes \
initial_sids \ initial_sids \
access_vectors \ access_vectors \
@ -52,6 +59,21 @@ sepolicy_build_files := security_classes \
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
LOCAL_MODULE := sectxfile_nl
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
# Create a file containing newline only to add between context config files
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): $(all_fcfiles_with_nl) $(all_pcfiles_with_nl) $(all_svcfiles_with_nl)
@mkdir -p $(dir $@)
$(hide) echo > $@
built_nl := $(LOCAL_BUILT_MODULE)
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy LOCAL_MODULE := sepolicy
LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional LOCAL_MODULE_TAGS := optional
@ -161,11 +183,12 @@ ifneq ($(filter address,$(SANITIZE_TARGET)),)
all_fc_files := $(all_fc_files) file_contexts_asan all_fc_files := $(all_fc_files) file_contexts_asan
endif endif
all_fc_files := $(call build_policy, $(all_fc_files)) all_fc_files := $(call build_policy, $(all_fc_files))
all_fcfiles_with_nl := $(call add_nl, $(all_fc_files), $(built_nl))
file_contexts.tmp := $(intermediates)/file_contexts.tmp file_contexts.tmp := $(intermediates)/file_contexts.tmp
$(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fc_files) $(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fcfiles_with_nl)
$(file_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(file_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(file_contexts.tmp): $(all_fc_files) $(file_contexts.tmp): $(all_fc_files) $(all_fcfiles_with_nl) $(built_nl)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@ $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@
@ -263,11 +286,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
all_pc_files := $(call build_policy, property_contexts) all_pc_files := $(call build_policy, property_contexts)
all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))
property_contexts.tmp := $(intermediates)/property_contexts.tmp property_contexts.tmp := $(intermediates)/property_contexts.tmp
$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pc_files) $(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pcfiles_with_nl)
$(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(property_contexts.tmp): $(all_pc_files) $(property_contexts.tmp): $(all_pc_files) $(all_pcfiles_with_nl) $(built_nl)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@ $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
@ -315,11 +339,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk include $(BUILD_SYSTEM)/base_rules.mk
all_svc_files := $(call build_policy, service_contexts) all_svc_files := $(call build_policy, service_contexts)
all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl))
service_contexts.tmp := $(intermediates)/service_contexts.tmp service_contexts.tmp := $(intermediates)/service_contexts.tmp
$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svc_files) $(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svcfiles_with_nl)
$(service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(service_contexts.tmp): $(all_svc_files) $(service_contexts.tmp): $(all_svc_files) $(all_svcfiles_with_nl) $(built_nl)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@ $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
@ -407,5 +432,6 @@ built_pc :=
built_svc := built_svc :=
built_general_sepolicy := built_general_sepolicy :=
built_general_sepolicy.conf := built_general_sepolicy.conf :=
built_nl :=
include $(call all-makefiles-under,$(LOCAL_PATH)) include $(call all-makefiles-under,$(LOCAL_PATH))

16
README
View file

@ -7,11 +7,19 @@ into the policy build as described below.
Policy Generation: Policy Generation:
Additional, per device, policy files can be added into the Additional, per device, policy files can be added into the
policy build. policy build. These files should have each line including the
final line terminated by a newline character (0x0A). This
will allow files to be concatenated and processed whenever
the m4(1) macro processor is called by the build process.
Adding the newline will also make the intermediate text files
easier to read when debugging build failures. The sets of file,
service and property contexts files will automatically have a
newline inserted between each file as these are common failure
points.
They can be configured through the use of the BOARD_SEPOLICY_DIRS These device policy files can be configured through the use of
variable. This variable should be set in the BoardConfig.mk file in the BOARD_SEPOLICY_DIRS variable. This variable should be set
the device or vendor directories. in the BoardConfig.mk file in the device or vendor directories.
BOARD_SEPOLICY_DIRS contains a list of directories to search BOARD_SEPOLICY_DIRS contains a list of directories to search
for additional policy files. Order matters in this list. for additional policy files. Order matters in this list.