Merge "Ensure newlines are added between context config files"
This commit is contained in:
Nick Kralevich
Gerrit Code Review
commit
d6765a99f3
2 changed files with 44 additions and 10 deletions
38
Android.mk
38
Android.mk
|
|
@ -30,6 +30,13 @@ endif
|
|||
# $(1): the set of policy name paths to build
|
||||
build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
|
||||
|
||||
# Add a file containing only a newline in-between each policy configuration
|
||||
# 'contexts' file. This will allow OEM policy configuration files without a
|
||||
# final newline (0x0A) to be built correctly by the m4(1) macro processor.
|
||||
# $(1): the set of contexts file names.
|
||||
# $(2): the file containing only 0x0A.
|
||||
add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
|
||||
|
||||
sepolicy_build_files := security_classes \
|
||||
initial_sids \
|
||||
access_vectors \
|
||||
|
|
@ -52,6 +59,21 @@ sepolicy_build_files := security_classes \
|
|||
##################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := sectxfile_nl
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
# Create a file containing newline only to add between context config files
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
$(LOCAL_BUILT_MODULE): $(all_fcfiles_with_nl) $(all_pcfiles_with_nl) $(all_svcfiles_with_nl)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) echo > $@
|
||||
|
||||
built_nl := $(LOCAL_BUILT_MODULE)
|
||||
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := sepolicy
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
|
@ -161,11 +183,12 @@ ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
|||
all_fc_files := $(all_fc_files) file_contexts_asan
|
||||
endif
|
||||
all_fc_files := $(call build_policy, $(all_fc_files))
|
||||
all_fcfiles_with_nl := $(call add_nl, $(all_fc_files), $(built_nl))
|
||||
|
||||
file_contexts.tmp := $(intermediates)/file_contexts.tmp
|
||||
$(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fc_files)
|
||||
$(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fcfiles_with_nl)
|
||||
$(file_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(file_contexts.tmp): $(all_fc_files)
|
||||
$(file_contexts.tmp): $(all_fc_files) $(all_fcfiles_with_nl) $(built_nl)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@
|
||||
|
||||
|
|
@ -263,11 +286,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
|||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_pc_files := $(call build_policy, property_contexts)
|
||||
all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))
|
||||
|
||||
property_contexts.tmp := $(intermediates)/property_contexts.tmp
|
||||
$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pc_files)
|
||||
$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pcfiles_with_nl)
|
||||
$(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(property_contexts.tmp): $(all_pc_files)
|
||||
$(property_contexts.tmp): $(all_pc_files) $(all_pcfiles_with_nl) $(built_nl)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
|
||||
|
||||
|
|
@ -315,11 +339,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
|||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_svc_files := $(call build_policy, service_contexts)
|
||||
all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl))
|
||||
|
||||
service_contexts.tmp := $(intermediates)/service_contexts.tmp
|
||||
$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svc_files)
|
||||
$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svcfiles_with_nl)
|
||||
$(service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(service_contexts.tmp): $(all_svc_files)
|
||||
$(service_contexts.tmp): $(all_svc_files) $(all_svcfiles_with_nl) $(built_nl)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
|
||||
|
||||
|
|
@ -407,5 +432,6 @@ built_pc :=
|
|||
built_svc :=
|
||||
built_general_sepolicy :=
|
||||
built_general_sepolicy.conf :=
|
||||
built_nl :=
|
||||
|
||||
include $(call all-makefiles-under,$(LOCAL_PATH))
|
||||
|
|
|
|||
16
README
16
README
|
|
@ -7,11 +7,19 @@ into the policy build as described below.
|
|||
Policy Generation:
|
||||
|
||||
Additional, per device, policy files can be added into the
|
||||
policy build.
|
||||
policy build. These files should have each line including the
|
||||
final line terminated by a newline character (0x0A). This
|
||||
will allow files to be concatenated and processed whenever
|
||||
the m4(1) macro processor is called by the build process.
|
||||
Adding the newline will also make the intermediate text files
|
||||
easier to read when debugging build failures. The sets of file,
|
||||
service and property contexts files will automatically have a
|
||||
newline inserted between each file as these are common failure
|
||||
points.
|
||||
|
||||
They can be configured through the use of the BOARD_SEPOLICY_DIRS
|
||||
variable. This variable should be set in the BoardConfig.mk file in
|
||||
the device or vendor directories.
|
||||
These device policy files can be configured through the use of
|
||||
the BOARD_SEPOLICY_DIRS variable. This variable should be set
|
||||
in the BoardConfig.mk file in the device or vendor directories.
|
||||
|
||||
BOARD_SEPOLICY_DIRS contains a list of directories to search
|
||||
for additional policy files. Order matters in this list.
|
||||
|
|
|
|||
Loading…
Reference in a new issue