Merge "Migrate precompiled sepolicy hashes to Android.bp" am: 5f831c37f9
am: bbe881263a
am: f1f80f21b4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1697248 Change-Id: I9684e735800e2c5d86b32d1f45c4665523009f9c
This commit is contained in:
commit
d6aa7f96c4
2 changed files with 57 additions and 72 deletions
57
Android.bp
57
Android.bp
|
@ -845,6 +845,63 @@ sepolicy_vers {
|
|||
vendor: true,
|
||||
}
|
||||
|
||||
soong_config_module_type {
|
||||
name: "precompiled_sepolicy_defaults",
|
||||
module_type: "prebuilt_defaults",
|
||||
config_namespace: "ANDROID",
|
||||
bool_variables: ["BOARD_USES_ODMIMAGE"],
|
||||
properties: ["vendor", "device_specific"],
|
||||
}
|
||||
|
||||
precompiled_sepolicy_defaults {
|
||||
name: "precompiled_sepolicy",
|
||||
soong_config_variables: {
|
||||
BOARD_USES_ODMIMAGE: {
|
||||
device_specific: true,
|
||||
conditions_default: {
|
||||
vendor: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
// SHA-256 digest of the plat_sepolicy.cil and plat_mapping_file against
|
||||
// which precompiled_policy was built.
|
||||
//////////////////////////////////
|
||||
prebuilt_etc {
|
||||
defaults: ["precompiled_sepolicy"],
|
||||
name: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
|
||||
filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
|
||||
src: ":plat_sepolicy_and_mapping.sha256_gen",
|
||||
relative_install_path: "selinux",
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
// SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
|
||||
// which precompiled_policy was built.
|
||||
//////////////////////////////////
|
||||
prebuilt_etc {
|
||||
defaults: ["precompiled_sepolicy"],
|
||||
name: "precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256",
|
||||
filename: "precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256",
|
||||
src: ":system_ext_sepolicy_and_mapping.sha256_gen",
|
||||
relative_install_path: "selinux",
|
||||
}
|
||||
|
||||
//////////////////////////////////
|
||||
// SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
|
||||
// which precompiled_policy was built.
|
||||
//////////////////////////////////
|
||||
prebuilt_etc {
|
||||
defaults: ["precompiled_sepolicy"],
|
||||
name: "precompiled_sepolicy.product_sepolicy_and_mapping.sha256",
|
||||
filename: "precompiled_sepolicy.product_sepolicy_and_mapping.sha256",
|
||||
src: ":product_sepolicy_and_mapping.sha256_gen",
|
||||
relative_install_path: "selinux",
|
||||
}
|
||||
|
||||
|
||||
//////////////////////////////////
|
||||
// SELinux policy embedded into CTS.
|
||||
// CTS checks neverallow rules of this policy against the policy of the device under test.
|
||||
|
|
72
Android.mk
72
Android.mk
|
@ -1002,78 +1002,6 @@ all_cil_files :=
|
|||
# See system/core/init/selinux.cpp for details.
|
||||
#################################
|
||||
|
||||
#################################
|
||||
# SHA-256 digest of the plat_sepolicy.cil and plat_mapping_file against
|
||||
# which precompiled_policy was built.
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := precompiled_sepolicy.plat_sepolicy_and_mapping.sha256
|
||||
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
||||
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
||||
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
ifeq ($(BOARD_USES_ODMIMAGE),true)
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
else
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
endif
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_plat_cil) $(built_plat_mapping_cil)
|
||||
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_plat_mapping_cil)
|
||||
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
|
||||
|
||||
#################################
|
||||
# SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
|
||||
# which precompiled_policy was built.
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
|
||||
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
||||
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
||||
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
ifeq ($(BOARD_USES_ODMIMAGE),true)
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
else
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
endif
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_system_ext_cil) $(built_system_ext_mapping_cil)
|
||||
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_system_ext_cil) $(built_system_ext_mapping_cil)
|
||||
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
|
||||
|
||||
#################################
|
||||
# SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
|
||||
# which precompiled_policy was built.
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := precompiled_sepolicy.product_sepolicy_and_mapping.sha256
|
||||
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
|
||||
LOCAL_LICENSE_CONDITIONS := notice unencumbered
|
||||
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
ifeq ($(BOARD_USES_ODMIMAGE),true)
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
|
||||
else
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
endif
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_product_cil) $(built_product_mapping_cil)
|
||||
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_product_cil) $(built_product_mapping_cil)
|
||||
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
|
||||
|
||||
#################################
|
||||
include $(CLEAR_VARS)
|
||||
# build this target so that we can still perform neverallow checks
|
||||
|
|
Loading…
Reference in a new issue