tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use board api level for seapp coredomain check am: 06518b14f7

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2727834

Change-Id: Ia96fef6b3b70fbe0743efc0cedf6e6767ba584d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Inseob Kim 2023-08-29 01:56:08 +00:00 committed by Automerger Merge Worker
commit da15aa9d1b
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
build/soong/selinux_contexts.go
View file

@ -419,6 +419,14 @@ func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext,
return builtCtxFile
}
func (m *selinuxContextsModule) shouldCheckCoredomain(ctx android.ModuleContext) bool {
if !ctx.SocSpecific() && !ctx.DeviceSpecific() {
return false
}
return ctx.DeviceConfig().CheckVendorSeappViolations()
}
func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
neverallowFile := pathForModuleOut(ctx, "neverallow")
ret := pathForModuleOut(ctx, m.stem())
@ -440,10 +448,8 @@ func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, in
Inputs(inputs).
Input(neverallowFile)
shippingApiLevel := ctx.DeviceConfig().ShippingApiLevel()
ApiLevelU := android.ApiLevelOrPanic(ctx, "UpsideDownCake")
if (ctx.SocSpecific() || ctx.DeviceSpecific()) && shippingApiLevel.GreaterThan(ApiLevelU) {
checkCmd.Flag("-c") // check coredomain for V (or later) launching devices
if m.shouldCheckCoredomain(ctx) {
checkCmd.Flag("-c") // check coredomain for vendor contexts
}
rule.Build("seapp_contexts", "Building seapp_contexts: "+m.Name())