Merge "Migrate precompiled sepolicy hashes to Android.bp" am: 5f831c37f9 am: bbe881263a

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1697248

Change-Id: I9818c394c90c8e5e7aa16202c12ba5f152427024
This commit is contained in:
Inseob Kim 2021-05-07 00:44:10 +00:00 committed by Automerger Merge Worker
commit f1f80f21b4
2 changed files with 57 additions and 72 deletions

View file

@ -845,6 +845,63 @@ sepolicy_vers {
vendor: true,
}
soong_config_module_type {
name: "precompiled_sepolicy_defaults",
module_type: "prebuilt_defaults",
config_namespace: "ANDROID",
bool_variables: ["BOARD_USES_ODMIMAGE"],
properties: ["vendor", "device_specific"],
}
precompiled_sepolicy_defaults {
name: "precompiled_sepolicy",
soong_config_variables: {
BOARD_USES_ODMIMAGE: {
device_specific: true,
conditions_default: {
vendor: true,
},
},
},
}
//////////////////////////////////
// SHA-256 digest of the plat_sepolicy.cil and plat_mapping_file against
// which precompiled_policy was built.
//////////////////////////////////
prebuilt_etc {
defaults: ["precompiled_sepolicy"],
name: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
src: ":plat_sepolicy_and_mapping.sha256_gen",
relative_install_path: "selinux",
}
//////////////////////////////////
// SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
// which precompiled_policy was built.
//////////////////////////////////
prebuilt_etc {
defaults: ["precompiled_sepolicy"],
name: "precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256",
filename: "precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256",
src: ":system_ext_sepolicy_and_mapping.sha256_gen",
relative_install_path: "selinux",
}
//////////////////////////////////
// SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
// which precompiled_policy was built.
//////////////////////////////////
prebuilt_etc {
defaults: ["precompiled_sepolicy"],
name: "precompiled_sepolicy.product_sepolicy_and_mapping.sha256",
filename: "precompiled_sepolicy.product_sepolicy_and_mapping.sha256",
src: ":product_sepolicy_and_mapping.sha256_gen",
relative_install_path: "selinux",
}
//////////////////////////////////
// SELinux policy embedded into CTS.
// CTS checks neverallow rules of this policy against the policy of the device under test.

View file

@ -1002,78 +1002,6 @@ all_cil_files :=
# See system/core/init/selinux.cpp for details.
#################################
#################################
# SHA-256 digest of the plat_sepolicy.cil and plat_mapping_file against
# which precompiled_policy was built.
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := precompiled_sepolicy.plat_sepolicy_and_mapping.sha256
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
LOCAL_LICENSE_CONDITIONS := notice unencumbered
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
ifeq ($(BOARD_USES_ODMIMAGE),true)
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
else
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
endif
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_plat_cil) $(built_plat_mapping_cil)
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_plat_mapping_cil)
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
# SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
# which precompiled_policy was built.
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
LOCAL_LICENSE_CONDITIONS := notice unencumbered
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
ifeq ($(BOARD_USES_ODMIMAGE),true)
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
else
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
endif
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_system_ext_cil) $(built_system_ext_mapping_cil)
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_system_ext_cil) $(built_system_ext_mapping_cil)
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
# SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
# which precompiled_policy was built.
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := precompiled_sepolicy.product_sepolicy_and_mapping.sha256
LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
LOCAL_LICENSE_CONDITIONS := notice unencumbered
LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
ifeq ($(BOARD_USES_ODMIMAGE),true)
LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
else
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
endif
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_product_cil) $(built_product_mapping_cil)
$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_product_cil) $(built_product_mapping_cil)
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
include $(CLEAR_VARS)
# build this target so that we can still perform neverallow checks