Move non-treble devices to split file_contexts
This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.
Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.
Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
--skip-preconditions --skip-connectivity-check --abi arm64-v8a \
--module CtsSecurityHostTestCases \
-t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
--skip-preconditions --skip-connectivity-check --abi arm64-v8a \
--module CtsSecurityHostTestCases \
-t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1
This commit is contained in:
Jeff Vander Stoep
Jeffrey Vander Stoep
parent
6aa9869a41
commit
f965a0a176
2 changed files with 14 additions and 6 deletions
19
Android.mk
19
Android.mk
|
|
@ -190,8 +190,6 @@ LOCAL_REQUIRED_MODULES += \
|
|||
plat_sepolicy.cil \
|
||||
plat_and_mapping_sepolicy.cil.sha256 \
|
||||
secilc \
|
||||
nonplat_file_contexts \
|
||||
plat_file_contexts \
|
||||
plat_sepolicy_vers.txt \
|
||||
treble_sepolicy_tests
|
||||
|
||||
|
|
@ -199,12 +197,15 @@ LOCAL_REQUIRED_MODULES += \
|
|||
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
|
||||
LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat_and_mapping.sha256
|
||||
endif
|
||||
|
||||
else
|
||||
# Use monolithic SELinux policy
|
||||
LOCAL_REQUIRED_MODULES += sepolicy \
|
||||
file_contexts.bin
|
||||
LOCAL_REQUIRED_MODULES += sepolicy
|
||||
endif
|
||||
|
||||
LOCAL_REQUIRED_MODULES += \
|
||||
nonplat_file_contexts \
|
||||
plat_file_contexts
|
||||
|
||||
include $(BUILD_PHONY_PACKAGE)
|
||||
|
||||
##################################
|
||||
|
|
@ -703,7 +704,11 @@ include $(CLEAR_VARS)
|
|||
LOCAL_MODULE := plat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
ifeq ($(PRODUCT_FULL_TREBLE),true)
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
|
||||
else
|
||||
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
||||
endif
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
|
|
@ -733,7 +738,11 @@ include $(CLEAR_VARS)
|
|||
LOCAL_MODULE := nonplat_file_contexts
|
||||
LOCAL_MODULE_CLASS := ETC
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
ifeq ($(PRODUCT_FULL_TREBLE),true)
|
||||
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
|
||||
else
|
||||
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
||||
endif
|
||||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,6 @@
|
|||
/sdcard u:object_r:rootfs:s0
|
||||
|
||||
# SELinux policy files
|
||||
/file_contexts\.bin u:object_r:file_contexts_file:s0
|
||||
/nonplat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/plat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
|
|
|
|||
Loading…
Reference in a new issue