The steps have been done by hand, which is highly errorprone.
Bug: 207344718
Test: run the script manually
Change-Id: I9deb367b0cbd8d357147f83964bc214cd00266f7
sepolicy_generate_compat is a binary that creates a new compat file when
freezing sepolicy API.
Suppose that we are adding {ver} compat file, after freezing {ver}
sepolicy. Then the workflow would be:
1) copy prebuilts to system/sepolicy/prebuilts/api/{ver}
2) add {ver} to PLATFORM_SEPOLICY_COMPAT_VERSIONS under
build/make/core/config.mk
3) touch the following three files
- system/sepolicy/private/compat/{ver}/{ver}.cil
- system/sepolicy/private/compat/{ver}/{ver}.compat.cil
- system/sepolicy/private/compat/{ver}/{ver}.ignore.cil
- system/sepolicy/prebuilts/api/{ver}/vendor_sepolicy.cil
- system/sepolicy/prebuilts/api/{ver}/plat_pub_versioned.cil
* This step is to build base compat files, and won't be needed in the
future.
4) add compat module files (won't be needed in the future)
- {ver}.cil
- {ver}.compat.cil
- {ver}.ignore.cil
* This step is to build base compat files, and won't be needed in the
future.
5) run the following command to update above three files:
$ source build/envsetup.sh && lunch aosp_arm64-userdebug
$ m sepolicy_generate_compat
$ sepolicy_generate_compat --branch=(branch_for_ver) \
--build latest --target-version {ver} \
--latest-version {ver-1}
6) upload build/make and system/sepolicy changes.
This script still lacks:
- handling of plat_pub_versioned.cil
- test cases
We will tackle such problems with follow-up changes.
Bug: 214336258
Test: manual
Change-Id: I21723a0832e5adadae7c22797c5aba867dc0174e
To generate compat files, we need:
- base plat sepolicy
- old plat sepolicy
- base plat pub sepolicy
- mapping file from the device
- latest compat files
Generator now triggers the build system itself to get necessary base
files, and then uses the artifacts to extract new types and removed
types.
For the next step, the new/removed types will be mapped to old types,
based on the latest compat files.
Bug: 214336258
Test: sepolicy_generate_compat --branch sc-v2-dev --target-version \
32.0 --latest-version 31.0 -vvvv --build latest
Change-Id: I1f228233c1e3638e78bc0630ae51e48667a12ef5
sepolicy_generate_compat will be used to generate compat files for ToT,
based on the mapping file from aosp_arm64-userdebug target of {ver}
source tree. For now, it only supports downloading a mapping file
system/etc/selinux/mapping/{ver}.cil from the Android build server.
Bug: 214336258
Test: sepolicy_generate_compat --branch sc-v2-dev --version 32.0
Change-Id: I48043c71a6866aa385ecd67462f7678561cc5a38
