This value is always set to true in the core build
system. Removing reads of it so we can mark it as
obsolete.
Bug: 257176017
Test: build
Change-Id: Ie7a72496bd4712583944ed833cd4364c5e3c520b
This won't be harmful and this can help reduce rebuilding sepolicy
artifacts upon lunch target change.
Bug: 279524023
Test: m selinux_policy
Change-Id: I859de6dc0ac1958b44d847159904960bd7f9a0c2
Commit b554e59 converted the build rules of contexts to Soong.
Previously, both services_contexts and hwservice_contexts were stripped
of comments. This is useful as a CTS test (testAospServiceContexts)
ensures that the device service_contexts matches AOSP. Restore the
previous behaviour.
Bug: 279384270
Test: m selinux_policy; diff plat_service_contexts; no more comments
Change-Id: Id0245efacf4e4b123f805869d95bacf804ccb915
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.
In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.
No fuzzer, because this is a test service only, so it's
low-value.
Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
Test: m
Bug: 232439428
Ignore-AOSP-First: resourcemanager_service_fuzzer is being added
in internal due to differences in source directory. This rule needs
fuzzer to present in current source tree to avoid build failure.
Change-Id: I44a5a9a980b142841b79354d103adab1aaa7afc3
A new mainline module that will have the device config logic requires a new service (device_config_updatable).
Bug: 252703257
Test: manual because logic that launches service is behind flag
Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.
Bug: 261729059
Test: atest vts_treble_vintf_framework_test
atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.
Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.
Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
This new service is exposed by system_server and available to all apps.
Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
In AIDL, there is no 'factory' interface for retrieving
modules, instead each module is registered individually
with the ServiceManager.
Bug: 205884982
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I55cdae0640171379cda33de1534a8dc887583197
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap
ISap is no longer going to be with IRadioSim in the sim
directory. It will be in its own sap directory.
Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
In Android, we don't allow any domain to be permissive in user builds.
However, in Microdroid permissive domains should be allowed even in user
builds because fully debuggable VMs (where adb root is supported) can be
created there.
This change adds a new property `permissive_domains_on_user_builds` to
the `se_policy_binary` module as a controlled way of adding exceptions
to the enforcement.
Bug: 259729287
Test: m. This CL doesn't add any exception.
Change-Id: I2ae240e92dfdeadd827f027534e3e11ce4534240
API changes are in ag/20407841. Please note we're still going through
security reviews here: b/249996246 and will incorporate feedback as we
go through the process. These selinux policies will enable the
WearableSensingService to run and unblock upstream development work.
Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 249135378, 244181656
Ignore-AOSP-First: to prevent new feature leak.
Change-Id: I597827766cc3ed68ae65fb177f518eaf874f1eda
This reverts commit f4ab6c9f3c.
Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.
Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
The background_install_control service is going to detect
background installed apps and provide the list of such apps.
Bug: 244216300
Test: manual
Change-Id: I6500f29ee063da4a3bc18e109260de419dd39218
This reverts commit e3245a40df.
Reason for revert: Check for missing dependency is added now. It should fix builds on master-art branch.
Bug: 253648584
Change-Id: I1ecd4521a1038ace711a4abeb0964b764ad5bc94
Panic only if missing dependencies are not allowed while checking
fuzzer bindings. This fix should breakages on branches like master-art
where SOONG_ALLOW_MISSING_DEPENDENCIES is set.
Bug: 246590424
Test: m
Change-Id: I0f908f27de5f761495848f461c7d479117f9feda
This reverts commit f38fb73371.
Bug: 246590424
Reason for revert: Breaks projects which don't include a full tree (eg master-art)
Change-Id: I2a87bde5e959e9a700f0569d2ccf7894ea3dc7ab
Sepolicy changes for confirmationui while converting from hidl
to aidl.
Bug: b/205760172
Test: run vts -m VtsHalConfirmationUIV1_0Target
Change-Id: Ib21038fd89789755b978489f5293725b221d86c4
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.
Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
Will add fuzzer once the service is implemented.
Test: Run remoteaccess HAL on gcar_emu. Verify the service is running.
Bug: 241483300
Change-Id: I01b31a88414536ddd90f9098f422ae43a48cf726
Add selinux policy so the healthconnect system service
can be accessed by other processes.
Bug: 246961138
Test: build
Change-Id: I37e0e7f1a2b4696b18f8876a107c509d2906e850
Conversion of the gatekeeper hidl interface to stable aidl interface.
Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I44f554e711efadcd31de79b543f42c0afb27c23c
Adding soong module and tool to check if there is fuzzer present
for every service in private/service_contexts. Whenever a service is
added, its is recommended to update
$ANDROID_BUILD_TOP/system/sepolicy/soong/build/service_fuzzer_bindings.go
with service name and its corresponding fuzzer.
Test: m
Bug: 242104782
Change-Id: Id9bc45f50bebf464de7c91c7469d4bb6ff153ebd
This is a roll-forward of some of the changes rolled back in
aosp/2170746. I am rolling forward in smaller chunks so that it is
easier to identify and avoid possible breakages.
Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: Ibe451325d471fe04cd52683ba90a22543fa84c7c
Revert "Add java SeamendcHostTest in cts"
Revert submission 2111065-seamendc
Reason for revert: b/240731742, b/240462388 and b/240463116
Reverted Changes:
I3ce2845f2:Move parts of sdk_sandbox from private to apex pol...
I0c10106e2:Add java SeamendcHostTest in cts
Test: revert cl
Change-Id: If9981796694b22b7cbfe1368cd815889c741e69d
Partners should be able to add hal_attributes to system_ext or product's
public/attributes file. However, if system_ext or product's
public/attributes contain any domain sets, numbers for base_typeattr
become inconsistent. It's because the order is now:
...
te_macros
attributes
ioctl_defines
ioctl_macros
*.te
roles_decl
...
That is, system_ext/public/attributes and product/public/attributes are
included prior to system/sepolicy/**/*.te. Thus, plat_sepolicy.cil and
system_ext_sepolicy.cil/product_sepolicy.cil can conflict.
This change fixes this issue by making attributes and *.te files have
the same rank. This way, system_ext/public/attributes is included after
system/sepolicy/**/*.te.
Bug: 234137981
Test: m selinux_policy after adding hal_attribute to
system_ext/public/attributes
Change-Id: I85e1f6b8e4ab47c723724684d1938297a3305fe8
se_build_files is a replacement for se_filegroup module. se_build_files
can be used with the normal Soong convention ":module_name{.tag}" by
implementing android.OutputFileProducer. It's better than implementing
ad-hoc logics across various modules, which is the case for se_filegroup
module.
Test: build and boot
Change-Id: Ic0e34549601eb043145e433055f5a030eaf4347e
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.
The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.
Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
OutputFileProducer interface has been returning "conf", not the
designated stem.
Test: try including se_policy_conf module as other module's srcs
Change-Id: I17de5e10ed9bd1d45dc9a8b1be11ea6f5290c179
sepolicy_neverallow is based on a combination of calling checkpolicy
followed by sepolicy-analyze. If the first tool fails, the error message
associated with the second is returned, which is misleading.
Separate both part of the rule using a new build command.
Bug: 175911415
Test: Modify policy to trigger neverallow (checkpolicy); no misleading
messages from sepolicy-analyze
Change-Id: I5977ced23dee09a28c7df334e4790d212e0db0c1
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.
Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.
Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
compat_test tests whether {ver}.compat.cil is compatible to current
policy or not. This commit migrates all tests into a single module named
"sepolicy_compat_tests".
A minor issue is also resolved with this migration. Suppose that the
vendor's speolicy version is {VER}. Then the following cil files are
compiled in runtime.
- system/etc/selinux/plat_sepolicy.cil
- system/etc/selinux/mapping/{VER}.cil
- system/etc/selinux/mapping/{VER}.compat.cil (optional)
- system_ext/etc/selinux/system_ext_sepolicy.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.compat.cil (optional)
- product/etc/selinux/product_sepolicy.cil (optional)
- product/etc/selinux/mapping/{VER}.cil (optional)
- product/etc/selinux/mapping/{VER}.compat.cil (optional)
- vendor/etc/selinux/vendor_sepolicy.cil
- vendor/etc/selinux/plat_pub_versioned.cil
- odm/etc/selinux/odm_sepolicy.cil (optional)
That is, the vendor policy of version {VER} (vendor_sepolicy.cil,
plat_pub_versioned.cil, and odm_sepolicy.cil) is required to be
compatible only to {VER}.compat.cil. So, the vendor policy is included
only to $(BOARD_SEPOLICY_VERS)_compat_test. The other tests will be
built only with platform side policies.
Bug: 33691272
Test: boot
Test: manually edit {ver}.compat.cil files and try build
Change-Id: I16b30a9171f10ee8f08fc03b7bd7c047eec12b19
Because Go command line tooling assumes *_test.go files are tests and
not package sources.
Test: build
Change-Id: Ie332b89140b93c4ea448009cafa2556ef888497c
A new module type se_neverallow_test is added, to migrate
sepolicy_neverallow modules. se_neverallow_test is affected by
SELINUX_IGNORE_NEVERALLOWS.
Bug: 33691272
Test: m selinux_policy
Test: intentionally create neverallow violations and m selinux_policy
Change-Id: I1582353f99f064ff78f3c547a0c13f2b772d54df
For now, contexts modules have been using se_filegroup modules, which
makes the build system logic unnecessarily complex. This change
refactors it to se_build_files modules and normal `android:"path"`
logic.
Test: build and boot
Change-Id: I52e557e2dc8300186869a97fddfd3a74183473f7
sepolicy is a module which outputs precompiled sepolicy and performs
permissive domain check on user builds. se_policy_binary module is
updated so it checks permissive domain in user builds.
sepolicy module is removed since we don't need it anymore. Instead,
precompiled_sepolicy is used.
Bug: 33691272
Test: build
Test: add "permissive adbd;" and build on aosp_arm64-user
Change-Id: I3dcf0c32d2fc1312dfceeee74894c08b38395d19
The following files are built with Android.bp:
- vendor_sepolicy.cil
- odm_sepolicy.cil
- prebuilt_sepolicy
Also, prebuilt_policy.mk is removed as it's now redundant.
Bug: 33691272
Test: build and compare artifacts
Test: build with rvc-dev sepolicy
Change-Id: I7bf79c9c85c63cd942b36f7cf5ddda1860626c0b
When we compile sepolicy files into a cil file, we first gather all
sepolicy files to create a conf file, and then convert the conf file to
a cil file with checkpolicy. The problem is that checkpolicy is
sensitive to the input order; the conf file should contain statements in
a specific order: classes, initial_sid, access vectors, macros, mls,
etc.
This restriction has made Android.bp migration difficult, and we had to
create a magical module called "se_build_files" to correctly include
source files in the designated order. It works, but significant
readability problem has happened. For example, when we write
":se_build_files{.system_ext_public}", how can we easily figure out that
the tag actually includes plat public + system_ext public + reqd mask,
without taking a look at the build system code?
This change refactors the se_build_files module and se_policy_conf
module, so we can easily see the desginated files for each module, just
like we did in the Android.mk. se_policy_conf module now stably sorts
source files in an order which will make checkpolicy happy.
se_build_files module is also refactored, so one tag can represent
exactly one set of policy files, rather than doing magical works behind
the scene. For example, system_ext public policy module is changed from:
se_policy_conf {
name: "system_ext_pub_policy.conf",
// se_build_files automatically adds plat public and reqd mask
srcs: [":se_build_files{.system_ext_public}"],
}
to:
se_policy_conf {
name: "system_ext_pub_policy.conf",
// se_policy_conf automatically sorts the input files
srcs: [
":se_build_files{.plat_public}",
":se_build_files{.system_ext_public}",
":se_build_files{.reqd_mask}",
],
}
Bug: 209933272
Test: build and diff before/after
Change-Id: I97a76ed910645c1607d913fd646c27e87af0afd3
BOARD_PLAT_VENDOR_POLICY should be used for all vendor stuff, when in
mixed sepolicy build (BOARD_SEPOLICY_VERS != PLATFORM_SEPOLICY_VERSION).
This fixes an issue that system/sepolicy/vendor has been incorrectly
used in mixed sepolicy build.
Bug: 205924657
Test: Try AOSP + rvc-dev mixed sepolicy build
1) copy cuttlefish sepolicy prebuilts from rvc-dev branch.
2) set prebuilt variables:
- BOARD_PLAT_VENDOR_POLICY
- BOARD_REQD_MASK_POLICY
- BOARD_(SYSTEM_EXT|PRODUCT)_PRIVATE_PREBUILT_DIRS
- BOARD_SEPOLICY_VERS
3) lunch aosp_cf_x86_64_phone-userdebug; m selinux_policy
4) compare $OUT/vendor/etc/selinux with rvc-dev's artifacts.
Change-Id: I2ed1e25255c825c24dab99ae4903328b0400c414
1. Splitted plat_property_contexts, plat_file_contexts, and
plat_service_contexts so they can be included by the
CtsSecurityHostTestCases module.
2. Add temporary seapp_contexts Soong module, which are needed by the
CtsSecurityHostTestCases, and makefile_goal is an interim solution before
migrating both of them to Soong.
Bug: 194096505
Test: m CtsSecurityHostTestCases
Change-Id: I99ba55b1a89f196b3c8504e623b65960a9262165
Revert "Convert security/Android.mk to Android.bp"
Revert "Add seapp_contexts to allowlist of makefile goal"
Revert submission 1795972-Convert security/Android.mk to Android.bp
Reason for revert: http://b/206976319 Broken build 7928060 on aosp-master on sdk_arm64-sdk
Reverted Changes:
I0e0e7f677:Split property and file contexts modules
I5596d6f00:Add seapp_contexts to allowlist of makefile goal
If685e5ccc:Convert security/Android.mk to Android.bp
Change-Id: Ibbca0a17886d15b3fd7ecaf974a06df7107fd9aa
1. Splitted plat_property_contexts and plat_file_contexts so that they
can be included by the CtsSecurityHostTestCases module;
2. Add temporary seapp_contexts Soong module, which are needed by the
CtsSecurityHostTestCases, and makefile_goal is an interim solution before
migrating both of them to Soong.
Bug: 194096505
Test: m CtsSecurityHostTestCases
Change-Id: I0e0e7f6778d42ab2fdae3a181f40216fe6719e7c
There's nothing special in the Custom method supplied, replace it
with normal AndroidMkEntries fields.
Bug: 204136549
Test: m checkbuild
Change-Id: I624005d2ee313aaa60397749b0726e393a842618
This change stops using deprecated functionality and migrates this
repository's custom Soong code to support current practices to manage
path property related dependencies. i.e. when a property includes
something that looks like ":module".
ExtractSourcesDeps has been deprecated in favor of tagging properties
with `android:"path"` which will cause the pathDepsMutator to add the
dependencies automatically.
android.SourceDepTag has been deprecated as the underlying type needs
to be changed and this will no longer work for its current uses.
* ctx.GetDirectDepWithTag(moduleName, android.SourceDepTag) will not
work to retrieve a reference to the module dependency added for
path properties. GetModuleFromPathDep(ctx, moduleName, "") must be
used instead.
* depTag == android.SourceDepTag can no longer be used to check to
see if depTag was used to add a module dependency for a module
reference in a path property without any output tag.
IsSourceDepTagWithOutputTag(depTag, "") must be used instead.
Bug: 193228441
Test: m nothing
Change-Id: I307039612f0f2a541ac7dbfddd052ef78c290f60
InstallFile skips install only if SkipInstall is called before
InstallFile.
Bug: 190442286
Test: build/soong/scripts/build-ndk-prebuilts.sh
Change-Id: Ic497e34816ea5ac23be45e34c242b59bf1a01e28
This reverts commit b44e506223.
Reason for revert: secilc is fixed by aosp/1701846, so the workaround is no longer needed
Bug: 183362912
Test: S GSI on R CF boot test
Change-Id: Ic73c7cea1ebe42b483049cbc29f192e738748894
plat_sepolicy_vers.txt stores the version of vendor policy. This change
adds sepolicy_vers module to migrate plat_sepolicy_vers.txt to
Android.bp.
- Device's plat_sepolicy_vers: should be BOARD_SEPOLICY_VERS
- Microdroid's plat_sepolicy_vers: should be PLATFORM_SEPOLICY_VERSION
because all microdroid artifacts are bound to platform
Bug: 33691272
Test: boot device && boot microdroid
Change-Id: Ida293e1cb785b44fa1d01543d52d3f8e15b055c2
* changes:
Revert "Add a neverallow for debugfs mounting"
Revert "Add neverallows for debugfs access"
Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
Revert "Check that tracefs files are labelled as tracefs_type"
Revert submission 1668411
Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting
Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0
This reverts commit 57b64bd282.
Because it breaks the usage of boot-debug.img and
vendor_boot-debug.img.
Bug: 185970130
Bug: 185990198
Test: make bootimage_debug
Change-Id: I2c7c4f9954540a9be301b3ed0a6c2f0af2019803
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs). This patch
adds a neverallow statement that prevents processes other than init
from being provided access to mount debugfs in non-user builds
when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS is set to true.
Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I289f2d25662a78678929e29f83cb31cebd8ca737
to ensure the file size is greater than 0, as secilc cannot handle
zero-sized cil files.
Fixes: 185256986
Bug: 183362912
Test: Forrest re-run broken test
Change-Id: Ief3039d38728fbeff67c6e39d6b15bddb006e5f8
Installs backwards compatibility cil files.
Bug: 183362912
Test: Presubmit
Test: Add a $(ver).compat.cil under SYSTEM_EXT_PRIVATE_SEPOLICY_DIR and
verify the file is installed under /system_ext/etc/selinux/mapping/
Change-Id: I5e2c6b8dfa8df431edfe96f29daae463b130367f
plat_vendor tag consists of vendor available policies in system/sepolicy
directory, and is for minimized vendor policies.
Bug: 33691272
Test: boot microdroid
Change-Id: Icb3c1be02ee41b526d7d95f0053e56bf8b34f49d
It was missing when migrating definitions.mk to Android.bp module.
Test: m selinux_policy on sc-arc
Change-Id: I3c943440295bc9064d50e1a2f9025715c76b539e
This adds a new module se_policy_cil. It will consume the policy.conf
file (usually built with se_policy_conf) and outputs a compiled cil
policy file, which will be shipped to devices.
Bug: 33691272
Test: try building se_policy_cil from se_policy_conf
Change-Id: I7a33ab6cb5978e1a7d991be7514305c5e9f8159b
This adds a new soong module that transforms selinux policy files to
policy.conf file. It uses m4 macro with various variables, and replaces
transform-policy-to-conf macro in system/sepolicy/definitions.mk.
The module will be used when building:
- policy cil files shipped to the device
- CTS tests that needs general_policy.conf
Bug: 33691272
Test: try building se_policy_conf with se_build_files
Change-Id: Ie1082a8193c2205992b425509b9d5bfa4b495b2f
se_build_files module globs given srcs from sepolicy directories and
acts as a filegroup with the following tags, which can be used to build
system side policy files.
- plat
- plat_public
- system_ext
- system_ext_public
- product
- product_public
- reqd_mask
se_build_files module acts like the build_policy macro in Android.mk.
Normal genrule module can't easily handle that, because both file order
and directory order matter.
Support for vendor/odm is to be added in the future.
Bug: 33691272
Test: inspect se_build_files with above tags and compare it to ninja
Change-Id: Id7c57b01c78fc14ac5e8eeeb074a6fc21d271e84
For devices launching with Android Q or later, vendor_property_contexts
and odm_property_contexts should only contain vendor and odm properties.
This checks property_contexts files in build time.
To temporarily disable this check, users can set
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE := true in BoardConfig.mk. But
VTS is still enforced, so users will have to fix the violations anyway.
Bug: 175526482
Test: m vendor_property_contexts after making violations
Change-Id: I99d6fff9033d78e1d276eed2682a2719dab84ae2
As image variants are now supported directly by android.Module, this
removes a custom mutator in selinux_contexts and uses image variant
functions in android.Module.
InRecovery and InstallInRecovery may be confusing. But refactoring it is
out of scope for this CL.
Test: compare out/soong/build.ninja before and after
Change-Id: I9ebf665a1d50d24bb4e5568a4fd1af4c4eb02c90
If sysprop library contains only internal properties, the API txt file
will be empty. This allows the API files to be missing in such cases to
turn off API-Review bit.
Bug: 177036449
Test: manual test
Change-Id: I9792e46ce6d19e65ee83cb055f76069063bec281
Revert "Add ability to declare licenses in soong."
Revert submission 1377717-metalics
Reason for revert: This has broken renderscript_mac target for aosp-master, see b/176909442
Reverted Changes:
I26ac54ca9:Define the standard license_kind rules.
I656486070:Export soong license data to make.
If9d661dfc:Export soong license data to make.
I97943de53:Add ability to declare licenses in soong.
Icaff40171:Rough-in license metadata support to make.
Ib8e538bd0:Add variables for notice deps, license kinds etc.
Change-Id: I9af3727fba03f6b40cd6d77c7e259ef4c9b7f29d
Now newer system policy and older vendor policy can be built together by
setting following variables:
- BOARD_SEPOLICY_VERS
- BOARD_REQD_MASK_POLICY (copy of older system/sepolicy/reqd_mask)
- BOARD_PLAT_VENDOR_POLICY (copy of older system/sepolicy/vendor)
- BOARD_(SYSTEM_EXT|PRODUCT)_(PUBLIC|PRIVATE)_PREBUILT_DIRS (copy of
older system_ext and product policies)
Bug: 168159977
Test: try normal build and mixed build
Test: boot and check selinux denials
Change-Id: Ie239580433ffd293fa6891cd665fb5ef83c0a14f
Pass pctx and ctx to NewRuleBuilder instead of RuleBuilder.Build,
and don't pass ctx to RuleBuilderCommand.BuiltTool. Follows the
changes in I63e6597e19167393876dc2259d6f521363b7dabc.
Test: m checkbuild
Change-Id: I372e8ecc3c4ea7ca8f66a8e1054eddd1a9af9dbd
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.
Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
