In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose.
Bug: 285854379
Test: m
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
This adds two macros which can be used in te files and contexts files.
* is_flag_enabled(flag_name, codes)
* is_flag_disabled(flag_name, codes)
Also flag-guarding requires to process input files before any
validations. Property contexts test and seapp contexts test are
modified a little to handle that.
Bug: 306563735
Test: build with manual guarding
Change-Id: Ia1c6d00b7aab0da3901c19f16d553153aace018c
Sorting algorithm of fc_sort is not perfect and often causes unexpected
behaviors. We are moving from fc_sort to manual ordering of platform
file_contexts files.
In addition, this sets remove_comment as true by default, as fc_sort has
been removing comments / empty lines.
Bug: 299839280
Test: TH
Change-Id: Ic8a02b64fc70481234467a470506580d2e6efd94
This tests the original private/file_contexts and not the built version
(as it may contain the overlay files or asan entries). This ensures that
all the rules in the base files are used.
Another test will be later added to validate the built version (but
without requiring that all rules are used).
Bug: 299839280
Test: mm
Change-Id: I5efdde3c7f5211472cd9a0cf8def243aef640825
Add test entries for property_service_for_system and virtual_camera.
Re-order file_contexts so that /data/vendor/tombstones/wifi and
/data/misc/perfetto-traces/bugreport are labelled correctly.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./contexts/plat_file_contexts_test pass
Change-Id: Ifb4453d02327b5cf678e6a4cd927b5df0960086b
There is no one actively using mixed sepolicy build, and it made
sepolicy codes too complicated. As we are deprecating mixed build,
removing such code for cleanup.
Bug: 298305798
Test: boot cuttlefish
Change-Id: I8beedd5a281fa957532deecb857da4e1bb66992a
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.
Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
Adding soong module and tool to check if there is fuzzer present
for every service in private/service_contexts. Whenever a service is
added, its is recommended to update
$ANDROID_BUILD_TOP/system/sepolicy/soong/build/service_fuzzer_bindings.go
with service name and its corresponding fuzzer.
Test: m
Bug: 242104782
Change-Id: Id9bc45f50bebf464de7c91c7469d4bb6ff153ebd
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.
Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.
Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
Because Android.bp is getting bigger and bigger.
Test: build and boot
Test: set OVERRIDE_TARGET_FLATTEN_APEX=true and build
Change-Id: I397ce084bfbc98449d177dd553ff73fdfbdddcaf