50aa029f4b
Steps taken to produce the mapping files: 1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil] plat_pub_versioned.cil contains all public attributes and types from Q Leave vendor_sepolicy.cil is empty. 2. Add new file private/compat/29.0/29.0.cil by doing the following: - copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng device to private/compat/29.0/29.0.cil - remove all attribute declaration statement (typeattribute ...) and sort lines alphabetically - some selinux types were added/renamed/deleted w.r.t 29 sepolicy. Find all such types using treble_sepolicy_tests_29.0 test. - for all these types figure out where to map them by looking at 28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil. This change also enables treble_sepolicy_tests_29.0 and installs 29.0.cil mapping file onto the device. Bug: 133155528 Bug: 133196056 Test: m treble_sepolicy_tests_29.0 Test: m 29.0_compat_test Test: m selinux_policy Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
283 lines
5.8 KiB
Text
283 lines
5.8 KiB
Text
// Copyright (C) 2018 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
cc_defaults { name: "selinux_policy_version", cflags: ["-DSEPOLICY_VERSION=30"], }
|
|
|
|
se_filegroup {
|
|
name: "26.0.board.compat.map",
|
|
srcs: [
|
|
"compat/26.0/26.0.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "27.0.board.compat.map",
|
|
srcs: [
|
|
"compat/27.0/27.0.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "28.0.board.compat.map",
|
|
srcs: [
|
|
"compat/28.0/28.0.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "29.0.board.compat.map",
|
|
srcs: [
|
|
"compat/29.0/29.0.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "26.0.board.ignore.map",
|
|
srcs: [
|
|
"compat/26.0/26.0.ignore.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "27.0.board.ignore.map",
|
|
srcs: [
|
|
"compat/27.0/27.0.ignore.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "28.0.board.ignore.map",
|
|
srcs: [
|
|
"compat/28.0/28.0.ignore.cil",
|
|
],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "29.0.board.ignore.map",
|
|
srcs: [
|
|
"compat/29.0/29.0.ignore.cil",
|
|
],
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "26.0.cil",
|
|
bottom_half: [":26.0.board.compat.map"],
|
|
top_half: "27.0.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "27.0.cil",
|
|
bottom_half: [":27.0.board.compat.map"],
|
|
top_half: "28.0.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "28.0.cil",
|
|
bottom_half: [":28.0.board.compat.map"],
|
|
top_half: "29.0.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "29.0.cil",
|
|
bottom_half: [":29.0.board.compat.map"],
|
|
// top_half: "30.0.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "26.0.ignore.cil",
|
|
bottom_half: [":26.0.board.ignore.map"],
|
|
top_half: "27.0.ignore.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "27.0.ignore.cil",
|
|
bottom_half: [":27.0.board.ignore.map"],
|
|
top_half: "28.0.ignore.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "28.0.ignore.cil",
|
|
bottom_half: [":28.0.board.ignore.map"],
|
|
// top_half: "29.0.ignore.cil",
|
|
}
|
|
|
|
se_cil_compat_map {
|
|
name: "29.0.ignore.cil",
|
|
bottom_half: [":29.0.board.ignore.map"],
|
|
// top_half: "30.0.ignore.cil",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "26.0.compat.cil",
|
|
src: "private/compat/26.0/26.0.compat.cil",
|
|
sub_dir: "selinux/mapping",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "27.0.compat.cil",
|
|
src: "private/compat/27.0/27.0.compat.cil",
|
|
sub_dir: "selinux/mapping",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "28.0.compat.cil",
|
|
src: "private/compat/28.0/28.0.compat.cil",
|
|
sub_dir: "selinux/mapping",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "29.0.compat.cil",
|
|
src: "private/compat/29.0/29.0.compat.cil",
|
|
sub_dir: "selinux/mapping",
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "file_contexts_files",
|
|
srcs: ["file_contexts"],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "file_contexts_asan_files",
|
|
srcs: ["file_contexts_asan"],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "file_contexts_overlayfs_files",
|
|
srcs: ["file_contexts_overlayfs"],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "hwservice_contexts_files",
|
|
srcs: ["hwservice_contexts"],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "property_contexts_files",
|
|
srcs: ["property_contexts"],
|
|
}
|
|
|
|
se_filegroup {
|
|
name: "service_contexts_files",
|
|
srcs: ["service_contexts"],
|
|
}
|
|
|
|
file_contexts {
|
|
name: "plat_file_contexts",
|
|
srcs: [":file_contexts_files"],
|
|
product_variables: {
|
|
address_sanitize: {
|
|
srcs: [":file_contexts_asan_files"],
|
|
},
|
|
debuggable: {
|
|
srcs: [":file_contexts_overlayfs_files"],
|
|
},
|
|
},
|
|
|
|
flatten_apex: {
|
|
srcs: ["apex/*-file_contexts"],
|
|
},
|
|
|
|
recovery_available: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "vendor_file_contexts",
|
|
srcs: [":file_contexts_files"],
|
|
soc_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "product_file_contexts",
|
|
srcs: [":file_contexts_files"],
|
|
product_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "odm_file_contexts",
|
|
srcs: [":file_contexts_files"],
|
|
device_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "plat_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files"],
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "product_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files"],
|
|
product_specific: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "vendor_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files"],
|
|
reqd_mask: true,
|
|
soc_specific: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "odm_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files"],
|
|
device_specific: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "plat_property_contexts",
|
|
srcs: [":property_contexts_files"],
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "product_property_contexts",
|
|
srcs: [":property_contexts_files"],
|
|
product_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "vendor_property_contexts",
|
|
srcs: [":property_contexts_files"],
|
|
reqd_mask: true,
|
|
soc_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "odm_property_contexts",
|
|
srcs: [":property_contexts_files"],
|
|
device_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "plat_service_contexts",
|
|
srcs: [":service_contexts_files"],
|
|
}
|
|
|
|
service_contexts {
|
|
name: "product_service_contexts",
|
|
srcs: [":service_contexts_files"],
|
|
product_specific: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "vendor_service_contexts",
|
|
srcs: [":service_contexts_files"],
|
|
reqd_mask: true,
|
|
soc_specific: true,
|
|
}
|