tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/Android.bp
Inseob Kim ace36abec5 Add 30.0 mapping files 
Steps taken to produce the mapping files:

1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.

Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
2020-05-11 04:32:00 +00:00

435 lines
9.1 KiB
Text
Raw Blame History

// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
cc_defaults { name: "selinux_policy_version", cflags: ["-DSEPOLICY_VERSION=30"], }
se_filegroup {
name: "26.0.board.compat.map",
srcs: [
"compat/26.0/26.0.cil",
],
}
se_filegroup {
name: "27.0.board.compat.map",
srcs: [
"compat/27.0/27.0.cil",
],
}
se_filegroup {
name: "28.0.board.compat.map",
srcs: [
"compat/28.0/28.0.cil",
],
}
se_filegroup {
name: "29.0.board.compat.map",
srcs: [
"compat/29.0/29.0.cil",
],
}
se_filegroup {
name: "30.0.board.compat.map",
srcs: [
"compat/30.0/30.0.cil",
],
}
se_filegroup {
name: "26.0.board.ignore.map",
srcs: [
"compat/26.0/26.0.ignore.cil",
],
}
se_filegroup {
name: "27.0.board.ignore.map",
srcs: [
"compat/27.0/27.0.ignore.cil",
],
}
se_filegroup {
name: "28.0.board.ignore.map",
srcs: [
"compat/28.0/28.0.ignore.cil",
],
}
se_filegroup {
name: "29.0.board.ignore.map",
srcs: [
"compat/29.0/29.0.ignore.cil",
],
}
se_filegroup {
name: "30.0.board.ignore.map",
srcs: [
"compat/30.0/30.0.ignore.cil",
],
}
se_cil_compat_map {
name: "plat_26.0.cil",
stem: "26.0.cil",
bottom_half: [":26.0.board.compat.map"],
top_half: "plat_27.0.cil",
}
se_cil_compat_map {
name: "plat_27.0.cil",
stem: "27.0.cil",
bottom_half: [":27.0.board.compat.map"],
top_half: "plat_28.0.cil",
}
se_cil_compat_map {
name: "plat_28.0.cil",
stem: "28.0.cil",
bottom_half: [":28.0.board.compat.map"],
top_half: "plat_29.0.cil",
}
se_cil_compat_map {
name: "plat_29.0.cil",
stem: "29.0.cil",
bottom_half: [":29.0.board.compat.map"],
top_half: "plat_30.0.cil",
}
se_cil_compat_map {
name: "plat_30.0.cil",
stem: "30.0.cil",
bottom_half: [":30.0.board.compat.map"],
// top_half: "plat_31.0.cil",
}
se_cil_compat_map {
name: "system_ext_26.0.cil",
stem: "26.0.cil",
bottom_half: [":26.0.board.compat.map"],
top_half: "system_ext_27.0.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_27.0.cil",
stem: "27.0.cil",
bottom_half: [":27.0.board.compat.map"],
top_half: "system_ext_28.0.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_28.0.cil",
stem: "28.0.cil",
bottom_half: [":28.0.board.compat.map"],
top_half: "system_ext_29.0.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_29.0.cil",
stem: "29.0.cil",
bottom_half: [":29.0.board.compat.map"],
top_half: "system_ext_30.0.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_30.0.cil",
stem: "30.0.cil",
bottom_half: [":30.0.board.compat.map"],
// top_half: "system_ext_31.0.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "product_26.0.cil",
stem: "26.0.cil",
bottom_half: [":26.0.board.compat.map"],
top_half: "product_27.0.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_27.0.cil",
stem: "27.0.cil",
bottom_half: [":27.0.board.compat.map"],
top_half: "product_28.0.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_28.0.cil",
stem: "28.0.cil",
bottom_half: [":28.0.board.compat.map"],
top_half: "product_29.0.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_29.0.cil",
stem: "29.0.cil",
bottom_half: [":29.0.board.compat.map"],
top_half: "product_30.0.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_30.0.cil",
stem: "30.0.cil",
bottom_half: [":30.0.board.compat.map"],
// top_half: "product_31.0.cil",
product_specific: true,
}
se_cil_compat_map {
name: "26.0.ignore.cil",
bottom_half: [":26.0.board.ignore.map"],
top_half: "27.0.ignore.cil",
}
se_cil_compat_map {
name: "27.0.ignore.cil",
bottom_half: [":27.0.board.ignore.map"],
top_half: "28.0.ignore.cil",
}
se_cil_compat_map {
name: "28.0.ignore.cil",
bottom_half: [":28.0.board.ignore.map"],
top_half: "29.0.ignore.cil",
}
se_cil_compat_map {
name: "29.0.ignore.cil",
bottom_half: [":29.0.board.ignore.map"],
top_half: "30.0.ignore.cil",
}
se_cil_compat_map {
name: "30.0.ignore.cil",
bottom_half: [":30.0.board.ignore.map"],
// top_half: "31.0.ignore.cil",
}
prebuilt_etc {
name: "26.0.compat.cil",
src: "private/compat/26.0/26.0.compat.cil",
sub_dir: "selinux/mapping",
}
prebuilt_etc {
name: "27.0.compat.cil",
src: "private/compat/27.0/27.0.compat.cil",
sub_dir: "selinux/mapping",
}
prebuilt_etc {
name: "28.0.compat.cil",
src: "private/compat/28.0/28.0.compat.cil",
sub_dir: "selinux/mapping",
}
prebuilt_etc {
name: "29.0.compat.cil",
src: "private/compat/29.0/29.0.compat.cil",
sub_dir: "selinux/mapping",
}
prebuilt_etc {
name: "30.0.compat.cil",
src: "private/compat/30.0/30.0.compat.cil",
sub_dir: "selinux/mapping",
}
se_filegroup {
name: "file_contexts_files",
srcs: ["file_contexts"],
}
se_filegroup {
name: "file_contexts_asan_files",
srcs: ["file_contexts_asan"],
}
se_filegroup {
name: "file_contexts_overlayfs_files",
srcs: ["file_contexts_overlayfs"],
}
se_filegroup {
name: "hwservice_contexts_files",
srcs: ["hwservice_contexts"],
}
se_filegroup {
name: "property_contexts_files",
srcs: ["property_contexts"],
}
se_filegroup {
name: "service_contexts_files",
srcs: ["service_contexts"],
}
file_contexts {
name: "plat_file_contexts",
srcs: [":file_contexts_files"],
product_variables: {
address_sanitize: {
srcs: [":file_contexts_asan_files"],
},
debuggable: {
srcs: [":file_contexts_overlayfs_files"],
},
},
flatten_apex: {
srcs: ["apex/*-file_contexts"],
},
recovery_available: true,
}
file_contexts {
name: "vendor_file_contexts",
srcs: [":file_contexts_files"],
soc_specific: true,
recovery_available: true,
}
file_contexts {
name: "system_ext_file_contexts",
srcs: [":file_contexts_files"],
system_ext_specific: true,
recovery_available: true,
}
file_contexts {
name: "product_file_contexts",
srcs: [":file_contexts_files"],
product_specific: true,
recovery_available: true,
}
file_contexts {
name: "odm_file_contexts",
srcs: [":file_contexts_files"],
device_specific: true,
recovery_available: true,
}
hwservice_contexts {
name: "plat_hwservice_contexts",
srcs: [":hwservice_contexts_files"],
}
hwservice_contexts {
name: "system_ext_hwservice_contexts",
srcs: [":hwservice_contexts_files"],
system_ext_specific: true,
}
hwservice_contexts {
name: "product_hwservice_contexts",
srcs: [":hwservice_contexts_files"],
product_specific: true,
}
hwservice_contexts {
name: "vendor_hwservice_contexts",
srcs: [":hwservice_contexts_files"],
reqd_mask: true,
soc_specific: true,
}
hwservice_contexts {
name: "odm_hwservice_contexts",
srcs: [":hwservice_contexts_files"],
device_specific: true,
}
property_contexts {
name: "plat_property_contexts",
srcs: [":property_contexts_files"],
recovery_available: true,
}
property_contexts {
name: "system_ext_property_contexts",
srcs: [":property_contexts_files"],
system_ext_specific: true,
recovery_available: true,
}
property_contexts {
name: "product_property_contexts",
srcs: [":property_contexts_files"],
product_specific: true,
recovery_available: true,
}
property_contexts {
name: "vendor_property_contexts",
srcs: [":property_contexts_files"],
reqd_mask: true,
soc_specific: true,
recovery_available: true,
}
property_contexts {
name: "odm_property_contexts",
srcs: [":property_contexts_files"],
device_specific: true,
recovery_available: true,
}
service_contexts {
name: "plat_service_contexts",
srcs: [":service_contexts_files"],
}
service_contexts {
name: "system_ext_service_contexts",
srcs: [":service_contexts_files"],
system_ext_specific: true,
}
service_contexts {
name: "product_service_contexts",
srcs: [":service_contexts_files"],
product_specific: true,
}
service_contexts {
name: "vendor_service_contexts",
srcs: [":service_contexts_files"],
reqd_mask: true,
soc_specific: true,
}
// For vts_treble_sys_prop_test
filegroup {
name: "private_property_contexts",
srcs: ["private/property_contexts"],
visibility: [
"//test/vts-testcase/security/system_property",
],
}
Reference in a new issue View git blame Copy permalink