Merge "Grant lockdown integrity to all processes" into main am: 1fc3a6f955 am: 66bb617447
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2971071
Change-Id: I882e3ac1489a106c581801ea16219b3cff83faaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/tools/finalize-sdk-rel.sh b/tools/finalize-sdk-rel.sh
deleted file mode 100755
index 80c6fa8..0000000
--- a/tools/finalize-sdk-rel.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/bash
-
-# Copyright (C) 2023 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if [ $# -ne 2 ]; then
- echo "Usage: $0 <top> <ver>"
- exit 1
-fi
-
-top=$1
-ver=$2
-
-mkdir -p "$top/system/sepolicy/prebuilts/api/${ver}.0/"
-cp -r "$top/system/sepolicy/public/" "$top/system/sepolicy/prebuilts/api/${ver}.0/"
-cp -r "$top/system/sepolicy/private/" "$top/system/sepolicy/prebuilts/api/${ver}.0/"
-
-cat > "$top/system/sepolicy/prebuilts/api/${ver}.0/Android.bp" <<EOF
-// Automatically generated file, do not edit!
-se_policy_conf {
- name: "${ver}.0_plat_pub_policy.conf",
- srcs: [":se_build_files{.plat_public_${ver}.0}", ":se_build_files{.reqd_mask}"],
- installable: false,
- build_variant: "user",
-}
-
-se_policy_cil {
- name: "${ver}.0_plat_pub_policy.cil",
- src: ":${ver}.0_plat_pub_policy.conf",
- filter_out: [":reqd_policy_mask.cil"],
- secilc_check: false,
- installable: false,
-}
-
-se_policy_conf {
- name: "${ver}.0_product_pub_policy.conf",
- srcs: [
- ":se_build_files{.plat_public_${ver}.0}",
- ":se_build_files{.system_ext_public_${ver}.0}",
- ":se_build_files{.product_public_${ver}.0}",
- ":se_build_files{.reqd_mask}",
- ],
- installable: false,
- build_variant: "user",
-}
-
-se_policy_cil {
- name: "${ver}.0_product_pub_policy.cil",
- src: ":${ver}.0_product_pub_policy.conf",
- filter_out: [":reqd_policy_mask.cil"],
- secilc_check: false,
- installable: false,
-}
-
-se_policy_conf {
- name: "${ver}.0_plat_policy.conf",
- srcs: [
- ":se_build_files{.plat_public_${ver}.0}",
- ":se_build_files{.plat_private_${ver}.0}",
- ":se_build_files{.system_ext_public_${ver}.0}",
- ":se_build_files{.system_ext_private_${ver}.0}",
- ":se_build_files{.product_public_${ver}.0}",
- ":se_build_files{.product_private_${ver}.0}",
- ],
- installable: false,
- build_variant: "user",
-}
-
-se_policy_cil {
- name: "${ver}.0_plat_policy.cil",
- src: ":${ver}.0_plat_policy.conf",
- additional_cil_files: [":sepolicy_technical_debt{.plat_private_${ver}.0}"],
- installable: false,
-}
-
-se_policy_binary {
- name: "${ver}.0_plat_policy",
- srcs: [":${ver}.0_plat_policy.cil"],
- installable: false,
- dist: {
- targets: ["base-sepolicy-files-for-mapping"],
- },
-}
-EOF
diff --git a/tools/finalize-vintf-resources.sh b/tools/finalize-vintf-resources.sh
new file mode 100755
index 0000000..68ce0e5
--- /dev/null
+++ b/tools/finalize-vintf-resources.sh
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ $# -ne 2 ]; then
+ echo "Usage: $0 <top> <ver>"
+ exit 1
+fi
+
+top=$1
+ver=$2
+
+mkdir -p "$top/system/sepolicy/prebuilts/api/${ver}/"
+cp -r "$top/system/sepolicy/public/" "$top/system/sepolicy/prebuilts/api/${ver}/"
+cp -r "$top/system/sepolicy/private/" "$top/system/sepolicy/prebuilts/api/${ver}/"
+
+cat > "$top/system/sepolicy/prebuilts/api/${ver}/Android.bp" <<EOF
+// Automatically generated file, do not edit!
+se_policy_conf {
+ name: "${ver}_plat_pub_policy.conf",
+ defaults: ["se_policy_conf_flags_defaults"],
+ srcs: [":se_build_files{.plat_public_${ver}}", ":se_build_files{.reqd_mask}"],
+ installable: false,
+ build_variant: "user",
+}
+
+se_policy_cil {
+ name: "${ver}_plat_pub_policy.cil",
+ src: ":${ver}_plat_pub_policy.conf",
+ filter_out: [":reqd_policy_mask.cil"],
+ secilc_check: false,
+ installable: false,
+}
+
+se_policy_conf {
+ name: "${ver}_product_pub_policy.conf",
+ defaults: ["se_policy_conf_flags_defaults"],
+ srcs: [
+ ":se_build_files{.plat_public_${ver}}",
+ ":se_build_files{.system_ext_public_${ver}}",
+ ":se_build_files{.product_public_${ver}}",
+ ":se_build_files{.reqd_mask}",
+ ],
+ installable: false,
+ build_variant: "user",
+}
+
+se_policy_cil {
+ name: "${ver}_product_pub_policy.cil",
+ src: ":${ver}_product_pub_policy.conf",
+ filter_out: [":reqd_policy_mask.cil"],
+ secilc_check: false,
+ installable: false,
+}
+
+se_policy_conf {
+ name: "${ver}_plat_policy.conf",
+ defaults: ["se_policy_conf_flags_defaults"],
+ srcs: [
+ ":se_build_files{.plat_public_${ver}}",
+ ":se_build_files{.plat_private_${ver}}",
+ ":se_build_files{.system_ext_public_${ver}}",
+ ":se_build_files{.system_ext_private_${ver}}",
+ ":se_build_files{.product_public_${ver}}",
+ ":se_build_files{.product_private_${ver}}",
+ ],
+ installable: false,
+ build_variant: "user",
+}
+
+se_policy_cil {
+ name: "${ver}_plat_policy.cil",
+ src: ":${ver}_plat_policy.conf",
+ additional_cil_files: [":sepolicy_technical_debt{.plat_private_${ver}}"],
+ installable: false,
+}
+
+se_policy_binary {
+ name: "${ver}_plat_policy",
+ srcs: [":${ver}_plat_policy.cil"],
+ installable: false,
+ dist: {
+ targets: ["base-sepolicy-files-for-mapping"],
+ },
+}
+EOF