Build vndservice_contexts with Android.bp
Bug: 33691272
Test: boot a device which uses vndservice_contexts
Change-Id: I28c36b74d4176954099f3b7e80a4869b7c44640f
diff --git a/Android.bp b/Android.bp
index 9f3a111..8e2a966 100644
--- a/Android.bp
+++ b/Android.bp
@@ -189,6 +189,11 @@
srcs: ["seapp_contexts"],
}
+se_build_files {
+ name: "vndservice_contexts_files",
+ srcs: ["vndservice_contexts"],
+}
+
// For vts_treble_sys_prop_test
filegroup {
name: "private_property_contexts",
diff --git a/Android.mk b/Android.mk
index 6054cbb..c98de45 100644
--- a/Android.mk
+++ b/Android.mk
@@ -509,6 +509,7 @@
vendor_hwservice_contexts_test \
vendor_bug_map \
vndservice_contexts \
+ vndservice_contexts_test \
ifdef BOARD_ODM_SEPOLICY_DIRS
LOCAL_REQUIRED_MODULES += \
@@ -668,37 +669,6 @@
file_contexts.modules.tmp :=
##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vndservice_contexts
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vnd_svcfiles := $(call build_policy, vndservice_contexts, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
-
-vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp
-$(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles)
-$(vndservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vndservice_contexts.tmp): $(vnd_svcfiles) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -v $(PRIVATE_SEPOLICY) $@
-
-vnd_svcfiles :=
-vndservice_contexts.tmp :=
-
-##################################
include $(LOCAL_PATH)/mac_permissions.mk
all_fc_files := $(TARGET_OUT)/etc/selinux/plat_file_contexts
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 8894931..463a978 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -93,11 +93,13 @@
android.RegisterModuleType("service_contexts", serviceFactory)
android.RegisterModuleType("keystore2_key_contexts", keystoreKeyFactory)
android.RegisterModuleType("seapp_contexts", seappFactory)
+ android.RegisterModuleType("vndservice_contexts", vndServiceFactory)
android.RegisterModuleType("file_contexts_test", fileContextsTestFactory)
android.RegisterModuleType("property_contexts_test", propertyContextsTestFactory)
android.RegisterModuleType("hwservice_contexts_test", hwserviceContextsTestFactory)
android.RegisterModuleType("service_contexts_test", serviceContextsTestFactory)
+ android.RegisterModuleType("vndservice_contexts_test", vndServiceContextsTestFactory)
}
func (m *selinuxContextsModule) InstallInRoot() bool {
@@ -495,6 +497,18 @@
return m
}
+func vndServiceFactory() android.Module {
+ m := newModule()
+ m.build = m.buildGeneralContexts
+ android.AddLoadHook(m, func(ctx android.LoadHookContext) {
+ if !ctx.SocSpecific() {
+ ctx.ModuleErrorf(m.Name(), "must set vendor: true")
+ return
+ }
+ })
+ return m
+}
+
var _ android.OutputFileProducer = (*selinuxContextsModule)(nil)
// Implements android.OutputFileProducer
@@ -565,6 +579,14 @@
return m
}
+// vndservice_contexts_test tests given vndservice_contexts files with checkfc.
+func vndServiceContextsTestFactory() android.Module {
+ m := &contextsTestModule{tool: "checkfc", flags: []string{"-e" /* allow empty */, "-v" /* vnd service */}}
+ m.AddProperties(&m.properties)
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ return m
+}
+
func (m *contextsTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
tool := m.tool
if tool != "checkfc" && tool != "property_info_checker" {
diff --git a/contexts/Android.bp b/contexts/Android.bp
index 8eeed3a..2a5a058 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -314,6 +314,16 @@
sepolicy: ":precompiled_sepolicy",
}
+vndservice_contexts {
+ name: "vndservice_contexts",
+ srcs: [
+ ":vndservice_contexts_files{.plat_vendor_for_vendor}",
+ ":vndservice_contexts_files{.vendor}",
+ ":vndservice_contexts_files{.reqd_mask_for_vendor}",
+ ],
+ soc_specific: true,
+}
+
// for CTS
genrule {
name: "plat_seapp_neverallows",
@@ -459,3 +469,9 @@
srcs: [":vendor_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
+
+vndservice_contexts_test {
+ name: "vndservice_contexts_test",
+ srcs: [":vndservice_contexts"],
+ sepolicy: ":precompiled_sepolicy",
+}