Add mechanism for granting permissions to old vendor images
This addresses Treble backwards compat issues introduced in
aosp/793958 and aosp/783669.
Bug: 122874820
Test: build/flash blueline with pi-dev vendor and generic_ab system
images.
Test: adb pull /sys/fs/selinux/policy;
sesearch policy --allowx -s vendordomain -t dev_type
Change-Id: Ic2b304472bb88051e03740dc387834056aba641a
diff --git a/compat.mk b/compat.mk
new file mode 100644
index 0000000..b4f8de0
--- /dev/null
+++ b/compat.mk
@@ -0,0 +1,40 @@
+version := $(version_under_treble_tests)
+
+include $(CLEAR_VARS)
+#################################
+# build this target to ensure the compat permissions files all build against the current policy
+#
+LOCAL_MODULE := $(version)_compat_test
+LOCAL_REQUIRED_MODULES := $(version).compat.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := tests
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+all_cil_files := \
+ $(built_plat_cil) \
+ $(built_plat_mapping_cil) \
+ $(built_pub_vers_cil) \
+ $(built_vendor_cil) \
+ $(ALL_MODULES.$(version).compat.cil.BUILT) \
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += \
+ $(built_product_cil) \
+ $(built_product_mapping_cil) \
+
+endif
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+all_cil_files += $(built_odm_cil)
+endif
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
+ @mkdir -p $(dir $@)
+ $(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null
+ $(hide) mv $@.tmp $@
+
+all_cil_files :=
+version :=
+version_under_treble_tests :=