Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / sepolicy / refs/heads/odm/dev/qssi/13/fp5 / . / treble_sepolicy_tests_for_release.mk
blob: 960b8ea39fae592372a87fa14d62730bb857bb05 [file] [log] [blame]
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]1version := $(version_under_treble_tests)
2
3include $(CLEAR_VARS)
4# For Treble builds run tests verifying that processes are properly labeled and
5# permissions granted do not violate the treble model. Also ensure that treble
6# compatibility guarantees are upheld between SELinux version bumps.
7LOCAL_MODULE := treble_sepolicy_tests_$(version)
Bob Badour601ebb42021-02-03 23:07:40 -0800[diff] [blame]8LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
9LOCAL_LICENSE_CONDITIONS := notice unencumbered
10LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
Jooyung Han749cf932019-05-30 01:05:43 +0900[diff] [blame]11LOCAL_MODULE_CLASS := FAKE
12LOCAL_MODULE_TAGS := optional
Jaihind Yadav4bbb21a2020-11-10 17:14:16 +0530[diff] [blame]13SYSTEM_EXT_PREBUILT_POLICY := $(BOARD_SYSTEM_EXT_PREBUILT_DIR)
14PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR)
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]15
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]16# BOARD_SYSTEM_EXT_PREBUILT_DIR can be set as system_ext prebuilt dir in sepolicy
17# make file of the system_ext partition.
18SYSTEM_EXT_PREBUILT_POLICY := $(BOARD_SYSTEM_EXT_PREBUILT_DIR)
19# BOARD_PRODUCT_PREBUILT_DIR can be set as product prebuilt dir in sepolicy
20# make file of the product partition.
21PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR)
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]22IS_TREBLE_TEST_ENABLED_PARTNER := false
23ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
Inseob Kim73f43ff2022-02-14 23:01:04 +0900[diff] [blame]24ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]25IS_TREBLE_TEST_ENABLED_PARTNER := true
Inseob Kim73f43ff2022-02-14 23:01:04 +0900[diff] [blame]26endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)$(PRODUCT_PREBUILT_POLICY))
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]27endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
28
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]29include $(BUILD_SYSTEM)/base_rules.mk
30
31# $(version)_plat - the platform policy shipped as part of the $(version) release. This is
32# built to enable us to determine the diff between the current policy and the
33# $(version) policy, which will be used in tests to make sure that compatibility has
34# been maintained by our mapping files.
35$(version)_PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/public
36$(version)_PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/private
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]37ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
38ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
39$(version)_PLAT_PUBLIC_POLICY += \
40 $(SYSTEM_EXT_PREBUILT_POLICY)/prebuilts/api/$(version)/public
41$(version)_PLAT_PRIVATE_POLICY += \
42 $(SYSTEM_EXT_PREBUILT_POLICY)/prebuilts/api/$(version)/private
43endif # (,$(SYSTEM_EXT_PREBUILT_POLICY))
44ifneq (,$(PRODUCT_PREBUILT_POLICY))
45$(version)_PLAT_PUBLIC_POLICY += \
46 $(PRODUCT_PREBUILT_POLICY)/prebuilts/api/$(version)/public
47$(version)_PLAT_PRIVATE_POLICY += \
48 $(PRODUCT_PREBUILT_POLICY)/prebuilts/api/$(version)/private
49endif # (,$(PRODUCT_PREBUILT_POLICY))
50endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
Dan Willemsen3c3e59b2019-06-19 10:52:50 -0700[diff] [blame]51policy_files := $(call build_policy, $(sepolicy_build_files), $($(version)_PLAT_PUBLIC_POLICY) $($(version)_PLAT_PRIVATE_POLICY))
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]52$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
53$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
54$($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
Joel Galensonc1486212018-03-23 12:40:26 -0700[diff] [blame]55$($(version)_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]56$($(version)_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
57$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
Pirama Arumuga Nainarce9c0c52019-06-13 15:05:15 -0700[diff] [blame]58$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]59$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
60$($(version)_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
Dan Willemsen3c3e59b2019-06-19 10:52:50 -0700[diff] [blame]61$($(version)_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
62$($(version)_plat_policy.conf): $(policy_files) $(M4)
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]63 $(transform-policy-to-conf)
64 $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
65
Dan Willemsen3c3e59b2019-06-19 10:52:50 -0700[diff] [blame]66policy_files :=
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]67
68built_$(version)_plat_sepolicy := $(intermediates)/built_$(version)_plat_sepolicy
69$(built_$(version)_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
70 $(call build_policy, technical_debt.cil , $($(version)_PLAT_PRIVATE_POLICY))
71$(built_$(version)_plat_sepolicy): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
72$(built_$(version)_plat_sepolicy): $($(version)_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
73 $(HOST_OUT_EXECUTABLES)/secilc \
74 $(call build_policy, technical_debt.cil, $($(version)_PLAT_PRIVATE_POLICY)) \
75 $(built_sepolicy_neverallows)
76 @mkdir -p $(dir $@)
77 $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
78 $(POLICYVERS) -o $@ $<
79 $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
80 $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
81
Bob Badour267fc162022-03-31 19:25:33 -0700[diff] [blame]82$(call declare-1p-target,$(built_$(version)_plat_sepolicy),system/sepolicy)
83
Inseob Kimeec39192022-01-21 11:47:54 +0900[diff] [blame]84# TODO(b/214336258): move to Soong
85$(call dist-for-goals,base-sepolicy-files-for-mapping,$(built_$(version)_plat_sepolicy):$(version)_plat_sepolicy)
86
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]87$(version)_plat_policy.conf :=
88
Tri Vo61178552019-10-10 16:29:40 -0700[diff] [blame]89$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
Tri Vo438684b2018-09-29 17:47:10 -0700[diff] [blame]90$(version)_mapping.ignore.cil := \
91 $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]92ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
93ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
94$(version)_mapping.cil += \
95 $(call intermediates-dir-for,ETC,system_ext_$(version).cil)/system_ext_$(version).cil
96$(version)_mapping.ignore.cil += \
97 $(call intermediates-dir-for,ETC,system_ext_$(version).ignore.cil)/system_ext_$(version).ignore.cil
98endif # (,$(SYSTEM_EXT_PREBUILT_POLICY))
99ifneq (,$(PRODUCT_PREBUILT_POLICY))
100$(version)_mapping.cil += \
101 $(call intermediates-dir-for,ETC,product_$(version).cil)/product_$(version).cil
102$(version)_mapping.ignore.cil += \
103 $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
104endif # (,$(PRODUCT_PREBUILT_POLICY))
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]105endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
Jae Shin1fa96342018-07-11 18:30:44 +0900[diff] [blame]106
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]107# $(version)_mapping.combined.cil - a combination of the mapping file used when
108# combining the current platform policy with nonplatform policy based on the
109# $(version) policy release and also a special ignored file that exists purely for
110# these tests.
111$(version)_mapping.combined.cil := $(intermediates)/$(version)_mapping.combined.cil
112$($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mapping.ignore.cil)
113 mkdir -p $(dir $@)
114 cat $^ > $@
115
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]116ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
117built_sepolicy_files := $(built_product_sepolicy)
118public_cil_files := $(base_product_pub_policy.cil)
119else
120built_sepolicy_files := $(built_plat_sepolicy)
121public_cil_files := $(base_plat_pub_policy.cil)
122endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
Jooyung Han749cf932019-05-30 01:05:43 +0900[diff] [blame]123$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
124$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
125$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
126$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]127$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_sepolicy_files)
128$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files)
Jooyung Han749cf932019-05-30 01:05:43 +0900[diff] [blame]129$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE :=
Steven Morelandc7670e52018-09-07 16:01:38 -0700[diff] [blame]130ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
Steven Moreland1cb64c42019-09-20 11:16:29 -0700[diff] [blame]131# TODO(b/113124961): remove fake-treble
Jooyung Han749cf932019-05-30 01:05:43 +0900[diff] [blame]132$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE := --fake-treble
Steven Morelandc7670e52018-09-07 16:01:38 -0700[diff] [blame]133endif # PRODUCT_FULL_TREBLE_OVERRIDE = true
Jooyung Han749cf932019-05-30 01:05:43 +0900[diff] [blame]134$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]135 $(all_fc_files) $(built_sepolicy) \
136 $(built_sepolicy_files) \
137 $(public_cil_files) \
Inseob Kim73f43ff2022-02-14 23:01:04 +0900[diff] [blame]138 $(built_$(version)_plat_sepolicy) $($(version)_mapping.combined.cil)
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]139 @mkdir -p $(dir $@)
Inseob Kim6fa8efd2021-12-29 13:56:14 +0900[diff] [blame]140 $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests $(ALL_FC_ARGS) \
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]141 -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
142 -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
143 -u $(PRIVATE_PLAT_PUB_SEPOLICY) \
144 $(PRIVATE_FAKE_TREBLE)
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]145 $(hide) touch $@
146
Jaihind Yadav4bbb21a2020-11-10 17:14:16 +0530[diff] [blame]147$(version)_SYSTEM_EXT_PUBLIC_POLICY :=
148$(version)_SYSTEM_EXT_PRIVATE_POLICY :=
149$(version)_PRODUCT_PUBLIC_POLICY :=
150$(version)_PRODUCT_PRIVATE_POLICY :=
P. Adarsh Reddy43824db2021-03-22 15:55:09 +0530[diff] [blame]151$(version)_PLAT_PUBLIC_POLICY :=
152$(version)_PLAT_PRIVATE_POLICY :=
P.Adarsh Reddycd05d742021-03-22 15:55:09 +0530[diff] [blame]153built_sepolicy_files :=
154public_cil_files :=
155cil_files :=
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]156$(version)_mapping.cil :=
Jaihind Yadav4bbb21a2020-11-10 17:14:16 +0530[diff] [blame]157$(version)_system_ext_compat :=
158$(version)_product_compat :=
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]159$(version)_mapping.combined.cil :=
160$(version)_mapping.ignore.cil :=
Tri Vo14069262018-01-31 16:22:35 -0800[diff] [blame]161built_$(version)_plat_sepolicy :=
162version :=
163version_under_treble_tests :=