-
Alex Klyubin authoredPrior to this commit, there was a bug in generated CIL where it wouldn't compile using secilc. The reason was that the build script was stripping out all lines containing "neverallow" from CIL files, accidentally removing lines which were not neverallow statements, such as lmx lines referencing app_neverallows.te. The commit fixes the build script's CIL neverallow filter to filter out only neverallow* statements, as originally intended. Moreover, to catch non-compiling CIL policy earlier in the future, this commit runs secilc on the policy at build time. In particular, it tests that platform policy compiles on its own and that nonplatform + platform + mappig policy compiles as well. Test: CIL policy builds and compiles on-device using secilc Bug: 31363362 Change-Id: I769aeb3d8c913a5599f1a2195c69460ece7f6465
Alex Klyubin authoredPrior to this commit, there was a bug in generated CIL where it wouldn't compile using secilc. The reason was that the build script was stripping out all lines containing "neverallow" from CIL files, accidentally removing lines which were not neverallow statements, such as lmx lines referencing app_neverallows.te. The commit fixes the build script's CIL neverallow filter to filter out only neverallow* statements, as originally intended. Moreover, to catch non-compiling CIL policy earlier in the future, this commit runs secilc on the policy at build time. In particular, it tests that platform policy compiles on its own and that nonplatform + platform + mappig policy compiles as well. Test: CIL policy builds and compiles on-device using secilc Bug: 31363362 Change-Id: I769aeb3d8c913a5599f1a2195c69460ece7f6465