From 9a3a6a81dfc59da3be84a274c17760635cd3c63a Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Fri, 7 Apr 2017 14:18:48 -0700
Subject: [PATCH] sepolicy_version: change current version to NN.m format

The sepolicy version takes SDK_INT.<minor> format. Make sure our
'current' policy version reflects the format and make it '100000.0'.
This ensures any vendor.img compiled with this will never work with
a production framework image either.

Make version_policy replace the '.' in version by '_' so secilc is
happy too.

This unblocks libvintf from giving out a runtme API to check vendor's
sepolicy version. The PLAT_PUBLIC_SEPOLICY_CURRENT_VERSION will
eventually be picked up from the build system.

(cherry-pick of commit 42f95984b501f39cd5f8270b5854a985d1b6d528)

Bug: 35217573
Test: Build and boot sailfish.
      Boot sailfish with sepolicy compilation on device.
Signed-off-by: Sandeep Patil <sspatil@google.com>

Change-Id: Ic8b6687c4e71227bf9090018999149cd9e11d63b
---
 Android.mk             | 30 ++++++++++++++++++------------
 tools/version_policy.c |  8 ++++++++
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/Android.mk b/Android.mk
index d8df829d2..32a7a5f48 100644
--- a/Android.mk
+++ b/Android.mk
@@ -92,11 +92,15 @@ PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
 PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
 REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
 
+# The current version of the platform sepolicy.
+# TODO: This must be fetched from build system after b/36783775
+PLAT_PUBLIC_POLICY_CURRENT_VERSION := 100000.0
+
 # TODO: move to README when doing the README update and finalizing versioning.
-# BOARD_SEPOLICY_VERS should contain the platform version identifier
-#  corresponding to the platform on which the non-platform policy is to be
-#  based.  If unspecified, this will build against the current public platform
-#  policy in tree.
+# BOARD_SEPOLICY_VERS must take the format "NN.m" and contain the sepolicy
+# version identifier corresponding to the sepolicy on which the non-platform
+# policy is to be based. If unspecified, this will build against the current
+# public platform policy in tree
 # BOARD_SEPOLICY_VERS_DIR should contain the public platform policy which
 #  is associated with the given BOARD_SEPOLICY_VERS.  The policy therein will be
 #  versioned according to the BOARD_SEPOLICY_VERS identifier and included as
@@ -104,7 +108,8 @@ REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
 #  platform policy does not break non-platform policy.
 ifndef BOARD_SEPOLICY_VERS
 $(warning BOARD_SEPOLICY_VERS not specified, assuming current platform version)
-BOARD_SEPOLICY_VERS := current
+# The default platform policy version.
+BOARD_SEPOLICY_VERS := $(PLAT_PUBLIC_POLICY_CURRENT_VERSION)
 BOARD_SEPOLICY_VERS_DIR := $(PLAT_PUBLIC_POLICY)
 else
 ifndef BOARD_SEPOLICY_VERS_DIR
@@ -319,13 +324,14 @@ include $(BUILD_SYSTEM)/base_rules.mk
 
 # auto-generate the mapping file for current platform policy, since it needs to
 # track platform policy development
-current_mapping.cil := $(intermediates)/mapping/current.cil
-$(current_mapping.cil) : PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
+current_mapping.cil := $(intermediates)/mapping/$(PLAT_PUBLIC_POLICY_CURRENT_VERSION).cil
+$(current_mapping.cil) : PRIVATE_VERS := $(PLAT_PUBLIC_POLICY_CURRENT_VERSION)
 $(current_mapping.cil) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
 
-ifeq ($(BOARD_SEPOLICY_VERS), current)
+
+ifeq ($(BOARD_SEPOLICY_VERS), $(PLAT_PUBLIC_POLICY_CURRENT_VERSION))
 mapping_policy_nvr := $(current_mapping.cil)
 else
 mapping_policy_nvr := $(addsuffix /$(BOARD_SEPOLICY_VERS).cil, $(PLAT_PRIVATE_POLICY)/mapping)
@@ -562,17 +568,17 @@ plat_policy.recovery.conf :=
 
 # auto-generate the mapping file for current platform policy, since it needs to
 # track platform policy development
-current_mapping.recovery.cil := $(intermediates)/mapping/current.recovery.cil
-$(current_mapping.recovery.cil) : PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
+current_mapping.recovery.cil := $(intermediates)/mapping/$(PLAT_PUBLIC_POLICY_CURRENT_VERSION).recovery.cil
+$(current_mapping.recovery.cil) : PRIVATE_VERS := $(PLAT_PUBLIC_POLICY_CURRENT_VERSION)
 $(current_mapping.recovery.cil) : $(plat_pub_policy.recovery.cil) $(HOST_OUT_EXECUTABLES)/version_policy
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
 
-ifeq ($(BOARD_SEPOLICY_VERS), current)
+ifeq ($(BOARD_SEPOLICY_VERS), $(PLAT_PUBLIC_POLICY_CURRENT_VERSION))
 mapping_policy_nvr.recovery := $(current_mapping.recovery.cil)
 else
 mapping_policy_nvr.recovery := $(addsuffix /$(BOARD_SEPOLICY_VERS).recovery.cil, \
-$(PLAT_PRIVATE_POLICY)/mapping)
+                               $(PLAT_PRIVATE_POLICY)/mapping)
 endif
 
 current_mapping.recovery.cil :=
diff --git a/tools/version_policy.c b/tools/version_policy.c
index 74c9c73d6..24b2a3cc6 100644
--- a/tools/version_policy.c
+++ b/tools/version_policy.c
@@ -87,6 +87,7 @@ int main(int argc, char *argv[])
 	char *base = NULL;
 	char *tgt_policy = NULL;
 	char *num = NULL;
+	char *dot;
 	char *output = NULL;
 	struct cil_db *base_db = NULL;
 	struct cil_db *out_db = NULL;
@@ -138,6 +139,13 @@ int main(int argc, char *argv[])
 		usage(argv[0]);
 	}
 
+	/* policy language doesn't like '.', so replace them with '_' in mapping version */
+	dot = num;
+	while ((dot = strchr(dot, '.')) != NULL) {
+		*dot = '_';
+		++dot;
+	}
+
 	if (mapping && tgt_policy) {
 		fprintf(stderr, "Please select only one mode between --mapping and --tgt_policy\n");
 		usage(argv[0]);
-- 
GitLab