Merge "Ensure newlines are added between context config files"

d6765a99 · Nick Kralevich · Gerrit Code Review · a1f903da · c8801fec · d6765a99
Commit d6765a99 authored 9 years ago by Nick Kralevich Committed by Gerrit Code Review 9 years ago
--- a/Android.mk
+++ b/Android.mk
@@ -30,6 +30,13 @@ endif
 # $(1): the set of policy name paths to build
 build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))

+# Add a file containing only a newline in-between each policy configuration
+# 'contexts' file. This will allow OEM policy configuration files without a
+# final newline (0x0A) to be built correctly by the m4(1) macro processor.
+# $(1): the set of contexts file names.
+# $(2): the file containing only 0x0A.
+add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
+
 sepolicy_build_files := security_classes \
                        initial_sids \
                        access_vectors \
@@ -52,6 +59,21 @@ sepolicy_build_files := security_classes \
 ##################################
 include $(CLEAR_VARS)

+LOCAL_MODULE := sectxfile_nl
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+
+# Create a file containing newline only to add between context config files
+include $(BUILD_SYSTEM)/base_rules.mk
+$(LOCAL_BUILT_MODULE): $(all_fcfiles_with_nl) $(all_pcfiles_with_nl) $(all_svcfiles_with_nl)
+	@mkdir -p $(dir $@)
+	$(hide) echo > $@
+
+built_nl := $(LOCAL_BUILT_MODULE)
+
+#################################
+include $(CLEAR_VARS)
+
 LOCAL_MODULE := sepolicy
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional
@@ -161,11 +183,12 @@ ifneq ($(filter address,$(SANITIZE_TARGET)),)
  all_fc_files := $(all_fc_files) file_contexts_asan
 endif
 all_fc_files := $(call build_policy, $(all_fc_files))
+all_fcfiles_with_nl := $(call add_nl, $(all_fc_files), $(built_nl))

 file_contexts.tmp := $(intermediates)/file_contexts.tmp
-$(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fc_files)
+$(file_contexts.tmp): PRIVATE_FC_FILES := $(all_fcfiles_with_nl)
 $(file_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(file_contexts.tmp): $(all_fc_files)
+$(file_contexts.tmp): $(all_fc_files) $(all_fcfiles_with_nl) $(built_nl)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@

@@ -263,11 +286,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 include $(BUILD_SYSTEM)/base_rules.mk

 all_pc_files := $(call build_policy, property_contexts)
+all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))

 property_contexts.tmp := $(intermediates)/property_contexts.tmp
-$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pc_files)
+$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pcfiles_with_nl)
 $(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(property_contexts.tmp): $(all_pc_files)
+$(property_contexts.tmp): $(all_pc_files) $(all_pcfiles_with_nl) $(built_nl)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@

@@ -315,11 +339,12 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 include $(BUILD_SYSTEM)/base_rules.mk

 all_svc_files := $(call build_policy, service_contexts)
+all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl))

 service_contexts.tmp := $(intermediates)/service_contexts.tmp
-$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svc_files)
+$(service_contexts.tmp): PRIVATE_SVC_FILES := $(all_svcfiles_with_nl)
 $(service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(service_contexts.tmp): $(all_svc_files)
+$(service_contexts.tmp): $(all_svc_files) $(all_svcfiles_with_nl) $(built_nl)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@

@@ -407,5 +432,6 @@ built_pc :=
 built_svc :=
 built_general_sepolicy :=
 built_general_sepolicy.conf :=
+built_nl :=

 include $(call all-makefiles-under,$(LOCAL_PATH))
--- a/README
+++ b/README
@@ -7,11 +7,19 @@ into the policy build as described below.
 Policy Generation:

 Additional, per device, policy files can be added into the
-policy build.
-
-They can be configured through the use of the BOARD_SEPOLICY_DIRS
-variable. This variable should be set in the BoardConfig.mk file in
-the device or vendor directories.
+policy build. These files should have each line including the
+final line terminated by a newline character (0x0A).  This
+will allow files to be concatenated and processed whenever
+the m4(1) macro processor is called by the build process.
+Adding the newline will also make the intermediate text files
+easier to read when debugging build failures.  The sets of file,
+service and property contexts files will automatically have a
+newline inserted between each file as these are common failure
+points.
+
+These device policy files can be configured through the use of
+the BOARD_SEPOLICY_DIRS variable. This variable should be set
+in the BoardConfig.mk file in the device or vendor directories.

 BOARD_SEPOLICY_DIRS contains a list of directories to search
 for additional policy files. Order matters in this list.