Skip to content
Snippets Groups Projects
Commit df720941 authored by Alex Klyubin's avatar Alex Klyubin Committed by Android (Google) Code Review
Browse files

Merge "Preserve treble-only flag for CTS neverallows" into oc-dev

parents b9bd6708 446279a6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Android.mk
+ 4
21
View file @ df720941
...@@ -647,6 +647,9 @@ plat_policy_nvr.recovery := ...@@ -647,6 +647,9 @@ plat_policy_nvr.recovery :=
mapping_policy_nvr.recovery := mapping_policy_nvr.recovery :=
nonplat_policy_nvr.recovery := nonplat_policy_nvr.recovery :=
##################################
# SELinux policy embedded into CTS.
# CTS checks neverallow rules of this policy against the policy of the device under test.
################################## ##################################
include $(CLEAR_VARS) include $(CLEAR_VARS)
...@@ -667,28 +670,10 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) ...@@ -667,28 +670,10 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \ -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
-D target_arch=$(PRIVATE_TGT_ARCH) \ -D target_arch=$(PRIVATE_TGT_ARCH) \
-D target_with_asan=false \ -D target_with_asan=false \
-D target_full_treble=cts \
-s $^ > $@ -s $^ > $@
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
built_general_sepolicy.conf := $(LOCAL_BUILT_MODULE)
exp_sepolicy_build_files :=
##################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy.general
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := tests
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_SEPOLICY.CONF := $(built_general_sepolicy.conf)
$(LOCAL_BUILT_MODULE): $(built_general_sepolicy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $(PRIVATE_BUILT_SEPOLICY.CONF) > /dev/null
built_general_sepolicy := $(LOCAL_BUILT_MODULE)
################################## ##################################
# TODO - remove this. Keep around until we get the filesystem creation stuff taken care of. # TODO - remove this. Keep around until we get the filesystem creation stuff taken care of.
# #
...@@ -1164,8 +1149,6 @@ build_device_policy := ...@@ -1164,8 +1149,6 @@ build_device_policy :=
build_policy := build_policy :=
built_plat_fc := built_plat_fc :=
built_nonplat_fc := built_nonplat_fc :=
built_general_sepolicy :=
built_general_sepolicy.conf :=
built_nl := built_nl :=
built_plat_cil := built_plat_cil :=
built_mapping_cil := built_mapping_cil :=
......
public/te_macros
+ 6
1
View file @ df720941
...@@ -387,7 +387,12 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, )) ...@@ -387,7 +387,12 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
# Full TREBLE only # Full TREBLE only
# SELinux rules which apply only to full TREBLE devices # SELinux rules which apply only to full TREBLE devices
# #
define(`full_treble_only', ifelse(target_full_treble, `true', $1, )) define(`full_treble_only', ifelse(target_full_treble, `true', $1,
ifelse(target_full_treble, `cts',
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
$1
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
, )))
##################################### #####################################
# Not full TREBLE # Not full TREBLE
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment