Introduce seapp_neverallow test

Produce a list of neverallow assertions from seapp_contexts into a separate file, general_seapp_context_neverallows, to be used during CTS neverallow checking. Change-Id: I171ed43cf4ae4961f66d5d8f56695345493f1261 Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-06-25 11:59:30 -07:00 · 2015-06-25 11:59:30 -07:00 · 4ee7131ade
commit 4ee7131ade
parent da52e85906
1 changed files with 14 additions and 0 deletions
--- a/Android.mk
+++ b/Android.mk
@ -203,6 +203,20 @@ $(LOCAL_BUILT_MODULE): $(built_sepolicy) $(all_sc_files) $(HOST_OUT_EXECUTABLES)
 GENERAL_SEAPP_CONTEXTS := $(LOCAL_BUILT_MODULE)
 all_sc_files :=

+##################################
+include $(CLEAR_VARS)
+LOCAL_MODULE := general_seapp_neverallows
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := tests
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(addprefix $(LOCAL_PATH)/, seapp_contexts)
+	@mkdir -p $(dir $@)
+	- $(hide) grep -ie '^neverallow' $< > $@
+
+GENERAL_SEAPP_NEVERALLOWS := $(LOCAL_BUILT_MODULE)
+
 ##################################
 include $(CLEAR_VARS)