From 749cf93ae800d02cb7c6dbe690d986c50a5003a6 Mon Sep 17 00:00:00 2001
From: Jooyung Han <jooyung@google.com>
Date: Thu, 30 May 2019 01:05:43 +0900
Subject: [PATCH] Test files on intermediates dir, not on /system

*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.

By being FAKE modules, test files are not installed on target.

Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).

Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
---
 Android.mk                           | 22 ++++----
 compat.mk                            | 14 +++--
 contexts_tests.mk                    | 79 ++++++++++++----------------
 treble_sepolicy_tests_for_release.mk | 23 ++++----
 4 files changed, 62 insertions(+), 76 deletions(-)

diff --git a/Android.mk b/Android.mk
index 55a2f8116..c1cc51aac 100644
--- a/Android.mk
+++ b/Android.mk
@@ -194,6 +194,10 @@ LOCAL_REQUIRED_MODULES += \
 
 include $(BUILD_PHONY_PACKAGE)
 
+# selinux_policy is a main goal and triggers lots of tests.
+# Most tests are FAKE modules, so aren'triggered on normal builds. (e.g. 'm')
+# By setting as droidcore's dependency, tests will run on normal builds.
+droidcore: selinux_policy
 
 include $(CLEAR_VARS)
 LOCAL_MODULE := selinux_policy_system
@@ -329,9 +333,8 @@ include $(BUILD_PHONY_PACKAGE)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := sepolicy_neverallows
-LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_CLASS := FAKE
 LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -1199,8 +1202,8 @@ include $(LOCAL_PATH)/mac_permissions.mk
 #################################
 include $(CLEAR_VARS)
 LOCAL_MODULE := sepolicy_tests
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -1214,10 +1217,9 @@ all_fc_files += $(TARGET_OUT_ODM)/etc/selinux/odm_file_contexts
 endif
 all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
 
-sepolicy_tests := $(intermediates)/sepolicy_tests
-$(sepolicy_tests): ALL_FC_ARGS := $(all_fc_args)
-$(sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests -l $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \
 		$(ALL_FC_ARGS)  -p $(PRIVATE_SEPOLICY)
@@ -1309,8 +1311,8 @@ all_fc_args :=
 #################################
 include $(CLEAR_VARS)
 LOCAL_MODULE := sepolicy_freeze_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
diff --git a/compat.mk b/compat.mk
index 85947516d..30904eff9 100644
--- a/compat.mk
+++ b/compat.mk
@@ -6,7 +6,10 @@ include $(CLEAR_VARS)
 #
 LOCAL_MODULE := $(version)_compat_test
 LOCAL_REQUIRED_MODULES := $(version).compat.cil
-intermediates := $(TARGET_OUT_INTERMEDIATES)/ETC/sepolicy_intermediates
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
 
 all_cil_files := \
     $(built_plat_cil) \
@@ -26,16 +29,11 @@ ifdef BOARD_ODM_SEPOLICY_DIRS
 all_cil_files += $(built_odm_cil)
 endif
 
-compat_test := $(intermediates)/$(LOCAL_MODULE)
-droidcore: $(compat_test)
-$(version)_compat_test: $(compat_test)
-.PHONY: $(version)_compat_test
-$(compat_test): PRIVATE_CIL_FILES := $(all_cil_files)
-$(compat_test): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
 	@mkdir -p $(dir $@)
 	$(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@ -f /dev/null
 
-compat_test :=
 all_cil_files :=
 version :=
 version_under_treble_tests :=
diff --git a/contexts_tests.mk b/contexts_tests.mk
index b229c50e7..5756d8f6b 100644
--- a/contexts_tests.mk
+++ b/contexts_tests.mk
@@ -21,14 +21,12 @@ include $(CLEAR_VARS)
 # $(2): path to the host tool
 # $(3): additional argument to be passed to the tool
 define run_contexts_test
-test_out := $$(intermediates)/$$(LOCAL_MODULE)
-$$(test_out): PRIVATE_CONTEXTS := $(1)
-$$(test_out): PRIVATE_SEPOLICY := $$(built_sepolicy)
-$$(test_out): $(2) $(1) $$(built_sepolicy)
+$$(LOCAL_BUILT_MODULE): PRIVATE_CONTEXTS := $(1)
+$$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $$(built_sepolicy)
+$$(LOCAL_BUILT_MODULE): $(2) $(1) $$(built_sepolicy)
 	$$(hide) $$< $(3) $$(PRIVATE_SEPOLICY) $$(PRIVATE_CONTEXTS)
 	$$(hide) mkdir -p $$(dir $$@)
 	$$(hide) touch $$@
-test_out :=
 endef
 
 system_out := $(TARGET_OUT)/etc/selinux
@@ -41,8 +39,8 @@ property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker
 
 ##################################
 LOCAL_MODULE := plat_file_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -52,9 +50,8 @@ $(eval $(call run_contexts_test, $(system_out)/plat_file_contexts, $(checkfc),))
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := product_file_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_PRODUCT_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -64,9 +61,8 @@ $(eval $(call run_contexts_test, $(product_out)/product_file_contexts, $(checkfc
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := vendor_file_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_VENDOR_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -76,9 +72,8 @@ $(eval $(call run_contexts_test, $(vendor_out)/vendor_file_contexts, $(checkfc),
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := odm_file_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_ODM_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -89,8 +84,8 @@ $(eval $(call run_contexts_test, $(odm_out)/odm_file_contexts, $(checkfc),))
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := plat_hwservice_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -100,9 +95,8 @@ $(eval $(call run_contexts_test, $(system_out)/plat_hwservice_contexts, $(checkf
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := product_hwservice_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_PRODUCT_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -112,9 +106,8 @@ $(eval $(call run_contexts_test, $(product_out)/product_hwservice_contexts, $(ch
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := vendor_hwservice_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_VENDOR_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -124,9 +117,8 @@ $(eval $(call run_contexts_test, $(vendor_out)/vendor_hwservice_contexts, $(chec
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := odm_hwservice_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_ODM_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -139,8 +131,8 @@ pc_files := $(system_out)/plat_property_contexts
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := plat_property_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -153,9 +145,8 @@ pc_files += $(vendor_out)/vendor_property_contexts
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := vendor_property_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_VENDOR_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -170,9 +161,8 @@ pc_files += $(odm_out)/odm_property_contexts
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := odm_property_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_ODM_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -189,9 +179,8 @@ pc_files += $(product_out)/product_property_contexts
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := product_property_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_PRODUCT_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -205,8 +194,8 @@ pc_files :=
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := plat_service_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -216,9 +205,8 @@ $(eval $(call run_contexts_test, $(system_out)/plat_service_contexts, $(checkfc)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := product_service_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_PRODUCT_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -231,9 +219,8 @@ ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := vendor_service_contexts_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_VENDOR_MODULE := true
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
index bc6d685dd..39bff1018 100644
--- a/treble_sepolicy_tests_for_release.mk
+++ b/treble_sepolicy_tests_for_release.mk
@@ -5,8 +5,8 @@ include $(CLEAR_VARS)
 # permissions granted do not violate the treble model.  Also ensure that treble
 # compatibility guarantees are upheld between SELinux version bumps.
 LOCAL_MODULE := treble_sepolicy_tests_$(version)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
@@ -80,14 +80,13 @@ $($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mappi
 	mkdir -p $(dir $@)
 	cat $^ > $@
 
-treble_sepolicy_tests_$(version) := $(intermediates)/treble_sepolicy_tests_$(version)
-$(treble_sepolicy_tests_$(version)): ALL_FC_ARGS := $(all_fc_args)
-$(treble_sepolicy_tests_$(version)): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
-$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
-$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE :=
+$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE :=
 ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
 # TODO(b/113124961): account for PRODUCT_SHIPPING_API_LEVEL when determining
 # fake treble status once emulator is no longer fake treble.
@@ -98,11 +97,11 @@ ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
 # lead to release problems where they think they pass this test but
 # fail it when it actually gets runned for compliance.
 #ifeq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),26),)
-$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE := --fake-treble
+$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE := --fake-treble
 #endif # if PRODUCT_SHIPPING_API_LEVEL < 26 (Android Oreo)
 #endif # PRODUCT_SHIPPING_API_LEVEL defined
 endif # PRODUCT_FULL_TREBLE_OVERRIDE = true
-$(treble_sepolicy_tests_$(version)): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
   $(all_fc_files) $(built_sepolicy) $(built_plat_sepolicy) \
   $(base_plat_pub_policy.cil) \
   $(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)