Use user policy when checking neverallow rules.
When building userdebug or eng builds, we still want to build the user policy when checking neverallow rules so that we can catch compile errors. Commitc0713e86
split out a helper function but lost one instance of using user instead of the real variant. This restores that one and adds it to the neverallow check. Bug: 74344625 Test: Added a rule that referred to a type defined only in userdebug and eng and ensure we throw a compile error when building userdebug mode. Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae (cherry picked from commit053cb34130
)
This commit is contained in:
parent
2dfe2e2937
commit
8c72eea5ff
@ -259,6 +259,7 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||||||
sepolicy_policy.conf := $(intermediates)/policy.conf
|
sepolicy_policy.conf := $(intermediates)/policy.conf
|
||||||
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(sepolicy_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
|
||||||
$(sepolicy_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(sepolicy_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -291,6 +292,7 @@ built_sepolicy_neverallows := $(LOCAL_BUILT_MODULE)
|
|||||||
reqd_policy_mask.conf := $(intermediates)/reqd_policy_mask.conf
|
reqd_policy_mask.conf := $(intermediates)/reqd_policy_mask.conf
|
||||||
$(reqd_policy_mask.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(reqd_policy_mask.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(reqd_policy_mask.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -318,6 +320,7 @@ reqd_policy_mask.conf :=
|
|||||||
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
|
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
|
||||||
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(plat_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -367,6 +370,7 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||||||
plat_policy.conf := $(intermediates)/plat_policy.conf
|
plat_policy.conf := $(intermediates)/plat_policy.conf
|
||||||
$(plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -518,6 +522,7 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||||||
vendor_policy.conf := $(intermediates)/vendor_policy.conf
|
vendor_policy.conf := $(intermediates)/vendor_policy.conf
|
||||||
$(vendor_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(vendor_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(vendor_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(vendor_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(vendor_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(vendor_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(vendor_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -642,6 +647,7 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||||||
sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
|
sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
|
||||||
$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(sepolicy.recovery.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
@ -687,6 +693,7 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||||||
|
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(LOCAL_BUILT_MODULE): PRIVATE_TARGET_BUILD_VARIANT := user
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
|
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
|
||||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
|
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
|
||||||
@ -1301,6 +1308,7 @@ BASE_PLAT_PRIVATE_POLICY := $(filter-out $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR), $(P
|
|||||||
base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
|
base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
|
||||||
$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$(base_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
|
@ -4,7 +4,7 @@ define transform-policy-to-conf
|
|||||||
@mkdir -p $(dir $@)
|
@mkdir -p $(dir $@)
|
||||||
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
||||||
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
||||||
-D target_build_variant=$(TARGET_BUILD_VARIANT) \
|
-D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
|
||||||
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
|
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
|
||||||
-D target_arch=$(PRIVATE_TGT_ARCH) \
|
-D target_arch=$(PRIVATE_TGT_ARCH) \
|
||||||
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
|
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
|
||||||
|
@ -19,6 +19,7 @@ $(version)_PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/private
|
|||||||
$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
|
$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
|
||||||
$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||||
$($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
$($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||||
|
$($(version)_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||||
$($(version)_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
$($(version)_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||||
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||||
$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||||
|
Loading…
Reference in New Issue
Block a user