Merge changes from topic "selinux_soong"

* changes: Soong module for selinux files including board-specific directories. Soong module selinux compat maps

Merge changes from topic "selinux_soong"
* changes: Soong module for selinux files including board-specific directories. Soong module selinux compat maps
41d35c6f · Tri Vo · Gerrit Code Review · f261c7f5 · 84e247ab · 41d35c6f
Commit 41d35c6f authored 6 years ago by Tri Vo Committed by Gerrit Code Review 6 years ago
--- a/Android.bp
+++ b/Android.bp
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+se_filegroup {
+    name: "26.0.board.compat.map",
+    srcs: [
+        "compat/26.0/26.0.cil",
+    ],
+}
+
+se_filegroup {
+    name: "27.0.board.compat.map",
+    srcs: [
+        "compat/27.0/27.0.cil",
+    ],
+}
+
+se_cil_compat_map {
+    name: "26.0.cil",
+    srcs: [
+        ":26.0.board.compat.map",
+    ],
+}
+
+se_cil_compat_map {
+    name: "27.0.cil",
+    srcs: [
+        ":27.0.board.compat.map",
+    ],
+}
--- a/Android.mk
+++ b/Android.mk
@@ -476,26 +476,6 @@ current_mapping.cil :=
 #################################
 include $(CLEAR_VARS)

-LOCAL_MODULE := 27.0.cil
-LOCAL_SRC_FILES := private/compat/27.0/27.0.cil
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
-
-include $(BUILD_PREBUILT)
-#################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := 26.0.cil
-LOCAL_SRC_FILES := private/compat/26.0/26.0.cil
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
-
-include $(BUILD_PREBUILT)
-#################################
-include $(CLEAR_VARS)
-
 LOCAL_MODULE := plat_and_mapping_sepolicy.cil.sha256
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_TAGS := optional

--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+bootstrap_go_package {
+    name: "soong-selinux",
+    pkgPath: "android/soong/selinux",
+    deps: [
+        "blueprint",
+        "soong",
+        "soong-android",
+        "soong-genrule",
+    ],
+    srcs: [
+        "cil_compat_map.go",
+        "filegroup.go"
+    ],
+    pluginFor: ["soong_build"],
+}
--- a/build/soong/cil_compat_map.go
+++ b/build/soong/cil_compat_map.go
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+// This file contains "se_cil_compat_map" module type used to build and install
+// sepolicy backwards compatibility mapping files.
+
+import (
+	"android/soong/android"
+	"fmt"
+	"io"
+)
+
+var (
+	pctx = android.NewPackageContext("android/soong/selinux")
+)
+
+func init() {
+	android.RegisterModuleType("se_cil_compat_map", cilCompatMapFactory)
+	pctx.Import("android/soong/common")
+}
+
+func cilCompatMapFactory() android.Module {
+	c := &cilCompatMap{}
+	c.AddProperties(&c.properties)
+	android.InitAndroidModule(c)
+	return c
+}
+
+type cilCompatMapProperties struct {
+	// list of source (.cil) files used to build an sepolicy compatibility mapping
+	// file. srcs may reference the outputs of other modules that produce source
+	// files like genrule or filegroup using the syntax ":module". srcs has to be
+	// non-empty.
+	Srcs []string
+}
+
+type cilCompatMap struct {
+	android.ModuleBase
+	properties cilCompatMapProperties
+	// (.intermediate) module output path as installation source.
+	installSource android.OptionalPath
+}
+
+func expandSeSources(ctx android.ModuleContext, srcFiles []string) android.Paths {
+	expandedSrcFiles := make(android.Paths, 0, len(srcFiles))
+	for _, s := range srcFiles {
+		if m := android.SrcIsModule(s); m != "" {
+			module := ctx.GetDirectDepWithTag(m, android.SourceDepTag)
+			if module == nil {
+				// Error will have been handled by ExtractSourcesDeps
+				continue
+			}
+			if fg, ok := module.(*fileGroup); ok {
+				// Core compatibility mapping files are under system/sepolicy/private.
+				expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
+				// Partner extensions to the compatibility mapping in must be located in
+				// BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+				expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+			} else {
+				ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup", m)
+			}
+		} else {
+			p := android.PathForModuleSrc(ctx, s)
+			expandedSrcFiles = append(expandedSrcFiles, p)
+		}
+	}
+	return expandedSrcFiles
+}
+
+func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+	srcFiles := expandSeSources(ctx, c.properties.Srcs)
+	for _, src := range srcFiles {
+		if src.Ext() != ".cil" {
+			ctx.PropertyErrorf("srcs", "%s has to be a .cil file.", src.String())
+		}
+	}
+
+	out := android.PathForModuleGen(ctx, c.Name())
+	ctx.Build(pctx, android.BuildParams{
+		Rule:   android.Cat,
+		Output: out,
+		Inputs: srcFiles,
+	})
+	c.installSource = android.OptionalPathForPath(out)
+}
+
+func (c *cilCompatMap) DepsMutator(ctx android.BottomUpMutatorContext) {
+	android.ExtractSourcesDeps(ctx, c.properties.Srcs)
+}
+
+func (c *cilCompatMap) AndroidMk() android.AndroidMkData {
+	ret := android.AndroidMkData{
+		OutputFile: c.installSource,
+		Class:      "ETC",
+	}
+	ret.Extra = append(ret.Extra, func(w io.Writer, outputFile android.Path) {
+		fmt.Fprintln(w, "LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping")
+	})
+	return ret
+}
--- a/build/soong/filegroup.go
+++ b/build/soong/filegroup.go
+// Copyright 2018 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+	"android/soong/android"
+	"path/filepath"
+)
+
+func init() {
+	android.RegisterModuleType("se_filegroup", FileGroupFactory)
+}
+
+func FileGroupFactory() android.Module {
+	module := &fileGroup{}
+	module.AddProperties(&module.properties)
+	android.InitAndroidModule(module)
+	return module
+}
+
+type fileGroupProperties struct {
+	// list of source file suffixes used to collect selinux policy files.
+	// Source files will be looked up in the following local directories:
+	// system/sepolicy/{public, private, vendor, reqd_mask}
+	// and directories specified by following config variables:
+	// BOARD_SEPOLICY_DIRS, BOARD_ODM_SEPOLICY_DIRS
+	// BOARD_PLAT_PUBLIC_SEPOLICY_DIR, BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+	Srcs []string
+}
+
+type fileGroup struct {
+	android.ModuleBase
+	properties fileGroupProperties
+
+	systemPublicSrcs   android.Paths
+	systemPrivateSrcs  android.Paths
+	systemVendorSrcs   android.Paths
+	systemReqdMaskSrcs android.Paths
+
+	systemExtPublicSrcs  android.Paths
+	systemExtPrivateSrcs android.Paths
+
+	vendorSrcs android.Paths
+	odmSrcs    android.Paths
+}
+
+// Source files from system/sepolicy/public
+func (fg *fileGroup) SystemPublicSrcs() android.Paths {
+	return fg.systemPublicSrcs
+}
+
+// Source files from system/sepolicy/private
+func (fg *fileGroup) SystemPrivateSrcs() android.Paths {
+	return fg.systemPrivateSrcs
+}
+
+// Source files from system/sepolicy/vendor
+func (fg *fileGroup) SystemVendorSrcs() android.Paths {
+	return fg.systemVendorSrcs
+}
+
+// Source files from system/sepolicy/reqd_mask
+func (fg *fileGroup) SystemReqdMaskSrcs() android.Paths {
+	return fg.systemReqdMaskSrcs
+}
+
+// Source files from BOARD_PLAT_PUBLIC_SEPOLICY_DIR
+func (fg *fileGroup) SystemExtPublicSrcs() android.Paths {
+	return fg.systemExtPublicSrcs
+}
+
+// Source files from BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+func (fg *fileGroup) SystemExtPrivateSrcs() android.Paths {
+	return fg.systemExtPrivateSrcs
+}
+
+// Source files from BOARD_SEPOLICY_DIRS
+func (fg *fileGroup) VendorSrcs() android.Paths {
+	return fg.vendorSrcs
+}
+
+// Source files from BOARD_ODM_SEPOLICY_DIRS
+func (fg *fileGroup) OdmSrcs() android.Paths {
+	return fg.odmSrcs
+}
+
+func (fg *fileGroup) findSrcsInDirs(ctx android.ModuleContext, dirs []string) android.Paths {
+	result := android.Paths{}
+	for _, f := range fg.properties.Srcs {
+		for _, d := range dirs {
+			path := filepath.Join(d, f)
+			files, _ := ctx.GlobWithDeps(path, nil)
+			for _, f := range files {
+				result = append(result, android.PathForSource(ctx, f))
+			}
+		}
+	}
+	return result
+}
+
+func (fg *fileGroup) findSrcsInDir(ctx android.ModuleContext, dir string) android.Paths {
+	return fg.findSrcsInDirs(ctx, []string{dir})
+}
+
+func (fg *fileGroup) DepsMutator(ctx android.BottomUpMutatorContext) {}
+
+func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+	fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public"))
+	fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private"))
+	fg.systemVendorSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "vendor"))
+	fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
+
+	fg.systemExtPublicSrcs = fg.findSrcsInDir(ctx, ctx.DeviceConfig().PlatPublicSepolicyDir())
+	fg.systemExtPrivateSrcs = fg.findSrcsInDir(ctx, ctx.DeviceConfig().PlatPrivateSepolicyDir())
+
+	fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
+	fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
+}