Merge "Preserve treble-only flag for CTS neverallows" into oc-dev am: df720941

am: b3ebaef4 Change-Id: Idacaa3e366a4d754d9e645ee6cadca5504df0b1b

Merge "Preserve treble-only flag for CTS neverallows" into oc-dev am: df720941
am: b3ebaef4 Change-Id: Idacaa3e366a4d754d9e645ee6cadca5504df0b1b
4683ee36 · Alex Klyubin · android-build-merger · d3329acc · b3ebaef4 · 4683ee36
Commit 4683ee36 authored 7 years ago by Alex Klyubin Committed by android-build-merger 7 years ago
--- a/Android.mk
+++ b/Android.mk
@@ -647,6 +647,9 @@ plat_policy_nvr.recovery :=
 mapping_policy_nvr.recovery :=
 nonplat_policy_nvr.recovery :=

+##################################
+# SELinux policy embedded into CTS.
+# CTS checks neverallow rules of this policy against the policy of the device under test.
 ##################################
 include $(CLEAR_VARS)

@@ -667,28 +670,10 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
 		-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
 		-D target_arch=$(PRIVATE_TGT_ARCH) \
 		-D target_with_asan=false \
+		-D target_full_treble=cts \
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit

-built_general_sepolicy.conf := $(LOCAL_BUILT_MODULE)
-exp_sepolicy_build_files :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := sepolicy.general
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_SEPOLICY.CONF := $(built_general_sepolicy.conf)
-$(LOCAL_BUILT_MODULE): $(built_general_sepolicy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
-	@mkdir -p $(dir $@)
-	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $(PRIVATE_BUILT_SEPOLICY.CONF) > /dev/null
-
-built_general_sepolicy := $(LOCAL_BUILT_MODULE)
-
 ##################################
 # TODO - remove this.   Keep around until we get the filesystem creation stuff taken care of.
 #
@@ -1164,8 +1149,6 @@ build_device_policy :=
 build_policy :=
 built_plat_fc :=
 built_nonplat_fc :=
-built_general_sepolicy :=
-built_general_sepolicy.conf :=
 built_nl :=
 built_plat_cil :=
 built_mapping_cil :=

--- a/public/te_macros
+++ b/public/te_macros
@@ -387,7 +387,12 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
 # Full TREBLE only
 # SELinux rules which apply only to full TREBLE devices
 #
-define(`full_treble_only', ifelse(target_full_treble, `true', $1, ))
+define(`full_treble_only', ifelse(target_full_treble, `true', $1,
+ifelse(target_full_treble, `cts',
+# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+, )))

 #####################################
 # Not full TREBLE