Skip to content
Snippets Groups Projects
Commit 748cae86 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

secilc: expand generated attributes on non-treble devices 

Attributes added to the policy by the policy compiler are causing
performance issues. Telling the compiler to expand these
auto-generated attributes to their underlying types prevents
preemtion during policy lookup.

Bug: 3650825
Test: Build and boot Bullhead
Change-Id: I9a33f5efb1e7c25d83dda1ea5dfe663b22846a2f
parent de2e79c5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 3 deletions
Android.mk
+ 3
3
View file @ 748cae86
...@@ -322,7 +322,7 @@ $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(plat_policy_nvr) ...@@ -322,7 +322,7 @@ $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(plat_policy_nvr)
# sailfish-eng). # sailfish-eng).
grep -v '^(neverallow' $(PRIVATE_CIL_FILES) > $@ grep -v '^(neverallow' $(PRIVATE_CIL_FILES) > $@
# Confirm that the resulting policy compiles # Confirm that the resulting policy compiles
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -c $(POLICYVERS) $@ -o /dev/null -f /dev/null $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
built_plat_cil := $(LOCAL_BUILT_MODULE) built_plat_cil := $(LOCAL_BUILT_MODULE)
plat_policy.conf := plat_policy.conf :=
...@@ -452,7 +452,7 @@ $(built_mapping_cil) ...@@ -452,7 +452,7 @@ $(built_mapping_cil)
# sailfish-eng). # sailfish-eng).
grep -v '^(neverallow' $(PRIVATE_NONPLAT_CIL_FILES) > $@ grep -v '^(neverallow' $(PRIVATE_NONPLAT_CIL_FILES) > $@
# Confirm that the resulting policy compiles combined with platform and mapping policies # Confirm that the resulting policy compiles combined with platform and mapping policies
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -c $(POLICYVERS) \ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) \
$(PRIVATE_DEP_CIL_FILES) $@ -o /dev/null -f /dev/null $(PRIVATE_DEP_CIL_FILES) $@ -o /dev/null -f /dev/null
built_nonplat_cil := $(LOCAL_BUILT_MODULE) built_nonplat_cil := $(LOCAL_BUILT_MODULE)
...@@ -515,7 +515,7 @@ all_cil_files := \ ...@@ -515,7 +515,7 @@ all_cil_files := \
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files) $(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files) $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) $< -M true -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null $(hide) $< -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains $(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \ $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
echo "==========" 1>&2; \ echo "==========" 1>&2; \
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment