From a15df75ddf92b789f0a7d86f45168efff506a952 Mon Sep 17 00:00:00 2001
From: Tom Cherry <tomcherry@google.com>
Date: Fri, 23 Mar 2018 14:15:23 -0700
Subject: [PATCH] Verify the SELabels used in property_contexts

Verify that the SELabels used in property_contexts correspond to a
real type in the SEPolicy and that this type has the property_type attribute.

Additionally add a check that vendor property_context files do not
duplicate entries in plat property_contexts, and a similar check that
odm property_contexts doesn't duplicate either plat or vendor
property_contexts.

Bug: 74078792
Test: Build property_contexts on bullhead successfully
Test: See failure when using a faulty SELabel in property_contexts
Test: See failure when duplicating label in vendor and plat property_contexts
Change-Id: I4d2338dab68f1c5a8ed110aa7821f0677f61bafb
---
 Android.mk | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/Android.mk b/Android.mk
index b585adace..5179fef7d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1137,10 +1137,11 @@ $(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M
 $(plat_property_contexts.tmp): $(plat_pcfiles)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(HOST_OUT_EXECUTABLES)/property_info_checker
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
 	@mkdir -p $(dir $@)
 	$(hide) cp -f $< $@
-	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $@
+	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
 
 built_plat_pc := $(LOCAL_BUILT_MODULE)
 plat_pcfiles :=
@@ -1169,11 +1170,12 @@ $(vendor_property_contexts.tmp): $(vendor_pcfiles)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
 
-
-$(LOCAL_BUILT_MODULE): $(vendor_property_contexts.tmp) $(HOST_OUT_EXECUTABLES)/property_info_checker
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
+$(LOCAL_BUILT_MODULE): $(vendor_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
 	@mkdir -p $(dir $@)
 	$(hide) cp -f $< $@
-	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $@
+	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $@
 
 built_vendor_pc := $(LOCAL_BUILT_MODULE)
 vendor_pcfiles :=
@@ -1198,10 +1200,13 @@ $(odm_property_contexts.tmp): $(odm_pcfiles)
 	$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
 
 
-$(LOCAL_BUILT_MODULE): $(odm_property_contexts.tmp) $(HOST_OUT_EXECUTABLES)/property_info_checker
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
+$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_VENDOR_PC := $(built_vendor_pc)
+$(LOCAL_BUILT_MODULE): $(odm_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(built_vendor_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
 	@mkdir -p $(dir $@)
 	$(hide) cp -f $< $@
-	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $@
+	$(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $(PRIVATE_BUILT_VENDOR_PC) $@
 
 built_odm_pc := $(LOCAL_BUILT_MODULE)
 odm_pcfiles :=
-- 
GitLab