From a86316e85215de0e8bcd9920035af1a2d1f5a4cc Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Tue, 27 Dec 2016 16:08:44 -0800
Subject: [PATCH] property_context: split into platform and non-platform
components.
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I87f95292b5860283efb2081b2223e607a52fed04
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
Android.mk | 57 +++++++++++++++++++++----------------
CleanSpec.mk | 3 ++
private/file_contexts | 3 +-
reqd_mask/property_contexts | 3 ++
4 files changed, 41 insertions(+), 25 deletions(-)
create mode 100644 reqd_mask/property_contexts
diff --git a/Android.mk b/Android.mk
index 0061c7665..ea967e96a 100644
--- a/Android.mk
+++ b/Android.mk
@@ -765,56 +765,64 @@ $(LOCAL_BUILT_MODULE): $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts)
##################################
include $(CLEAR_VARS)
-LOCAL_MODULE := property_contexts
+LOCAL_MODULE := plat_property_contexts
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
+# TODO: Change module path to TARGET_SYSTEM_OUT after b/27805372
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-all_pc_files := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
-all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))
+plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
-property_contexts.tmp := $(intermediates)/property_contexts.tmp
-$(property_contexts.tmp): PRIVATE_PC_FILES := $(all_pcfiles_with_nl)
-$(property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(property_contexts.tmp): $(all_pcfiles_with_nl)
+plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
+$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
+$(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(plat_property_contexts.tmp): $(plat_pcfiles)
@mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
+$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
- $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
+ $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< | sort -u -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
-built_pc := $(LOCAL_BUILT_MODULE)
-all_pc_files :=
-all_pcfiles_with_nl :=
-property_contexts.tmp :=
+built_plat_pc := $(LOCAL_BUILT_MODULE)
+plat_pcfiles :=
+plat_property_contexts.tmp :=
##################################
include $(CLEAR_VARS)
-LOCAL_MODULE := general_property_contexts
+LOCAL_MODULE := nonplat_property_contexts
LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_TAGS := optional
+# TODO: Change module path to TARGET_SYSTEM_OUT after b/27805372
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-general_property_contexts.tmp := $(intermediates)/general_property_contexts.tmp
-$(general_property_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, property_contexts)
+nonplat_pcfiles := $(call build_policy, property_contexts, $(BOARD_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
+nonplat_property_contexts.tmp := $(intermediates)/nonplat_property_contexts.tmp
+$(nonplat_property_contexts.tmp): PRIVATE_PC_FILES := $(nonplat_pcfiles)
+$(nonplat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(nonplat_property_contexts.tmp): $(nonplat_pcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $< > $@
+ $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
-$(LOCAL_BUILT_MODULE): $(general_property_contexts.tmp) $(built_general_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(nonplat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
- $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
+ $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< | sort -u -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
-general_property_contexts.tmp :=
+built_nonplat_pc := $(LOCAL_BUILT_MODULE)
+nonplat_pcfiles :=
+nonplat_property_contexts.tmp :=
##################################
include $(CLEAR_VARS)
@@ -947,7 +955,7 @@ LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(built_pc) $(built_plat_fc) \
+$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(built_plat_pc) $(built_nonplat_pc) $(built_plat_fc) \
$(buit_nonplat_fc) $(built_plat_sc) $(built_nonplat_sc) $(built_plat_svc) $(built_nonplat_svc)
@mkdir -p $(dir $@)
$(hide) echo -n $(BUILD_FINGERPRINT_FROM_FILE) > $@
@@ -962,7 +970,8 @@ built_nonplat_fc :=
built_general_sepolicy :=
built_general_sepolicy.conf :=
built_nl :=
-built_pc :=
+built_plat_pc :=
+built_nonplat_pc :=
built_nonplat_sc :=
built_plat_sc :=
built_sepolicy :=
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 0ce1e25c3..ac0735565 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -60,3 +60,6 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/plat_property_context
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/property_contexts)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/property_contexts)
+
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/property_contexts)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/property_contexts)
diff --git a/private/file_contexts b/private/file_contexts
index d0bf1a465..0ce3dbce8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -41,7 +41,8 @@
/mapping_sepolicy\.cil u:object_r:rootfs:s0
/nonplat_sepolicy\.cil u:object_r:rootfs:s0
/plat_sepolicy\.cil u:object_r:rootfs:s0
-/property_contexts u:object_r:property_contexts:s0
+/plat_property_contexts u:object_r:property_contexts:s0
+/nonplat_property_contexts u:object_r:property_contexts:s0
/seapp_contexts u:object_r:rootfs:s0
/nonplat_seapp_contexts u:object_r:rootfs:s0
/plat_seapp_contexts u:object_r:rootfs:s0
diff --git a/reqd_mask/property_contexts b/reqd_mask/property_contexts
new file mode 100644
index 000000000..8e0bdbbde
--- /dev/null
+++ b/reqd_mask/property_contexts
@@ -0,0 +1,3 @@
+# empty property_contexts file - this file is used to generate an empty
+# non-platform property context for devices without any property_contexts
+# customizations.
--
GitLab