1version := $(version_under_treble_tests) 2 3include $(CLEAR_VARS) 4# For Treble builds run tests verifying that processes are properly labeled and 5# permissions granted do not violate the treble model. Also ensure that treble 6# compatibility guarantees are upheld between SELinux version bumps. 7LOCAL_MODULE := treble_sepolicy_tests_$(version) 8LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 9LOCAL_LICENSE_CONDITIONS := notice unencumbered 10LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 11LOCAL_MODULE_CLASS := FAKE 12LOCAL_MODULE_TAGS := optional 13 14IS_TREBLE_TEST_ENABLED_PARTNER := false 15ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),) 16ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR)) 17IS_TREBLE_TEST_ENABLED_PARTNER := true 18endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)$(BOARD_PRODUCT_PREBUILT_DIR)) 19endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),) 20 21include $(BUILD_SYSTEM)/base_rules.mk 22 23# $(version)_plat - the platform policy shipped as part of the $(version) release. This is 24# built to enable us to determine the diff between the current policy and the 25# $(version) policy, which will be used in tests to make sure that compatibility has 26# been maintained by our mapping files. 27built_$(version)_plat_sepolicy_cil := $(call intermediates-dir-for,ETC,$(version)_plat_policy.cil)/$(version)_plat_policy.cil 28 29$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil 30$(version)_mapping.ignore.cil := \ 31 $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil 32ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) 33ifneq (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)) 34$(version)_mapping.cil += \ 35 $(call intermediates-dir-for,ETC,system_ext_$(version).cil)/system_ext_$(version).cil 36$(version)_mapping.ignore.cil += \ 37 $(call intermediates-dir-for,ETC,system_ext_$(version).ignore.cil)/system_ext_$(version).ignore.cil 38endif # (,$(BOARD_SYSTEM_EXT_PREBUILT_DIR)) 39ifneq (,$(BOARD_PRODUCT_PREBUILT_DIR)) 40$(version)_mapping.cil += \ 41 $(call intermediates-dir-for,ETC,product_$(version).cil)/product_$(version).cil 42$(version)_mapping.ignore.cil += \ 43 $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil 44endif # (,$(BOARD_PRODUCT_PREBUILT_DIR)) 45endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true) 46 47# $(version)_mapping.combined.cil - a combination of the mapping file used when 48# combining the current platform policy with nonplatform policy based on the 49# $(version) policy release and also a special ignored file that exists purely for 50# these tests. 51intermediates := $(TARGET_OUT_INTERMEDIATES)/ETC/$(LOCAL_MODULE)_intermediates 52$(version)_mapping.combined.cil := $(intermediates)/$(version)_mapping.combined.cil 53$($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mapping.ignore.cil) 54 mkdir -p $(dir $@) 55 cat $^ > $@ 56 57ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) 58public_cil_files := $(base_product_pub_policy.cil) 59else 60public_cil_files := $(base_plat_pub_policy.cil) 61endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) 62$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy_cil) 63$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil) 64$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files) 65$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \ 66 $(public_cil_files) \ 67 $(built_$(version)_plat_sepolicy_cil) $($(version)_mapping.combined.cil) 68 @mkdir -p $(dir $@) 69 $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \ 70 -b $(PRIVATE_PLAT_PUB_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \ 71 -o $(PRIVATE_SEPOLICY_OLD) 72 $(hide) touch $@ 73 74built_sepolicy_files := 75public_cil_files := 76$(version)_mapping.cil := 77$(version)_mapping.combined.cil := 78$(version)_mapping.ignore.cil := 79built_$(version)_plat_sepolicy := 80version := 81version_under_treble_tests := 82