Support for genfs labels in build_target_files
system/etc/selinux/plat_sepolicy_genfs_{ver}.cil must be included when
generating a precompiled sepolicy binary.
Bug: 409353466
Test: manually run merge_target_files and check the secilc command
Change-Id: Id27332fca9e213bbd8e66555a1dc5c023af747b7
diff --git a/tools/releasetools/merge/merge_compatibility_checks.py b/tools/releasetools/merge/merge_compatibility_checks.py
index 80b5caa..69633bd 100644
--- a/tools/releasetools/merge/merge_compatibility_checks.py
+++ b/tools/releasetools/merge/merge_compatibility_checks.py
@@ -151,6 +151,15 @@
with open(vendor_plat_version_file) as f:
vendor_plat_version = f.read().strip()
+ vendor_genfs_version = ""
+ vendor_genfs_version_file = get_file('vendor',
+ 'etc/selinux/genfs_labels_version.txt')
+ if vendor_genfs_version_file:
+ with open(vendor_genfs_version_file) as f:
+ vendor_genfs_version = f.read().strip()
+ else:
+ logger.debug('Missing vendor/etc/selinux/genfs_labels_version.txt')
+
# Use the same flags and arguments as selinux.cpp OpenSplitPolicy().
cmd = ['secilc', '-m', '-M', 'true', '-G', '-N']
cmd.extend(['-c', kernel_sepolicy_version])
@@ -170,14 +179,20 @@
return errors
cmd.append(policy)
- optional_policy_files = (
+ optional_policy_files = [
('system', 'etc/selinux/mapping/%s.compat.cil' % vendor_plat_version),
('system_ext', 'etc/selinux/system_ext_sepolicy.cil'),
('system_ext', 'etc/selinux/mapping/%s.cil' % vendor_plat_version),
('product', 'etc/selinux/product_sepolicy.cil'),
('product', 'etc/selinux/mapping/%s.cil' % vendor_plat_version),
('odm', 'etc/selinux/odm_sepolicy.cil'),
- )
+ ]
+ if vendor_genfs_version != "":
+ optional_policy_files.append(
+ ('system',
+ f'etc/selinux/plat_sepolicy_genfs_{vendor_genfs_version}.cil',
+ )
+ )
for policy in (map(lambda partition_and_path: get_file(*partition_and_path),
optional_policy_files)):
if policy:
diff --git a/tools/releasetools/merge/test_merge_compatibility_checks.py b/tools/releasetools/merge/test_merge_compatibility_checks.py
index 0f319de..0a32565 100644
--- a/tools/releasetools/merge/test_merge_compatibility_checks.py
+++ b/tools/releasetools/merge/test_merge_compatibility_checks.py
@@ -56,11 +56,13 @@
<kernel-sepolicy-version>30</kernel-sepolicy-version>
</sepolicy>
</compatibility-matrix>""")
- write_temp_file('vendor/etc/selinux/plat_sepolicy_vers.txt', '30.0')
+ write_temp_file('vendor/etc/selinux/plat_sepolicy_vers.txt', '202504')
+ write_temp_file('vendor/etc/selinux/genfs_labels_version.txt', '202504')
write_temp_file('system/etc/selinux/plat_sepolicy.cil')
- write_temp_file('system/etc/selinux/mapping/30.0.cil')
- write_temp_file('product/etc/selinux/mapping/30.0.cil')
+ write_temp_file('system/etc/selinux/mapping/202504.cil')
+ write_temp_file('system/etc/selinux/plat_sepolicy_genfs_202504.cil')
+ write_temp_file('product/etc/selinux/mapping/202504.cil')
write_temp_file('vendor/etc/selinux/vendor_sepolicy.cil')
write_temp_file('vendor/etc/selinux/plat_pub_versioned.cil')
@@ -70,10 +72,11 @@
('secilc -m -M true -G -N -c 30 '
'-o {OTP}/META/combined_sepolicy -f /dev/null '
'{OTP}/system/etc/selinux/plat_sepolicy.cil '
- '{OTP}/system/etc/selinux/mapping/30.0.cil '
+ '{OTP}/system/etc/selinux/mapping/202504.cil '
'{OTP}/vendor/etc/selinux/vendor_sepolicy.cil '
'{OTP}/vendor/etc/selinux/plat_pub_versioned.cil '
- '{OTP}/product/etc/selinux/mapping/30.0.cil').format(
+ '{OTP}/product/etc/selinux/mapping/202504.cil',
+ '{OTP}/system/etc/selinux/plat_sepolicy_genfs_202504.cil').format(
OTP=product_out_dir))
def _copy_apex(self, source, output_dir, partition):
