From 771b893d0f3d12783539ef9377b56fec1ae5ba1b Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Mon, 11 Dec 2023 18:11:59 +0900 Subject: [PATCH] Change sepolicy version format for vFRC sepolicy versioning is for system <-> vendor compatibility. This changes sepolicy version format from sdk version (e.g. 34.0) to vendor api version (e.g. 202404.0). Bug: 314010177 Test: build and boot Change-Id: Ic15e07e7422be203dae08670bf58328669c9f474 --- core/config.mk | 41 ++++++++++++----------------------------- 1 file changed, 12 insertions(+), 29 deletions(-) diff --git a/core/config.mk b/core/config.mk index f8a9879981..c994d39dee 100644 --- a/core/config.mk +++ b/core/config.mk @@ -890,40 +890,23 @@ BUILD_DATETIME_FROM_FILE := $$(cat $(BUILD_DATETIME_FILE)) # SEPolicy versions -# PLATFORM_SEPOLICY_VERSION is a number of the form "NN.m" with "NN" mapping to -# PLATFORM_SDK_VERSION and "m" as a minor number which allows for SELinux -# changes independent of PLATFORM_SDK_VERSION. This value will be set to -# 10000.0 to represent tip-of-tree development that is inherently unstable and -# thus designed not to work with any shipping vendor policy. This is similar in -# spirit to how DEFAULT_APP_TARGET_SDK is set. -# The minor version ('m' component) must be updated every time a platform release -# is made which breaks compatibility with the previous platform sepolicy version, -# not just on every increase in PLATFORM_SDK_VERSION. The minor version should -# be reset to 0 on every bump of the PLATFORM_SDK_VERSION. -sepolicy_major_vers := 34 -sepolicy_minor_vers := 0 +# PLATFORM_SEPOLICY_VERSION is a number of the form "YYYYMM.0" with "YYYYMM" +# mapping to vFRC version. This value will be set to 1000000.0 to represent +# tip-of-tree development that is inherently unstable and thus designed not to +# work with any shipping vendor policy. This is similar in spirit to how +# DEFAULT_APP_TARGET_SDK is set. +sepolicy_vers := $(BOARD_API_LEVEL).0 -ifneq ($(sepolicy_major_vers), $(PLATFORM_SDK_VERSION)) -$(error sepolicy_major_version does not match PLATFORM_SDK_VERSION, please update.) -endif - -TOT_SEPOLICY_VERSION := 10000.0 -ifneq (REL,$(PLATFORM_VERSION_CODENAME)) - PLATFORM_SEPOLICY_VERSION := $(TOT_SEPOLICY_VERSION) +TOT_SEPOLICY_VERSION := 1000000.0 +ifeq (true,$(BOARD_API_LEVEL_FROZEN)) + PLATFORM_SEPOLICY_VERSION := $(sepolicy_vers) else - PLATFORM_SEPOLICY_VERSION := $(join $(addsuffix .,$(sepolicy_major_vers)), $(sepolicy_minor_vers)) + PLATFORM_SEPOLICY_VERSION := $(TOT_SEPOLICY_VERSION) endif -sepolicy_major_vers := -sepolicy_minor_vers := +sepolicy_vers := -# BOARD_SEPOLICY_VERS must take the format "NN.m" and contain the sepolicy -# version identifier corresponding to the sepolicy on which the non-platform -# policy is to be based. If unspecified, this will build against the current -# public platform policy in tree -ifndef BOARD_SEPOLICY_VERS -# The default platform policy version. BOARD_SEPOLICY_VERS := $(PLATFORM_SEPOLICY_VERSION) -endif +.KATI_READONLY := PLATFORM_SEPOLICY_VERSION BOARD_SEPOLICY_VERS # A list of SEPolicy versions, besides PLATFORM_SEPOLICY_VERSION, that the framework supports. PLATFORM_SEPOLICY_COMPAT_VERSIONS := $(filter-out $(PLATFORM_SEPOLICY_VERSION), \