StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CHECK_DEV_TYPE_VIOLATIONS

Browse Source 
If PRODUCT_CHECK_DEV_TYPE_VIOLATIONS is set or vendor api level is
greater than V (35), sepolicy dev type test will be run which checks if
all /dev nodes have dev_type attribute.

Bug: 303367345
Test: set PRODUCT_CHECK_DEV_TYPE_VIOLATIONS, see
sepolicy_dev_type_test's build command

Change-Id: Ibf25c1dacb5132ccda5265d6d2ce9fe655ffbc87
This commit is contained in:
Inseob Kim
2023-11-21 16:47:42 +09:00
parent ca2c656091
commit aa9a4a4907
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/android_soong_config_vars.mk
View File

@@ -31,6 +31,7 @@ $(call add_soong_config_var,ANDROID,TARGET_DYNAMIC_64_32_DRMSERVER)
$(call add_soong_config_var,ANDROID,TARGET_ENABLE_MEDIADRM_64) $(call add_soong_config_var,ANDROID,TARGET_ENABLE_MEDIADRM_64)
$(call add_soong_config_var,ANDROID,BOARD_USES_ODMIMAGE) $(call add_soong_config_var,ANDROID,BOARD_USES_ODMIMAGE)
$(call add_soong_config_var,ANDROID,BOARD_USES_RECOVERY_AS_BOOT) $(call add_soong_config_var,ANDROID,BOARD_USES_RECOVERY_AS_BOOT)
$(call add_soong_config_var,ANDROID,CHECK_DEV_TYPE_VIOLATIONS)
$(call add_soong_config_var,ANDROID,PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT) $(call add_soong_config_var,ANDROID,PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT)
# Default behavior for the tree wrt building modules or using prebuilts. This # Default behavior for the tree wrt building modules or using prebuilts. This

3
core/product.mk
View File

@@ -443,6 +443,9 @@ _product_single_value_vars += PRODUCT_VIRTUAL_AB_COW_VERSION
# If set, determines whether the build system checks vendor seapp contexts violations. # If set, determines whether the build system checks vendor seapp contexts violations.
_product_single_value_vars += PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS _product_single_value_vars += PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS
# If set, determines whether the build system checks dev type violations.
_product_single_value_vars += PRODUCT_CHECK_DEV_TYPE_VIOLATIONS
_product_list_vars += PRODUCT_AFDO_PROFILES _product_list_vars += PRODUCT_AFDO_PROFILES
_product_single_value_vars += PRODUCT_NEXT_RELEASE_HIDE_FLAGGED_API _product_single_value_vars += PRODUCT_NEXT_RELEASE_HIDE_FLAGGED_API

9
core/product_config.mk
View File

@@ -578,6 +578,15 @@ else ifneq ($(PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS),)
endif endif
.KATI_READONLY := CHECK_VENDOR_SEAPP_VIOLATIONS .KATI_READONLY := CHECK_VENDOR_SEAPP_VIOLATIONS
# Boolean variable determining if selinux labels of /dev are enforced
CHECK_DEV_TYPE_VIOLATIONS := false
ifneq ($(call math_gt,$(VSR_VENDOR_API_LEVEL),35),)
CHECK_DEV_TYPE_VIOLATIONS := true
else ifneq ($(PRODUCT_CHECK_DEV_TYPE_VIOLATIONS),)
CHECK_DEV_TYPE_VIOLATIONS := $(PRODUCT_CHECK_DEV_TYPE_VIOLATIONS)
endif
.KATI_READONLY := CHECK_DEV_TYPE_VIOLATIONS
define product-overrides-config define product-overrides-config
$$(foreach rule,$$(PRODUCT_$(1)_OVERRIDES),\ $$(foreach rule,$$(PRODUCT_$(1)_OVERRIDES),\
$$(if $$(filter 2,$$(words $$(subst :,$$(space),$$(rule)))),,\ $$(if $$(filter 2,$$(words $$(subst :,$$(space),$$(rule)))),,\