From 3c7b91bac1b9588ded74ac8e8a163019aae66389 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Fri, 25 Aug 2023 21:28:49 +0900 Subject: [PATCH] Use board api level for seapp coredomain check Rather than PRODUCT_SHIPPING_API_LEVEL, use board api level (BOARD_API_LEVEL or BOARD_SHIPPING_API_LEVEL) to determine whether we check coredomain violations or not. Also provides a Makefile variable to override the flag, for targets that want to turn on the check optionally. Bug: 280547417 Test: see build command of vendor_seapp_contexts Change-Id: I177630d33313334ca4a56a9be88b78cff678281e --- core/config.mk | 18 +----------------- core/product.mk | 3 +++ core/product_config.mk | 26 ++++++++++++++++++++++++++ core/soong_config.mk | 2 ++ 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/core/config.mk b/core/config.mk index 1343a4e7c4..ac49cece56 100644 --- a/core/config.mk +++ b/core/config.mk @@ -408,22 +408,6 @@ $(if $(findstring ro.config.low_ram=true,$(PRODUCT_VENDOR_PROPERTIES)),true,\ $(if $(findstring ro.config.low_ram=true,$(PRODUCT_ODM_PROPERTIES)),true,false))))))))) endef -# Get the board API level. -board_api_level := $(PLATFORM_SDK_VERSION) -ifdef BOARD_API_LEVEL - board_api_level := $(BOARD_API_LEVEL) -else ifdef BOARD_SHIPPING_API_LEVEL - # Vendors with GRF must define BOARD_SHIPPING_API_LEVEL for the vendor API level. - board_api_level := $(BOARD_SHIPPING_API_LEVEL) -endif - -# Calculate the VSR vendor API level. -vsr_vendor_api_level := $(board_api_level) - -ifdef PRODUCT_SHIPPING_API_LEVEL - vsr_vendor_api_level := $(call math_min,$(PRODUCT_SHIPPING_API_LEVEL),$(board_api_level)) -endif - # Set TARGET_MAX_PAGE_SIZE_SUPPORTED. # TARGET_MAX_PAGE_SIZE_SUPPORTED indicates the alignment of the ELF segments. ifdef PRODUCT_MAX_PAGE_SIZE_SUPPORTED @@ -435,7 +419,7 @@ else # The default binary alignment for userspace is 4096. TARGET_MAX_PAGE_SIZE_SUPPORTED := 4096 # When VSR vendor API level >= 34, binary alignment will be 65536. - ifeq ($(call math_gt_or_eq,$(vsr_vendor_api_level),34),true) + ifeq ($(call math_gt_or_eq,$(VSR_VENDOR_API_LEVEL),34),true) ifeq ($(TARGET_ARCH),arm64) TARGET_MAX_PAGE_SIZE_SUPPORTED := 65536 endif diff --git a/core/product.mk b/core/product.mk index b66f1e2e69..bf85c7854b 100644 --- a/core/product.mk +++ b/core/product.mk @@ -430,6 +430,9 @@ _product_single_value_vars += PRODUCT_ENABLE_UFFD_GC # specified we default to COW version 2 in update_engine for backwards compatibility _product_single_value_vars += PRODUCT_VIRTUAL_AB_COW_VERSION +# If set, determines whether the build system checks vendor seapp contexts violations. +_product_single_value_vars += PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS + _product_list_vars += PRODUCT_AFDO_PROFILES .KATI_READONLY := _product_single_value_vars _product_list_vars diff --git a/core/product_config.mk b/core/product_config.mk index 3f9eb24ab2..832d6adfcc 100644 --- a/core/product_config.mk +++ b/core/product_config.mk @@ -572,6 +572,32 @@ ifdef PRODUCT_ENFORCE_RRO_EXEMPTED_TARGETS $(PRODUCT_ENFORCE_RRO_EXEMPTED_TARGETS)) endif +# Get the board API level. +board_api_level := $(PLATFORM_SDK_VERSION) +ifdef BOARD_API_LEVEL + board_api_level := $(BOARD_API_LEVEL) +else ifdef BOARD_SHIPPING_API_LEVEL + # Vendors with GRF must define BOARD_SHIPPING_API_LEVEL for the vendor API level. + board_api_level := $(BOARD_SHIPPING_API_LEVEL) +endif + +# Calculate the VSR vendor API level. +VSR_VENDOR_API_LEVEL := $(board_api_level) + +ifdef PRODUCT_SHIPPING_API_LEVEL + VSR_VENDOR_API_LEVEL := $(call math_min,$(PRODUCT_SHIPPING_API_LEVEL),$(board_api_level)) +endif +.KATI_READONLY := VSR_VENDOR_API_LEVEL + +# Boolean variable determining if vendor seapp contexts is enforced +CHECK_VENDOR_SEAPP_VIOLATIONS := false +ifneq ($(call math_gt,$(VSR_VENDOR_API_LEVEL),34),) + CHECK_VENDOR_SEAPP_VIOLATIONS := true +else ifneq ($(PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS),) + CHECK_VENDOR_SEAPP_VIOLATIONS := $(PRODUCT_CHECK_VENDOR_SEAPP_VIOLATIONS) +endif +.KATI_READONLY := CHECK_VENDOR_SEAPP_VIOLATIONS + define product-overrides-config $$(foreach rule,$$(PRODUCT_$(1)_OVERRIDES),\ $$(if $$(filter 2,$$(words $$(subst :,$$(space),$$(rule)))),,\ diff --git a/core/soong_config.mk b/core/soong_config.mk index 26998ed0f8..7d8092ddc2 100644 --- a/core/soong_config.mk +++ b/core/soong_config.mk @@ -324,6 +324,8 @@ $(call add_json_str, ReleaseAconfigFlagDefaultPermission, $(RELEASE_ACONFIG_F $(call add_json_bool, KeepVndk, $(filter true,$(KEEP_VNDK))) +$(call add_json_bool, CheckVendorSeappViolations, $(filter true,$(CHECK_VENDOR_SEAPP_VIOLATIONS))) + $(call json_end) $(file >$(SOONG_VARIABLES).tmp,$(json_contents))