Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bd682567 authored by Inseob Kim's avatar Inseob Kim
Browse files

Support tracking lists for Treble labeling tests 

Tracking lists help prevent more violations while we fix the existing
violations and enforce.

Bug: 415177630
Test: manual
Change-Id: I770d3581a91fdc9af4e0bed44e7ca6a36963589c
parent 7194a04b

core/Makefile

+3 −1
Original line number Diff line number Diff line
@@ -3496,11 +3496,12 @@ $(check-selinux-treble-labeling.timestamp): PRIVATE_SEPOLICY := $(sepolicy-binar 
$(check-selinux-treble-labeling.timestamp): PRIVATE_PLATFORM_SEAPP_CONTEXTS := $(platform-seapp-contexts)

$(check-selinux-treble-labeling.timestamp): PRIVATE_VENDOR_SEAPP_CONTEXTS := $(vendor-seapp-contexts)

$(check-selinux-treble-labeling.timestamp): PRIVATE_VENDOR_FILE_CONTEXTS := $(vendor-file-contexts)

$(check-selinux-treble-labeling.timestamp): PRIVATE_TRACKING_LIST_FILE := $(PRODUCT_SELINUX_TREBLE_LABELING_TRACKING_LIST_FILE)

$(check-selinux-treble-labeling.timestamp): $(HOST_OUT_EXECUTABLES)/treble_labeling_tests \

    $(platform-preinstalled-apps) $(vendor-preinstalled-apps) \

    $(platform-sepolicy-binary) $(sepolicy-binary) $(sepolicy-binary-without-vendor) \

    $(platform-seapp-contexts) $(vendor-seapp-contexts) $(vendor-file-contexts) \

    $(AAPT2)

    $(PRODUCT_SELINUX_TREBLE_LABELING_TRACKING_LIST_FILE) $(AAPT2)

	@rm -rf $@

	@echo $(PRIVATE_PLATFORM_APPS) > $@.platform_apps.txt

	@echo $(PRIVATE_VENDOR_APPS) > $@.vendor_apps.txt
@@ -3510,6 +3511,7 @@ $(check-selinux-treble-labeling.timestamp): $(HOST_OUT_EXECUTABLES)/treble_label 
    --platform_seapp_contexts $(PRIVATE_PLATFORM_SEAPP_CONTEXTS) \

    --vendor_seapp_contexts $(PRIVATE_VENDOR_SEAPP_CONTEXTS) \

    --vendor_file_contexts $(PRIVATE_VENDOR_FILE_CONTEXTS) \

    $(if $(PRIVATE_TRACKING_LIST_FILE),--tracking_list_file $(PRIVATE_TRACKING_LIST_FILE)) \

    --aapt2_path $(AAPT2) > $@



.PHONY: check-selinux-treble-labeling

core/product.mk

+3 −0
Original line number Diff line number Diff line
@@ -418,6 +418,9 @@ _product_single_value_vars += PRODUCT_CGROUP_V2_SYS_APP_ISOLATION_ENABLED 
# If set, check treble labeling

_product_single_value_vars += PRODUCT_ENFORCE_SELINUX_TREBLE_LABELING



# Path to a tracking list file for treble labeling

_product_single_value_vars += PRODUCT_SELINUX_TREBLE_LABELING_TRACKING_LIST_FILE



# List of .json files to be merged/compiled into vendor/etc/linker.config.pb and product/etc/linker.config.pb

_product_list_vars += PRODUCT_VENDOR_LINKER_CONFIG_FRAGMENTS

_product_list_vars += PRODUCT_PRODUCT_LINKER_CONFIG_FRAGMENTS

core/soong_config.mk

+2 −0
Original line number Diff line number Diff line
@@ -607,6 +607,8 @@ $(call add_json_bool, ProductEnableLogcatPersistence, $(PRODUCT_ENABLE_LOGCAT_PE 


$(call add_json_bool, EnforceSELinuxTrebleLabeling, $(filter true,$(PRODUCT_ENFORCE_SELINUX_TREBLE_LABELING)))



$(call add_json_str, SELinuxTrebleLabelingTrackingListFile, $(filter true,$(PRODUCT_SELINUX_TREBLE_LABELING_TRACKING_LIST_FILE)))



$(call json_end)



$(file >$(SOONG_VARIABLES).tmp,$(json_contents))