Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e78ad74b authored by Jooyung Han's avatar Jooyung Han
Browse files

Run apex_sepolicy_tests for all installed APEXes 

This is to check if unknown file context labels are used in APEX. The
reason why this is done in Makefile is to cover vendor-specific SE
policy and prebuilt APEXes. Note that there's already a validation check
when building APEXes (in Soong), which only checks the generic rules,
not vendor-specific.

Bug: 299391194
Test: atest apex_sepolicy_tests_test
Test: m
Change-Id: I4378b7530e8433d2bf188db95cb5bf791e3bf778
parent 6f0db025

core/Makefile

+44 −0
Original line number Diff line number Diff line
@@ -4929,6 +4929,50 @@ INTERNAL_ALLIMAGES_FILES := \ 
    $(INTERNAL_SYSTEM_DLKMIMAGE_FILES) \

    $(INTERNAL_PVMFWIMAGE_FILES) \



# -----------------------------------------------------------------

# Run apex_sepolicy_tests for all installed APEXes



ifeq (,$(TARGET_BUILD_UNBUNDLED))

intermediate := $(call intermediates-dir-for,PACKAGING,apex_sepolicy_tests)

apex_dirs := \

  $(TARGET_OUT)/apex/% \

  $(TARGET_OUT_SYSTEM_EXT)/apex/% \

  $(TARGET_OUT_VENDOR)/apex/% \

  $(TARGET_OUT_PRODUCT)/apex/% \



apex_files := $(sort $(filter $(apex_dirs), $(INTERNAL_ALLIMAGES_FILES)))

apex_dirs :=



# $1: apex file

# $2: output file

define _run_apex_sepolicy_tests

$2: $1 \

    $(HOST_OUT_EXECUTABLES)/apex_sepolicy_tests \

    $(HOST_OUT_EXECUTABLES)/deapexer \

    $(HOST_OUT_EXECUTABLES)/debugfs_static

	@rm -rf $$@

	@mkdir -p $(dir $$@)

	$(HOST_OUT_EXECUTABLES)/apex_sepolicy_tests --all -f <($(HOST_OUT_EXECUTABLES)/deapexer --debugfs_path $(HOST_OUT_EXECUTABLES)/debugfs_static list -Z $$<)

	@touch $$@

endef



# $1: apex file list

define run_apex_sepolicy_tests

$(foreach apex_file,$1, \

  $(eval passfile := $(patsubst $(PRODUCT_OUT)/%,$(intermediate)/%.pass,$(apex_file))) \

  $(eval $(call _run_apex_sepolicy_tests,$(apex_file),$(passfile))) \

  $(passfile))

endef



.PHONY: run_apex_sepolicy_tests

run_apex_sepolicy_tests: $(call run_apex_sepolicy_tests,$(apex_files))



droid_targets: run_apex_sepolicy_tests



apex_files :=

intermediate :=

endif # TARGET_BUILD_UNBUNDLED



# -----------------------------------------------------------------

# Check VINTF of build