1*e4a36f41SAndroid Build Coastguard Worker#!/bin/bash 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Worker# Copyright (C) 2023 The Android Open Source Project 4*e4a36f41SAndroid Build Coastguard Worker# 5*e4a36f41SAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License"); 6*e4a36f41SAndroid Build Coastguard Worker# you may not use this file except in compliance with the License. 7*e4a36f41SAndroid Build Coastguard Worker# You may obtain a copy of the License at 8*e4a36f41SAndroid Build Coastguard Worker# 9*e4a36f41SAndroid Build Coastguard Worker# http://www.apache.org/licenses/LICENSE-2.0 10*e4a36f41SAndroid Build Coastguard Worker# 11*e4a36f41SAndroid Build Coastguard Worker# Unless required by applicable law or agreed to in writing, software 12*e4a36f41SAndroid Build Coastguard Worker# distributed under the License is distributed on an "AS IS" BASIS, 13*e4a36f41SAndroid Build Coastguard Worker# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*e4a36f41SAndroid Build Coastguard Worker# See the License for the specific language governing permissions and 15*e4a36f41SAndroid Build Coastguard Worker# limitations under the License. 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Workerif [ $# -ne 2 ]; then 18*e4a36f41SAndroid Build Coastguard Worker echo "Usage: $0 <top> <ver>" 19*e4a36f41SAndroid Build Coastguard Worker exit 1 20*e4a36f41SAndroid Build Coastguard Workerfi 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Workertop=$1 23*e4a36f41SAndroid Build Coastguard Workerver=$2 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Workerprebuilt_dir=$top/system/sepolicy/prebuilts/api/$ver 26*e4a36f41SAndroid Build Coastguard Workermkdir -p "$prebuilt_dir" 27*e4a36f41SAndroid Build Coastguard Workercp -r "$top/system/sepolicy/public/" "$prebuilt_dir" 28*e4a36f41SAndroid Build Coastguard Workercp -r "$top/system/sepolicy/private/" "$prebuilt_dir" 29*e4a36f41SAndroid Build Coastguard Worker 30*e4a36f41SAndroid Build Coastguard Workercat > "$prebuilt_dir/Android.bp" <<EOF 31*e4a36f41SAndroid Build Coastguard Worker// Automatically generated file, do not edit! 32*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 33*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_reqd_policy_mask.conf", 34*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 35*e4a36f41SAndroid Build Coastguard Worker srcs: reqd_mask_policy, 36*e4a36f41SAndroid Build Coastguard Worker installable: false, 37*e4a36f41SAndroid Build Coastguard Worker build_variant: "user", 38*e4a36f41SAndroid Build Coastguard Worker board_api_level: "${ver}", 39*e4a36f41SAndroid Build Coastguard Worker} 40*e4a36f41SAndroid Build Coastguard Worker 41*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 42*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_reqd_policy_mask.cil", 43*e4a36f41SAndroid Build Coastguard Worker src: ":${ver}_reqd_policy_mask.conf", 44*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, 45*e4a36f41SAndroid Build Coastguard Worker installable: false, 46*e4a36f41SAndroid Build Coastguard Worker} 47*e4a36f41SAndroid Build Coastguard Worker 48*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 49*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_pub_policy.conf", 50*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 51*e4a36f41SAndroid Build Coastguard Worker srcs: [ 52*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.plat_public_${ver}}", 53*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.reqd_mask}", 54*e4a36f41SAndroid Build Coastguard Worker ], 55*e4a36f41SAndroid Build Coastguard Worker installable: false, 56*e4a36f41SAndroid Build Coastguard Worker build_variant: "user", 57*e4a36f41SAndroid Build Coastguard Worker board_api_level: "${ver}", 58*e4a36f41SAndroid Build Coastguard Worker} 59*e4a36f41SAndroid Build Coastguard Worker 60*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 61*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_pub_policy.cil", 62*e4a36f41SAndroid Build Coastguard Worker src: ":${ver}_plat_pub_policy.conf", 63*e4a36f41SAndroid Build Coastguard Worker filter_out: [":${ver}_reqd_policy_mask.cil"], 64*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, 65*e4a36f41SAndroid Build Coastguard Worker installable: false, 66*e4a36f41SAndroid Build Coastguard Worker} 67*e4a36f41SAndroid Build Coastguard Worker 68*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 69*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_product_pub_policy.conf", 70*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 71*e4a36f41SAndroid Build Coastguard Worker srcs: [ 72*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.plat_public_${ver}}", 73*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.system_ext_public_${ver}}", 74*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.product_public_${ver}}", 75*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.reqd_mask}", 76*e4a36f41SAndroid Build Coastguard Worker ], 77*e4a36f41SAndroid Build Coastguard Worker installable: false, 78*e4a36f41SAndroid Build Coastguard Worker build_variant: "user", 79*e4a36f41SAndroid Build Coastguard Worker board_api_level: "${ver}", 80*e4a36f41SAndroid Build Coastguard Worker} 81*e4a36f41SAndroid Build Coastguard Worker 82*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 83*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_product_pub_policy.cil", 84*e4a36f41SAndroid Build Coastguard Worker src: ":${ver}_product_pub_policy.conf", 85*e4a36f41SAndroid Build Coastguard Worker filter_out: [":${ver}_reqd_policy_mask.cil"], 86*e4a36f41SAndroid Build Coastguard Worker secilc_check: false, 87*e4a36f41SAndroid Build Coastguard Worker installable: false, 88*e4a36f41SAndroid Build Coastguard Worker} 89*e4a36f41SAndroid Build Coastguard Worker 90*e4a36f41SAndroid Build Coastguard Workerse_versioned_policy { 91*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_pub_versioned.cil", 92*e4a36f41SAndroid Build Coastguard Worker base: ":${ver}_product_pub_policy.cil", 93*e4a36f41SAndroid Build Coastguard Worker target_policy: ":${ver}_product_pub_policy.cil", 94*e4a36f41SAndroid Build Coastguard Worker version: "${ver}", 95*e4a36f41SAndroid Build Coastguard Worker installable: false, 96*e4a36f41SAndroid Build Coastguard Worker} 97*e4a36f41SAndroid Build Coastguard Worker 98*e4a36f41SAndroid Build Coastguard Workerse_policy_conf { 99*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_policy.conf", 100*e4a36f41SAndroid Build Coastguard Worker defaults: ["se_policy_conf_flags_defaults"], 101*e4a36f41SAndroid Build Coastguard Worker srcs: [ 102*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.plat_public_${ver}}", 103*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.plat_private_${ver}}", 104*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.system_ext_public_${ver}}", 105*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.system_ext_private_${ver}}", 106*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.product_public_${ver}}", 107*e4a36f41SAndroid Build Coastguard Worker ":se_build_files{.product_private_${ver}}", 108*e4a36f41SAndroid Build Coastguard Worker ], 109*e4a36f41SAndroid Build Coastguard Worker installable: false, 110*e4a36f41SAndroid Build Coastguard Worker build_variant: "user", 111*e4a36f41SAndroid Build Coastguard Worker} 112*e4a36f41SAndroid Build Coastguard Worker 113*e4a36f41SAndroid Build Coastguard Workerse_policy_cil { 114*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_policy.cil", 115*e4a36f41SAndroid Build Coastguard Worker src: ":${ver}_plat_policy.conf", 116*e4a36f41SAndroid Build Coastguard Worker additional_cil_files: [":sepolicy_technical_debt{.plat_private_${ver}}"], 117*e4a36f41SAndroid Build Coastguard Worker installable: false, 118*e4a36f41SAndroid Build Coastguard Worker} 119*e4a36f41SAndroid Build Coastguard Worker 120*e4a36f41SAndroid Build Coastguard Workerse_policy_binary { 121*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_plat_policy", 122*e4a36f41SAndroid Build Coastguard Worker srcs: [":${ver}_plat_policy.cil"], 123*e4a36f41SAndroid Build Coastguard Worker installable: false, 124*e4a36f41SAndroid Build Coastguard Worker dist: { 125*e4a36f41SAndroid Build Coastguard Worker targets: ["base-sepolicy-files-for-mapping"], 126*e4a36f41SAndroid Build Coastguard Worker }, 127*e4a36f41SAndroid Build Coastguard Worker} 128*e4a36f41SAndroid Build Coastguard WorkerEOF 129*e4a36f41SAndroid Build Coastguard Worker 130*e4a36f41SAndroid Build Coastguard Worker# Build general_sepolicy.conf, plat_sepolicy.cil, and mapping file for CTS 131*e4a36f41SAndroid Build Coastguard WorkerDIST_DIR=out/dist $top/build/soong/soong_ui.bash --make-mode dist sepolicy_finalize bpmodify 132*e4a36f41SAndroid Build Coastguard Worker 133*e4a36f41SAndroid Build Coastguard Workercp "$top/out/dist/plat_sepolicy.cil" "$prebuilt_dir/${ver}_plat_sepolicy.cil" 134*e4a36f41SAndroid Build Coastguard Workercp "$top/out/dist/general_sepolicy.conf" "$prebuilt_dir/${ver}_general_sepolicy.conf" 135*e4a36f41SAndroid Build Coastguard Workercp "$top/out/dist/$ver.cil" "$prebuilt_dir/${ver}_mapping.cil" 136*e4a36f41SAndroid Build Coastguard Worker 137*e4a36f41SAndroid Build Coastguard Workercat >> "$prebuilt_dir/Android.bp" <<EOF 138*e4a36f41SAndroid Build Coastguard Worker 139*e4a36f41SAndroid Build Coastguard Workerfilegroup { 140*e4a36f41SAndroid Build Coastguard Worker name: "${ver}_sepolicy_cts_data", 141*e4a36f41SAndroid Build Coastguard Worker srcs: [ 142*e4a36f41SAndroid Build Coastguard Worker "${ver}_general_sepolicy.conf", 143*e4a36f41SAndroid Build Coastguard Worker "${ver}_plat_sepolicy.cil", 144*e4a36f41SAndroid Build Coastguard Worker "${ver}_mapping.cil", 145*e4a36f41SAndroid Build Coastguard Worker ], 146*e4a36f41SAndroid Build Coastguard Worker} 147*e4a36f41SAndroid Build Coastguard WorkerEOF 148*e4a36f41SAndroid Build Coastguard Worker 149*e4a36f41SAndroid Build Coastguard Workerbpmodify="$top/out/host/linux-x86/bin/bpmodify" 150*e4a36f41SAndroid Build Coastguard Worker$bpmodify -a ":${ver}_sepolicy_cts_data" -m prebuilt_sepolicy_cts_data -property srcs -w \ 151*e4a36f41SAndroid Build Coastguard Worker $top/system/sepolicy/tests/Android.bp 152