xref: /aosp_15_r20/system/sepolicy/tools/finalize-vintf-resources.sh (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1#!/bin/bash
2
3# Copyright (C) 2023 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17if [ $# -ne 2 ]; then
18    echo "Usage: $0 <top> <ver>"
19    exit 1
20fi
21
22top=$1
23ver=$2
24
25prebuilt_dir=$top/system/sepolicy/prebuilts/api/$ver
26mkdir -p "$prebuilt_dir"
27cp -r "$top/system/sepolicy/public/" "$prebuilt_dir"
28cp -r "$top/system/sepolicy/private/" "$prebuilt_dir"
29
30cat > "$prebuilt_dir/Android.bp" <<EOF
31// Automatically generated file, do not edit!
32se_policy_conf {
33    name: "${ver}_reqd_policy_mask.conf",
34    defaults: ["se_policy_conf_flags_defaults"],
35    srcs: reqd_mask_policy,
36    installable: false,
37    build_variant: "user",
38    board_api_level: "${ver}",
39}
40
41se_policy_cil {
42    name: "${ver}_reqd_policy_mask.cil",
43    src: ":${ver}_reqd_policy_mask.conf",
44    secilc_check: false,
45    installable: false,
46}
47
48se_policy_conf {
49    name: "${ver}_plat_pub_policy.conf",
50    defaults: ["se_policy_conf_flags_defaults"],
51    srcs: [
52        ":se_build_files{.plat_public_${ver}}",
53        ":se_build_files{.reqd_mask}",
54    ],
55    installable: false,
56    build_variant: "user",
57    board_api_level: "${ver}",
58}
59
60se_policy_cil {
61    name: "${ver}_plat_pub_policy.cil",
62    src: ":${ver}_plat_pub_policy.conf",
63    filter_out: [":${ver}_reqd_policy_mask.cil"],
64    secilc_check: false,
65    installable: false,
66}
67
68se_policy_conf {
69    name: "${ver}_product_pub_policy.conf",
70    defaults: ["se_policy_conf_flags_defaults"],
71    srcs: [
72        ":se_build_files{.plat_public_${ver}}",
73        ":se_build_files{.system_ext_public_${ver}}",
74        ":se_build_files{.product_public_${ver}}",
75        ":se_build_files{.reqd_mask}",
76    ],
77    installable: false,
78    build_variant: "user",
79    board_api_level: "${ver}",
80}
81
82se_policy_cil {
83    name: "${ver}_product_pub_policy.cil",
84    src: ":${ver}_product_pub_policy.conf",
85    filter_out: [":${ver}_reqd_policy_mask.cil"],
86    secilc_check: false,
87    installable: false,
88}
89
90se_versioned_policy {
91    name: "${ver}_plat_pub_versioned.cil",
92    base: ":${ver}_product_pub_policy.cil",
93    target_policy: ":${ver}_product_pub_policy.cil",
94    version: "${ver}",
95    installable: false,
96}
97
98se_policy_conf {
99    name: "${ver}_plat_policy.conf",
100    defaults: ["se_policy_conf_flags_defaults"],
101    srcs: [
102        ":se_build_files{.plat_public_${ver}}",
103        ":se_build_files{.plat_private_${ver}}",
104        ":se_build_files{.system_ext_public_${ver}}",
105        ":se_build_files{.system_ext_private_${ver}}",
106        ":se_build_files{.product_public_${ver}}",
107        ":se_build_files{.product_private_${ver}}",
108    ],
109    installable: false,
110    build_variant: "user",
111}
112
113se_policy_cil {
114    name: "${ver}_plat_policy.cil",
115    src: ":${ver}_plat_policy.conf",
116    additional_cil_files: [":sepolicy_technical_debt{.plat_private_${ver}}"],
117    installable: false,
118}
119
120se_policy_binary {
121    name: "${ver}_plat_policy",
122    srcs: [":${ver}_plat_policy.cil"],
123    installable: false,
124    dist: {
125        targets: ["base-sepolicy-files-for-mapping"],
126    },
127}
128EOF
129
130# Build general_sepolicy.conf, plat_sepolicy.cil, and mapping file for CTS
131DIST_DIR=out/dist $top/build/soong/soong_ui.bash --make-mode dist sepolicy_finalize bpmodify
132
133cp "$top/out/dist/plat_sepolicy.cil" "$prebuilt_dir/${ver}_plat_sepolicy.cil"
134cp "$top/out/dist/general_sepolicy.conf" "$prebuilt_dir/${ver}_general_sepolicy.conf"
135cp "$top/out/dist/$ver.cil" "$prebuilt_dir/${ver}_mapping.cil"
136
137cat >> "$prebuilt_dir/Android.bp" <<EOF
138
139filegroup {
140    name: "${ver}_sepolicy_cts_data",
141    srcs: [
142        "${ver}_general_sepolicy.conf",
143        "${ver}_plat_sepolicy.cil",
144        "${ver}_mapping.cil",
145    ],
146}
147EOF
148
149bpmodify="$top/out/host/linux-x86/bin/bpmodify"
150$bpmodify -a ":${ver}_sepolicy_cts_data" -m prebuilt_sepolicy_cts_data -property srcs -w \
151    $top/system/sepolicy/tests/Android.bp
152