Move file_contexts file for APEXes to under /system/sepolicy
For centralized development of sepolices, file_contexts files for APEXes
are all moved to under /system/seplicy.
The meaning of the existing file_contexts has been changed; when it is
set to <value>, then /system/sepolicy/apex/<value>_file_contexts is
used. When unset, it defaults to the name of the module. The property is
not removed in order to support creating multiple versions of the same
apex (for testing purpose) built with same file_contexts file.
Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: I7d14a9e37baea9ab78d9e15e1164cce54d256f56
diff --git a/apex/apex.go b/apex/apex.go
index 3e7c0a7..7232c1b 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -171,8 +171,10 @@
// "manifest.json"
Manifest *string
- // File contexts file for setting security context to each file in this APEX bundle
- // Default: "file_contexts".
+ // Determines the file contexts file for setting security context to each file in this APEX bundle.
+ // Specifically, when this is set to <value>, /system/sepolicy/apex/<value>_file_contexts file is
+ // used.
+ // Default: <name_of_this_module>
File_contexts *string
// List of native shared libs that are embedded inside this APEX bundle
@@ -489,7 +491,15 @@
})
manifest := android.PathForModuleSrc(ctx, proptools.StringDefault(a.properties.Manifest, "manifest.json"))
- fileContexts := android.PathForModuleSrc(ctx, proptools.StringDefault(a.properties.File_contexts, "file_contexts"))
+
+ fcName := proptools.StringDefault(a.properties.File_contexts, a.ModuleBase.Name())
+ fileContextsPath := "system/sepolicy/apex/" + fcName + "_file_contexts"
+ fileContextsOptionalPath := android.ExistentPathForSource(ctx, fileContextsPath)
+ if !fileContextsOptionalPath.Valid() {
+ ctx.ModuleErrorf("Cannot find file_contexts file: %q", fileContextsPath)
+ return
+ }
+ fileContexts := fileContextsOptionalPath.Path()
unsignedOutputFile := android.PathForModuleOut(ctx, a.ModuleBase.Name()+apexSuffix+".unsigned")