summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYifan Hong2018-04-16 11:16:41 -0500
committerPraneeth Bajjuri2018-10-30 23:06:13 -0500
commitc8b0233f070de2ef661a2abcf37fd6ebc040b39f (patch)
tree123aa2ce446291d5eb682af3bfe3c1da505b436a
parentc3b69e09590ab8fc8470538eea9bcf5f322749dc (diff)
downloadplatform-system-libvintf-c8b0233f070de2ef661a2abcf37fd6ebc040b39f.tar.gz
platform-system-libvintf-c8b0233f070de2ef661a2abcf37fd6ebc040b39f.tar.xz
platform-system-libvintf-c8b0233f070de2ef661a2abcf37fd6ebc040b39f.zip
Compat if POLICYVERS <= security_policyvers()
POLICYVERS in the build system specifies the policydb version that the policy is compiled with. security_policyvers() specifies the maximum policy version that the kernel is compatible with. Allow POLICYVERS <= security_policyvers() to be considered compatible. This changes compatibility check logic for RuntimeInfo, hence this does not affect OTA, except the following case: * device kernel reports 30 * new images are built with POLICYVERS=31 * fwk matrix has 31 * device do OTA with these images * OTA will fail Right now, since there are no plans to bump POLICYVERS in build system (and it stays 30), OTA won't break. Bug: 77886167 Test: vts_treble_vintf_test Change-Id: I91fb631b291d17e26ad1a9befb669aac6b7ed654 Merged-In: I91fb631b291d17e26ad1a9befb669aac6b7ed654
-rw-r--r--RuntimeInfo.cpp7
-rw-r--r--test/main.cpp4
2 files changed, 6 insertions, 5 deletions
diff --git a/RuntimeInfo.cpp b/RuntimeInfo.cpp
index b343138..63a8c18 100644
--- a/RuntimeInfo.cpp
+++ b/RuntimeInfo.cpp
@@ -110,10 +110,11 @@ bool RuntimeInfo::checkCompatibility(const CompatibilityMatrix& mat, std::string
110 } 110 }
111 return false; 111 return false;
112 } 112 }
113 if (kernelSepolicyVersion() != mat.framework.mSepolicy.kernelSepolicyVersion()) { 113 if (kernelSepolicyVersion() < mat.framework.mSepolicy.kernelSepolicyVersion()) {
114 if (error != nullptr) { 114 if (error != nullptr) {
115 *error = "kernelSepolicyVersion = " + to_string(kernelSepolicyVersion()) 115 *error =
116 + " but required " + to_string(mat.framework.mSepolicy.kernelSepolicyVersion()); 116 "kernelSepolicyVersion = " + to_string(kernelSepolicyVersion()) +
117 " but required >= " + to_string(mat.framework.mSepolicy.kernelSepolicyVersion());
117 } 118 }
118 return false; 119 return false;
119 } 120 }
diff --git a/test/main.cpp b/test/main.cpp
index 495b35c..2bf4da3 100644
--- a/test/main.cpp
+++ b/test/main.cpp
@@ -725,11 +725,11 @@ TEST_F(LibVintfTest, RuntimeInfo) {
725 MatrixKernel kernel(KernelVersion{3, 18, 22}, KernelConfigs(configs)); 725 MatrixKernel kernel(KernelVersion{3, 18, 22}, KernelConfigs(configs));
726 CompatibilityMatrix cm = testMatrix(std::move(kernel)); 726 CompatibilityMatrix cm = testMatrix(std::move(kernel));
727 set(cm, Sepolicy{22, {{25, 0}}}); 727 set(cm, Sepolicy{22, {{25, 0}}});
728 EXPECT_FALSE(ki.checkCompatibility(cm, &error)) 728 EXPECT_TRUE(ki.checkCompatibility(cm, &error)) << error;
729 << "kernel-sepolicy-version shouldn't match";
730 set(cm, Sepolicy{40, {{25, 0}}}); 729 set(cm, Sepolicy{40, {{25, 0}}});
731 EXPECT_FALSE(ki.checkCompatibility(cm, &error)) 730 EXPECT_FALSE(ki.checkCompatibility(cm, &error))
732 << "kernel-sepolicy-version shouldn't match"; 731 << "kernel-sepolicy-version shouldn't match";
732 EXPECT_IN("kernelSepolicyVersion = 30 but required >= 40", error);
733 } 733 }
734 734
735 { 735 {