blob: bcec5edfa4d41ae7cb47533c9de1997a3957f194 [file] [log] [blame]
# Copyright 2021 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Defines high level SWD Policy configurations.
# Since there are dependencies both in system_image_deps and base_packages, we
# define two groups per policy.
# Policy names must be one of the set of
# ["unrestricted", "local_dynamic_config", "base_components_only"].
# These groups are added to the build image in //build/images:base_packages
# and //build/input/product:system_image_deps.
# Note, the build arg `auto_update_packages` is not captured in the scope of
# these configurations, despite being SWD related.
# Default policy_labels definition to ease with the transition away from
# manually defining SWD policies across different product gni files.
# The transition process will be as follows:
# 1. Define all SWD policies.
# 2. Add dependency on SWD policies in base_package_deps and
# system_image_deps, but do not apply a SWD policy to retain existing
# product behavior.
# 3. Apply SWD policies in product definitions alongside the existing
# SWD targets configuration. Assert that product configuration has not
# changed.
# 4. Remove manually defined SWD targets in product definitions, rely solely
# on defined SWD policies to determine product configuration of SWD policy.
# A definition of existing swd policies is included below:
# ┌──────────────────────┬──────────────────────────────┬─────────────────────┬────────────────────────────────────┐
# │ POLICY_NAME │ enable_dynamic_configuration │ persisted_repos_dir │ disable_executability_restrictions │
# ├──────────────────────┼──────────────────────────────┼─────────────────────┼────────────────────────────────────┤
# │ base_components_only │ OFF │ OFF │ OFF │
# ├──────────────────────┼──────────────────────────────┼─────────────────────┼────────────────────────────────────┤
# │ local_dynamic_config │ ON │ OFF │ OFF │
# ├──────────────────────┼──────────────────────────────┼─────────────────────┼────────────────────────────────────┤
# │ unrestricted │ ON │ ON │ ON │
# └──────────────────────┴──────────────────────────────┴─────────────────────┴────────────────────────────────────┘
policies_swd = [
{
name = "base_components_only"
base_package_deps = []
system_image_deps = []
},
{
name = "local_dynamic_config"
base_package_deps =
[ "//src/sys/pkg/bin/pkg-resolver:enable_dynamic_configuration" ]
system_image_deps = []
},
{
name = "unrestricted"
base_package_deps = [
"//src/sys/pkg/bin/pkg-resolver:enable_dynamic_configuration",
"//src/sys/pkg/bin/pkg-resolver:persisted_repos_dir",
]
system_image_deps =
[ "//src/sys/pkg:pkgfs-disable-executability-restrictions" ]
},
]
# Policy names must be either unset, or one of the set of
# ["omaha_client", "system_update_checker"].
#
# Each policy defines the following scopes:
# * if_board_supports_update_configurator, which will be applied if
# board_supports_update_configurator is set to true by a board's config.
# This scope defines the following scopes:
# * core_realm_shards - a set of labels to add as deps to the core realm's
# core_realm target in //build/images/fuchsia:core_realm
#
# A definition of existing update_checker policies is included below:
# ┌───────────────────────┬────────────────────────┐
# │ POLICY_NAME │ update checker │
# │ │ implementation │
# ├───────────────────────┼────────────────────────┤
# │ │ none │
# ├───────────────────────┼────────────────────────┤
# │ omaha_client │ omaha_client │
# ├───────────────────────┼────────────────────────┤
# │ system_update_checker │ system_update_checker │
# └───────────────────────┴────────────────────────┘
policies_update_checker = [
{
name = "omaha_client"
if_board_supports_update_configurator = {
core_realm_shards = [
# FIXME(fxbug.dev/93695) Replace with an optional capability route when
# that feature is available
"//src/sys/pkg:system-update-configurator-route-to-omaha-client",
]
}
},
{
name = "system_update_checker"
if_board_supports_update_configurator = {
core_realm_shards = []
}
},
]