kernel: CI build for 5.15.y (#30)

.github/workflows/build-kernel-5.10.yml

@@ -1,9 +1,9 @@
-name: Build Kernel
+name: Build Kernel 5.10
 on:
   push:
     branches: [ "main" ]
     paths: 
-      - '.github/workflows/build-kernel.yml'
+      - '.github/workflows/build-kernel-5.10.yml'
       - 'kernel/**'
   pull_request:
     branches: [ "main" ]
@@ -46,8 +46,8 @@ jobs:
         cd $GITHUB_WORKSPACE
         git clone https://gerrit.googlesource.com/git-repo
         mkdir android-kernel && cd android-kernel
-        ../git-repo/repo init -u https://android.googlesource.com/kernel/manifest -b common-${{ matrix.tag }}
+        ../git-repo/repo init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${{ matrix.tag }}
-        ../git-repo/repo sync
+        ../git-repo/repo sync -j$(nproc --all)
         echo "[+] KernelSU setup"
         GKI_ROOT=$(pwd)
         echo "[+] GKI_ROOT: $GKI_ROOT"
@@ -100,4 +100,4 @@ jobs:
       uses: actions/upload-artifact@v3
       with:
         name: kernel-aarch64-${{ matrix.version }}-boot-gz.img
-        path: android-kernel/out/*/dist/boot-gz.img
+        path: android-kernel/out/*/dist/boot-gz.img

.github/workflows/build-kernel-5.15.yml

@@ -0,0 +1,57 @@
+name: Build Kernel 5.15
+on:
+  push:
+    branches: [ "main" ]
+    paths: 
+      - '.github/workflows/build-kernel-5.15.yml'
+      - 'kernel/**'
+  pull_request:
+    branches: [ "main" ]
+    paths: 
+      - 'kernel/**'
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - version: "android13-5.15-41"
+            tag: "android13-5.15-2022-11"
+            os_version: 13.0.0
+            os_version_level: "2022-11"
+          - version: "android13-5.15-74"
+            tag: "android13-5.15-2022-12"
+            os_version: 13.0.0
+            os_version_level: "2022-12"
+
+    name: Build aarch64-${{ matrix.version }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        path: KernelSU
+    - name: Download Kernel Source
+      run: |
+        cd $GITHUB_WORKSPACE
+        git clone https://gerrit.googlesource.com/git-repo
+        mkdir android-kernel && cd android-kernel
+        ../git-repo/repo init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${{ matrix.tag }}
+        ../git-repo/repo sync -j$(nproc --all)
+        echo "[+] KernelSU setup"
+        GKI_ROOT=$(pwd)
+        echo "[+] GKI_ROOT: $GKI_ROOT"
+        echo "[+] Copy kernel su driver to $GKI_ROOT/common/drivers"
+        ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $GKI_ROOT/common/drivers/kernelsu
+        echo "[+] Add kernel su driver to Makefile"
+        DRIVER_MAKEFILE=$GKI_ROOT/common/drivers/Makefile
+        grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE
+        echo "[+] KernelSU setup Done."
+
+    - name: Build boot.img
+      working-directory: android-kernel
+      run: BUILD_BOOT_IMG=1 SKIP_VENDOR_BOOT=1 KERNEL_BINARY=Image AVB_SIGN_BOOT_IMG=1 AVB_BOOT_PARTITION_SIZE=$((64*1024*1024)) AVB_BOOT_ALGORITHM=SHA256_RSA2048 AVB_BOOT_KEY=prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem BOOT_IMAGE_HEADER_VERSION=4 LTO=thin BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh
+
+    - name: Upload boot.img
+      uses: actions/upload-artifact@v3
+      with:
+        name: kernel-aarch64-${{ matrix.version }}-boot.img
+        path: android-kernel/out/*/dist/boot.img

kernel/selinux/selinux.c

@@ -49,8 +49,6 @@ static int transive_to_domain(const char *domain)
 	return error;
 }
 
-static bool is_domain_permissive;
-
 void setup_selinux()
 {
 	if (transive_to_domain(KERNEL_SU_DOMAIN)) {

kernel/selinux/sepolicy.c

@@ -15,18 +15,6 @@
 	hash_for_each (avtab.htable, avtab.nslot, cur)                         \
 		;
 
-static bool is_redundant(struct avtab_node *node)
-{
-	switch (node->key.specified) {
-	case AVTAB_AUDITDENY:
-		return node->datum.u.data == ~0U;
-	case AVTAB_XPERMS:
-		return node->datum.u.xperms == NULL;
-	default:
-		return node->datum.u.data == 0U;
-	}
-}
-
 struct avtab_node *get_avtab_node(struct policydb *db, struct avtab_key *key,
 				  struct avtab_extended_perms *xperms)
 {
@@ -267,9 +255,9 @@ void add_xperm_rule_raw(struct policydb *db, struct type_datum *src,
 			xperms.specified = AVTAB_XPERMS_IOCTLFUNCTION;
 			xperms.driver = ioctl_driver(low);
 		}
-
+		int i;
 		if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) {
-			for (int i = ioctl_driver(low); i <= ioctl_driver(high);
+			for (i = ioctl_driver(low); i <= ioctl_driver(high);
 			     ++i) {
 				if (invert)
 					xperm_clear(i, xperms.perms.p);
@@ -277,7 +265,7 @@ void add_xperm_rule_raw(struct policydb *db, struct type_datum *src,
 					xperm_set(i, xperms.perms.p);
 			}
 		} else {
-			for (int i = ioctl_func(low); i <= ioctl_func(high);
+			for (i = ioctl_func(low); i <= ioctl_func(high);
 			     ++i) {
 				if (invert)
 					xperm_clear(i, xperms.perms.p);