Blame - microdroid/sepolicy/Android.bp - android_packages_modules_Virtualization

blob: 7a555056caa26cbf95183503563fd2a19e582771 [file] [log] [blame]

Bob Badour	17187b0	2021-06-14 16:37:09 -0700	[diff] [blame]	1	package {
				2	// See: http://go/android-license-faq
				3	// A large-scale-change added 'default_applicable_licenses' to import
				4	// all of the 'license_kinds' from "packages_modules_Virtualization_license"
				5	// to get the below license kinds:
				6	// legacy_unencumbered
				7	default_applicable_licenses: ["packages_modules_Virtualization_license"],
				8	}
				9
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	10	system_policy_files = [
				11	"system/private/security_classes",
				12	"system/private/initial_sids",
				13	"system/private/access_vectors",
				14	"system/public/global_macros",
				15	"system/public/neverallow_macros",
				16	"system/private/mls_macros",
				17	"system/private/mls_decl",
				18	"system/private/mls",
				19	"system/private/policy_capabilities",
				20	"system/public/te_macros",
				21	"system/public/attributes",
				22	"system/private/attributes",
				23	"system/public/ioctl_defines",
				24	"system/public/ioctl_macros",
				25	"system/public/*.te",
				26	"system/private/*.te",
				27	"system/private/roles_decl",
				28	"system/public/roles",
				29	"system/private/users",
				30	"system/private/initial_sid_contexts",
				31	"system/private/fs_use",
				32	"system/private/genfs_contexts",
				33	"system/private/port_contexts",
				34	]
				35
				36	reqd_mask_files = [
				37	"reqd_mask/security_classes",
				38	"reqd_mask/initial_sids",
				39	"reqd_mask/access_vectors",
				40	"reqd_mask/mls_macros",
				41	"reqd_mask/mls_decl",
				42	"reqd_mask/mls",
				43	"reqd_mask/reqd_mask.te",
				44	"reqd_mask/roles_decl",
				45	"reqd_mask/roles",
				46	"reqd_mask/users",
				47	"reqd_mask/initial_sid_contexts",
				48	]
				49
				50	system_public_policy_files = [
				51	"reqd_mask/security_classes",
				52	"reqd_mask/initial_sids",
				53	"reqd_mask/access_vectors",
				54	"system/public/global_macros",
				55	"system/public/neverallow_macros",
				56	"reqd_mask/mls_macros",
				57	"reqd_mask/mls_decl",
				58	"reqd_mask/mls",
				59	"system/public/te_macros",
				60	"system/public/attributes",
				61	"system/public/ioctl_defines",
				62	"system/public/ioctl_macros",
				63	"system/public/*.te",
				64	"reqd_mask/reqd_mask.te",
				65	"reqd_mask/roles_decl",
				66	"reqd_mask/roles",
				67	"system/public/roles",
				68	"reqd_mask/users",
				69	"reqd_mask/initial_sid_contexts",
				70	]
				71
				72	vendor_policy_files = [
				73	"reqd_mask/security_classes",
				74	"reqd_mask/initial_sids",
				75	"reqd_mask/access_vectors",
				76	"system/public/global_macros",
				77	"system/public/neverallow_macros",
				78	"reqd_mask/mls_macros",
				79	"reqd_mask/mls_decl",
				80	"reqd_mask/mls",
				81	"system/public/te_macros",
				82	"system/public/attributes",
				83	"system/public/ioctl_defines",
				84	"system/public/ioctl_macros",
				85	"system/public/*.te",
				86	"reqd_mask/reqd_mask.te",
				87	"vendor/*.te",
				88	"reqd_mask/roles_decl",
				89	"reqd_mask/roles",
				90	"system/public/roles",
				91	"reqd_mask/users",
				92	"reqd_mask/initial_sid_contexts",
				93	]
				94
				95	se_policy_conf {
				96	name: "microdroid_reqd_policy_mask.conf",
				97	srcs: reqd_mask_files,
				98	installable: false,
				99	}
				100
				101	se_policy_cil {
				102	name: "microdroid_reqd_policy_mask.cil",
				103	src: ":microdroid_reqd_policy_mask.conf",
				104	secilc_check: false,
				105	installable: false,
				106	}
				107
				108	se_policy_conf {
				109	name: "microdroid_plat_sepolicy.conf",
				110	srcs: system_policy_files,
				111	installable: false,
				112	}
				113
				114	se_policy_cil {
				115	name: "microdroid_plat_sepolicy.cil",
				116	stem: "plat_sepolicy.cil",
				117	src: ":microdroid_plat_sepolicy.conf",
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	118	installable: false,
				119	}
				120
				121	se_policy_conf {
				122	name: "microdroid_plat_pub_policy.conf",
				123	srcs: system_public_policy_files,
				124	installable: false,
				125	}
				126
				127	se_policy_cil {
				128	name: "microdroid_plat_pub_policy.cil",
				129	src: ":microdroid_plat_pub_policy.conf",
				130	filter_out: [":microdroid_reqd_policy_mask.cil"],
				131	secilc_check: false,
				132	installable: false,
				133	}
				134
				135	se_versioned_policy {
				136	name: "microdroid_plat_mapping_file",
				137	base: ":microdroid_plat_pub_policy.cil",
				138	mapping: true,
				139	version: "current",
				140	relative_install_path: "mapping", // install to /system/etc/selinux/mapping
				141	installable: false,
				142	}
				143
				144	se_versioned_policy {
				145	name: "microdroid_plat_pub_versioned.cil",
				146	stem: "plat_pub_versioned.cil",
				147	base: ":microdroid_plat_pub_policy.cil",
				148	target_policy: ":microdroid_plat_pub_policy.cil",
				149	version: "current",
				150	dependent_cils: [
				151	":microdroid_plat_sepolicy.cil",
				152	":microdroid_plat_mapping_file",
				153	],
				154	installable: false,
				155	}
				156
				157	se_policy_conf {
				158	name: "microdroid_vendor_sepolicy.conf",
				159	srcs: vendor_policy_files,
				160	installable: false,
				161	}
				162
				163	se_policy_cil {
				164	name: "microdroid_vendor_sepolicy.cil.raw",
				165	src: ":microdroid_vendor_sepolicy.conf",
				166	filter_out: [":microdroid_reqd_policy_mask.cil"],
				167	secilc_check: false, // will be done in se_versioned_policy module
				168	installable: false,
				169	}
				170
				171	se_versioned_policy {
				172	name: "microdroid_vendor_sepolicy.cil",
				173	stem: "vendor_sepolicy.cil",
				174	base: ":microdroid_plat_pub_policy.cil",
				175	target_policy: ":microdroid_vendor_sepolicy.cil.raw",
				176	version: "current", // microdroid is bundled to system
				177	dependent_cils: [
				178	":microdroid_plat_sepolicy.cil",
				179	":microdroid_plat_pub_versioned.cil",
				180	":microdroid_plat_mapping_file",
				181	],
				182	filter_out: [":microdroid_plat_pub_versioned.cil"],
				183	installable: false,
				184	}
				185
				186	sepolicy_vers {
				187	name: "microdroid_plat_sepolicy_vers.txt",
				188	version: "platform",
				189	stem: "plat_sepolicy_vers.txt",
				190	installable: false,
				191	}
				192
				193	// sepolicy sha256 for vendor
				194	genrule {
				195	name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
				196	srcs: [":microdroid_plat_sepolicy.cil", ":microdroid_plat_mapping_file"],
				197	out: ["microdroid_plat_sepolicy_and_mapping.sha256"],
				198	cmd: "cat $(in) \| sha256sum \| cut -d' ' -f1 > $(out)",
				199	}
				200
				201	prebuilt_etc {
				202	name: "microdroid_plat_sepolicy_and_mapping.sha256",
				203	src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
				204	filename: "plat_sepolicy_and_mapping.sha256",
				205	relative_install_path: "selinux",
				206	installable: false,
				207	}
				208
				209	prebuilt_etc {
				210	name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
				211	src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
				212	filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
				213	relative_install_path: "selinux",
				214	installable: false,
				215	}
				216
				217	genrule {
				218	name: "microdroid_precompiled_sepolicy_gen",
				219	tools: ["secilc"],
				220	srcs: [
				221	":microdroid_plat_sepolicy.cil",
				222	":microdroid_plat_mapping_file",
				223	":microdroid_plat_pub_versioned.cil",
				224	":microdroid_vendor_sepolicy.cil",
				225	],
				226	out: ["precompiled_sepolicy"],
				227	cmd: "$(location secilc) -m -M true -G -c 30 $(in) -o $(out) -f /dev/null",
				228	}
				229
				230	prebuilt_etc {
				231	name: "microdroid_precompiled_sepolicy",
				232	src: ":microdroid_precompiled_sepolicy_gen",
				233	filename: "precompiled_sepolicy",
				234	relative_install_path: "selinux",
				235	installable: false,
				236	}
				237
				238	genrule {
				239	name: "microdroid_file_contexts.gen",
				240	srcs: ["system/private/file_contexts"],
				241	tools: ["fc_sort"],
				242	out: ["file_contexts"],
				243	cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
				244	"$(location fc_sort) -i $(out).tmp -o $(out)",
				245	}
				246
				247	prebuilt_etc {
				248	name: "microdroid_file_contexts",
				249	filename: "plat_file_contexts",
				250	src: ":microdroid_file_contexts.gen",
				251	relative_install_path: "selinux",
				252	installable: false,
				253	}
				254
				255	genrule {
				256	name: "microdroid_vendor_file_contexts.gen",
				257	srcs: ["vendor/file_contexts"],
				258	tools: ["fc_sort"],
				259	out: ["file_contexts"],
				260	cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
				261	"$(location fc_sort) -i $(out).tmp -o $(out)",
				262	}
				263
				264	prebuilt_etc {
				265	name: "microdroid_hwservice_contexts",
				266	filename: "plat_hwservice_contexts",
				267	src: "system/private/hwservice_contexts",
				268	relative_install_path: "selinux",
				269	installable: false,
				270	}
				271
				272	prebuilt_etc {
				273	name: "microdroid_property_contexts",
				274	filename: "plat_property_contexts",
				275	src: "system/private/property_contexts",
				276	relative_install_path: "selinux",
				277	installable: false,
				278	}
				279
				280	prebuilt_etc {
				281	name: "microdroid_service_contexts",
				282	filename: "plat_service_contexts",
				283	src: "system/private/service_contexts",
				284	relative_install_path: "selinux",
				285	installable: false,
				286	}
				287
				288	prebuilt_etc {
				289	name: "microdroid_keystore2_key_contexts",
				290	filename: "plat_keystore2_key_contexts",
				291	src: "system/private/keystore2_key_contexts",
				292	relative_install_path: "selinux",
				293	installable: false,
				294	}