Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / ec5012d888cabce13e9a075a84d1f754d76b870d / . / microdroid / sepolicy / Android.bp
blob: 64881535f2fbc7987a15ff8657b5396ed316554a [file] [log] [blame]
Bob Badour17187b02021-06-14 16:37:09 -0700[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "packages_modules_Virtualization_license"
5 // to get the below license kinds:
6 // legacy_unencumbered
7 default_applicable_licenses: ["packages_modules_Virtualization_license"],
8}
9
Inseob Kimff43be22021-06-07 16:56:56 +0900[diff] [blame]10system_policy_files = [
11 "system/private/security_classes",
12 "system/private/initial_sids",
13 "system/private/access_vectors",
14 "system/public/global_macros",
15 "system/public/neverallow_macros",
16 "system/private/mls_macros",
17 "system/private/mls_decl",
18 "system/private/mls",
19 "system/private/policy_capabilities",
20 "system/public/te_macros",
21 "system/public/attributes",
22 "system/private/attributes",
23 "system/public/ioctl_defines",
24 "system/public/ioctl_macros",
25 "system/public/*.te",
26 "system/private/*.te",
27 "system/private/roles_decl",
28 "system/public/roles",
29 "system/private/users",
30 "system/private/initial_sid_contexts",
31 "system/private/fs_use",
32 "system/private/genfs_contexts",
33 "system/private/port_contexts",
34]
35
36reqd_mask_files = [
37 "reqd_mask/security_classes",
38 "reqd_mask/initial_sids",
39 "reqd_mask/access_vectors",
40 "reqd_mask/mls_macros",
41 "reqd_mask/mls_decl",
42 "reqd_mask/mls",
43 "reqd_mask/reqd_mask.te",
44 "reqd_mask/roles_decl",
45 "reqd_mask/roles",
46 "reqd_mask/users",
47 "reqd_mask/initial_sid_contexts",
48]
49
50system_public_policy_files = [
51 "reqd_mask/security_classes",
52 "reqd_mask/initial_sids",
53 "reqd_mask/access_vectors",
54 "system/public/global_macros",
55 "system/public/neverallow_macros",
56 "reqd_mask/mls_macros",
57 "reqd_mask/mls_decl",
58 "reqd_mask/mls",
59 "system/public/te_macros",
60 "system/public/attributes",
61 "system/public/ioctl_defines",
62 "system/public/ioctl_macros",
63 "system/public/*.te",
64 "reqd_mask/reqd_mask.te",
65 "reqd_mask/roles_decl",
66 "reqd_mask/roles",
67 "system/public/roles",
68 "reqd_mask/users",
69 "reqd_mask/initial_sid_contexts",
70]
71
72vendor_policy_files = [
73 "reqd_mask/security_classes",
74 "reqd_mask/initial_sids",
75 "reqd_mask/access_vectors",
76 "system/public/global_macros",
77 "system/public/neverallow_macros",
78 "reqd_mask/mls_macros",
79 "reqd_mask/mls_decl",
80 "reqd_mask/mls",
81 "system/public/te_macros",
82 "system/public/attributes",
83 "system/public/ioctl_defines",
84 "system/public/ioctl_macros",
85 "system/public/*.te",
86 "reqd_mask/reqd_mask.te",
87 "vendor/*.te",
88 "reqd_mask/roles_decl",
89 "reqd_mask/roles",
90 "system/public/roles",
91 "reqd_mask/users",
92 "reqd_mask/initial_sid_contexts",
93]
94
95se_policy_conf {
96 name: "microdroid_reqd_policy_mask.conf",
97 srcs: reqd_mask_files,
98 installable: false,
99}
100
101se_policy_cil {
102 name: "microdroid_reqd_policy_mask.cil",
103 src: ":microdroid_reqd_policy_mask.conf",
104 secilc_check: false,
105 installable: false,
106}
107
108se_policy_conf {
109 name: "microdroid_plat_sepolicy.conf",
110 srcs: system_policy_files,
111 installable: false,
112}
113
114se_policy_cil {
115 name: "microdroid_plat_sepolicy.cil",
116 stem: "plat_sepolicy.cil",
117 src: ":microdroid_plat_sepolicy.conf",
118 additional_cil_files: ["system/private/technical_debt.cil"],
119 installable: false,
120}
121
122se_policy_conf {
123 name: "microdroid_plat_pub_policy.conf",
124 srcs: system_public_policy_files,
125 installable: false,
126}
127
128se_policy_cil {
129 name: "microdroid_plat_pub_policy.cil",
130 src: ":microdroid_plat_pub_policy.conf",
131 filter_out: [":microdroid_reqd_policy_mask.cil"],
132 secilc_check: false,
133 installable: false,
134}
135
136se_versioned_policy {
137 name: "microdroid_plat_mapping_file",
138 base: ":microdroid_plat_pub_policy.cil",
139 mapping: true,
140 version: "current",
141 relative_install_path: "mapping", // install to /system/etc/selinux/mapping
142 installable: false,
143}
144
145se_versioned_policy {
146 name: "microdroid_plat_pub_versioned.cil",
147 stem: "plat_pub_versioned.cil",
148 base: ":microdroid_plat_pub_policy.cil",
149 target_policy: ":microdroid_plat_pub_policy.cil",
150 version: "current",
151 dependent_cils: [
152 ":microdroid_plat_sepolicy.cil",
153 ":microdroid_plat_mapping_file",
154 ],
155 installable: false,
156}
157
158se_policy_conf {
159 name: "microdroid_vendor_sepolicy.conf",
160 srcs: vendor_policy_files,
161 installable: false,
162}
163
164se_policy_cil {
165 name: "microdroid_vendor_sepolicy.cil.raw",
166 src: ":microdroid_vendor_sepolicy.conf",
167 filter_out: [":microdroid_reqd_policy_mask.cil"],
168 secilc_check: false, // will be done in se_versioned_policy module
169 installable: false,
170}
171
172se_versioned_policy {
173 name: "microdroid_vendor_sepolicy.cil",
174 stem: "vendor_sepolicy.cil",
175 base: ":microdroid_plat_pub_policy.cil",
176 target_policy: ":microdroid_vendor_sepolicy.cil.raw",
177 version: "current", // microdroid is bundled to system
178 dependent_cils: [
179 ":microdroid_plat_sepolicy.cil",
180 ":microdroid_plat_pub_versioned.cil",
181 ":microdroid_plat_mapping_file",
182 ],
183 filter_out: [":microdroid_plat_pub_versioned.cil"],
184 installable: false,
185}
186
187sepolicy_vers {
188 name: "microdroid_plat_sepolicy_vers.txt",
189 version: "platform",
190 stem: "plat_sepolicy_vers.txt",
191 installable: false,
192}
193
194// sepolicy sha256 for vendor
195genrule {
196 name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
197 srcs: [":microdroid_plat_sepolicy.cil", ":microdroid_plat_mapping_file"],
198 out: ["microdroid_plat_sepolicy_and_mapping.sha256"],
199 cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
200}
201
202prebuilt_etc {
203 name: "microdroid_plat_sepolicy_and_mapping.sha256",
204 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
205 filename: "plat_sepolicy_and_mapping.sha256",
206 relative_install_path: "selinux",
207 installable: false,
208}
209
210prebuilt_etc {
211 name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
212 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
213 filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
214 relative_install_path: "selinux",
215 installable: false,
216}
217
218genrule {
219 name: "microdroid_precompiled_sepolicy_gen",
220 tools: ["secilc"],
221 srcs: [
222 ":microdroid_plat_sepolicy.cil",
223 ":microdroid_plat_mapping_file",
224 ":microdroid_plat_pub_versioned.cil",
225 ":microdroid_vendor_sepolicy.cil",
226 ],
227 out: ["precompiled_sepolicy"],
228 cmd: "$(location secilc) -m -M true -G -c 30 $(in) -o $(out) -f /dev/null",
229}
230
231prebuilt_etc {
232 name: "microdroid_precompiled_sepolicy",
233 src: ":microdroid_precompiled_sepolicy_gen",
234 filename: "precompiled_sepolicy",
235 relative_install_path: "selinux",
236 installable: false,
237}
238
239genrule {
240 name: "microdroid_file_contexts.gen",
241 srcs: ["system/private/file_contexts"],
242 tools: ["fc_sort"],
243 out: ["file_contexts"],
244 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
245 "$(location fc_sort) -i $(out).tmp -o $(out)",
246}
247
248prebuilt_etc {
249 name: "microdroid_file_contexts",
250 filename: "plat_file_contexts",
251 src: ":microdroid_file_contexts.gen",
252 relative_install_path: "selinux",
253 installable: false,
254}
255
256genrule {
257 name: "microdroid_vendor_file_contexts.gen",
258 srcs: ["vendor/file_contexts"],
259 tools: ["fc_sort"],
260 out: ["file_contexts"],
261 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
262 "$(location fc_sort) -i $(out).tmp -o $(out)",
263}
264
265prebuilt_etc {
266 name: "microdroid_hwservice_contexts",
267 filename: "plat_hwservice_contexts",
268 src: "system/private/hwservice_contexts",
269 relative_install_path: "selinux",
270 installable: false,
271}
272
273prebuilt_etc {
274 name: "microdroid_property_contexts",
275 filename: "plat_property_contexts",
276 src: "system/private/property_contexts",
277 relative_install_path: "selinux",
278 installable: false,
279}
280
281prebuilt_etc {
282 name: "microdroid_service_contexts",
283 filename: "plat_service_contexts",
284 src: "system/private/service_contexts",
285 relative_install_path: "selinux",
286 installable: false,
287}
288
289prebuilt_etc {
290 name: "microdroid_keystore2_key_contexts",
291 filename: "plat_keystore2_key_contexts",
292 src: "system/private/keystore2_key_contexts",
293 relative_install_path: "selinux",
294 installable: false,
295}