blob: 9bb6408956631e10ed9586379a7b69c457dbec1b [file] [log] [blame]
Inseob Kimff43be22021-06-07 16:56:56 +09001system_policy_files = [
2 "system/private/security_classes",
3 "system/private/initial_sids",
4 "system/private/access_vectors",
5 "system/public/global_macros",
6 "system/public/neverallow_macros",
7 "system/private/mls_macros",
8 "system/private/mls_decl",
9 "system/private/mls",
10 "system/private/policy_capabilities",
11 "system/public/te_macros",
12 "system/public/attributes",
13 "system/private/attributes",
14 "system/public/ioctl_defines",
15 "system/public/ioctl_macros",
16 "system/public/*.te",
17 "system/private/*.te",
18 "system/private/roles_decl",
19 "system/public/roles",
20 "system/private/users",
21 "system/private/initial_sid_contexts",
22 "system/private/fs_use",
23 "system/private/genfs_contexts",
24 "system/private/port_contexts",
25]
26
27reqd_mask_files = [
28 "reqd_mask/security_classes",
29 "reqd_mask/initial_sids",
30 "reqd_mask/access_vectors",
31 "reqd_mask/mls_macros",
32 "reqd_mask/mls_decl",
33 "reqd_mask/mls",
34 "reqd_mask/reqd_mask.te",
35 "reqd_mask/roles_decl",
36 "reqd_mask/roles",
37 "reqd_mask/users",
38 "reqd_mask/initial_sid_contexts",
39]
40
41system_public_policy_files = [
42 "reqd_mask/security_classes",
43 "reqd_mask/initial_sids",
44 "reqd_mask/access_vectors",
45 "system/public/global_macros",
46 "system/public/neverallow_macros",
47 "reqd_mask/mls_macros",
48 "reqd_mask/mls_decl",
49 "reqd_mask/mls",
50 "system/public/te_macros",
51 "system/public/attributes",
52 "system/public/ioctl_defines",
53 "system/public/ioctl_macros",
54 "system/public/*.te",
55 "reqd_mask/reqd_mask.te",
56 "reqd_mask/roles_decl",
57 "reqd_mask/roles",
58 "system/public/roles",
59 "reqd_mask/users",
60 "reqd_mask/initial_sid_contexts",
61]
62
63vendor_policy_files = [
64 "reqd_mask/security_classes",
65 "reqd_mask/initial_sids",
66 "reqd_mask/access_vectors",
67 "system/public/global_macros",
68 "system/public/neverallow_macros",
69 "reqd_mask/mls_macros",
70 "reqd_mask/mls_decl",
71 "reqd_mask/mls",
72 "system/public/te_macros",
73 "system/public/attributes",
74 "system/public/ioctl_defines",
75 "system/public/ioctl_macros",
76 "system/public/*.te",
77 "reqd_mask/reqd_mask.te",
78 "vendor/*.te",
79 "reqd_mask/roles_decl",
80 "reqd_mask/roles",
81 "system/public/roles",
82 "reqd_mask/users",
83 "reqd_mask/initial_sid_contexts",
84]
85
86se_policy_conf {
87 name: "microdroid_reqd_policy_mask.conf",
88 srcs: reqd_mask_files,
89 installable: false,
90}
91
92se_policy_cil {
93 name: "microdroid_reqd_policy_mask.cil",
94 src: ":microdroid_reqd_policy_mask.conf",
95 secilc_check: false,
96 installable: false,
97}
98
99se_policy_conf {
100 name: "microdroid_plat_sepolicy.conf",
101 srcs: system_policy_files,
102 installable: false,
103}
104
105se_policy_cil {
106 name: "microdroid_plat_sepolicy.cil",
107 stem: "plat_sepolicy.cil",
108 src: ":microdroid_plat_sepolicy.conf",
109 additional_cil_files: ["system/private/technical_debt.cil"],
110 installable: false,
111}
112
113se_policy_conf {
114 name: "microdroid_plat_pub_policy.conf",
115 srcs: system_public_policy_files,
116 installable: false,
117}
118
119se_policy_cil {
120 name: "microdroid_plat_pub_policy.cil",
121 src: ":microdroid_plat_pub_policy.conf",
122 filter_out: [":microdroid_reqd_policy_mask.cil"],
123 secilc_check: false,
124 installable: false,
125}
126
127se_versioned_policy {
128 name: "microdroid_plat_mapping_file",
129 base: ":microdroid_plat_pub_policy.cil",
130 mapping: true,
131 version: "current",
132 relative_install_path: "mapping", // install to /system/etc/selinux/mapping
133 installable: false,
134}
135
136se_versioned_policy {
137 name: "microdroid_plat_pub_versioned.cil",
138 stem: "plat_pub_versioned.cil",
139 base: ":microdroid_plat_pub_policy.cil",
140 target_policy: ":microdroid_plat_pub_policy.cil",
141 version: "current",
142 dependent_cils: [
143 ":microdroid_plat_sepolicy.cil",
144 ":microdroid_plat_mapping_file",
145 ],
146 installable: false,
147}
148
149se_policy_conf {
150 name: "microdroid_vendor_sepolicy.conf",
151 srcs: vendor_policy_files,
152 installable: false,
153}
154
155se_policy_cil {
156 name: "microdroid_vendor_sepolicy.cil.raw",
157 src: ":microdroid_vendor_sepolicy.conf",
158 filter_out: [":microdroid_reqd_policy_mask.cil"],
159 secilc_check: false, // will be done in se_versioned_policy module
160 installable: false,
161}
162
163se_versioned_policy {
164 name: "microdroid_vendor_sepolicy.cil",
165 stem: "vendor_sepolicy.cil",
166 base: ":microdroid_plat_pub_policy.cil",
167 target_policy: ":microdroid_vendor_sepolicy.cil.raw",
168 version: "current", // microdroid is bundled to system
169 dependent_cils: [
170 ":microdroid_plat_sepolicy.cil",
171 ":microdroid_plat_pub_versioned.cil",
172 ":microdroid_plat_mapping_file",
173 ],
174 filter_out: [":microdroid_plat_pub_versioned.cil"],
175 installable: false,
176}
177
178sepolicy_vers {
179 name: "microdroid_plat_sepolicy_vers.txt",
180 version: "platform",
181 stem: "plat_sepolicy_vers.txt",
182 installable: false,
183}
184
185// sepolicy sha256 for vendor
186genrule {
187 name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
188 srcs: [":microdroid_plat_sepolicy.cil", ":microdroid_plat_mapping_file"],
189 out: ["microdroid_plat_sepolicy_and_mapping.sha256"],
190 cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
191}
192
193prebuilt_etc {
194 name: "microdroid_plat_sepolicy_and_mapping.sha256",
195 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
196 filename: "plat_sepolicy_and_mapping.sha256",
197 relative_install_path: "selinux",
198 installable: false,
199}
200
201prebuilt_etc {
202 name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
203 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
204 filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
205 relative_install_path: "selinux",
206 installable: false,
207}
208
209genrule {
210 name: "microdroid_precompiled_sepolicy_gen",
211 tools: ["secilc"],
212 srcs: [
213 ":microdroid_plat_sepolicy.cil",
214 ":microdroid_plat_mapping_file",
215 ":microdroid_plat_pub_versioned.cil",
216 ":microdroid_vendor_sepolicy.cil",
217 ],
218 out: ["precompiled_sepolicy"],
219 cmd: "$(location secilc) -m -M true -G -c 30 $(in) -o $(out) -f /dev/null",
220}
221
222prebuilt_etc {
223 name: "microdroid_precompiled_sepolicy",
224 src: ":microdroid_precompiled_sepolicy_gen",
225 filename: "precompiled_sepolicy",
226 relative_install_path: "selinux",
227 installable: false,
228}
229
230genrule {
231 name: "microdroid_file_contexts.gen",
232 srcs: ["system/private/file_contexts"],
233 tools: ["fc_sort"],
234 out: ["file_contexts"],
235 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
236 "$(location fc_sort) -i $(out).tmp -o $(out)",
237}
238
239prebuilt_etc {
240 name: "microdroid_file_contexts",
241 filename: "plat_file_contexts",
242 src: ":microdroid_file_contexts.gen",
243 relative_install_path: "selinux",
244 installable: false,
245}
246
247genrule {
248 name: "microdroid_vendor_file_contexts.gen",
249 srcs: ["vendor/file_contexts"],
250 tools: ["fc_sort"],
251 out: ["file_contexts"],
252 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
253 "$(location fc_sort) -i $(out).tmp -o $(out)",
254}
255
256prebuilt_etc {
257 name: "microdroid_hwservice_contexts",
258 filename: "plat_hwservice_contexts",
259 src: "system/private/hwservice_contexts",
260 relative_install_path: "selinux",
261 installable: false,
262}
263
264prebuilt_etc {
265 name: "microdroid_property_contexts",
266 filename: "plat_property_contexts",
267 src: "system/private/property_contexts",
268 relative_install_path: "selinux",
269 installable: false,
270}
271
272prebuilt_etc {
273 name: "microdroid_service_contexts",
274 filename: "plat_service_contexts",
275 src: "system/private/service_contexts",
276 relative_install_path: "selinux",
277 installable: false,
278}
279
280prebuilt_etc {
281 name: "microdroid_keystore2_key_contexts",
282 filename: "plat_keystore2_key_contexts",
283 src: "system/private/keystore2_key_contexts",
284 relative_install_path: "selinux",
285 installable: false,
286}