Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 7e707248b204b95caf866a5506d7dc2fb7427ea1 / . / contexts / Android.bp
blob: 82f42ba2fb4a4ad095956941793371ddfec75852 [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kim79fdbeb2022-08-12 22:27:35 +0900[diff] [blame]26se_build_files {
27 name: "file_contexts_files",
28 srcs: ["file_contexts"],
29}
30
31se_build_files {
32 name: "file_contexts_asan_files",
33 srcs: ["file_contexts_asan"],
34}
35
36se_build_files {
37 name: "file_contexts_overlayfs_files",
38 srcs: ["file_contexts_overlayfs"],
39}
40
41se_build_files {
42 name: "hwservice_contexts_files",
43 srcs: ["hwservice_contexts"],
44}
45
46se_build_files {
47 name: "property_contexts_files",
48 srcs: ["property_contexts"],
49}
50
51se_build_files {
52 name: "service_contexts_files",
53 srcs: ["service_contexts"],
54}
55
56se_build_files {
57 name: "keystore2_key_contexts_files",
58 srcs: ["keystore2_key_contexts"],
59}
60
61se_build_files {
62 name: "seapp_contexts_files",
63 srcs: ["seapp_contexts"],
64}
65
66se_build_files {
67 name: "vndservice_contexts_files",
68 srcs: ["vndservice_contexts"],
69}
70
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]71file_contexts {
72 name: "plat_file_contexts",
73 srcs: [":file_contexts_files{.plat_private}"],
74 product_variables: {
75 address_sanitize: {
76 srcs: [":file_contexts_asan_files{.plat_private}"],
77 },
78 debuggable: {
79 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
80 },
81 },
82
83 flatten_apex: {
84 srcs: [":apex_file_contexts_files"],
85 },
86}
87
88file_contexts {
89 name: "plat_file_contexts.recovery",
90 srcs: [":file_contexts_files{.plat_private}"],
91 stem: "plat_file_contexts",
92 product_variables: {
93 address_sanitize: {
94 srcs: [":file_contexts_asan_files{.plat_private}"],
95 },
96 debuggable: {
97 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
98 },
99 },
100
101 flatten_apex: {
102 srcs: [":apex_file_contexts_files"],
103 },
104
105 recovery: true,
106}
107
108file_contexts {
109 name: "vendor_file_contexts",
110 srcs: [
111 ":file_contexts_files{.plat_vendor_for_vendor}",
112 ":file_contexts_files{.vendor}",
113 ],
114 soc_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]115}
116
117file_contexts {
118 name: "vendor_file_contexts.recovery",
119 srcs: [
120 ":file_contexts_files{.plat_vendor_for_vendor}",
121 ":file_contexts_files{.vendor}",
122 ],
123 stem: "vendor_file_contexts",
124 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]125}
126
127file_contexts {
128 name: "system_ext_file_contexts",
129 srcs: [":file_contexts_files{.system_ext_private}"],
130 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]131}
132
133file_contexts {
134 name: "system_ext_file_contexts.recovery",
135 srcs: [":file_contexts_files{.system_ext_private}"],
136 stem: "system_ext_file_contexts",
137 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]138}
139
140file_contexts {
141 name: "product_file_contexts",
142 srcs: [":file_contexts_files{.product_private}"],
143 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]144}
145
146file_contexts {
147 name: "product_file_contexts.recovery",
148 srcs: [":file_contexts_files{.product_private}"],
149 stem: "product_file_contexts",
150 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]151}
152
153file_contexts {
154 name: "odm_file_contexts",
155 srcs: [":file_contexts_files{.odm}"],
156 device_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]157}
158
159file_contexts {
160 name: "odm_file_contexts.recovery",
161 srcs: [":file_contexts_files{.odm}"],
162 stem: "odm_file_contexts",
163 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]164}
165
166hwservice_contexts {
167 name: "plat_hwservice_contexts",
168 srcs: [":hwservice_contexts_files{.plat_private}"],
169}
170
171hwservice_contexts {
172 name: "system_ext_hwservice_contexts",
173 srcs: [":hwservice_contexts_files{.system_ext_private}"],
174 system_ext_specific: true,
175}
176
177hwservice_contexts {
178 name: "product_hwservice_contexts",
179 srcs: [":hwservice_contexts_files{.product_private}"],
180 product_specific: true,
181}
182
183hwservice_contexts {
184 name: "vendor_hwservice_contexts",
185 srcs: [
186 ":hwservice_contexts_files{.plat_vendor_for_vendor}",
187 ":hwservice_contexts_files{.vendor}",
188 ":hwservice_contexts_files{.reqd_mask_for_vendor}",
189 ],
190 soc_specific: true,
191}
192
193hwservice_contexts {
194 name: "odm_hwservice_contexts",
195 srcs: [":hwservice_contexts_files{.odm}"],
196 device_specific: true,
197}
198
199property_contexts {
200 name: "plat_property_contexts",
201 srcs: [":property_contexts_files{.plat_private}"],
202}
203
204property_contexts {
205 name: "plat_property_contexts.recovery",
206 srcs: [":property_contexts_files{.plat_private}"],
207 stem: "plat_property_contexts",
208 recovery: true,
209}
210
211property_contexts {
212 name: "system_ext_property_contexts",
213 srcs: [":property_contexts_files{.system_ext_private}"],
214 system_ext_specific: true,
215 recovery_available: true,
216}
217
218property_contexts {
219 name: "product_property_contexts",
220 srcs: [":property_contexts_files{.product_private}"],
221 product_specific: true,
222 recovery_available: true,
223}
224
225property_contexts {
226 name: "vendor_property_contexts",
227 srcs: [
228 ":property_contexts_files{.plat_vendor_for_vendor}",
229 ":property_contexts_files{.vendor}",
230 ":property_contexts_files{.reqd_mask_for_vendor}",
231 ],
232 soc_specific: true,
233 recovery_available: true,
234}
235
236property_contexts {
237 name: "odm_property_contexts",
238 srcs: [":property_contexts_files{.odm}"],
239 device_specific: true,
240 recovery_available: true,
241}
242
243service_contexts {
244 name: "plat_service_contexts",
245 srcs: [":service_contexts_files{.plat_private}"],
246}
247
248service_contexts {
249 name: "plat_service_contexts.recovery",
250 srcs: [":service_contexts_files{.plat_private}"],
251 stem: "plat_service_contexts",
252 recovery: true,
253}
254
255service_contexts {
256 name: "system_ext_service_contexts",
257 srcs: [":service_contexts_files{.system_ext_private}"],
258 system_ext_specific: true,
259 recovery_available: true,
260}
261
262service_contexts {
263 name: "product_service_contexts",
264 srcs: [":service_contexts_files{.product_private}"],
265 product_specific: true,
266 recovery_available: true,
267}
268
269service_contexts {
270 name: "vendor_service_contexts",
271 srcs: [
272 ":service_contexts_files{.plat_vendor_for_vendor}",
273 ":service_contexts_files{.vendor}",
274 ":service_contexts_files{.reqd_mask_for_vendor}",
275 ],
276 soc_specific: true,
277 recovery_available: true,
278}
279
280keystore2_key_contexts {
281 name: "plat_keystore2_key_contexts",
282 srcs: [":keystore2_key_contexts_files{.plat_private}"],
283}
284
285keystore2_key_contexts {
286 name: "system_keystore2_key_contexts",
287 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
288 system_ext_specific: true,
289}
290
291keystore2_key_contexts {
292 name: "product_keystore2_key_contexts",
293 srcs: [":keystore2_key_contexts_files{.product_private}"],
294 product_specific: true,
295}
296
297keystore2_key_contexts {
298 name: "vendor_keystore2_key_contexts",
299 srcs: [
300 ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
301 ":keystore2_key_contexts_files{.vendor}",
302 ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
303 ],
304 soc_specific: true,
305}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]306
307seapp_contexts {
308 name: "plat_seapp_contexts",
309 srcs: [":seapp_contexts_files{.plat_private}"],
310 sepolicy: ":precompiled_sepolicy",
311}
312
313seapp_contexts {
314 name: "system_ext_seapp_contexts",
315 srcs: [":seapp_contexts_files{.system_ext_private}"],
316 neverallow_files: [":seapp_contexts_files{.plat_private}"],
317 system_ext_specific: true,
318 sepolicy: ":precompiled_sepolicy",
319}
320
321seapp_contexts {
322 name: "product_seapp_contexts",
323 srcs: [":seapp_contexts_files{.product_private}"],
324 neverallow_files: [
325 ":seapp_contexts_files{.plat_private}",
326 ":seapp_contexts_files{.system_ext_private}",
327 ],
328 product_specific: true,
329 sepolicy: ":precompiled_sepolicy",
330}
331
332seapp_contexts {
333 name: "vendor_seapp_contexts",
334 srcs: [
335 ":seapp_contexts_files{.plat_vendor_for_vendor}",
336 ":seapp_contexts_files{.vendor}",
337 ":seapp_contexts_files{.reqd_mask_for_vendor}",
338 ],
339 neverallow_files: [
340 ":seapp_contexts_files{.plat_private_for_vendor}",
341 ":seapp_contexts_files{.system_ext_private_for_vendor}",
342 ":seapp_contexts_files{.product_private_for_vendor}",
343 ],
344 soc_specific: true,
345 sepolicy: ":precompiled_sepolicy",
346}
347
348seapp_contexts {
349 name: "odm_seapp_contexts",
350 srcs: [
351 ":seapp_contexts_files{.odm}",
352 ],
353 neverallow_files: [
354 ":seapp_contexts_files{.plat_private_for_vendor}",
355 ":seapp_contexts_files{.system_ext_private_for_vendor}",
356 ":seapp_contexts_files{.product_private_for_vendor}",
357 ],
358 device_specific: true,
359 sepolicy: ":precompiled_sepolicy",
360}
361
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]362vndservice_contexts {
363 name: "vndservice_contexts",
364 srcs: [
365 ":vndservice_contexts_files{.plat_vendor_for_vendor}",
366 ":vndservice_contexts_files{.vendor}",
367 ":vndservice_contexts_files{.reqd_mask_for_vendor}",
368 ],
369 soc_specific: true,
370}
371
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]372// for CTS
373genrule {
374 name: "plat_seapp_neverallows",
375 srcs: [
376 ":seapp_contexts_files{.plat_private}",
377 ":seapp_contexts_files{.system_ext_private}",
378 ":seapp_contexts_files{.product_private}",
379 ],
380 out: ["plat_seapp_neverallows"],
381 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
382}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]383
384//////////////////////////////////
385// Run host-side test with contexts files and the sepolicy file
386file_contexts_test {
387 name: "plat_file_contexts_test",
388 srcs: [":plat_file_contexts"],
389 sepolicy: ":precompiled_sepolicy",
390}
391
392file_contexts_test {
393 name: "system_ext_file_contexts_test",
394 srcs: [":system_ext_file_contexts"],
395 sepolicy: ":precompiled_sepolicy",
396}
397
398file_contexts_test {
399 name: "product_file_contexts_test",
400 srcs: [":product_file_contexts"],
401 sepolicy: ":precompiled_sepolicy",
402}
403
404file_contexts_test {
405 name: "vendor_file_contexts_test",
406 srcs: [":vendor_file_contexts"],
407 sepolicy: ":precompiled_sepolicy",
408}
409
410file_contexts_test {
411 name: "odm_file_contexts_test",
412 srcs: [":odm_file_contexts"],
413 sepolicy: ":precompiled_sepolicy",
414}
415
416hwservice_contexts_test {
417 name: "plat_hwservice_contexts_test",
418 srcs: [":plat_hwservice_contexts"],
419 sepolicy: ":precompiled_sepolicy",
420}
421
422hwservice_contexts_test {
423 name: "system_ext_hwservice_contexts_test",
424 srcs: [":system_ext_hwservice_contexts"],
425 sepolicy: ":precompiled_sepolicy",
426}
427
428hwservice_contexts_test {
429 name: "product_hwservice_contexts_test",
430 srcs: [":product_hwservice_contexts"],
431 sepolicy: ":precompiled_sepolicy",
432}
433
434hwservice_contexts_test {
435 name: "vendor_hwservice_contexts_test",
436 srcs: [":vendor_hwservice_contexts"],
437 sepolicy: ":precompiled_sepolicy",
438}
439
440hwservice_contexts_test {
441 name: "odm_hwservice_contexts_test",
442 srcs: [":odm_hwservice_contexts"],
443 sepolicy: ":precompiled_sepolicy",
444}
445
446property_contexts_test {
447 name: "plat_property_contexts_test",
448 srcs: [":plat_property_contexts"],
449 sepolicy: ":precompiled_sepolicy",
450}
451
452property_contexts_test {
453 name: "system_ext_property_contexts_test",
454 srcs: [
455 ":plat_property_contexts",
456 ":system_ext_property_contexts",
457 ],
458 sepolicy: ":precompiled_sepolicy",
459}
460
461property_contexts_test {
462 name: "product_property_contexts_test",
463 srcs: [
464 ":plat_property_contexts",
465 ":system_ext_property_contexts",
466 ":product_property_contexts",
467 ],
468 sepolicy: ":precompiled_sepolicy",
469}
470
471property_contexts_test {
472 name: "vendor_property_contexts_test",
473 srcs: [
474 ":plat_property_contexts",
475 ":system_ext_property_contexts",
476 ":product_property_contexts",
477 ":vendor_property_contexts",
478 ],
479 sepolicy: ":precompiled_sepolicy",
480}
481
482property_contexts_test {
483 name: "odm_property_contexts_test",
484 srcs: [
485 ":plat_property_contexts",
486 ":system_ext_property_contexts",
487 ":product_property_contexts",
488 ":vendor_property_contexts",
489 ":odm_property_contexts",
490 ],
491 sepolicy: ":precompiled_sepolicy",
492}
493
494service_contexts_test {
495 name: "plat_service_contexts_test",
496 srcs: [":plat_service_contexts"],
497 sepolicy: ":precompiled_sepolicy",
498}
499
500service_contexts_test {
501 name: "system_ext_service_contexts_test",
502 srcs: [":system_ext_service_contexts"],
503 sepolicy: ":precompiled_sepolicy",
504}
505
506service_contexts_test {
507 name: "product_service_contexts_test",
508 srcs: [":product_service_contexts"],
509 sepolicy: ":precompiled_sepolicy",
510}
511
512service_contexts_test {
513 name: "vendor_service_contexts_test",
514 srcs: [":vendor_service_contexts"],
515 sepolicy: ":precompiled_sepolicy",
516}
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]517
518vndservice_contexts_test {
519 name: "vndservice_contexts_test",
520 srcs: [":vndservice_contexts"],
521 sepolicy: ":precompiled_sepolicy",
522}
Pawan0ecf99d2022-09-12 23:20:53 +0000[diff] [blame]523
524fuzzer_bindings_test {
525 name: "fuzzer_bindings_test",
526 srcs: [":plat_service_contexts"],
527}