Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3bb2033eb15b53a7da29c592d3a1816ce861013b / . / contexts / Android.bp
blob: d5cd8aef6df4f045d9af98ce0640e40bdbe0487c [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kim79fdbeb2022-08-12 22:27:35 +0900[diff] [blame]26se_build_files {
27 name: "file_contexts_files",
28 srcs: ["file_contexts"],
29}
30
31se_build_files {
32 name: "file_contexts_asan_files",
33 srcs: ["file_contexts_asan"],
34}
35
36se_build_files {
37 name: "file_contexts_overlayfs_files",
38 srcs: ["file_contexts_overlayfs"],
39}
40
41se_build_files {
42 name: "hwservice_contexts_files",
43 srcs: ["hwservice_contexts"],
44}
45
46se_build_files {
47 name: "property_contexts_files",
48 srcs: ["property_contexts"],
49}
50
51se_build_files {
52 name: "service_contexts_files",
53 srcs: ["service_contexts"],
54}
55
56se_build_files {
57 name: "keystore2_key_contexts_files",
58 srcs: ["keystore2_key_contexts"],
59}
60
61se_build_files {
62 name: "seapp_contexts_files",
63 srcs: ["seapp_contexts"],
64}
65
66se_build_files {
67 name: "vndservice_contexts_files",
68 srcs: ["vndservice_contexts"],
69}
70
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]71file_contexts {
72 name: "plat_file_contexts",
73 srcs: [":file_contexts_files{.plat_private}"],
74 product_variables: {
75 address_sanitize: {
76 srcs: [":file_contexts_asan_files{.plat_private}"],
77 },
78 debuggable: {
79 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
80 },
81 },
82
83 flatten_apex: {
84 srcs: [":apex_file_contexts_files"],
85 },
86}
87
88file_contexts {
89 name: "plat_file_contexts.recovery",
90 srcs: [":file_contexts_files{.plat_private}"],
91 stem: "plat_file_contexts",
92 product_variables: {
93 address_sanitize: {
94 srcs: [":file_contexts_asan_files{.plat_private}"],
95 },
96 debuggable: {
97 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
98 },
99 },
100
101 flatten_apex: {
102 srcs: [":apex_file_contexts_files"],
103 },
104
105 recovery: true,
106}
107
108file_contexts {
109 name: "vendor_file_contexts",
110 srcs: [
111 ":file_contexts_files{.plat_vendor_for_vendor}",
112 ":file_contexts_files{.vendor}",
113 ],
114 soc_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]115}
116
117file_contexts {
118 name: "vendor_file_contexts.recovery",
119 srcs: [
120 ":file_contexts_files{.plat_vendor_for_vendor}",
121 ":file_contexts_files{.vendor}",
122 ],
123 stem: "vendor_file_contexts",
124 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]125}
126
127file_contexts {
128 name: "system_ext_file_contexts",
129 srcs: [":file_contexts_files{.system_ext_private}"],
130 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]131}
132
133file_contexts {
134 name: "system_ext_file_contexts.recovery",
135 srcs: [":file_contexts_files{.system_ext_private}"],
136 stem: "system_ext_file_contexts",
137 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]138}
139
140file_contexts {
141 name: "product_file_contexts",
142 srcs: [":file_contexts_files{.product_private}"],
143 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]144}
145
146file_contexts {
147 name: "product_file_contexts.recovery",
148 srcs: [":file_contexts_files{.product_private}"],
149 stem: "product_file_contexts",
150 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]151}
152
153file_contexts {
154 name: "odm_file_contexts",
155 srcs: [":file_contexts_files{.odm}"],
156 device_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]157}
158
159file_contexts {
160 name: "odm_file_contexts.recovery",
161 srcs: [":file_contexts_files{.odm}"],
162 stem: "odm_file_contexts",
163 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]164}
165
166hwservice_contexts {
167 name: "plat_hwservice_contexts",
168 srcs: [":hwservice_contexts_files{.plat_private}"],
169}
170
171hwservice_contexts {
172 name: "system_ext_hwservice_contexts",
173 srcs: [":hwservice_contexts_files{.system_ext_private}"],
174 system_ext_specific: true,
175}
176
177hwservice_contexts {
178 name: "product_hwservice_contexts",
179 srcs: [":hwservice_contexts_files{.product_private}"],
180 product_specific: true,
181}
182
183hwservice_contexts {
184 name: "vendor_hwservice_contexts",
185 srcs: [
186 ":hwservice_contexts_files{.plat_vendor_for_vendor}",
187 ":hwservice_contexts_files{.vendor}",
188 ":hwservice_contexts_files{.reqd_mask_for_vendor}",
189 ],
190 soc_specific: true,
191}
192
193hwservice_contexts {
194 name: "odm_hwservice_contexts",
195 srcs: [":hwservice_contexts_files{.odm}"],
196 device_specific: true,
197}
198
199property_contexts {
200 name: "plat_property_contexts",
201 srcs: [":property_contexts_files{.plat_private}"],
202}
203
204property_contexts {
205 name: "plat_property_contexts.recovery",
206 srcs: [":property_contexts_files{.plat_private}"],
207 stem: "plat_property_contexts",
208 recovery: true,
209}
210
211property_contexts {
212 name: "system_ext_property_contexts",
213 srcs: [":property_contexts_files{.system_ext_private}"],
214 system_ext_specific: true,
215 recovery_available: true,
216}
217
218property_contexts {
219 name: "product_property_contexts",
220 srcs: [":property_contexts_files{.product_private}"],
221 product_specific: true,
222 recovery_available: true,
223}
224
225property_contexts {
226 name: "vendor_property_contexts",
227 srcs: [
228 ":property_contexts_files{.plat_vendor_for_vendor}",
229 ":property_contexts_files{.vendor}",
230 ":property_contexts_files{.reqd_mask_for_vendor}",
231 ],
232 soc_specific: true,
233 recovery_available: true,
234}
235
236property_contexts {
237 name: "odm_property_contexts",
238 srcs: [":property_contexts_files{.odm}"],
239 device_specific: true,
240 recovery_available: true,
241}
242
243service_contexts {
244 name: "plat_service_contexts",
245 srcs: [":service_contexts_files{.plat_private}"],
246}
247
248service_contexts {
249 name: "plat_service_contexts.recovery",
250 srcs: [":service_contexts_files{.plat_private}"],
251 stem: "plat_service_contexts",
252 recovery: true,
253}
254
255service_contexts {
256 name: "system_ext_service_contexts",
257 srcs: [":service_contexts_files{.system_ext_private}"],
258 system_ext_specific: true,
259 recovery_available: true,
260}
261
262service_contexts {
263 name: "product_service_contexts",
264 srcs: [":service_contexts_files{.product_private}"],
265 product_specific: true,
266 recovery_available: true,
267}
268
269service_contexts {
270 name: "vendor_service_contexts",
271 srcs: [
272 ":service_contexts_files{.plat_vendor_for_vendor}",
273 ":service_contexts_files{.vendor}",
274 ":service_contexts_files{.reqd_mask_for_vendor}",
275 ],
276 soc_specific: true,
277 recovery_available: true,
278}
279
Inseob Kim3bb20332022-10-24 20:41:45 +0900[diff] [blame^]280service_contexts {
281 name: "odm_service_contexts",
282 srcs: [
283 ":service_contexts_files{.odm}",
284 ],
285 device_specific: true,
286 recovery_available: true,
287}
288
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]289keystore2_key_contexts {
290 name: "plat_keystore2_key_contexts",
291 srcs: [":keystore2_key_contexts_files{.plat_private}"],
292}
293
294keystore2_key_contexts {
295 name: "system_keystore2_key_contexts",
296 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
297 system_ext_specific: true,
298}
299
300keystore2_key_contexts {
301 name: "product_keystore2_key_contexts",
302 srcs: [":keystore2_key_contexts_files{.product_private}"],
303 product_specific: true,
304}
305
306keystore2_key_contexts {
307 name: "vendor_keystore2_key_contexts",
308 srcs: [
309 ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
310 ":keystore2_key_contexts_files{.vendor}",
311 ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
312 ],
313 soc_specific: true,
314}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]315
316seapp_contexts {
317 name: "plat_seapp_contexts",
318 srcs: [":seapp_contexts_files{.plat_private}"],
319 sepolicy: ":precompiled_sepolicy",
320}
321
322seapp_contexts {
323 name: "system_ext_seapp_contexts",
324 srcs: [":seapp_contexts_files{.system_ext_private}"],
325 neverallow_files: [":seapp_contexts_files{.plat_private}"],
326 system_ext_specific: true,
327 sepolicy: ":precompiled_sepolicy",
328}
329
330seapp_contexts {
331 name: "product_seapp_contexts",
332 srcs: [":seapp_contexts_files{.product_private}"],
333 neverallow_files: [
334 ":seapp_contexts_files{.plat_private}",
335 ":seapp_contexts_files{.system_ext_private}",
336 ],
337 product_specific: true,
338 sepolicy: ":precompiled_sepolicy",
339}
340
341seapp_contexts {
342 name: "vendor_seapp_contexts",
343 srcs: [
344 ":seapp_contexts_files{.plat_vendor_for_vendor}",
345 ":seapp_contexts_files{.vendor}",
346 ":seapp_contexts_files{.reqd_mask_for_vendor}",
347 ],
348 neverallow_files: [
349 ":seapp_contexts_files{.plat_private_for_vendor}",
350 ":seapp_contexts_files{.system_ext_private_for_vendor}",
351 ":seapp_contexts_files{.product_private_for_vendor}",
352 ],
353 soc_specific: true,
354 sepolicy: ":precompiled_sepolicy",
355}
356
357seapp_contexts {
358 name: "odm_seapp_contexts",
359 srcs: [
360 ":seapp_contexts_files{.odm}",
361 ],
362 neverallow_files: [
363 ":seapp_contexts_files{.plat_private_for_vendor}",
364 ":seapp_contexts_files{.system_ext_private_for_vendor}",
365 ":seapp_contexts_files{.product_private_for_vendor}",
366 ],
367 device_specific: true,
368 sepolicy: ":precompiled_sepolicy",
369}
370
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]371vndservice_contexts {
372 name: "vndservice_contexts",
373 srcs: [
374 ":vndservice_contexts_files{.plat_vendor_for_vendor}",
375 ":vndservice_contexts_files{.vendor}",
376 ":vndservice_contexts_files{.reqd_mask_for_vendor}",
377 ],
378 soc_specific: true,
379}
380
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]381// for CTS
382genrule {
383 name: "plat_seapp_neverallows",
384 srcs: [
385 ":seapp_contexts_files{.plat_private}",
386 ":seapp_contexts_files{.system_ext_private}",
387 ":seapp_contexts_files{.product_private}",
388 ],
389 out: ["plat_seapp_neverallows"],
390 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
391}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]392
393//////////////////////////////////
394// Run host-side test with contexts files and the sepolicy file
395file_contexts_test {
396 name: "plat_file_contexts_test",
397 srcs: [":plat_file_contexts"],
398 sepolicy: ":precompiled_sepolicy",
399}
400
401file_contexts_test {
402 name: "system_ext_file_contexts_test",
403 srcs: [":system_ext_file_contexts"],
404 sepolicy: ":precompiled_sepolicy",
405}
406
407file_contexts_test {
408 name: "product_file_contexts_test",
409 srcs: [":product_file_contexts"],
410 sepolicy: ":precompiled_sepolicy",
411}
412
413file_contexts_test {
414 name: "vendor_file_contexts_test",
415 srcs: [":vendor_file_contexts"],
416 sepolicy: ":precompiled_sepolicy",
417}
418
419file_contexts_test {
420 name: "odm_file_contexts_test",
421 srcs: [":odm_file_contexts"],
422 sepolicy: ":precompiled_sepolicy",
423}
424
425hwservice_contexts_test {
426 name: "plat_hwservice_contexts_test",
427 srcs: [":plat_hwservice_contexts"],
428 sepolicy: ":precompiled_sepolicy",
429}
430
431hwservice_contexts_test {
432 name: "system_ext_hwservice_contexts_test",
433 srcs: [":system_ext_hwservice_contexts"],
434 sepolicy: ":precompiled_sepolicy",
435}
436
437hwservice_contexts_test {
438 name: "product_hwservice_contexts_test",
439 srcs: [":product_hwservice_contexts"],
440 sepolicy: ":precompiled_sepolicy",
441}
442
443hwservice_contexts_test {
444 name: "vendor_hwservice_contexts_test",
445 srcs: [":vendor_hwservice_contexts"],
446 sepolicy: ":precompiled_sepolicy",
447}
448
449hwservice_contexts_test {
450 name: "odm_hwservice_contexts_test",
451 srcs: [":odm_hwservice_contexts"],
452 sepolicy: ":precompiled_sepolicy",
453}
454
455property_contexts_test {
456 name: "plat_property_contexts_test",
457 srcs: [":plat_property_contexts"],
458 sepolicy: ":precompiled_sepolicy",
459}
460
461property_contexts_test {
462 name: "system_ext_property_contexts_test",
463 srcs: [
464 ":plat_property_contexts",
465 ":system_ext_property_contexts",
466 ],
467 sepolicy: ":precompiled_sepolicy",
468}
469
470property_contexts_test {
471 name: "product_property_contexts_test",
472 srcs: [
473 ":plat_property_contexts",
474 ":system_ext_property_contexts",
475 ":product_property_contexts",
476 ],
477 sepolicy: ":precompiled_sepolicy",
478}
479
480property_contexts_test {
481 name: "vendor_property_contexts_test",
482 srcs: [
483 ":plat_property_contexts",
484 ":system_ext_property_contexts",
485 ":product_property_contexts",
486 ":vendor_property_contexts",
487 ],
488 sepolicy: ":precompiled_sepolicy",
489}
490
491property_contexts_test {
492 name: "odm_property_contexts_test",
493 srcs: [
494 ":plat_property_contexts",
495 ":system_ext_property_contexts",
496 ":product_property_contexts",
497 ":vendor_property_contexts",
498 ":odm_property_contexts",
499 ],
500 sepolicy: ":precompiled_sepolicy",
501}
502
503service_contexts_test {
504 name: "plat_service_contexts_test",
505 srcs: [":plat_service_contexts"],
506 sepolicy: ":precompiled_sepolicy",
507}
508
509service_contexts_test {
510 name: "system_ext_service_contexts_test",
511 srcs: [":system_ext_service_contexts"],
512 sepolicy: ":precompiled_sepolicy",
513}
514
515service_contexts_test {
516 name: "product_service_contexts_test",
517 srcs: [":product_service_contexts"],
518 sepolicy: ":precompiled_sepolicy",
519}
520
521service_contexts_test {
522 name: "vendor_service_contexts_test",
523 srcs: [":vendor_service_contexts"],
524 sepolicy: ":precompiled_sepolicy",
525}
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]526
Inseob Kim3bb20332022-10-24 20:41:45 +0900[diff] [blame^]527service_contexts_test {
528 name: "odm_service_contexts_test",
529 srcs: [":odm_service_contexts"],
530 sepolicy: ":precompiled_sepolicy",
531}
532
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]533vndservice_contexts_test {
534 name: "vndservice_contexts_test",
535 srcs: [":vndservice_contexts"],
536 sepolicy: ":precompiled_sepolicy",
537}
Pawan0ecf99d2022-09-12 23:20:53 +0000[diff] [blame]538
539fuzzer_bindings_test {
540 name: "fuzzer_bindings_test",
541 srcs: [":plat_service_contexts"],
542}