Blame - microdroid/Android.bp - android_system_sepolicy

blob: 3c82d4b4e283eb56262e633af09bcc35d1612d4c [file] [log] [blame]

Inseob Kim	e138997	2021-07-19 07:48:34 +0000	[diff] [blame]	1	// Copyright (C) 2021 The Android Open Source Project
				2	//
				3	// Licensed under the Apache License, Version 2.0 (the "License");
				4	// you may not use this file except in compliance with the License.
				5	// You may obtain a copy of the License at
				6	//
				7	// http://www.apache.org/licenses/LICENSE-2.0
				8	//
				9	// Unless required by applicable law or agreed to in writing, software
				10	// distributed under the License is distributed on an "AS IS" BASIS,
				11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				12	// See the License for the specific language governing permissions and
				13	// limitations under the License.
				14
				15	package {
				16	// http://go/android-license-faq
				17	// A large-scale-change added 'default_applicable_licenses' to import
				18	// the below license kinds from "system_sepolicy_license":
				19	// SPDX-license-identifier-Apache-2.0
				20	default_applicable_licenses: ["system_sepolicy_license"],
				21	}
				22
				23	system_policy_files = [
				24	"system/private/security_classes",
				25	"system/private/initial_sids",
				26	"system/private/access_vectors",
				27	"system/public/global_macros",
				28	"system/public/neverallow_macros",
				29	"system/private/mls_macros",
				30	"system/private/mls_decl",
				31	"system/private/mls",
				32	"system/private/policy_capabilities",
				33	"system/public/te_macros",
				34	"system/public/attributes",
				35	"system/private/attributes",
				36	"system/public/ioctl_defines",
				37	"system/public/ioctl_macros",
				38	"system/public/*.te",
				39	"system/private/*.te",
				40	"system/private/roles_decl",
				41	"system/public/roles",
				42	"system/private/users",
				43	"system/private/initial_sid_contexts",
				44	"system/private/fs_use",
				45	"system/private/genfs_contexts",
				46	"system/private/port_contexts",
				47	]
				48
				49	reqd_mask_files = [
				50	"reqd_mask/security_classes",
				51	"reqd_mask/initial_sids",
				52	"reqd_mask/access_vectors",
				53	"reqd_mask/mls_macros",
				54	"reqd_mask/mls_decl",
				55	"reqd_mask/mls",
				56	"reqd_mask/reqd_mask.te",
				57	"reqd_mask/roles_decl",
				58	"reqd_mask/roles",
				59	"reqd_mask/users",
				60	"reqd_mask/initial_sid_contexts",
				61	]
				62
				63	system_public_policy_files = [
				64	"reqd_mask/security_classes",
				65	"reqd_mask/initial_sids",
				66	"reqd_mask/access_vectors",
				67	"system/public/global_macros",
				68	"system/public/neverallow_macros",
				69	"reqd_mask/mls_macros",
				70	"reqd_mask/mls_decl",
				71	"reqd_mask/mls",
				72	"system/public/te_macros",
				73	"system/public/attributes",
				74	"system/public/ioctl_defines",
				75	"system/public/ioctl_macros",
				76	"system/public/*.te",
				77	"reqd_mask/reqd_mask.te",
				78	"reqd_mask/roles_decl",
				79	"reqd_mask/roles",
				80	"system/public/roles",
				81	"reqd_mask/users",
				82	"reqd_mask/initial_sid_contexts",
				83	]
				84
				85	vendor_policy_files = [
				86	"reqd_mask/security_classes",
				87	"reqd_mask/initial_sids",
				88	"reqd_mask/access_vectors",
				89	"system/public/global_macros",
				90	"system/public/neverallow_macros",
				91	"reqd_mask/mls_macros",
				92	"reqd_mask/mls_decl",
				93	"reqd_mask/mls",
				94	"system/public/te_macros",
				95	"system/public/attributes",
				96	"system/public/ioctl_defines",
				97	"system/public/ioctl_macros",
				98	"system/public/*.te",
				99	"reqd_mask/reqd_mask.te",
				100	"vendor/*.te",
				101	"reqd_mask/roles_decl",
				102	"reqd_mask/roles",
				103	"system/public/roles",
				104	"reqd_mask/users",
				105	"reqd_mask/initial_sid_contexts",
				106	]
				107
				108	se_policy_conf {
				109	name: "microdroid_reqd_policy_mask.conf",
				110	srcs: reqd_mask_files,
				111	installable: false,
				112	}
				113
				114	se_policy_cil {
				115	name: "microdroid_reqd_policy_mask.cil",
				116	src: ":microdroid_reqd_policy_mask.conf",
				117	secilc_check: false,
				118	installable: false,
				119	}
				120
				121	se_policy_conf {
				122	name: "microdroid_plat_sepolicy.conf",
				123	srcs: system_policy_files,
				124	installable: false,
				125	}
				126
				127	se_policy_cil {
				128	name: "microdroid_plat_sepolicy.cil",
				129	stem: "plat_sepolicy.cil",
				130	src: ":microdroid_plat_sepolicy.conf",
				131	installable: false,
				132	}
				133
				134	se_policy_conf {
				135	name: "microdroid_plat_pub_policy.conf",
				136	srcs: system_public_policy_files,
				137	installable: false,
				138	}
				139
				140	se_policy_cil {
				141	name: "microdroid_plat_pub_policy.cil",
				142	src: ":microdroid_plat_pub_policy.conf",
				143	filter_out: [":microdroid_reqd_policy_mask.cil"],
				144	secilc_check: false,
				145	installable: false,
				146	}
				147
				148	se_versioned_policy {
				149	name: "microdroid_plat_mapping_file",
				150	base: ":microdroid_plat_pub_policy.cil",
				151	mapping: true,
				152	version: "current",
				153	relative_install_path: "mapping", // install to /system/etc/selinux/mapping
				154	installable: false,
				155	}
				156
				157	se_versioned_policy {
				158	name: "microdroid_plat_pub_versioned.cil",
				159	stem: "plat_pub_versioned.cil",
				160	base: ":microdroid_plat_pub_policy.cil",
				161	target_policy: ":microdroid_plat_pub_policy.cil",
				162	version: "current",
				163	dependent_cils: [
				164	":microdroid_plat_sepolicy.cil",
				165	":microdroid_plat_mapping_file",
				166	],
				167	installable: false,
				168	}
				169
				170	se_policy_conf {
				171	name: "microdroid_vendor_sepolicy.conf",
				172	srcs: vendor_policy_files,
				173	installable: false,
				174	}
				175
				176	se_policy_cil {
				177	name: "microdroid_vendor_sepolicy.cil.raw",
				178	src: ":microdroid_vendor_sepolicy.conf",
				179	filter_out: [":microdroid_reqd_policy_mask.cil"],
				180	secilc_check: false, // will be done in se_versioned_policy module
				181	installable: false,
				182	}
				183
				184	se_versioned_policy {
				185	name: "microdroid_vendor_sepolicy.cil",
				186	stem: "vendor_sepolicy.cil",
				187	base: ":microdroid_plat_pub_policy.cil",
				188	target_policy: ":microdroid_vendor_sepolicy.cil.raw",
				189	version: "current", // microdroid is bundled to system
				190	dependent_cils: [
				191	":microdroid_plat_sepolicy.cil",
				192	":microdroid_plat_pub_versioned.cil",
				193	":microdroid_plat_mapping_file",
				194	],
				195	filter_out: [":microdroid_plat_pub_versioned.cil"],
				196	installable: false,
				197	}
				198
				199	sepolicy_vers {
				200	name: "microdroid_plat_sepolicy_vers.txt",
				201	version: "platform",
				202	stem: "plat_sepolicy_vers.txt",
				203	installable: false,
				204	}
				205
				206	// sepolicy sha256 for vendor
				207	genrule {
				208	name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
				209	srcs: [":microdroid_plat_sepolicy.cil", ":microdroid_plat_mapping_file"],
				210	out: ["microdroid_plat_sepolicy_and_mapping.sha256"],
				211	cmd: "cat $(in) \| sha256sum \| cut -d' ' -f1 > $(out)",
				212	}
				213
				214	prebuilt_etc {
				215	name: "microdroid_plat_sepolicy_and_mapping.sha256",
				216	src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
				217	filename: "plat_sepolicy_and_mapping.sha256",
				218	relative_install_path: "selinux",
				219	installable: false,
				220	}
				221
				222	prebuilt_etc {
				223	name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
				224	src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
				225	filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
				226	relative_install_path: "selinux",
				227	installable: false,
				228	}
				229
Inseob Kim	4d90b7e	2021-09-27 13:43:01 +0000	[diff] [blame^]	230	se_policy_binary {
				231	name: "microdroid_precompiled_sepolicy",
				232	stem: "precompiled_sepolicy",
Inseob Kim	e138997	2021-07-19 07:48:34 +0000	[diff] [blame]	233	srcs: [
				234	":microdroid_plat_sepolicy.cil",
				235	":microdroid_plat_mapping_file",
				236	":microdroid_plat_pub_versioned.cil",
				237	":microdroid_vendor_sepolicy.cil",
				238	],
Inseob Kim	e138997	2021-07-19 07:48:34 +0000	[diff] [blame]	239	installable: false,
				240	}
				241
				242	genrule {
				243	name: "microdroid_file_contexts.gen",
				244	srcs: ["system/private/file_contexts"],
				245	tools: ["fc_sort"],
				246	out: ["file_contexts"],
				247	cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
				248	"$(location fc_sort) -i $(out).tmp -o $(out)",
				249	}
				250
				251	prebuilt_etc {
				252	name: "microdroid_file_contexts",
				253	filename: "plat_file_contexts",
				254	src: ":microdroid_file_contexts.gen",
				255	relative_install_path: "selinux",
				256	installable: false,
				257	}
				258
				259	genrule {
				260	name: "microdroid_vendor_file_contexts.gen",
				261	srcs: ["vendor/file_contexts"],
				262	tools: ["fc_sort"],
				263	out: ["file_contexts"],
				264	cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
				265	"$(location fc_sort) -i $(out).tmp -o $(out)",
				266	}
				267
				268	prebuilt_etc {
				269	name: "microdroid_hwservice_contexts",
				270	filename: "plat_hwservice_contexts",
				271	src: "system/private/hwservice_contexts",
				272	relative_install_path: "selinux",
				273	installable: false,
				274	}
				275
				276	prebuilt_etc {
				277	name: "microdroid_property_contexts",
				278	filename: "plat_property_contexts",
				279	src: "system/private/property_contexts",
				280	relative_install_path: "selinux",
				281	installable: false,
				282	}
				283
				284	prebuilt_etc {
				285	name: "microdroid_service_contexts",
				286	filename: "plat_service_contexts",
				287	src: "system/private/service_contexts",
				288	relative_install_path: "selinux",
				289	installable: false,
				290	}
				291
				292	prebuilt_etc {
				293	name: "microdroid_keystore2_key_contexts",
				294	filename: "plat_keystore2_key_contexts",
				295	src: "system/private/keystore2_key_contexts",
				296	relative_install_path: "selinux",
				297	installable: false,
				298	}