| Inseob Kim | 085f22f | 2023-11-09 11:13:01 +0900 | [diff] [blame] | 1 | #################################### |
| 2 | # is_flag_enabled(flag, rules) |
| 3 | # SELinux rules which apply only if given feature is turned on |
| Inseob Kim | 9868a0c | 2023-11-17 18:02:25 +0900 | [diff] [blame] | 4 | define(`is_flag_enabled', `ifelse(target_flag_$1, `true', `$2')') |
| Inseob Kim | 085f22f | 2023-11-09 11:13:01 +0900 | [diff] [blame] | 5 | |
| 6 | #################################### |
| 7 | # is_flag_disabled(flag, rules) |
| 8 | # SELinux rules which apply only if given feature is turned off |
| Inseob Kim | 9868a0c | 2023-11-17 18:02:25 +0900 | [diff] [blame] | 9 | define(`is_flag_disabled', `ifelse(target_flag_$1, `true', , `$2')') |
| Inseob Kim | 8697fc8 | 2024-04-16 14:45:32 +0900 | [diff] [blame] | 10 | |
| 11 | #################################### |
| Vadim Caen | 5e584fc | 2024-09-02 13:51:48 +0000 | [diff] [blame^] | 12 | # starting_at_board_api(api_level, rules) |
| Inseob Kim | 8697fc8 | 2024-04-16 14:45:32 +0900 | [diff] [blame] | 13 | # |
| Vadim Caen | 5e584fc | 2024-09-02 13:51:48 +0000 | [diff] [blame^] | 14 | # This macro conditionally exposes SELinux rules within system/sepolicy/public, |
| 15 | # ensuring they are available to vendors only when the board API level is at or |
| 16 | # above the specified 'api_level'. |
| 17 | # |
| 18 | # * Platform sepolicy: Rules are always enabled, regardless of API level. |
| 19 | # * Vendor sepolicy: Rules are enabled only when the board API level meets or |
| 20 | # exceeds the value provided in 'api_level'. |
| 21 | # |
| 22 | # Apply this macro to public types and attributes (in system/sepolicy/public) to |
| 23 | # restrict vendor access based on board API level. |
| Inseob Kim | 8697fc8 | 2024-04-16 14:45:32 +0900 | [diff] [blame] | 24 | define(`starting_at_board_api', `ifelse(eval(target_board_api_level >= $1), 1, `$2')') |