Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 61257ca545fd1468571f9c7a977960426d390160 / . / contexts / Android.bp
blob: 8eeed3a32b1f6cd309424a8cd00a529fa96d12a8 [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]26file_contexts {
27 name: "plat_file_contexts",
28 srcs: [":file_contexts_files{.plat_private}"],
29 product_variables: {
30 address_sanitize: {
31 srcs: [":file_contexts_asan_files{.plat_private}"],
32 },
33 debuggable: {
34 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
35 },
36 },
37
38 flatten_apex: {
39 srcs: [":apex_file_contexts_files"],
40 },
41}
42
43file_contexts {
44 name: "plat_file_contexts.recovery",
45 srcs: [":file_contexts_files{.plat_private}"],
46 stem: "plat_file_contexts",
47 product_variables: {
48 address_sanitize: {
49 srcs: [":file_contexts_asan_files{.plat_private}"],
50 },
51 debuggable: {
52 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
53 },
54 },
55
56 flatten_apex: {
57 srcs: [":apex_file_contexts_files"],
58 },
59
60 recovery: true,
61}
62
63file_contexts {
64 name: "vendor_file_contexts",
65 srcs: [
66 ":file_contexts_files{.plat_vendor_for_vendor}",
67 ":file_contexts_files{.vendor}",
68 ],
69 soc_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame^]70}
71
72file_contexts {
73 name: "vendor_file_contexts.recovery",
74 srcs: [
75 ":file_contexts_files{.plat_vendor_for_vendor}",
76 ":file_contexts_files{.vendor}",
77 ],
78 stem: "vendor_file_contexts",
79 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]80}
81
82file_contexts {
83 name: "system_ext_file_contexts",
84 srcs: [":file_contexts_files{.system_ext_private}"],
85 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame^]86}
87
88file_contexts {
89 name: "system_ext_file_contexts.recovery",
90 srcs: [":file_contexts_files{.system_ext_private}"],
91 stem: "system_ext_file_contexts",
92 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]93}
94
95file_contexts {
96 name: "product_file_contexts",
97 srcs: [":file_contexts_files{.product_private}"],
98 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame^]99}
100
101file_contexts {
102 name: "product_file_contexts.recovery",
103 srcs: [":file_contexts_files{.product_private}"],
104 stem: "product_file_contexts",
105 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]106}
107
108file_contexts {
109 name: "odm_file_contexts",
110 srcs: [":file_contexts_files{.odm}"],
111 device_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame^]112}
113
114file_contexts {
115 name: "odm_file_contexts.recovery",
116 srcs: [":file_contexts_files{.odm}"],
117 stem: "odm_file_contexts",
118 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]119}
120
121hwservice_contexts {
122 name: "plat_hwservice_contexts",
123 srcs: [":hwservice_contexts_files{.plat_private}"],
124}
125
126hwservice_contexts {
127 name: "system_ext_hwservice_contexts",
128 srcs: [":hwservice_contexts_files{.system_ext_private}"],
129 system_ext_specific: true,
130}
131
132hwservice_contexts {
133 name: "product_hwservice_contexts",
134 srcs: [":hwservice_contexts_files{.product_private}"],
135 product_specific: true,
136}
137
138hwservice_contexts {
139 name: "vendor_hwservice_contexts",
140 srcs: [
141 ":hwservice_contexts_files{.plat_vendor_for_vendor}",
142 ":hwservice_contexts_files{.vendor}",
143 ":hwservice_contexts_files{.reqd_mask_for_vendor}",
144 ],
145 soc_specific: true,
146}
147
148hwservice_contexts {
149 name: "odm_hwservice_contexts",
150 srcs: [":hwservice_contexts_files{.odm}"],
151 device_specific: true,
152}
153
154property_contexts {
155 name: "plat_property_contexts",
156 srcs: [":property_contexts_files{.plat_private}"],
157}
158
159property_contexts {
160 name: "plat_property_contexts.recovery",
161 srcs: [":property_contexts_files{.plat_private}"],
162 stem: "plat_property_contexts",
163 recovery: true,
164}
165
166property_contexts {
167 name: "system_ext_property_contexts",
168 srcs: [":property_contexts_files{.system_ext_private}"],
169 system_ext_specific: true,
170 recovery_available: true,
171}
172
173property_contexts {
174 name: "product_property_contexts",
175 srcs: [":property_contexts_files{.product_private}"],
176 product_specific: true,
177 recovery_available: true,
178}
179
180property_contexts {
181 name: "vendor_property_contexts",
182 srcs: [
183 ":property_contexts_files{.plat_vendor_for_vendor}",
184 ":property_contexts_files{.vendor}",
185 ":property_contexts_files{.reqd_mask_for_vendor}",
186 ],
187 soc_specific: true,
188 recovery_available: true,
189}
190
191property_contexts {
192 name: "odm_property_contexts",
193 srcs: [":property_contexts_files{.odm}"],
194 device_specific: true,
195 recovery_available: true,
196}
197
198service_contexts {
199 name: "plat_service_contexts",
200 srcs: [":service_contexts_files{.plat_private}"],
201}
202
203service_contexts {
204 name: "plat_service_contexts.recovery",
205 srcs: [":service_contexts_files{.plat_private}"],
206 stem: "plat_service_contexts",
207 recovery: true,
208}
209
210service_contexts {
211 name: "system_ext_service_contexts",
212 srcs: [":service_contexts_files{.system_ext_private}"],
213 system_ext_specific: true,
214 recovery_available: true,
215}
216
217service_contexts {
218 name: "product_service_contexts",
219 srcs: [":service_contexts_files{.product_private}"],
220 product_specific: true,
221 recovery_available: true,
222}
223
224service_contexts {
225 name: "vendor_service_contexts",
226 srcs: [
227 ":service_contexts_files{.plat_vendor_for_vendor}",
228 ":service_contexts_files{.vendor}",
229 ":service_contexts_files{.reqd_mask_for_vendor}",
230 ],
231 soc_specific: true,
232 recovery_available: true,
233}
234
235keystore2_key_contexts {
236 name: "plat_keystore2_key_contexts",
237 srcs: [":keystore2_key_contexts_files{.plat_private}"],
238}
239
240keystore2_key_contexts {
241 name: "system_keystore2_key_contexts",
242 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
243 system_ext_specific: true,
244}
245
246keystore2_key_contexts {
247 name: "product_keystore2_key_contexts",
248 srcs: [":keystore2_key_contexts_files{.product_private}"],
249 product_specific: true,
250}
251
252keystore2_key_contexts {
253 name: "vendor_keystore2_key_contexts",
254 srcs: [
255 ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
256 ":keystore2_key_contexts_files{.vendor}",
257 ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
258 ],
259 soc_specific: true,
260}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]261
262seapp_contexts {
263 name: "plat_seapp_contexts",
264 srcs: [":seapp_contexts_files{.plat_private}"],
265 sepolicy: ":precompiled_sepolicy",
266}
267
268seapp_contexts {
269 name: "system_ext_seapp_contexts",
270 srcs: [":seapp_contexts_files{.system_ext_private}"],
271 neverallow_files: [":seapp_contexts_files{.plat_private}"],
272 system_ext_specific: true,
273 sepolicy: ":precompiled_sepolicy",
274}
275
276seapp_contexts {
277 name: "product_seapp_contexts",
278 srcs: [":seapp_contexts_files{.product_private}"],
279 neverallow_files: [
280 ":seapp_contexts_files{.plat_private}",
281 ":seapp_contexts_files{.system_ext_private}",
282 ],
283 product_specific: true,
284 sepolicy: ":precompiled_sepolicy",
285}
286
287seapp_contexts {
288 name: "vendor_seapp_contexts",
289 srcs: [
290 ":seapp_contexts_files{.plat_vendor_for_vendor}",
291 ":seapp_contexts_files{.vendor}",
292 ":seapp_contexts_files{.reqd_mask_for_vendor}",
293 ],
294 neverallow_files: [
295 ":seapp_contexts_files{.plat_private_for_vendor}",
296 ":seapp_contexts_files{.system_ext_private_for_vendor}",
297 ":seapp_contexts_files{.product_private_for_vendor}",
298 ],
299 soc_specific: true,
300 sepolicy: ":precompiled_sepolicy",
301}
302
303seapp_contexts {
304 name: "odm_seapp_contexts",
305 srcs: [
306 ":seapp_contexts_files{.odm}",
307 ],
308 neverallow_files: [
309 ":seapp_contexts_files{.plat_private_for_vendor}",
310 ":seapp_contexts_files{.system_ext_private_for_vendor}",
311 ":seapp_contexts_files{.product_private_for_vendor}",
312 ],
313 device_specific: true,
314 sepolicy: ":precompiled_sepolicy",
315}
316
317// for CTS
318genrule {
319 name: "plat_seapp_neverallows",
320 srcs: [
321 ":seapp_contexts_files{.plat_private}",
322 ":seapp_contexts_files{.system_ext_private}",
323 ":seapp_contexts_files{.product_private}",
324 ],
325 out: ["plat_seapp_neverallows"],
326 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
327}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]328
329//////////////////////////////////
330// Run host-side test with contexts files and the sepolicy file
331file_contexts_test {
332 name: "plat_file_contexts_test",
333 srcs: [":plat_file_contexts"],
334 sepolicy: ":precompiled_sepolicy",
335}
336
337file_contexts_test {
338 name: "system_ext_file_contexts_test",
339 srcs: [":system_ext_file_contexts"],
340 sepolicy: ":precompiled_sepolicy",
341}
342
343file_contexts_test {
344 name: "product_file_contexts_test",
345 srcs: [":product_file_contexts"],
346 sepolicy: ":precompiled_sepolicy",
347}
348
349file_contexts_test {
350 name: "vendor_file_contexts_test",
351 srcs: [":vendor_file_contexts"],
352 sepolicy: ":precompiled_sepolicy",
353}
354
355file_contexts_test {
356 name: "odm_file_contexts_test",
357 srcs: [":odm_file_contexts"],
358 sepolicy: ":precompiled_sepolicy",
359}
360
361hwservice_contexts_test {
362 name: "plat_hwservice_contexts_test",
363 srcs: [":plat_hwservice_contexts"],
364 sepolicy: ":precompiled_sepolicy",
365}
366
367hwservice_contexts_test {
368 name: "system_ext_hwservice_contexts_test",
369 srcs: [":system_ext_hwservice_contexts"],
370 sepolicy: ":precompiled_sepolicy",
371}
372
373hwservice_contexts_test {
374 name: "product_hwservice_contexts_test",
375 srcs: [":product_hwservice_contexts"],
376 sepolicy: ":precompiled_sepolicy",
377}
378
379hwservice_contexts_test {
380 name: "vendor_hwservice_contexts_test",
381 srcs: [":vendor_hwservice_contexts"],
382 sepolicy: ":precompiled_sepolicy",
383}
384
385hwservice_contexts_test {
386 name: "odm_hwservice_contexts_test",
387 srcs: [":odm_hwservice_contexts"],
388 sepolicy: ":precompiled_sepolicy",
389}
390
391property_contexts_test {
392 name: "plat_property_contexts_test",
393 srcs: [":plat_property_contexts"],
394 sepolicy: ":precompiled_sepolicy",
395}
396
397property_contexts_test {
398 name: "system_ext_property_contexts_test",
399 srcs: [
400 ":plat_property_contexts",
401 ":system_ext_property_contexts",
402 ],
403 sepolicy: ":precompiled_sepolicy",
404}
405
406property_contexts_test {
407 name: "product_property_contexts_test",
408 srcs: [
409 ":plat_property_contexts",
410 ":system_ext_property_contexts",
411 ":product_property_contexts",
412 ],
413 sepolicy: ":precompiled_sepolicy",
414}
415
416property_contexts_test {
417 name: "vendor_property_contexts_test",
418 srcs: [
419 ":plat_property_contexts",
420 ":system_ext_property_contexts",
421 ":product_property_contexts",
422 ":vendor_property_contexts",
423 ],
424 sepolicy: ":precompiled_sepolicy",
425}
426
427property_contexts_test {
428 name: "odm_property_contexts_test",
429 srcs: [
430 ":plat_property_contexts",
431 ":system_ext_property_contexts",
432 ":product_property_contexts",
433 ":vendor_property_contexts",
434 ":odm_property_contexts",
435 ],
436 sepolicy: ":precompiled_sepolicy",
437}
438
439service_contexts_test {
440 name: "plat_service_contexts_test",
441 srcs: [":plat_service_contexts"],
442 sepolicy: ":precompiled_sepolicy",
443}
444
445service_contexts_test {
446 name: "system_ext_service_contexts_test",
447 srcs: [":system_ext_service_contexts"],
448 sepolicy: ":precompiled_sepolicy",
449}
450
451service_contexts_test {
452 name: "product_service_contexts_test",
453 srcs: [":product_service_contexts"],
454 sepolicy: ":precompiled_sepolicy",
455}
456
457service_contexts_test {
458 name: "vendor_service_contexts_test",
459 srcs: [":vendor_service_contexts"],
460 sepolicy: ":precompiled_sepolicy",
461}