Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6cd0dddf1f16cb8a6ff04222f01f5dffd6b81ea4 / . / contexts / Android.bp
blob: 914232a83f3b78dfc878147a2789afd6db5d3e1d [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kim79fdbeb2022-08-12 22:27:35 +0900[diff] [blame]26se_build_files {
27 name: "file_contexts_files",
28 srcs: ["file_contexts"],
29}
30
31se_build_files {
32 name: "file_contexts_asan_files",
33 srcs: ["file_contexts_asan"],
34}
35
36se_build_files {
37 name: "file_contexts_overlayfs_files",
38 srcs: ["file_contexts_overlayfs"],
39}
40
41se_build_files {
42 name: "hwservice_contexts_files",
43 srcs: ["hwservice_contexts"],
44}
45
46se_build_files {
47 name: "property_contexts_files",
48 srcs: ["property_contexts"],
49}
50
51se_build_files {
52 name: "service_contexts_files",
53 srcs: ["service_contexts"],
54}
55
56se_build_files {
57 name: "keystore2_key_contexts_files",
58 srcs: ["keystore2_key_contexts"],
59}
60
61se_build_files {
62 name: "seapp_contexts_files",
63 srcs: ["seapp_contexts"],
64}
65
66se_build_files {
67 name: "vndservice_contexts_files",
68 srcs: ["vndservice_contexts"],
69}
70
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]71file_contexts {
72 name: "plat_file_contexts",
73 srcs: [":file_contexts_files{.plat_private}"],
74 product_variables: {
75 address_sanitize: {
76 srcs: [":file_contexts_asan_files{.plat_private}"],
77 },
78 debuggable: {
79 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
80 },
81 },
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]82}
83
84file_contexts {
85 name: "plat_file_contexts.recovery",
86 srcs: [":file_contexts_files{.plat_private}"],
87 stem: "plat_file_contexts",
88 product_variables: {
89 address_sanitize: {
90 srcs: [":file_contexts_asan_files{.plat_private}"],
91 },
92 debuggable: {
93 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
94 },
95 },
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]96 recovery: true,
97}
98
99file_contexts {
100 name: "vendor_file_contexts",
101 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]102 ":file_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]103 ":file_contexts_files{.vendor}",
104 ],
105 soc_specific: true,
Inseob Kimdfa4a482023-11-01 17:58:18 +0900[diff] [blame]106 fc_sort: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]107}
108
109file_contexts {
110 name: "vendor_file_contexts.recovery",
111 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]112 ":file_contexts_files{.plat_vendor}",
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]113 ":file_contexts_files{.vendor}",
114 ],
115 stem: "vendor_file_contexts",
116 recovery: true,
Inseob Kimdfa4a482023-11-01 17:58:18 +0900[diff] [blame]117 fc_sort: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]118}
119
120file_contexts {
121 name: "system_ext_file_contexts",
122 srcs: [":file_contexts_files{.system_ext_private}"],
123 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]124}
125
126file_contexts {
127 name: "system_ext_file_contexts.recovery",
128 srcs: [":file_contexts_files{.system_ext_private}"],
129 stem: "system_ext_file_contexts",
130 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]131}
132
133file_contexts {
134 name: "product_file_contexts",
135 srcs: [":file_contexts_files{.product_private}"],
136 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]137}
138
139file_contexts {
140 name: "product_file_contexts.recovery",
141 srcs: [":file_contexts_files{.product_private}"],
142 stem: "product_file_contexts",
143 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]144}
145
146file_contexts {
147 name: "odm_file_contexts",
148 srcs: [":file_contexts_files{.odm}"],
149 device_specific: true,
Inseob Kimdfa4a482023-11-01 17:58:18 +0900[diff] [blame]150 fc_sort: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]151}
152
153file_contexts {
154 name: "odm_file_contexts.recovery",
155 srcs: [":file_contexts_files{.odm}"],
156 stem: "odm_file_contexts",
157 recovery: true,
Inseob Kimdfa4a482023-11-01 17:58:18 +0900[diff] [blame]158 fc_sort: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]159}
160
161hwservice_contexts {
162 name: "plat_hwservice_contexts",
163 srcs: [":hwservice_contexts_files{.plat_private}"],
164}
165
166hwservice_contexts {
167 name: "system_ext_hwservice_contexts",
168 srcs: [":hwservice_contexts_files{.system_ext_private}"],
169 system_ext_specific: true,
170}
171
172hwservice_contexts {
173 name: "product_hwservice_contexts",
174 srcs: [":hwservice_contexts_files{.product_private}"],
175 product_specific: true,
176}
177
178hwservice_contexts {
179 name: "vendor_hwservice_contexts",
180 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]181 ":hwservice_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]182 ":hwservice_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]183 ":hwservice_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]184 ],
185 soc_specific: true,
186}
187
188hwservice_contexts {
189 name: "odm_hwservice_contexts",
190 srcs: [":hwservice_contexts_files{.odm}"],
191 device_specific: true,
192}
193
194property_contexts {
195 name: "plat_property_contexts",
196 srcs: [":property_contexts_files{.plat_private}"],
197}
198
199property_contexts {
200 name: "plat_property_contexts.recovery",
201 srcs: [":property_contexts_files{.plat_private}"],
202 stem: "plat_property_contexts",
203 recovery: true,
204}
205
206property_contexts {
207 name: "system_ext_property_contexts",
208 srcs: [":property_contexts_files{.system_ext_private}"],
209 system_ext_specific: true,
210 recovery_available: true,
211}
212
213property_contexts {
214 name: "product_property_contexts",
215 srcs: [":property_contexts_files{.product_private}"],
216 product_specific: true,
217 recovery_available: true,
218}
219
220property_contexts {
221 name: "vendor_property_contexts",
222 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]223 ":property_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]224 ":property_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]225 ":property_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]226 ],
227 soc_specific: true,
228 recovery_available: true,
229}
230
231property_contexts {
232 name: "odm_property_contexts",
233 srcs: [":property_contexts_files{.odm}"],
234 device_specific: true,
235 recovery_available: true,
236}
237
238service_contexts {
239 name: "plat_service_contexts",
240 srcs: [":service_contexts_files{.plat_private}"],
241}
242
243service_contexts {
244 name: "plat_service_contexts.recovery",
245 srcs: [":service_contexts_files{.plat_private}"],
246 stem: "plat_service_contexts",
247 recovery: true,
248}
249
250service_contexts {
251 name: "system_ext_service_contexts",
252 srcs: [":service_contexts_files{.system_ext_private}"],
253 system_ext_specific: true,
254 recovery_available: true,
255}
256
257service_contexts {
258 name: "product_service_contexts",
259 srcs: [":service_contexts_files{.product_private}"],
260 product_specific: true,
261 recovery_available: true,
262}
263
264service_contexts {
265 name: "vendor_service_contexts",
266 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]267 ":service_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]268 ":service_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]269 ":service_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]270 ],
271 soc_specific: true,
272 recovery_available: true,
273}
274
Inseob Kim3bb20332022-10-24 20:41:45 +0900[diff] [blame]275service_contexts {
276 name: "odm_service_contexts",
277 srcs: [
278 ":service_contexts_files{.odm}",
279 ],
280 device_specific: true,
281 recovery_available: true,
282}
283
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]284keystore2_key_contexts {
285 name: "plat_keystore2_key_contexts",
286 srcs: [":keystore2_key_contexts_files{.plat_private}"],
287}
288
289keystore2_key_contexts {
290 name: "system_keystore2_key_contexts",
291 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
292 system_ext_specific: true,
293}
294
295keystore2_key_contexts {
296 name: "product_keystore2_key_contexts",
297 srcs: [":keystore2_key_contexts_files{.product_private}"],
298 product_specific: true,
299}
300
301keystore2_key_contexts {
302 name: "vendor_keystore2_key_contexts",
303 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]304 ":keystore2_key_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]305 ":keystore2_key_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]306 ":keystore2_key_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]307 ],
308 soc_specific: true,
309}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]310
311seapp_contexts {
312 name: "plat_seapp_contexts",
313 srcs: [":seapp_contexts_files{.plat_private}"],
314 sepolicy: ":precompiled_sepolicy",
315}
316
317seapp_contexts {
318 name: "system_ext_seapp_contexts",
319 srcs: [":seapp_contexts_files{.system_ext_private}"],
320 neverallow_files: [":seapp_contexts_files{.plat_private}"],
321 system_ext_specific: true,
322 sepolicy: ":precompiled_sepolicy",
323}
324
325seapp_contexts {
326 name: "product_seapp_contexts",
327 srcs: [":seapp_contexts_files{.product_private}"],
328 neverallow_files: [
329 ":seapp_contexts_files{.plat_private}",
330 ":seapp_contexts_files{.system_ext_private}",
331 ],
332 product_specific: true,
333 sepolicy: ":precompiled_sepolicy",
334}
335
336seapp_contexts {
337 name: "vendor_seapp_contexts",
338 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]339 ":seapp_contexts_files{.plat_vendor}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]340 ":seapp_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]341 ":seapp_contexts_files{.reqd_mask}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]342 ],
343 neverallow_files: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]344 ":seapp_contexts_files{.plat_private}",
345 ":seapp_contexts_files{.system_ext_private}",
346 ":seapp_contexts_files{.product_private}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]347 ],
348 soc_specific: true,
349 sepolicy: ":precompiled_sepolicy",
350}
351
352seapp_contexts {
353 name: "odm_seapp_contexts",
354 srcs: [
355 ":seapp_contexts_files{.odm}",
356 ],
357 neverallow_files: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]358 ":seapp_contexts_files{.plat_private}",
359 ":seapp_contexts_files{.system_ext_private}",
360 ":seapp_contexts_files{.product_private}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]361 ],
362 device_specific: true,
363 sepolicy: ":precompiled_sepolicy",
364}
365
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]366vndservice_contexts {
367 name: "vndservice_contexts",
368 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]369 ":vndservice_contexts_files{.plat_vendor}",
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]370 ":vndservice_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900[diff] [blame]371 ":vndservice_contexts_files{.reqd_mask}",
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]372 ],
373 soc_specific: true,
374}
375
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]376// for CTS
377genrule {
378 name: "plat_seapp_neverallows",
379 srcs: [
380 ":seapp_contexts_files{.plat_private}",
381 ":seapp_contexts_files{.system_ext_private}",
382 ":seapp_contexts_files{.product_private}",
383 ],
384 out: ["plat_seapp_neverallows"],
385 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
386}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]387
388//////////////////////////////////
389// Run host-side test with contexts files and the sepolicy file
390file_contexts_test {
391 name: "plat_file_contexts_test",
392 srcs: [":plat_file_contexts"],
393 sepolicy: ":precompiled_sepolicy",
394}
395
396file_contexts_test {
ThiƩbaud Weksteen3a102a12023-10-20 15:43:29 +1100[diff] [blame]397 name: "plat_file_contexts_data_test",
398 srcs: [":file_contexts_files{.plat_private}"],
399 test_data: "plat_file_contexts_test",
400}
401
402file_contexts_test {
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]403 name: "system_ext_file_contexts_test",
404 srcs: [":system_ext_file_contexts"],
405 sepolicy: ":precompiled_sepolicy",
406}
407
408file_contexts_test {
409 name: "product_file_contexts_test",
410 srcs: [":product_file_contexts"],
411 sepolicy: ":precompiled_sepolicy",
412}
413
414file_contexts_test {
415 name: "vendor_file_contexts_test",
416 srcs: [":vendor_file_contexts"],
417 sepolicy: ":precompiled_sepolicy",
418}
419
420file_contexts_test {
421 name: "odm_file_contexts_test",
422 srcs: [":odm_file_contexts"],
423 sepolicy: ":precompiled_sepolicy",
424}
425
426hwservice_contexts_test {
427 name: "plat_hwservice_contexts_test",
428 srcs: [":plat_hwservice_contexts"],
429 sepolicy: ":precompiled_sepolicy",
430}
431
432hwservice_contexts_test {
433 name: "system_ext_hwservice_contexts_test",
434 srcs: [":system_ext_hwservice_contexts"],
435 sepolicy: ":precompiled_sepolicy",
436}
437
438hwservice_contexts_test {
439 name: "product_hwservice_contexts_test",
440 srcs: [":product_hwservice_contexts"],
441 sepolicy: ":precompiled_sepolicy",
442}
443
444hwservice_contexts_test {
445 name: "vendor_hwservice_contexts_test",
446 srcs: [":vendor_hwservice_contexts"],
447 sepolicy: ":precompiled_sepolicy",
448}
449
450hwservice_contexts_test {
451 name: "odm_hwservice_contexts_test",
452 srcs: [":odm_hwservice_contexts"],
453 sepolicy: ":precompiled_sepolicy",
454}
455
456property_contexts_test {
457 name: "plat_property_contexts_test",
458 srcs: [":plat_property_contexts"],
459 sepolicy: ":precompiled_sepolicy",
460}
461
462property_contexts_test {
463 name: "system_ext_property_contexts_test",
464 srcs: [
465 ":plat_property_contexts",
466 ":system_ext_property_contexts",
467 ],
468 sepolicy: ":precompiled_sepolicy",
469}
470
471property_contexts_test {
472 name: "product_property_contexts_test",
473 srcs: [
474 ":plat_property_contexts",
475 ":system_ext_property_contexts",
476 ":product_property_contexts",
477 ],
478 sepolicy: ":precompiled_sepolicy",
479}
480
481property_contexts_test {
482 name: "vendor_property_contexts_test",
483 srcs: [
484 ":plat_property_contexts",
485 ":system_ext_property_contexts",
486 ":product_property_contexts",
487 ":vendor_property_contexts",
488 ],
489 sepolicy: ":precompiled_sepolicy",
490}
491
492property_contexts_test {
493 name: "odm_property_contexts_test",
494 srcs: [
495 ":plat_property_contexts",
496 ":system_ext_property_contexts",
497 ":product_property_contexts",
498 ":vendor_property_contexts",
499 ":odm_property_contexts",
500 ],
501 sepolicy: ":precompiled_sepolicy",
502}
503
504service_contexts_test {
505 name: "plat_service_contexts_test",
506 srcs: [":plat_service_contexts"],
507 sepolicy: ":precompiled_sepolicy",
508}
509
510service_contexts_test {
511 name: "system_ext_service_contexts_test",
512 srcs: [":system_ext_service_contexts"],
513 sepolicy: ":precompiled_sepolicy",
514}
515
516service_contexts_test {
517 name: "product_service_contexts_test",
518 srcs: [":product_service_contexts"],
519 sepolicy: ":precompiled_sepolicy",
520}
521
522service_contexts_test {
523 name: "vendor_service_contexts_test",
524 srcs: [":vendor_service_contexts"],
525 sepolicy: ":precompiled_sepolicy",
526}
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]527
Inseob Kim3bb20332022-10-24 20:41:45 +0900[diff] [blame]528service_contexts_test {
529 name: "odm_service_contexts_test",
530 srcs: [":odm_service_contexts"],
531 sepolicy: ":precompiled_sepolicy",
532}
533
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame]534vndservice_contexts_test {
535 name: "vndservice_contexts_test",
536 srcs: [":vndservice_contexts"],
537 sepolicy: ":precompiled_sepolicy",
538}
Pawan0ecf99d2022-09-12 23:20:53 +0000[diff] [blame]539
540fuzzer_bindings_test {
541 name: "fuzzer_bindings_test",
542 srcs: [":plat_service_contexts"],
543}