Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b5e235346ed54ae52eec009b1c3cad1aea1b4aba / . / contexts / Android.bp
blob: 3062a6160a3ca586a64e679e5ffe9f2cd1f66c75 [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]26file_contexts {
27 name: "plat_file_contexts",
28 srcs: [":file_contexts_files{.plat_private}"],
29 product_variables: {
30 address_sanitize: {
31 srcs: [":file_contexts_asan_files{.plat_private}"],
32 },
33 debuggable: {
34 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
35 },
36 },
37
38 flatten_apex: {
39 srcs: [":apex_file_contexts_files"],
40 },
41}
42
43file_contexts {
44 name: "plat_file_contexts.recovery",
45 srcs: [":file_contexts_files{.plat_private}"],
46 stem: "plat_file_contexts",
47 product_variables: {
48 address_sanitize: {
49 srcs: [":file_contexts_asan_files{.plat_private}"],
50 },
51 debuggable: {
52 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
53 },
54 },
55
56 flatten_apex: {
57 srcs: [":apex_file_contexts_files"],
58 },
59
60 recovery: true,
61}
62
63file_contexts {
64 name: "vendor_file_contexts",
65 srcs: [
66 ":file_contexts_files{.plat_vendor_for_vendor}",
67 ":file_contexts_files{.vendor}",
68 ],
69 soc_specific: true,
70 recovery_available: true,
71}
72
73file_contexts {
74 name: "system_ext_file_contexts",
75 srcs: [":file_contexts_files{.system_ext_private}"],
76 system_ext_specific: true,
77 recovery_available: true,
78}
79
80file_contexts {
81 name: "product_file_contexts",
82 srcs: [":file_contexts_files{.product_private}"],
83 product_specific: true,
84 recovery_available: true,
85}
86
87file_contexts {
88 name: "odm_file_contexts",
89 srcs: [":file_contexts_files{.odm}"],
90 device_specific: true,
91 recovery_available: true,
92}
93
94hwservice_contexts {
95 name: "plat_hwservice_contexts",
96 srcs: [":hwservice_contexts_files{.plat_private}"],
97}
98
99hwservice_contexts {
100 name: "system_ext_hwservice_contexts",
101 srcs: [":hwservice_contexts_files{.system_ext_private}"],
102 system_ext_specific: true,
103}
104
105hwservice_contexts {
106 name: "product_hwservice_contexts",
107 srcs: [":hwservice_contexts_files{.product_private}"],
108 product_specific: true,
109}
110
111hwservice_contexts {
112 name: "vendor_hwservice_contexts",
113 srcs: [
114 ":hwservice_contexts_files{.plat_vendor_for_vendor}",
115 ":hwservice_contexts_files{.vendor}",
116 ":hwservice_contexts_files{.reqd_mask_for_vendor}",
117 ],
118 soc_specific: true,
119}
120
121hwservice_contexts {
122 name: "odm_hwservice_contexts",
123 srcs: [":hwservice_contexts_files{.odm}"],
124 device_specific: true,
125}
126
127property_contexts {
128 name: "plat_property_contexts",
129 srcs: [":property_contexts_files{.plat_private}"],
130}
131
132property_contexts {
133 name: "plat_property_contexts.recovery",
134 srcs: [":property_contexts_files{.plat_private}"],
135 stem: "plat_property_contexts",
136 recovery: true,
137}
138
139property_contexts {
140 name: "system_ext_property_contexts",
141 srcs: [":property_contexts_files{.system_ext_private}"],
142 system_ext_specific: true,
143 recovery_available: true,
144}
145
146property_contexts {
147 name: "product_property_contexts",
148 srcs: [":property_contexts_files{.product_private}"],
149 product_specific: true,
150 recovery_available: true,
151}
152
153property_contexts {
154 name: "vendor_property_contexts",
155 srcs: [
156 ":property_contexts_files{.plat_vendor_for_vendor}",
157 ":property_contexts_files{.vendor}",
158 ":property_contexts_files{.reqd_mask_for_vendor}",
159 ],
160 soc_specific: true,
161 recovery_available: true,
162}
163
164property_contexts {
165 name: "odm_property_contexts",
166 srcs: [":property_contexts_files{.odm}"],
167 device_specific: true,
168 recovery_available: true,
169}
170
171service_contexts {
172 name: "plat_service_contexts",
173 srcs: [":service_contexts_files{.plat_private}"],
174}
175
176service_contexts {
177 name: "plat_service_contexts.recovery",
178 srcs: [":service_contexts_files{.plat_private}"],
179 stem: "plat_service_contexts",
180 recovery: true,
181}
182
183service_contexts {
184 name: "system_ext_service_contexts",
185 srcs: [":service_contexts_files{.system_ext_private}"],
186 system_ext_specific: true,
187 recovery_available: true,
188}
189
190service_contexts {
191 name: "product_service_contexts",
192 srcs: [":service_contexts_files{.product_private}"],
193 product_specific: true,
194 recovery_available: true,
195}
196
197service_contexts {
198 name: "vendor_service_contexts",
199 srcs: [
200 ":service_contexts_files{.plat_vendor_for_vendor}",
201 ":service_contexts_files{.vendor}",
202 ":service_contexts_files{.reqd_mask_for_vendor}",
203 ],
204 soc_specific: true,
205 recovery_available: true,
206}
207
208keystore2_key_contexts {
209 name: "plat_keystore2_key_contexts",
210 srcs: [":keystore2_key_contexts_files{.plat_private}"],
211}
212
213keystore2_key_contexts {
214 name: "system_keystore2_key_contexts",
215 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
216 system_ext_specific: true,
217}
218
219keystore2_key_contexts {
220 name: "product_keystore2_key_contexts",
221 srcs: [":keystore2_key_contexts_files{.product_private}"],
222 product_specific: true,
223}
224
225keystore2_key_contexts {
226 name: "vendor_keystore2_key_contexts",
227 srcs: [
228 ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
229 ":keystore2_key_contexts_files{.vendor}",
230 ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
231 ],
232 soc_specific: true,
233}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]234
235seapp_contexts {
236 name: "plat_seapp_contexts",
237 srcs: [":seapp_contexts_files{.plat_private}"],
238 sepolicy: ":precompiled_sepolicy",
239}
240
241seapp_contexts {
242 name: "system_ext_seapp_contexts",
243 srcs: [":seapp_contexts_files{.system_ext_private}"],
244 neverallow_files: [":seapp_contexts_files{.plat_private}"],
245 system_ext_specific: true,
246 sepolicy: ":precompiled_sepolicy",
247}
248
249seapp_contexts {
250 name: "product_seapp_contexts",
251 srcs: [":seapp_contexts_files{.product_private}"],
252 neverallow_files: [
253 ":seapp_contexts_files{.plat_private}",
254 ":seapp_contexts_files{.system_ext_private}",
255 ],
256 product_specific: true,
257 sepolicy: ":precompiled_sepolicy",
258}
259
260seapp_contexts {
261 name: "vendor_seapp_contexts",
262 srcs: [
263 ":seapp_contexts_files{.plat_vendor_for_vendor}",
264 ":seapp_contexts_files{.vendor}",
265 ":seapp_contexts_files{.reqd_mask_for_vendor}",
266 ],
267 neverallow_files: [
268 ":seapp_contexts_files{.plat_private_for_vendor}",
269 ":seapp_contexts_files{.system_ext_private_for_vendor}",
270 ":seapp_contexts_files{.product_private_for_vendor}",
271 ],
272 soc_specific: true,
273 sepolicy: ":precompiled_sepolicy",
274}
275
276seapp_contexts {
277 name: "odm_seapp_contexts",
278 srcs: [
279 ":seapp_contexts_files{.odm}",
280 ],
281 neverallow_files: [
282 ":seapp_contexts_files{.plat_private_for_vendor}",
283 ":seapp_contexts_files{.system_ext_private_for_vendor}",
284 ":seapp_contexts_files{.product_private_for_vendor}",
285 ],
286 device_specific: true,
287 sepolicy: ":precompiled_sepolicy",
288}
289
290// for CTS
291genrule {
292 name: "plat_seapp_neverallows",
293 srcs: [
294 ":seapp_contexts_files{.plat_private}",
295 ":seapp_contexts_files{.system_ext_private}",
296 ":seapp_contexts_files{.product_private}",
297 ],
298 out: ["plat_seapp_neverallows"],
299 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
300}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame^]301
302//////////////////////////////////
303// Run host-side test with contexts files and the sepolicy file
304file_contexts_test {
305 name: "plat_file_contexts_test",
306 srcs: [":plat_file_contexts"],
307 sepolicy: ":precompiled_sepolicy",
308}
309
310file_contexts_test {
311 name: "system_ext_file_contexts_test",
312 srcs: [":system_ext_file_contexts"],
313 sepolicy: ":precompiled_sepolicy",
314}
315
316file_contexts_test {
317 name: "product_file_contexts_test",
318 srcs: [":product_file_contexts"],
319 sepolicy: ":precompiled_sepolicy",
320}
321
322file_contexts_test {
323 name: "vendor_file_contexts_test",
324 srcs: [":vendor_file_contexts"],
325 sepolicy: ":precompiled_sepolicy",
326}
327
328file_contexts_test {
329 name: "odm_file_contexts_test",
330 srcs: [":odm_file_contexts"],
331 sepolicy: ":precompiled_sepolicy",
332}
333
334hwservice_contexts_test {
335 name: "plat_hwservice_contexts_test",
336 srcs: [":plat_hwservice_contexts"],
337 sepolicy: ":precompiled_sepolicy",
338}
339
340hwservice_contexts_test {
341 name: "system_ext_hwservice_contexts_test",
342 srcs: [":system_ext_hwservice_contexts"],
343 sepolicy: ":precompiled_sepolicy",
344}
345
346hwservice_contexts_test {
347 name: "product_hwservice_contexts_test",
348 srcs: [":product_hwservice_contexts"],
349 sepolicy: ":precompiled_sepolicy",
350}
351
352hwservice_contexts_test {
353 name: "vendor_hwservice_contexts_test",
354 srcs: [":vendor_hwservice_contexts"],
355 sepolicy: ":precompiled_sepolicy",
356}
357
358hwservice_contexts_test {
359 name: "odm_hwservice_contexts_test",
360 srcs: [":odm_hwservice_contexts"],
361 sepolicy: ":precompiled_sepolicy",
362}
363
364property_contexts_test {
365 name: "plat_property_contexts_test",
366 srcs: [":plat_property_contexts"],
367 sepolicy: ":precompiled_sepolicy",
368}
369
370property_contexts_test {
371 name: "system_ext_property_contexts_test",
372 srcs: [
373 ":plat_property_contexts",
374 ":system_ext_property_contexts",
375 ],
376 sepolicy: ":precompiled_sepolicy",
377}
378
379property_contexts_test {
380 name: "product_property_contexts_test",
381 srcs: [
382 ":plat_property_contexts",
383 ":system_ext_property_contexts",
384 ":product_property_contexts",
385 ],
386 sepolicy: ":precompiled_sepolicy",
387}
388
389property_contexts_test {
390 name: "vendor_property_contexts_test",
391 srcs: [
392 ":plat_property_contexts",
393 ":system_ext_property_contexts",
394 ":product_property_contexts",
395 ":vendor_property_contexts",
396 ],
397 sepolicy: ":precompiled_sepolicy",
398}
399
400property_contexts_test {
401 name: "odm_property_contexts_test",
402 srcs: [
403 ":plat_property_contexts",
404 ":system_ext_property_contexts",
405 ":product_property_contexts",
406 ":vendor_property_contexts",
407 ":odm_property_contexts",
408 ],
409 sepolicy: ":precompiled_sepolicy",
410}
411
412service_contexts_test {
413 name: "plat_service_contexts_test",
414 srcs: [":plat_service_contexts"],
415 sepolicy: ":precompiled_sepolicy",
416}
417
418service_contexts_test {
419 name: "system_ext_service_contexts_test",
420 srcs: [":system_ext_service_contexts"],
421 sepolicy: ":precompiled_sepolicy",
422}
423
424service_contexts_test {
425 name: "product_service_contexts_test",
426 srcs: [":product_service_contexts"],
427 sepolicy: ":precompiled_sepolicy",
428}
429
430service_contexts_test {
431 name: "vendor_service_contexts_test",
432 srcs: [":vendor_service_contexts"],
433 sepolicy: ":precompiled_sepolicy",
434}