Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / baa93cc651227cf92760545d5283b021b853a774 / . / build / soong / selinux_contexts.go
blob: c55fba2bd4a5ac19914bf88822dec0e56d152747 [file] [log] [blame]
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]1// Copyright (C) 2019 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package selinux
16
17import (
18 "fmt"
19 "io"
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]20 "os"
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]21 "strings"
22
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]23 "github.com/google/blueprint"
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]24 "github.com/google/blueprint/proptools"
25
26 "android/soong/android"
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]27 "android/soong/sysprop"
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]28)
29
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]30type selinuxContextsProperties struct {
31 // Filenames under sepolicy directories, which will be used to generate contexts file.
32 Srcs []string `android:"path"`
33
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]34 // Output file name. Defaults to module name
35 Stem *string
36
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]37 Product_variables struct {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]38 Address_sanitize struct {
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]39 Srcs []string `android:"path"`
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]40 }
41 }
42
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]43 // Whether the comments in generated contexts file will be removed or not.
44 Remove_comment *bool
45
46 // Whether the result context file is sorted with fc_sort or not.
47 Fc_sort *bool
48
49 // Make this module available when building for recovery
50 Recovery_available *bool
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]51}
52
53type fileContextsProperties struct {
54 // flatten_apex can be used to specify additional sources of file_contexts.
55 // Apex paths, /system/apex/{apex_name}, will be amended to the paths of file_contexts
56 // entries.
57 Flatten_apex struct {
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]58 Srcs []string `android:"path"`
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]59 }
60}
61
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]62type seappProperties struct {
63 // Files containing neverallow rules.
64 Neverallow_files []string `android:"path"`
65
66 // Precompiled sepolicy binary file which will be fed to checkseapp.
67 Sepolicy *string `android:"path"`
68}
69
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]70type selinuxContextsModule struct {
71 android.ModuleBase
72
73 properties selinuxContextsProperties
74 fileContextsProperties fileContextsProperties
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]75 seappProperties seappProperties
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]76 build func(ctx android.ModuleContext, inputs android.Paths) android.Path
77 deps func(ctx android.BottomUpMutatorContext)
78 outputPath android.Path
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]79 installPath android.InstallPath
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]80}
81
82var (
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]83 reuseContextsDepTag = dependencyTag{name: "reuseContexts"}
84 syspropLibraryDepTag = dependencyTag{name: "sysprop_library"}
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]85)
86
87func init() {
88 pctx.HostBinToolVariable("fc_sort", "fc_sort")
89
90 android.RegisterModuleType("file_contexts", fileFactory)
91 android.RegisterModuleType("hwservice_contexts", hwServiceFactory)
92 android.RegisterModuleType("property_contexts", propertyFactory)
93 android.RegisterModuleType("service_contexts", serviceFactory)
Janis Danisevskisc40681f2020-07-25 13:02:29 -0700[diff] [blame]94 android.RegisterModuleType("keystore2_key_contexts", keystoreKeyFactory)
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]95 android.RegisterModuleType("seapp_contexts", seappFactory)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]96}
97
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]98func (m *selinuxContextsModule) InstallInRoot() bool {
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]99 return m.InRecovery()
100}
101
102func (m *selinuxContextsModule) InstallInRecovery() bool {
103 // ModuleBase.InRecovery() checks the image variant
104 return m.InRecovery()
105}
106
107func (m *selinuxContextsModule) onlyInRecovery() bool {
108 // ModuleBase.InstallInRecovery() checks commonProperties.Recovery property
109 return m.ModuleBase.InstallInRecovery()
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]110}
111
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]112func (m *selinuxContextsModule) DepsMutator(ctx android.BottomUpMutatorContext) {
113 if m.deps != nil {
114 m.deps(ctx)
115 }
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]116
117 if m.InRecovery() && !m.onlyInRecovery() {
118 ctx.AddFarVariationDependencies([]blueprint.Variation{
119 {Mutator: "image", Variation: android.CoreVariation},
120 }, reuseContextsDepTag, ctx.ModuleName())
121 }
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]122}
123
124func (m *selinuxContextsModule) propertyContextsDeps(ctx android.BottomUpMutatorContext) {
125 for _, lib := range sysprop.SyspropLibraries(ctx.Config()) {
126 ctx.AddFarVariationDependencies([]blueprint.Variation{}, syspropLibraryDepTag, lib)
127 }
128}
129
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]130func (m *selinuxContextsModule) stem() string {
131 return proptools.StringDefault(m.properties.Stem, m.Name())
132}
133
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]134func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]135 if m.InRecovery() {
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]136 // Installing context files at the root of the recovery partition
137 m.installPath = android.PathForModuleInstall(ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]138 } else {
139 m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
140 }
141
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]142 if m.InRecovery() && !m.onlyInRecovery() {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]143 dep := ctx.GetDirectDepWithTag(m.Name(), reuseContextsDepTag)
144
145 if reuseDeps, ok := dep.(*selinuxContextsModule); ok {
146 m.outputPath = reuseDeps.outputPath
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]147 ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]148 return
149 }
150 }
151
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]152 m.outputPath = m.build(ctx, android.PathsForModuleSrc(ctx, m.properties.Srcs))
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]153 ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]154}
155
156func newModule() *selinuxContextsModule {
157 m := &selinuxContextsModule{}
158 m.AddProperties(
159 &m.properties,
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]160 &m.fileContextsProperties,
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]161 &m.seappProperties,
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]162 )
163 android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
164 android.AddLoadHook(m, func(ctx android.LoadHookContext) {
165 m.selinuxContextsHook(ctx)
166 })
167 return m
168}
169
170func (m *selinuxContextsModule) selinuxContextsHook(ctx android.LoadHookContext) {
171 // TODO: clean this up to use build/soong/android/variable.go after b/79249983
172 var srcs []string
173
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]174 for _, sanitize := range ctx.Config().SanitizeDevice() {
175 if sanitize == "address" {
176 srcs = append(srcs, m.properties.Product_variables.Address_sanitize.Srcs...)
177 break
178 }
179 }
180
181 m.properties.Srcs = append(m.properties.Srcs, srcs...)
182}
183
184func (m *selinuxContextsModule) AndroidMk() android.AndroidMkData {
Colin Crossf82aed02021-11-04 17:25:55 -0700[diff] [blame]185 nameSuffix := ""
186 if m.InRecovery() && !m.onlyInRecovery() {
187 nameSuffix = ".recovery"
188 }
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]189 return android.AndroidMkData{
Colin Crossf82aed02021-11-04 17:25:55 -0700[diff] [blame]190 Class: "ETC",
191 OutputFile: android.OptionalPathForPath(m.outputPath),
192 SubName: nameSuffix,
193 Extra: []android.AndroidMkExtraFunc{
194 func(w io.Writer, outputFile android.Path) {
195 fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.ToMakePath().String())
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]196 fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.stem())
Colin Crossf82aed02021-11-04 17:25:55 -0700[diff] [blame]197 },
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]198 },
199 }
200}
201
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]202func (m *selinuxContextsModule) ImageMutatorBegin(ctx android.BaseModuleContext) {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]203 if proptools.Bool(m.properties.Recovery_available) && m.ModuleBase.InstallInRecovery() {
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]204 ctx.PropertyErrorf("recovery_available",
205 "doesn't make sense at the same time as `recovery: true`")
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]206 }
207}
208
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]209func (m *selinuxContextsModule) CoreVariantNeeded(ctx android.BaseModuleContext) bool {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]210 return !m.ModuleBase.InstallInRecovery()
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]211}
212
213func (m *selinuxContextsModule) RamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
214 return false
215}
216
217func (m *selinuxContextsModule) VendorRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
218 return false
219}
220
Inseob Kim6cc75f42021-04-29 13:53:20 +0000[diff] [blame]221func (m *selinuxContextsModule) DebugRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
222 return false
223}
224
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]225func (m *selinuxContextsModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]226 return m.ModuleBase.InstallInRecovery() || proptools.Bool(m.properties.Recovery_available)
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]227}
228
229func (m *selinuxContextsModule) ExtraImageVariations(ctx android.BaseModuleContext) []string {
230 return nil
231}
232
233func (m *selinuxContextsModule) SetImageVariation(ctx android.BaseModuleContext, variation string, module android.Module) {
234}
235
236var _ android.ImageInterface = (*selinuxContextsModule)(nil)
237
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]238func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]239 builtContext := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]240
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]241 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]242
243 rule.Command().
Dan Willemsen3c3e59b2019-06-19 10:52:50 -0700[diff] [blame]244 Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
245 Text("--fatal-warnings -s").
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]246 FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
247 Inputs(inputs).
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]248 FlagWithOutput("> ", builtContext)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]249
250 if proptools.Bool(m.properties.Remove_comment) {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]251 rule.Temporary(builtContext)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]252
253 remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
254
255 rule.Command().
256 Text("sed -e 's/#.*$//' -e '/^$/d'").
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]257 Input(builtContext).
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]258 FlagWithOutput("> ", remove_comment_output)
259
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]260 builtContext = remove_comment_output
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]261 }
262
263 if proptools.Bool(m.properties.Fc_sort) {
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]264 rule.Temporary(builtContext)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]265
266 sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
267
268 rule.Command().
269 Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]270 FlagWithInput("-i ", builtContext).
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]271 FlagWithOutput("-o ", sorted_output)
272
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]273 builtContext = sorted_output
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]274 }
275
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]276 ret := android.PathForModuleGen(ctx, m.stem())
277 rule.Temporary(builtContext)
278 rule.Command().Text("cp").Input(builtContext).Output(ret)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]279
280 rule.DeleteTemporaryFiles()
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]281 rule.Build("selinux_contexts", "building contexts: "+m.Name())
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]282
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]283 return ret
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]284}
285
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]286func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]287 if m.properties.Fc_sort == nil {
288 m.properties.Fc_sort = proptools.BoolPtr(true)
289 }
290
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]291 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]292
293 if ctx.Config().FlattenApex() {
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]294 for _, path := range android.PathsForModuleSrc(ctx, m.fileContextsProperties.Flatten_apex.Srcs) {
295 out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
296 apex_path := "/system/apex/" + strings.Replace(
297 strings.TrimSuffix(path.Base(), "-file_contexts"),
298 ".", "\\\\.", -1)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]299
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]300 rule.Command().
301 Text("awk '/object_r/{printf(\""+apex_path+"%s\\n\",$0)}'").
302 Input(path).
303 FlagWithOutput("> ", out)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]304
Inseob Kim6d3d5a62021-12-21 20:55:32 +0900[diff] [blame]305 inputs = append(inputs, out)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]306 }
307 }
308
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]309 rule.Build(m.Name(), "flattened_apex_file_contexts")
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]310 return m.buildGeneralContexts(ctx, inputs)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]311}
312
313func fileFactory() android.Module {
314 m := newModule()
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]315 m.build = m.buildFileContexts
316 return m
317}
318
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]319func (m *selinuxContextsModule) buildHwServiceContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]320 if m.properties.Remove_comment == nil {
321 m.properties.Remove_comment = proptools.BoolPtr(true)
322 }
323
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]324 return m.buildGeneralContexts(ctx, inputs)
325}
326
Inseob Kim2bcc0452020-12-21 13:16:44 +0900[diff] [blame]327func (m *selinuxContextsModule) checkVendorPropertyNamespace(ctx android.ModuleContext, inputs android.Paths) android.Paths {
328 shippingApiLevel := ctx.DeviceConfig().ShippingApiLevel()
329 ApiLevelR := android.ApiLevelOrPanic(ctx, "R")
330
331 rule := android.NewRuleBuilder(pctx, ctx)
332
333 // This list is from vts_treble_sys_prop_test.
334 allowedPropertyPrefixes := []string{
335 "ctl.odm.",
336 "ctl.vendor.",
337 "ctl.start$odm.",
338 "ctl.start$vendor.",
339 "ctl.stop$odm.",
340 "ctl.stop$vendor.",
341 "init.svc.odm.",
342 "init.svc.vendor.",
343 "ro.boot.",
344 "ro.hardware.",
345 "ro.odm.",
346 "ro.vendor.",
347 "odm.",
348 "persist.odm.",
349 "persist.vendor.",
350 "vendor.",
351 }
352
353 // persist.camera is also allowed for devices launching with R or eariler
354 if shippingApiLevel.LessThanOrEqualTo(ApiLevelR) {
355 allowedPropertyPrefixes = append(allowedPropertyPrefixes, "persist.camera.")
356 }
357
358 var allowedContextPrefixes []string
359
360 if shippingApiLevel.GreaterThanOrEqualTo(ApiLevelR) {
361 // This list is from vts_treble_sys_prop_test.
362 allowedContextPrefixes = []string{
363 "vendor_",
364 "odm_",
365 }
366 }
367
368 var ret android.Paths
369 for _, input := range inputs {
370 cmd := rule.Command().
371 BuiltTool("check_prop_prefix").
372 FlagWithInput("--property-contexts ", input).
373 FlagForEachArg("--allowed-property-prefix ", proptools.ShellEscapeList(allowedPropertyPrefixes)). // contains shell special character '$'
374 FlagForEachArg("--allowed-context-prefix ", allowedContextPrefixes)
375
376 if !ctx.DeviceConfig().BuildBrokenVendorPropertyNamespace() {
377 cmd.Flag("--strict")
378 }
379
380 out := android.PathForModuleGen(ctx, "namespace_checked").Join(ctx, input.String())
381 rule.Command().Text("cp -f").Input(input).Output(out)
382 ret = append(ret, out)
383 }
384 rule.Build("check_namespace", "checking namespace of "+ctx.ModuleName())
385 return ret
386}
387
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]388func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Inseob Kim2bcc0452020-12-21 13:16:44 +0900[diff] [blame]389 // vendor/odm properties are enforced for devices launching with Android Q or later. So, if
390 // vendor/odm, make sure that only vendor/odm properties exist.
391 shippingApiLevel := ctx.DeviceConfig().ShippingApiLevel()
392 ApiLevelQ := android.ApiLevelOrPanic(ctx, "Q")
393 if (ctx.SocSpecific() || ctx.DeviceSpecific()) && shippingApiLevel.GreaterThanOrEqualTo(ApiLevelQ) {
394 inputs = m.checkVendorPropertyNamespace(ctx, inputs)
395 }
396
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]397 builtCtxFile := m.buildGeneralContexts(ctx, inputs)
398
399 var apiFiles android.Paths
400 ctx.VisitDirectDepsWithTag(syspropLibraryDepTag, func(c android.Module) {
Inseob Kim3a3539a2021-01-15 18:10:29 +0900[diff] [blame]401 i, ok := c.(interface{ CurrentSyspropApiFile() android.OptionalPath })
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]402 if !ok {
403 panic(fmt.Errorf("unknown dependency %q for %q", ctx.OtherModuleName(c), ctx.ModuleName()))
404 }
Inseob Kim3a3539a2021-01-15 18:10:29 +0900[diff] [blame]405 if api := i.CurrentSyspropApiFile(); api.Valid() {
406 apiFiles = append(apiFiles, api.Path())
407 }
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]408 })
409
410 // check compatibility with sysprop_library
411 if len(apiFiles) > 0 {
412 out := android.PathForModuleGen(ctx, ctx.ModuleName()+"_api_checked")
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]413 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]414
415 msg := `\n******************************\n` +
416 `API of sysprop_library doesn't match with property_contexts\n` +
417 `Please fix the breakage and rebuild.\n` +
418 `******************************\n`
419
420 rule.Command().
421 Text("( ").
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]422 BuiltTool("sysprop_type_checker").
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]423 FlagForEachInput("--api ", apiFiles).
424 FlagWithInput("--context ", builtCtxFile).
425 Text(" || ( echo").Flag("-e").
426 Flag(`"` + msg + `"`).
427 Text("; exit 38) )")
428
429 rule.Command().Text("cp -f").Input(builtCtxFile).Output(out)
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]430 rule.Build("property_contexts_check_api", "checking API: "+m.Name())
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]431 builtCtxFile = out
432 }
433
434 return builtCtxFile
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]435}
436
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]437func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
438 neverallowFile := android.PathForModuleGen(ctx, "neverallow")
439 ret := android.PathForModuleGen(ctx, m.stem())
440
441 rule := android.NewRuleBuilder(pctx, ctx)
442 rule.Command().Text("(grep").
443 Flag("-ihe").
444 Text("'^neverallow'").
445 Inputs(android.PathsForModuleSrc(ctx, m.seappProperties.Neverallow_files)).
446 Text(os.DevNull). // to make grep happy even when Neverallow_files is empty
447 Text(">").
448 Output(neverallowFile).
449 Text("|| true)") // to make ninja happy even when result is empty
450
451 rule.Temporary(neverallowFile)
452 rule.Command().BuiltTool("checkseapp").
453 FlagWithInput("-p ", android.PathForModuleSrc(ctx, proptools.String(m.seappProperties.Sepolicy))).
454 FlagWithOutput("-o ", ret).
455 Inputs(inputs).
456 Input(neverallowFile)
457
458 rule.Build("seapp_contexts", "Building seapp_contexts: "+m.Name())
459 return ret
460}
461
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]462func hwServiceFactory() android.Module {
463 m := newModule()
464 m.build = m.buildHwServiceContexts
465 return m
466}
467
468func propertyFactory() android.Module {
469 m := newModule()
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]470 m.build = m.buildPropertyContexts
471 m.deps = m.propertyContextsDeps
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]472 return m
473}
474
475func serviceFactory() android.Module {
476 m := newModule()
477 m.build = m.buildGeneralContexts
478 return m
479}
Janis Danisevskisc40681f2020-07-25 13:02:29 -0700[diff] [blame]480
481func keystoreKeyFactory() android.Module {
482 m := newModule()
483 m.build = m.buildGeneralContexts
484 return m
485}
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]486
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]487func seappFactory() android.Module {
488 m := newModule()
489 m.build = m.buildSeappContexts
490 return m
491}
492
Yuntao Xu42e732c2021-11-18 22:33:02 +0000[diff] [blame]493var _ android.OutputFileProducer = (*selinuxContextsModule)(nil)
494
495// Implements android.OutputFileProducer
496func (m *selinuxContextsModule) OutputFiles(tag string) (android.Paths, error) {
497 if tag == "" {
498 return []android.Path{m.outputPath}, nil
499 }
500 return nil, fmt.Errorf("unsupported module reference tag %q", tag)
501}