Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c281113ea82afbf5e99f3ef6450da398c8856a56 / . / build / soong / selinux_contexts.go
blob: 5d32e1187c7626d9871c14a7e73115bd22919bed [file] [log] [blame]
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]1// Copyright (C) 2019 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package selinux
16
17import (
18 "fmt"
19 "io"
20 "strings"
21
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]22 "github.com/google/blueprint"
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]23 "github.com/google/blueprint/proptools"
24
25 "android/soong/android"
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]26 "android/soong/sysprop"
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]27)
28
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]29type selinuxContextsProperties struct {
30 // Filenames under sepolicy directories, which will be used to generate contexts file.
31 Srcs []string `android:"path"`
32
33 Product_variables struct {
34 Debuggable struct {
35 Srcs []string
36 }
37
38 Address_sanitize struct {
39 Srcs []string
40 }
41 }
42
43 // Whether reqd_mask directory is included to sepolicy directories or not.
44 Reqd_mask *bool
45
46 // Whether the comments in generated contexts file will be removed or not.
47 Remove_comment *bool
48
49 // Whether the result context file is sorted with fc_sort or not.
50 Fc_sort *bool
51
52 // Make this module available when building for recovery
53 Recovery_available *bool
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]54}
55
56type fileContextsProperties struct {
57 // flatten_apex can be used to specify additional sources of file_contexts.
58 // Apex paths, /system/apex/{apex_name}, will be amended to the paths of file_contexts
59 // entries.
60 Flatten_apex struct {
61 Srcs []string
62 }
63}
64
65type selinuxContextsModule struct {
66 android.ModuleBase
67
68 properties selinuxContextsProperties
69 fileContextsProperties fileContextsProperties
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]70 build func(ctx android.ModuleContext, inputs android.Paths) android.Path
71 deps func(ctx android.BottomUpMutatorContext)
72 outputPath android.Path
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]73 installPath android.InstallPath
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]74}
75
76var (
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]77 reuseContextsDepTag = dependencyTag{name: "reuseContexts"}
78 syspropLibraryDepTag = dependencyTag{name: "sysprop_library"}
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]79)
80
81func init() {
82 pctx.HostBinToolVariable("fc_sort", "fc_sort")
83
84 android.RegisterModuleType("file_contexts", fileFactory)
85 android.RegisterModuleType("hwservice_contexts", hwServiceFactory)
86 android.RegisterModuleType("property_contexts", propertyFactory)
87 android.RegisterModuleType("service_contexts", serviceFactory)
Janis Danisevskisc40681f2020-07-25 13:02:29 -0700[diff] [blame]88 android.RegisterModuleType("keystore2_key_contexts", keystoreKeyFactory)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]89}
90
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]91func (m *selinuxContextsModule) InstallInRoot() bool {
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]92 return m.InRecovery()
93}
94
95func (m *selinuxContextsModule) InstallInRecovery() bool {
96 // ModuleBase.InRecovery() checks the image variant
97 return m.InRecovery()
98}
99
100func (m *selinuxContextsModule) onlyInRecovery() bool {
101 // ModuleBase.InstallInRecovery() checks commonProperties.Recovery property
102 return m.ModuleBase.InstallInRecovery()
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]103}
104
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]105func (m *selinuxContextsModule) DepsMutator(ctx android.BottomUpMutatorContext) {
106 if m.deps != nil {
107 m.deps(ctx)
108 }
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]109
110 if m.InRecovery() && !m.onlyInRecovery() {
111 ctx.AddFarVariationDependencies([]blueprint.Variation{
112 {Mutator: "image", Variation: android.CoreVariation},
113 }, reuseContextsDepTag, ctx.ModuleName())
114 }
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]115}
116
117func (m *selinuxContextsModule) propertyContextsDeps(ctx android.BottomUpMutatorContext) {
118 for _, lib := range sysprop.SyspropLibraries(ctx.Config()) {
119 ctx.AddFarVariationDependencies([]blueprint.Variation{}, syspropLibraryDepTag, lib)
120 }
121}
122
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]123func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]124 if m.InRecovery() {
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]125 // Installing context files at the root of the recovery partition
126 m.installPath = android.PathForModuleInstall(ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]127 } else {
128 m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
129 }
130
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]131 if m.InRecovery() && !m.onlyInRecovery() {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]132 dep := ctx.GetDirectDepWithTag(m.Name(), reuseContextsDepTag)
133
134 if reuseDeps, ok := dep.(*selinuxContextsModule); ok {
135 m.outputPath = reuseDeps.outputPath
136 ctx.InstallFile(m.installPath, m.Name(), m.outputPath)
137 return
138 }
139 }
140
141 var inputs android.Paths
142
143 ctx.VisitDirectDepsWithTag(android.SourceDepTag, func(dep android.Module) {
144 segroup, ok := dep.(*fileGroup)
145 if !ok {
146 ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup",
147 ctx.OtherModuleName(dep))
148 return
149 }
150
151 if ctx.ProductSpecific() {
152 inputs = append(inputs, segroup.ProductPrivateSrcs()...)
153 } else if ctx.SocSpecific() {
Inseob Kim8ada8a72020-11-09 20:58:58 +0900[diff] [blame]154 if ctx.DeviceConfig().BoardSepolicyVers() == ctx.DeviceConfig().PlatformSepolicyVersion() {
155 inputs = append(inputs, segroup.SystemVendorSrcs()...)
156 }
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]157 inputs = append(inputs, segroup.VendorSrcs()...)
158 } else if ctx.DeviceSpecific() {
159 inputs = append(inputs, segroup.OdmSrcs()...)
Bowgo Tsai86a048d2019-09-09 22:04:06 +0800[diff] [blame]160 } else if ctx.SystemExtSpecific() {
161 inputs = append(inputs, segroup.SystemExtPrivateSrcs()...)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]162 } else {
163 inputs = append(inputs, segroup.SystemPrivateSrcs()...)
Felix342b58a2020-03-02 16:13:12 +0100[diff] [blame]164 inputs = append(inputs, segroup.SystemPublicSrcs()...)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]165 }
166
167 if proptools.Bool(m.properties.Reqd_mask) {
Inseob Kim8ada8a72020-11-09 20:58:58 +0900[diff] [blame]168 if ctx.SocSpecific() || ctx.DeviceSpecific() {
169 inputs = append(inputs, segroup.VendorReqdMaskSrcs()...)
170 } else {
171 inputs = append(inputs, segroup.SystemReqdMaskSrcs()...)
172 }
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]173 }
174 })
175
176 for _, src := range m.properties.Srcs {
177 // Module sources are handled above with VisitDirectDepsWithTag
178 if android.SrcIsModule(src) == "" {
179 inputs = append(inputs, android.PathForModuleSrc(ctx, src))
180 }
181 }
182
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]183 m.outputPath = m.build(ctx, inputs)
184 ctx.InstallFile(m.installPath, ctx.ModuleName(), m.outputPath)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]185}
186
187func newModule() *selinuxContextsModule {
188 m := &selinuxContextsModule{}
189 m.AddProperties(
190 &m.properties,
191 )
192 android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
193 android.AddLoadHook(m, func(ctx android.LoadHookContext) {
194 m.selinuxContextsHook(ctx)
195 })
196 return m
197}
198
199func (m *selinuxContextsModule) selinuxContextsHook(ctx android.LoadHookContext) {
200 // TODO: clean this up to use build/soong/android/variable.go after b/79249983
201 var srcs []string
202
203 if ctx.Config().Debuggable() {
204 srcs = append(srcs, m.properties.Product_variables.Debuggable.Srcs...)
205 }
206
207 for _, sanitize := range ctx.Config().SanitizeDevice() {
208 if sanitize == "address" {
209 srcs = append(srcs, m.properties.Product_variables.Address_sanitize.Srcs...)
210 break
211 }
212 }
213
214 m.properties.Srcs = append(m.properties.Srcs, srcs...)
215}
216
217func (m *selinuxContextsModule) AndroidMk() android.AndroidMkData {
218 return android.AndroidMkData{
219 Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
220 nameSuffix := ""
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]221 if m.InRecovery() && !m.onlyInRecovery() {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]222 nameSuffix = ".recovery"
223 }
224 fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)")
225 fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
226 fmt.Fprintln(w, "LOCAL_MODULE :=", name+nameSuffix)
Bob Badour4eeb6a22021-01-07 03:34:31 +0000[diff] [blame]227 data.Entries.WriteLicenseVariables(w)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]228 fmt.Fprintln(w, "LOCAL_MODULE_CLASS := ETC")
229 if m.Owner() != "" {
230 fmt.Fprintln(w, "LOCAL_MODULE_OWNER :=", m.Owner())
231 }
232 fmt.Fprintln(w, "LOCAL_MODULE_TAGS := optional")
233 fmt.Fprintln(w, "LOCAL_PREBUILT_MODULE_FILE :=", m.outputPath.String())
Colin Cross040f1512019-10-02 10:36:09 -0700[diff] [blame]234 fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.ToMakePath().String())
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]235 fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", name)
236 fmt.Fprintln(w, "include $(BUILD_PREBUILT)")
237 },
238 }
239}
240
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]241func (m *selinuxContextsModule) ImageMutatorBegin(ctx android.BaseModuleContext) {
242 if proptools.Bool(m.properties.Recovery_available) && m.InstallInRecovery() {
243 ctx.PropertyErrorf("recovery_available",
244 "doesn't make sense at the same time as `recovery: true`")
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]245 }
246}
247
Inseob Kimfa6fe472021-01-12 13:40:27 +0900[diff] [blame]248func (m *selinuxContextsModule) CoreVariantNeeded(ctx android.BaseModuleContext) bool {
249 return !m.InstallInRecovery()
250}
251
252func (m *selinuxContextsModule) RamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
253 return false
254}
255
256func (m *selinuxContextsModule) VendorRamdiskVariantNeeded(ctx android.BaseModuleContext) bool {
257 return false
258}
259
260func (m *selinuxContextsModule) RecoveryVariantNeeded(ctx android.BaseModuleContext) bool {
261 return m.InstallInRecovery() || proptools.Bool(m.properties.Recovery_available)
262}
263
264func (m *selinuxContextsModule) ExtraImageVariations(ctx android.BaseModuleContext) []string {
265 return nil
266}
267
268func (m *selinuxContextsModule) SetImageVariation(ctx android.BaseModuleContext, variation string, module android.Module) {
269}
270
271var _ android.ImageInterface = (*selinuxContextsModule)(nil)
272
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]273func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
274 ret := android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]275
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]276 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]277
278 rule.Command().
Dan Willemsen3c3e59b2019-06-19 10:52:50 -0700[diff] [blame]279 Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
280 Text("--fatal-warnings -s").
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]281 FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
282 Inputs(inputs).
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]283 FlagWithOutput("> ", ret)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]284
285 if proptools.Bool(m.properties.Remove_comment) {
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]286 rule.Temporary(ret)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]287
288 remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
289
290 rule.Command().
291 Text("sed -e 's/#.*$//' -e '/^$/d'").
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]292 Input(ret).
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]293 FlagWithOutput("> ", remove_comment_output)
294
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]295 ret = remove_comment_output
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]296 }
297
298 if proptools.Bool(m.properties.Fc_sort) {
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]299 rule.Temporary(ret)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]300
301 sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
302
303 rule.Command().
304 Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]305 FlagWithInput("-i ", ret).
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]306 FlagWithOutput("-o ", sorted_output)
307
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]308 ret = sorted_output
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]309 }
310
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]311 rule.Build("selinux_contexts", "building contexts: "+m.Name())
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]312
313 rule.DeleteTemporaryFiles()
314
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]315 return ret
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]316}
317
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]318func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]319 if m.properties.Fc_sort == nil {
320 m.properties.Fc_sort = proptools.BoolPtr(true)
321 }
322
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]323 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]324
325 if ctx.Config().FlattenApex() {
326 for _, src := range m.fileContextsProperties.Flatten_apex.Srcs {
327 if m := android.SrcIsModule(src); m != "" {
328 ctx.ModuleErrorf(
329 "Module srcs dependency %q is not supported for flatten_apex.srcs", m)
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]330 return nil
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]331 }
332 for _, path := range android.PathsForModuleSrcExcludes(ctx, []string{src}, nil) {
333 out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
334 apex_path := "/system/apex/" + strings.Replace(
335 strings.TrimSuffix(path.Base(), "-file_contexts"),
336 ".", "\\\\.", -1)
337
338 rule.Command().
339 Text("awk '/object_r/{printf(\""+apex_path+"%s\\n\",$0)}'").
340 Input(path).
341 FlagWithOutput("> ", out)
342
343 inputs = append(inputs, out)
344 }
345 }
346 }
347
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]348 rule.Build(m.Name(), "flattened_apex_file_contexts")
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]349 return m.buildGeneralContexts(ctx, inputs)
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]350}
351
352func fileFactory() android.Module {
353 m := newModule()
354 m.AddProperties(&m.fileContextsProperties)
355 m.build = m.buildFileContexts
356 return m
357}
358
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]359func (m *selinuxContextsModule) buildHwServiceContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]360 if m.properties.Remove_comment == nil {
361 m.properties.Remove_comment = proptools.BoolPtr(true)
362 }
363
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]364 return m.buildGeneralContexts(ctx, inputs)
365}
366
367func (m *selinuxContextsModule) buildPropertyContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
368 builtCtxFile := m.buildGeneralContexts(ctx, inputs)
369
370 var apiFiles android.Paths
371 ctx.VisitDirectDepsWithTag(syspropLibraryDepTag, func(c android.Module) {
Inseob Kim3a3539a2021-01-15 18:10:29 +0900[diff] [blame]372 i, ok := c.(interface{ CurrentSyspropApiFile() android.OptionalPath })
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]373 if !ok {
374 panic(fmt.Errorf("unknown dependency %q for %q", ctx.OtherModuleName(c), ctx.ModuleName()))
375 }
Inseob Kim3a3539a2021-01-15 18:10:29 +0900[diff] [blame]376 if api := i.CurrentSyspropApiFile(); api.Valid() {
377 apiFiles = append(apiFiles, api.Path())
378 }
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]379 })
380
381 // check compatibility with sysprop_library
382 if len(apiFiles) > 0 {
383 out := android.PathForModuleGen(ctx, ctx.ModuleName()+"_api_checked")
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]384 rule := android.NewRuleBuilder(pctx, ctx)
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]385
386 msg := `\n******************************\n` +
387 `API of sysprop_library doesn't match with property_contexts\n` +
388 `Please fix the breakage and rebuild.\n` +
389 `******************************\n`
390
391 rule.Command().
392 Text("( ").
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]393 BuiltTool("sysprop_type_checker").
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]394 FlagForEachInput("--api ", apiFiles).
395 FlagWithInput("--context ", builtCtxFile).
396 Text(" || ( echo").Flag("-e").
397 Flag(`"` + msg + `"`).
398 Text("; exit 38) )")
399
400 rule.Command().Text("cp -f").Input(builtCtxFile).Output(out)
Colin Cross242c8bc2020-11-16 17:58:17 -0800[diff] [blame]401 rule.Build("property_contexts_check_api", "checking API: "+m.Name())
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]402 builtCtxFile = out
403 }
404
405 return builtCtxFile
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]406}
407
408func hwServiceFactory() android.Module {
409 m := newModule()
410 m.build = m.buildHwServiceContexts
411 return m
412}
413
414func propertyFactory() android.Module {
415 m := newModule()
Inseob Kimcd616492020-03-24 23:06:40 +0900[diff] [blame]416 m.build = m.buildPropertyContexts
417 m.deps = m.propertyContextsDeps
Inseob Kimb554e592019-04-15 20:10:46 +0900[diff] [blame]418 return m
419}
420
421func serviceFactory() android.Module {
422 m := newModule()
423 m.build = m.buildGeneralContexts
424 return m
425}
Janis Danisevskisc40681f2020-07-25 13:02:29 -0700[diff] [blame]426
427func keystoreKeyFactory() android.Module {
428 m := newModule()
429 m.build = m.buildGeneralContexts
430 return m
431}