Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c7596c4e619ea8f77a1ec818df453dbbda22709e / . / contexts / Android.bp
blob: 2a5a0584b0a0123cfaf9570fb83827f60ab6c54b [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -0800[diff] [blame]17package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]26file_contexts {
27 name: "plat_file_contexts",
28 srcs: [":file_contexts_files{.plat_private}"],
29 product_variables: {
30 address_sanitize: {
31 srcs: [":file_contexts_asan_files{.plat_private}"],
32 },
33 debuggable: {
34 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
35 },
36 },
37
38 flatten_apex: {
39 srcs: [":apex_file_contexts_files"],
40 },
41}
42
43file_contexts {
44 name: "plat_file_contexts.recovery",
45 srcs: [":file_contexts_files{.plat_private}"],
46 stem: "plat_file_contexts",
47 product_variables: {
48 address_sanitize: {
49 srcs: [":file_contexts_asan_files{.plat_private}"],
50 },
51 debuggable: {
52 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
53 },
54 },
55
56 flatten_apex: {
57 srcs: [":apex_file_contexts_files"],
58 },
59
60 recovery: true,
61}
62
63file_contexts {
64 name: "vendor_file_contexts",
65 srcs: [
66 ":file_contexts_files{.plat_vendor_for_vendor}",
67 ":file_contexts_files{.vendor}",
68 ],
69 soc_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]70}
71
72file_contexts {
73 name: "vendor_file_contexts.recovery",
74 srcs: [
75 ":file_contexts_files{.plat_vendor_for_vendor}",
76 ":file_contexts_files{.vendor}",
77 ],
78 stem: "vendor_file_contexts",
79 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]80}
81
82file_contexts {
83 name: "system_ext_file_contexts",
84 srcs: [":file_contexts_files{.system_ext_private}"],
85 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]86}
87
88file_contexts {
89 name: "system_ext_file_contexts.recovery",
90 srcs: [":file_contexts_files{.system_ext_private}"],
91 stem: "system_ext_file_contexts",
92 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]93}
94
95file_contexts {
96 name: "product_file_contexts",
97 srcs: [":file_contexts_files{.product_private}"],
98 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]99}
100
101file_contexts {
102 name: "product_file_contexts.recovery",
103 srcs: [":file_contexts_files{.product_private}"],
104 stem: "product_file_contexts",
105 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]106}
107
108file_contexts {
109 name: "odm_file_contexts",
110 srcs: [":file_contexts_files{.odm}"],
111 device_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900[diff] [blame]112}
113
114file_contexts {
115 name: "odm_file_contexts.recovery",
116 srcs: [":file_contexts_files{.odm}"],
117 stem: "odm_file_contexts",
118 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900[diff] [blame]119}
120
121hwservice_contexts {
122 name: "plat_hwservice_contexts",
123 srcs: [":hwservice_contexts_files{.plat_private}"],
124}
125
126hwservice_contexts {
127 name: "system_ext_hwservice_contexts",
128 srcs: [":hwservice_contexts_files{.system_ext_private}"],
129 system_ext_specific: true,
130}
131
132hwservice_contexts {
133 name: "product_hwservice_contexts",
134 srcs: [":hwservice_contexts_files{.product_private}"],
135 product_specific: true,
136}
137
138hwservice_contexts {
139 name: "vendor_hwservice_contexts",
140 srcs: [
141 ":hwservice_contexts_files{.plat_vendor_for_vendor}",
142 ":hwservice_contexts_files{.vendor}",
143 ":hwservice_contexts_files{.reqd_mask_for_vendor}",
144 ],
145 soc_specific: true,
146}
147
148hwservice_contexts {
149 name: "odm_hwservice_contexts",
150 srcs: [":hwservice_contexts_files{.odm}"],
151 device_specific: true,
152}
153
154property_contexts {
155 name: "plat_property_contexts",
156 srcs: [":property_contexts_files{.plat_private}"],
157}
158
159property_contexts {
160 name: "plat_property_contexts.recovery",
161 srcs: [":property_contexts_files{.plat_private}"],
162 stem: "plat_property_contexts",
163 recovery: true,
164}
165
166property_contexts {
167 name: "system_ext_property_contexts",
168 srcs: [":property_contexts_files{.system_ext_private}"],
169 system_ext_specific: true,
170 recovery_available: true,
171}
172
173property_contexts {
174 name: "product_property_contexts",
175 srcs: [":property_contexts_files{.product_private}"],
176 product_specific: true,
177 recovery_available: true,
178}
179
180property_contexts {
181 name: "vendor_property_contexts",
182 srcs: [
183 ":property_contexts_files{.plat_vendor_for_vendor}",
184 ":property_contexts_files{.vendor}",
185 ":property_contexts_files{.reqd_mask_for_vendor}",
186 ],
187 soc_specific: true,
188 recovery_available: true,
189}
190
191property_contexts {
192 name: "odm_property_contexts",
193 srcs: [":property_contexts_files{.odm}"],
194 device_specific: true,
195 recovery_available: true,
196}
197
198service_contexts {
199 name: "plat_service_contexts",
200 srcs: [":service_contexts_files{.plat_private}"],
201}
202
203service_contexts {
204 name: "plat_service_contexts.recovery",
205 srcs: [":service_contexts_files{.plat_private}"],
206 stem: "plat_service_contexts",
207 recovery: true,
208}
209
210service_contexts {
211 name: "system_ext_service_contexts",
212 srcs: [":service_contexts_files{.system_ext_private}"],
213 system_ext_specific: true,
214 recovery_available: true,
215}
216
217service_contexts {
218 name: "product_service_contexts",
219 srcs: [":service_contexts_files{.product_private}"],
220 product_specific: true,
221 recovery_available: true,
222}
223
224service_contexts {
225 name: "vendor_service_contexts",
226 srcs: [
227 ":service_contexts_files{.plat_vendor_for_vendor}",
228 ":service_contexts_files{.vendor}",
229 ":service_contexts_files{.reqd_mask_for_vendor}",
230 ],
231 soc_specific: true,
232 recovery_available: true,
233}
234
235keystore2_key_contexts {
236 name: "plat_keystore2_key_contexts",
237 srcs: [":keystore2_key_contexts_files{.plat_private}"],
238}
239
240keystore2_key_contexts {
241 name: "system_keystore2_key_contexts",
242 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
243 system_ext_specific: true,
244}
245
246keystore2_key_contexts {
247 name: "product_keystore2_key_contexts",
248 srcs: [":keystore2_key_contexts_files{.product_private}"],
249 product_specific: true,
250}
251
252keystore2_key_contexts {
253 name: "vendor_keystore2_key_contexts",
254 srcs: [
255 ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
256 ":keystore2_key_contexts_files{.vendor}",
257 ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
258 ],
259 soc_specific: true,
260}
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]261
262seapp_contexts {
263 name: "plat_seapp_contexts",
264 srcs: [":seapp_contexts_files{.plat_private}"],
265 sepolicy: ":precompiled_sepolicy",
266}
267
268seapp_contexts {
269 name: "system_ext_seapp_contexts",
270 srcs: [":seapp_contexts_files{.system_ext_private}"],
271 neverallow_files: [":seapp_contexts_files{.plat_private}"],
272 system_ext_specific: true,
273 sepolicy: ":precompiled_sepolicy",
274}
275
276seapp_contexts {
277 name: "product_seapp_contexts",
278 srcs: [":seapp_contexts_files{.product_private}"],
279 neverallow_files: [
280 ":seapp_contexts_files{.plat_private}",
281 ":seapp_contexts_files{.system_ext_private}",
282 ],
283 product_specific: true,
284 sepolicy: ":precompiled_sepolicy",
285}
286
287seapp_contexts {
288 name: "vendor_seapp_contexts",
289 srcs: [
290 ":seapp_contexts_files{.plat_vendor_for_vendor}",
291 ":seapp_contexts_files{.vendor}",
292 ":seapp_contexts_files{.reqd_mask_for_vendor}",
293 ],
294 neverallow_files: [
295 ":seapp_contexts_files{.plat_private_for_vendor}",
296 ":seapp_contexts_files{.system_ext_private_for_vendor}",
297 ":seapp_contexts_files{.product_private_for_vendor}",
298 ],
299 soc_specific: true,
300 sepolicy: ":precompiled_sepolicy",
301}
302
303seapp_contexts {
304 name: "odm_seapp_contexts",
305 srcs: [
306 ":seapp_contexts_files{.odm}",
307 ],
308 neverallow_files: [
309 ":seapp_contexts_files{.plat_private_for_vendor}",
310 ":seapp_contexts_files{.system_ext_private_for_vendor}",
311 ":seapp_contexts_files{.product_private_for_vendor}",
312 ],
313 device_specific: true,
314 sepolicy: ":precompiled_sepolicy",
315}
316
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame^]317vndservice_contexts {
318 name: "vndservice_contexts",
319 srcs: [
320 ":vndservice_contexts_files{.plat_vendor_for_vendor}",
321 ":vndservice_contexts_files{.vendor}",
322 ":vndservice_contexts_files{.reqd_mask_for_vendor}",
323 ],
324 soc_specific: true,
325}
326
Inseob Kim2dac2672021-12-29 17:54:57 +0900[diff] [blame]327// for CTS
328genrule {
329 name: "plat_seapp_neverallows",
330 srcs: [
331 ":seapp_contexts_files{.plat_private}",
332 ":seapp_contexts_files{.system_ext_private}",
333 ":seapp_contexts_files{.product_private}",
334 ],
335 out: ["plat_seapp_neverallows"],
336 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
337}
Inseob Kimb5e23532022-02-16 02:26:11 +0000[diff] [blame]338
339//////////////////////////////////
340// Run host-side test with contexts files and the sepolicy file
341file_contexts_test {
342 name: "plat_file_contexts_test",
343 srcs: [":plat_file_contexts"],
344 sepolicy: ":precompiled_sepolicy",
345}
346
347file_contexts_test {
348 name: "system_ext_file_contexts_test",
349 srcs: [":system_ext_file_contexts"],
350 sepolicy: ":precompiled_sepolicy",
351}
352
353file_contexts_test {
354 name: "product_file_contexts_test",
355 srcs: [":product_file_contexts"],
356 sepolicy: ":precompiled_sepolicy",
357}
358
359file_contexts_test {
360 name: "vendor_file_contexts_test",
361 srcs: [":vendor_file_contexts"],
362 sepolicy: ":precompiled_sepolicy",
363}
364
365file_contexts_test {
366 name: "odm_file_contexts_test",
367 srcs: [":odm_file_contexts"],
368 sepolicy: ":precompiled_sepolicy",
369}
370
371hwservice_contexts_test {
372 name: "plat_hwservice_contexts_test",
373 srcs: [":plat_hwservice_contexts"],
374 sepolicy: ":precompiled_sepolicy",
375}
376
377hwservice_contexts_test {
378 name: "system_ext_hwservice_contexts_test",
379 srcs: [":system_ext_hwservice_contexts"],
380 sepolicy: ":precompiled_sepolicy",
381}
382
383hwservice_contexts_test {
384 name: "product_hwservice_contexts_test",
385 srcs: [":product_hwservice_contexts"],
386 sepolicy: ":precompiled_sepolicy",
387}
388
389hwservice_contexts_test {
390 name: "vendor_hwservice_contexts_test",
391 srcs: [":vendor_hwservice_contexts"],
392 sepolicy: ":precompiled_sepolicy",
393}
394
395hwservice_contexts_test {
396 name: "odm_hwservice_contexts_test",
397 srcs: [":odm_hwservice_contexts"],
398 sepolicy: ":precompiled_sepolicy",
399}
400
401property_contexts_test {
402 name: "plat_property_contexts_test",
403 srcs: [":plat_property_contexts"],
404 sepolicy: ":precompiled_sepolicy",
405}
406
407property_contexts_test {
408 name: "system_ext_property_contexts_test",
409 srcs: [
410 ":plat_property_contexts",
411 ":system_ext_property_contexts",
412 ],
413 sepolicy: ":precompiled_sepolicy",
414}
415
416property_contexts_test {
417 name: "product_property_contexts_test",
418 srcs: [
419 ":plat_property_contexts",
420 ":system_ext_property_contexts",
421 ":product_property_contexts",
422 ],
423 sepolicy: ":precompiled_sepolicy",
424}
425
426property_contexts_test {
427 name: "vendor_property_contexts_test",
428 srcs: [
429 ":plat_property_contexts",
430 ":system_ext_property_contexts",
431 ":product_property_contexts",
432 ":vendor_property_contexts",
433 ],
434 sepolicy: ":precompiled_sepolicy",
435}
436
437property_contexts_test {
438 name: "odm_property_contexts_test",
439 srcs: [
440 ":plat_property_contexts",
441 ":system_ext_property_contexts",
442 ":product_property_contexts",
443 ":vendor_property_contexts",
444 ":odm_property_contexts",
445 ],
446 sepolicy: ":precompiled_sepolicy",
447}
448
449service_contexts_test {
450 name: "plat_service_contexts_test",
451 srcs: [":plat_service_contexts"],
452 sepolicy: ":precompiled_sepolicy",
453}
454
455service_contexts_test {
456 name: "system_ext_service_contexts_test",
457 srcs: [":system_ext_service_contexts"],
458 sepolicy: ":precompiled_sepolicy",
459}
460
461service_contexts_test {
462 name: "product_service_contexts_test",
463 srcs: [":product_service_contexts"],
464 sepolicy: ":precompiled_sepolicy",
465}
466
467service_contexts_test {
468 name: "vendor_service_contexts_test",
469 srcs: [":vendor_service_contexts"],
470 sepolicy: ":precompiled_sepolicy",
471}
Inseob Kimc7596c42022-02-25 11:45:41 +0900[diff] [blame^]472
473vndservice_contexts_test {
474 name: "vndservice_contexts_test",
475 srcs: [":vndservice_contexts"],
476 sepolicy: ":precompiled_sepolicy",
477}