Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ef567215557e70ef6f68f6d615c43fb8dfdfd4ef / . / microdroid / Android.bp
blob: d1dcff0fb15b36317315fedbcb1185982bb79120 [file] [log] [blame]
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package {
16 // http://go/android-license-faq
17 // A large-scale-change added 'default_applicable_licenses' to import
18 // the below license kinds from "system_sepolicy_license":
19 // SPDX-license-identifier-Apache-2.0
20 default_applicable_licenses: ["system_sepolicy_license"],
21}
22
23system_policy_files = [
24 "system/private/security_classes",
25 "system/private/initial_sids",
26 "system/private/access_vectors",
27 "system/public/global_macros",
28 "system/public/neverallow_macros",
29 "system/private/mls_macros",
30 "system/private/mls_decl",
31 "system/private/mls",
32 "system/private/policy_capabilities",
33 "system/public/te_macros",
34 "system/public/attributes",
35 "system/private/attributes",
36 "system/public/ioctl_defines",
37 "system/public/ioctl_macros",
38 "system/public/*.te",
39 "system/private/*.te",
40 "system/private/roles_decl",
41 "system/public/roles",
42 "system/private/users",
43 "system/private/initial_sid_contexts",
44 "system/private/fs_use",
45 "system/private/genfs_contexts",
46 "system/private/port_contexts",
47]
48
49reqd_mask_files = [
50 "reqd_mask/security_classes",
51 "reqd_mask/initial_sids",
52 "reqd_mask/access_vectors",
53 "reqd_mask/mls_macros",
54 "reqd_mask/mls_decl",
55 "reqd_mask/mls",
56 "reqd_mask/reqd_mask.te",
57 "reqd_mask/roles_decl",
58 "reqd_mask/roles",
59 "reqd_mask/users",
60 "reqd_mask/initial_sid_contexts",
61]
62
63system_public_policy_files = [
64 "reqd_mask/security_classes",
65 "reqd_mask/initial_sids",
66 "reqd_mask/access_vectors",
67 "system/public/global_macros",
68 "system/public/neverallow_macros",
69 "reqd_mask/mls_macros",
70 "reqd_mask/mls_decl",
71 "reqd_mask/mls",
72 "system/public/te_macros",
73 "system/public/attributes",
74 "system/public/ioctl_defines",
75 "system/public/ioctl_macros",
76 "system/public/*.te",
77 "reqd_mask/reqd_mask.te",
78 "reqd_mask/roles_decl",
79 "reqd_mask/roles",
80 "system/public/roles",
81 "reqd_mask/users",
82 "reqd_mask/initial_sid_contexts",
83]
84
85vendor_policy_files = [
86 "reqd_mask/security_classes",
87 "reqd_mask/initial_sids",
88 "reqd_mask/access_vectors",
89 "system/public/global_macros",
90 "system/public/neverallow_macros",
91 "reqd_mask/mls_macros",
92 "reqd_mask/mls_decl",
93 "reqd_mask/mls",
94 "system/public/te_macros",
95 "system/public/attributes",
96 "system/public/ioctl_defines",
97 "system/public/ioctl_macros",
98 "system/public/*.te",
99 "reqd_mask/reqd_mask.te",
100 "vendor/*.te",
101 "reqd_mask/roles_decl",
102 "reqd_mask/roles",
103 "system/public/roles",
104 "reqd_mask/users",
105 "reqd_mask/initial_sid_contexts",
106]
107
108se_policy_conf {
109 name: "microdroid_reqd_policy_mask.conf",
110 srcs: reqd_mask_files,
111 installable: false,
Inseob Kim35e87362022-03-10 13:16:13 +0900[diff] [blame]112 mls_cats: 1,
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]113}
114
115se_policy_cil {
116 name: "microdroid_reqd_policy_mask.cil",
117 src: ":microdroid_reqd_policy_mask.conf",
118 secilc_check: false,
119 installable: false,
120}
121
122se_policy_conf {
123 name: "microdroid_plat_sepolicy.conf",
124 srcs: system_policy_files,
125 installable: false,
Inseob Kim35e87362022-03-10 13:16:13 +0900[diff] [blame]126 mls_cats: 1,
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]127}
128
129se_policy_cil {
130 name: "microdroid_plat_sepolicy.cil",
131 stem: "plat_sepolicy.cil",
132 src: ":microdroid_plat_sepolicy.conf",
133 installable: false,
134}
135
136se_policy_conf {
137 name: "microdroid_plat_pub_policy.conf",
138 srcs: system_public_policy_files,
139 installable: false,
Inseob Kim35e87362022-03-10 13:16:13 +0900[diff] [blame]140 mls_cats: 1,
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]141}
142
143se_policy_cil {
144 name: "microdroid_plat_pub_policy.cil",
145 src: ":microdroid_plat_pub_policy.conf",
146 filter_out: [":microdroid_reqd_policy_mask.cil"],
147 secilc_check: false,
148 installable: false,
149}
150
151se_versioned_policy {
152 name: "microdroid_plat_mapping_file",
153 base: ":microdroid_plat_pub_policy.cil",
154 mapping: true,
155 version: "current",
156 relative_install_path: "mapping", // install to /system/etc/selinux/mapping
157 installable: false,
158}
159
160se_versioned_policy {
161 name: "microdroid_plat_pub_versioned.cil",
162 stem: "plat_pub_versioned.cil",
163 base: ":microdroid_plat_pub_policy.cil",
164 target_policy: ":microdroid_plat_pub_policy.cil",
165 version: "current",
166 dependent_cils: [
167 ":microdroid_plat_sepolicy.cil",
168 ":microdroid_plat_mapping_file",
169 ],
170 installable: false,
171}
172
173se_policy_conf {
174 name: "microdroid_vendor_sepolicy.conf",
175 srcs: vendor_policy_files,
176 installable: false,
Inseob Kim35e87362022-03-10 13:16:13 +0900[diff] [blame]177 mls_cats: 1,
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]178}
179
180se_policy_cil {
181 name: "microdroid_vendor_sepolicy.cil.raw",
182 src: ":microdroid_vendor_sepolicy.conf",
183 filter_out: [":microdroid_reqd_policy_mask.cil"],
184 secilc_check: false, // will be done in se_versioned_policy module
185 installable: false,
186}
187
188se_versioned_policy {
189 name: "microdroid_vendor_sepolicy.cil",
190 stem: "vendor_sepolicy.cil",
191 base: ":microdroid_plat_pub_policy.cil",
192 target_policy: ":microdroid_vendor_sepolicy.cil.raw",
193 version: "current", // microdroid is bundled to system
194 dependent_cils: [
195 ":microdroid_plat_sepolicy.cil",
196 ":microdroid_plat_pub_versioned.cil",
197 ":microdroid_plat_mapping_file",
198 ],
199 filter_out: [":microdroid_plat_pub_versioned.cil"],
200 installable: false,
201}
202
203sepolicy_vers {
204 name: "microdroid_plat_sepolicy_vers.txt",
205 version: "platform",
206 stem: "plat_sepolicy_vers.txt",
207 installable: false,
208}
209
210// sepolicy sha256 for vendor
211genrule {
212 name: "microdroid_plat_sepolicy_and_mapping.sha256_gen",
213 srcs: [":microdroid_plat_sepolicy.cil", ":microdroid_plat_mapping_file"],
214 out: ["microdroid_plat_sepolicy_and_mapping.sha256"],
215 cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
216}
217
218prebuilt_etc {
219 name: "microdroid_plat_sepolicy_and_mapping.sha256",
220 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
221 filename: "plat_sepolicy_and_mapping.sha256",
222 relative_install_path: "selinux",
223 installable: false,
224}
225
226prebuilt_etc {
227 name: "microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
228 src: ":microdroid_plat_sepolicy_and_mapping.sha256_gen",
229 filename: "precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
230 relative_install_path: "selinux",
231 installable: false,
232}
233
Inseob Kim4d90b7e2021-09-27 13:43:01 +0000[diff] [blame]234se_policy_binary {
235 name: "microdroid_precompiled_sepolicy",
236 stem: "precompiled_sepolicy",
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]237 srcs: [
238 ":microdroid_plat_sepolicy.cil",
239 ":microdroid_plat_mapping_file",
240 ":microdroid_plat_pub_versioned.cil",
241 ":microdroid_vendor_sepolicy.cil",
242 ],
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]243 installable: false,
244}
245
246genrule {
247 name: "microdroid_file_contexts.gen",
248 srcs: ["system/private/file_contexts"],
249 tools: ["fc_sort"],
250 out: ["file_contexts"],
251 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
252 "$(location fc_sort) -i $(out).tmp -o $(out)",
253}
254
255prebuilt_etc {
256 name: "microdroid_file_contexts",
257 filename: "plat_file_contexts",
258 src: ":microdroid_file_contexts.gen",
259 relative_install_path: "selinux",
260 installable: false,
261}
262
263genrule {
264 name: "microdroid_vendor_file_contexts.gen",
265 srcs: ["vendor/file_contexts"],
266 tools: ["fc_sort"],
267 out: ["file_contexts"],
268 cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
269 "$(location fc_sort) -i $(out).tmp -o $(out)",
270}
271
272prebuilt_etc {
Inseob Kime1389972021-07-19 07:48:34 +0000[diff] [blame]273 name: "microdroid_property_contexts",
274 filename: "plat_property_contexts",
275 src: "system/private/property_contexts",
276 relative_install_path: "selinux",
277 installable: false,
278}
279
Inseob Kim74caef32022-02-09 23:28:20 +0900[diff] [blame]280// For CTS
281se_policy_conf {
282 name: "microdroid_general_sepolicy.conf",
283 srcs: system_policy_files,
284 exclude_build_test: true,
285 installable: false,
Inseob Kim35e87362022-03-10 13:16:13 +0900[diff] [blame]286 mls_cats: 1,
Inseob Kim74caef32022-02-09 23:28:20 +0900[diff] [blame]287}