blob: ca518475299b6ae5342baef7f6b1d3c9d8525e92 [file] [log] [blame]
// Copyright (C) 2021 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// This file contains module definitions for various contexts files.
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "system_sepolicy_license"
// to get the below license kinds:
// SPDX-license-identifier-Apache-2.0
default_applicable_licenses: ["system_sepolicy_license"],
}
se_build_files {
name: "file_contexts_files",
srcs: ["file_contexts"],
}
se_build_files {
name: "file_contexts_asan_files",
srcs: ["file_contexts_asan"],
}
se_build_files {
name: "file_contexts_overlayfs_files",
srcs: ["file_contexts_overlayfs"],
}
se_build_files {
name: "hwservice_contexts_files",
srcs: ["hwservice_contexts"],
}
se_build_files {
name: "property_contexts_files",
srcs: ["property_contexts"],
}
se_build_files {
name: "service_contexts_files",
srcs: ["service_contexts"],
}
se_build_files {
name: "keystore2_key_contexts_files",
srcs: ["keystore2_key_contexts"],
}
se_build_files {
name: "seapp_contexts_files",
srcs: ["seapp_contexts"],
}
se_build_files {
name: "vndservice_contexts_files",
srcs: ["vndservice_contexts"],
}
file_contexts {
name: "plat_file_contexts",
srcs: [":file_contexts_files{.plat_private}"],
product_variables: {
address_sanitize: {
srcs: [":file_contexts_asan_files{.plat_private}"],
},
debuggable: {
srcs: [":file_contexts_overlayfs_files{.plat_private}"],
},
},
}
file_contexts {
name: "plat_file_contexts.recovery",
srcs: [":file_contexts_files{.plat_private}"],
stem: "plat_file_contexts",
product_variables: {
address_sanitize: {
srcs: [":file_contexts_asan_files{.plat_private}"],
},
debuggable: {
srcs: [":file_contexts_overlayfs_files{.plat_private}"],
},
},
recovery: true,
}
file_contexts {
name: "vendor_file_contexts",
srcs: [
":file_contexts_files{.plat_vendor}",
":file_contexts_files{.vendor}",
],
soc_specific: true,
}
file_contexts {
name: "vendor_file_contexts.recovery",
srcs: [
":file_contexts_files{.plat_vendor}",
":file_contexts_files{.vendor}",
],
stem: "vendor_file_contexts",
recovery: true,
}
file_contexts {
name: "system_ext_file_contexts",
srcs: [":file_contexts_files{.system_ext_private}"],
system_ext_specific: true,
}
file_contexts {
name: "system_ext_file_contexts.recovery",
srcs: [":file_contexts_files{.system_ext_private}"],
stem: "system_ext_file_contexts",
recovery: true,
}
file_contexts {
name: "product_file_contexts",
srcs: [":file_contexts_files{.product_private}"],
product_specific: true,
}
file_contexts {
name: "product_file_contexts.recovery",
srcs: [":file_contexts_files{.product_private}"],
stem: "product_file_contexts",
recovery: true,
}
file_contexts {
name: "odm_file_contexts",
srcs: [":file_contexts_files{.odm}"],
device_specific: true,
}
file_contexts {
name: "odm_file_contexts.recovery",
srcs: [":file_contexts_files{.odm}"],
stem: "odm_file_contexts",
recovery: true,
}
hwservice_contexts {
name: "plat_hwservice_contexts",
srcs: [":hwservice_contexts_files{.plat_private}"],
}
hwservice_contexts {
name: "system_ext_hwservice_contexts",
srcs: [":hwservice_contexts_files{.system_ext_private}"],
system_ext_specific: true,
}
hwservice_contexts {
name: "product_hwservice_contexts",
srcs: [":hwservice_contexts_files{.product_private}"],
product_specific: true,
}
hwservice_contexts {
name: "vendor_hwservice_contexts",
srcs: [
":hwservice_contexts_files{.plat_vendor}",
":hwservice_contexts_files{.vendor}",
":hwservice_contexts_files{.reqd_mask}",
],
soc_specific: true,
}
hwservice_contexts {
name: "odm_hwservice_contexts",
srcs: [":hwservice_contexts_files{.odm}"],
device_specific: true,
}
property_contexts {
name: "plat_property_contexts",
srcs: [":property_contexts_files{.plat_private}"],
}
property_contexts {
name: "plat_property_contexts.recovery",
srcs: [":property_contexts_files{.plat_private}"],
stem: "plat_property_contexts",
recovery: true,
}
property_contexts {
name: "system_ext_property_contexts",
srcs: [":property_contexts_files{.system_ext_private}"],
system_ext_specific: true,
recovery_available: true,
}
property_contexts {
name: "product_property_contexts",
srcs: [":property_contexts_files{.product_private}"],
product_specific: true,
recovery_available: true,
}
property_contexts {
name: "vendor_property_contexts",
srcs: [
":property_contexts_files{.plat_vendor}",
":property_contexts_files{.vendor}",
":property_contexts_files{.reqd_mask}",
],
soc_specific: true,
recovery_available: true,
}
property_contexts {
name: "odm_property_contexts",
srcs: [":property_contexts_files{.odm}"],
device_specific: true,
recovery_available: true,
}
service_contexts {
name: "plat_service_contexts",
srcs: [":service_contexts_files{.plat_private}"],
}
service_contexts {
name: "plat_service_contexts.recovery",
srcs: [":service_contexts_files{.plat_private}"],
stem: "plat_service_contexts",
recovery: true,
}
service_contexts {
name: "system_ext_service_contexts",
srcs: [":service_contexts_files{.system_ext_private}"],
system_ext_specific: true,
recovery_available: true,
}
service_contexts {
name: "product_service_contexts",
srcs: [":service_contexts_files{.product_private}"],
product_specific: true,
recovery_available: true,
}
service_contexts {
name: "vendor_service_contexts",
srcs: [
":service_contexts_files{.plat_vendor}",
":service_contexts_files{.vendor}",
":service_contexts_files{.reqd_mask}",
],
soc_specific: true,
recovery_available: true,
}
service_contexts {
name: "odm_service_contexts",
srcs: [
":service_contexts_files{.odm}",
],
device_specific: true,
recovery_available: true,
}
keystore2_key_contexts {
name: "plat_keystore2_key_contexts",
srcs: [":keystore2_key_contexts_files{.plat_private}"],
}
keystore2_key_contexts {
name: "system_keystore2_key_contexts",
srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
system_ext_specific: true,
}
keystore2_key_contexts {
name: "product_keystore2_key_contexts",
srcs: [":keystore2_key_contexts_files{.product_private}"],
product_specific: true,
}
keystore2_key_contexts {
name: "vendor_keystore2_key_contexts",
srcs: [
":keystore2_key_contexts_files{.plat_vendor}",
":keystore2_key_contexts_files{.vendor}",
":keystore2_key_contexts_files{.reqd_mask}",
],
soc_specific: true,
}
seapp_contexts {
name: "plat_seapp_contexts",
srcs: [":seapp_contexts_files{.plat_private}"],
sepolicy: ":precompiled_sepolicy",
}
seapp_contexts {
name: "system_ext_seapp_contexts",
srcs: [":seapp_contexts_files{.system_ext_private}"],
neverallow_files: [":seapp_contexts_files{.plat_private}"],
system_ext_specific: true,
sepolicy: ":precompiled_sepolicy",
}
seapp_contexts {
name: "product_seapp_contexts",
srcs: [":seapp_contexts_files{.product_private}"],
neverallow_files: [
":seapp_contexts_files{.plat_private}",
":seapp_contexts_files{.system_ext_private}",
],
product_specific: true,
sepolicy: ":precompiled_sepolicy",
}
seapp_contexts {
name: "vendor_seapp_contexts",
srcs: [
":seapp_contexts_files{.plat_vendor}",
":seapp_contexts_files{.vendor}",
":seapp_contexts_files{.reqd_mask}",
],
neverallow_files: [
":seapp_contexts_files{.plat_private}",
":seapp_contexts_files{.system_ext_private}",
":seapp_contexts_files{.product_private}",
],
soc_specific: true,
sepolicy: ":precompiled_sepolicy",
}
seapp_contexts {
name: "odm_seapp_contexts",
srcs: [
":seapp_contexts_files{.odm}",
],
neverallow_files: [
":seapp_contexts_files{.plat_private}",
":seapp_contexts_files{.system_ext_private}",
":seapp_contexts_files{.product_private}",
],
device_specific: true,
sepolicy: ":precompiled_sepolicy",
}
vndservice_contexts {
name: "vndservice_contexts",
srcs: [
":vndservice_contexts_files{.plat_vendor}",
":vndservice_contexts_files{.vendor}",
":vndservice_contexts_files{.reqd_mask}",
],
soc_specific: true,
}
// for CTS
genrule {
name: "plat_seapp_neverallows",
srcs: [
":seapp_contexts_files{.plat_private}",
":seapp_contexts_files{.system_ext_private}",
":seapp_contexts_files{.product_private}",
],
out: ["plat_seapp_neverallows"],
cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
}
//////////////////////////////////
// Run host-side test with contexts files and the sepolicy file
file_contexts_test {
name: "plat_file_contexts_test",
srcs: [":plat_file_contexts"],
sepolicy: ":precompiled_sepolicy",
}
file_contexts_test {
name: "plat_file_contexts_data_test",
srcs: [":file_contexts_files{.plat_private}"],
test_data: "plat_file_contexts_test",
}
file_contexts_test {
name: "system_ext_file_contexts_test",
srcs: [":system_ext_file_contexts"],
sepolicy: ":precompiled_sepolicy",
}
file_contexts_test {
name: "product_file_contexts_test",
srcs: [":product_file_contexts"],
sepolicy: ":precompiled_sepolicy",
}
file_contexts_test {
name: "vendor_file_contexts_test",
srcs: [":vendor_file_contexts"],
sepolicy: ":precompiled_sepolicy",
}
file_contexts_test {
name: "odm_file_contexts_test",
srcs: [":odm_file_contexts"],
sepolicy: ":precompiled_sepolicy",
}
hwservice_contexts_test {
name: "plat_hwservice_contexts_test",
srcs: [":plat_hwservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
hwservice_contexts_test {
name: "system_ext_hwservice_contexts_test",
srcs: [":system_ext_hwservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
hwservice_contexts_test {
name: "product_hwservice_contexts_test",
srcs: [":product_hwservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
hwservice_contexts_test {
name: "vendor_hwservice_contexts_test",
srcs: [":vendor_hwservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
hwservice_contexts_test {
name: "odm_hwservice_contexts_test",
srcs: [":odm_hwservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
property_contexts_test {
name: "plat_property_contexts_test",
srcs: [":plat_property_contexts"],
sepolicy: ":precompiled_sepolicy",
}
property_contexts_test {
name: "system_ext_property_contexts_test",
srcs: [
":plat_property_contexts",
":system_ext_property_contexts",
],
sepolicy: ":precompiled_sepolicy",
}
property_contexts_test {
name: "product_property_contexts_test",
srcs: [
":plat_property_contexts",
":system_ext_property_contexts",
":product_property_contexts",
],
sepolicy: ":precompiled_sepolicy",
}
property_contexts_test {
name: "vendor_property_contexts_test",
srcs: [
":plat_property_contexts",
":system_ext_property_contexts",
":product_property_contexts",
":vendor_property_contexts",
],
sepolicy: ":precompiled_sepolicy",
}
property_contexts_test {
name: "odm_property_contexts_test",
srcs: [
":plat_property_contexts",
":system_ext_property_contexts",
":product_property_contexts",
":vendor_property_contexts",
":odm_property_contexts",
],
sepolicy: ":precompiled_sepolicy",
}
service_contexts_test {
name: "plat_service_contexts_test",
srcs: [":plat_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
service_contexts_test {
name: "system_ext_service_contexts_test",
srcs: [":system_ext_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
service_contexts_test {
name: "product_service_contexts_test",
srcs: [":product_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
service_contexts_test {
name: "vendor_service_contexts_test",
srcs: [":vendor_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
service_contexts_test {
name: "odm_service_contexts_test",
srcs: [":odm_service_contexts"],
sepolicy: ":precompiled_sepolicy",
}
vndservice_contexts_test {
name: "vndservice_contexts_test",
srcs: [":vndservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
fuzzer_bindings_test {
name: "fuzzer_bindings_test",
srcs: [":plat_service_contexts"],
}