| // Copyright (C) 2021 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // This file contains module definitions for various contexts files. |
| |
| package { |
| // See: http://go/android-license-faq |
| // A large-scale-change added 'default_applicable_licenses' to import |
| // all of the 'license_kinds' from "system_sepolicy_license" |
| // to get the below license kinds: |
| // SPDX-license-identifier-Apache-2.0 |
| default_applicable_licenses: ["system_sepolicy_license"], |
| } |
| |
| se_build_files { |
| name: "file_contexts_files", |
| srcs: ["file_contexts"], |
| } |
| |
| se_build_files { |
| name: "file_contexts_asan_files", |
| srcs: ["file_contexts_asan"], |
| } |
| |
| se_build_files { |
| name: "file_contexts_overlayfs_files", |
| srcs: ["file_contexts_overlayfs"], |
| } |
| |
| se_build_files { |
| name: "hwservice_contexts_files", |
| srcs: ["hwservice_contexts"], |
| } |
| |
| se_build_files { |
| name: "property_contexts_files", |
| srcs: ["property_contexts"], |
| } |
| |
| se_build_files { |
| name: "service_contexts_files", |
| srcs: ["service_contexts"], |
| } |
| |
| se_build_files { |
| name: "keystore2_key_contexts_files", |
| srcs: ["keystore2_key_contexts"], |
| } |
| |
| se_build_files { |
| name: "seapp_contexts_files", |
| srcs: ["seapp_contexts"], |
| } |
| |
| se_build_files { |
| name: "vndservice_contexts_files", |
| srcs: ["vndservice_contexts"], |
| } |
| |
| file_contexts { |
| name: "plat_file_contexts", |
| srcs: [":file_contexts_files{.plat_private}"], |
| product_variables: { |
| address_sanitize: { |
| srcs: [":file_contexts_asan_files{.plat_private}"], |
| }, |
| debuggable: { |
| srcs: [":file_contexts_overlayfs_files{.plat_private}"], |
| }, |
| }, |
| } |
| |
| file_contexts { |
| name: "plat_file_contexts.recovery", |
| srcs: [":file_contexts_files{.plat_private}"], |
| stem: "plat_file_contexts", |
| product_variables: { |
| address_sanitize: { |
| srcs: [":file_contexts_asan_files{.plat_private}"], |
| }, |
| debuggable: { |
| srcs: [":file_contexts_overlayfs_files{.plat_private}"], |
| }, |
| }, |
| recovery: true, |
| } |
| |
| file_contexts { |
| name: "vendor_file_contexts", |
| srcs: [ |
| ":file_contexts_files{.plat_vendor}", |
| ":file_contexts_files{.vendor}", |
| ], |
| soc_specific: true, |
| } |
| |
| file_contexts { |
| name: "vendor_file_contexts.recovery", |
| srcs: [ |
| ":file_contexts_files{.plat_vendor}", |
| ":file_contexts_files{.vendor}", |
| ], |
| stem: "vendor_file_contexts", |
| recovery: true, |
| } |
| |
| file_contexts { |
| name: "system_ext_file_contexts", |
| srcs: [":file_contexts_files{.system_ext_private}"], |
| system_ext_specific: true, |
| } |
| |
| file_contexts { |
| name: "system_ext_file_contexts.recovery", |
| srcs: [":file_contexts_files{.system_ext_private}"], |
| stem: "system_ext_file_contexts", |
| recovery: true, |
| } |
| |
| file_contexts { |
| name: "product_file_contexts", |
| srcs: [":file_contexts_files{.product_private}"], |
| product_specific: true, |
| } |
| |
| file_contexts { |
| name: "product_file_contexts.recovery", |
| srcs: [":file_contexts_files{.product_private}"], |
| stem: "product_file_contexts", |
| recovery: true, |
| } |
| |
| file_contexts { |
| name: "odm_file_contexts", |
| srcs: [":file_contexts_files{.odm}"], |
| device_specific: true, |
| } |
| |
| file_contexts { |
| name: "odm_file_contexts.recovery", |
| srcs: [":file_contexts_files{.odm}"], |
| stem: "odm_file_contexts", |
| recovery: true, |
| } |
| |
| hwservice_contexts { |
| name: "plat_hwservice_contexts", |
| srcs: [":hwservice_contexts_files{.plat_private}"], |
| } |
| |
| hwservice_contexts { |
| name: "system_ext_hwservice_contexts", |
| srcs: [":hwservice_contexts_files{.system_ext_private}"], |
| system_ext_specific: true, |
| } |
| |
| hwservice_contexts { |
| name: "product_hwservice_contexts", |
| srcs: [":hwservice_contexts_files{.product_private}"], |
| product_specific: true, |
| } |
| |
| hwservice_contexts { |
| name: "vendor_hwservice_contexts", |
| srcs: [ |
| ":hwservice_contexts_files{.plat_vendor}", |
| ":hwservice_contexts_files{.vendor}", |
| ":hwservice_contexts_files{.reqd_mask}", |
| ], |
| soc_specific: true, |
| } |
| |
| hwservice_contexts { |
| name: "odm_hwservice_contexts", |
| srcs: [":hwservice_contexts_files{.odm}"], |
| device_specific: true, |
| } |
| |
| property_contexts { |
| name: "plat_property_contexts", |
| srcs: [":property_contexts_files{.plat_private}"], |
| } |
| |
| property_contexts { |
| name: "plat_property_contexts.recovery", |
| srcs: [":property_contexts_files{.plat_private}"], |
| stem: "plat_property_contexts", |
| recovery: true, |
| } |
| |
| property_contexts { |
| name: "system_ext_property_contexts", |
| srcs: [":property_contexts_files{.system_ext_private}"], |
| system_ext_specific: true, |
| recovery_available: true, |
| } |
| |
| property_contexts { |
| name: "product_property_contexts", |
| srcs: [":property_contexts_files{.product_private}"], |
| product_specific: true, |
| recovery_available: true, |
| } |
| |
| property_contexts { |
| name: "vendor_property_contexts", |
| srcs: [ |
| ":property_contexts_files{.plat_vendor}", |
| ":property_contexts_files{.vendor}", |
| ":property_contexts_files{.reqd_mask}", |
| ], |
| soc_specific: true, |
| recovery_available: true, |
| } |
| |
| property_contexts { |
| name: "odm_property_contexts", |
| srcs: [":property_contexts_files{.odm}"], |
| device_specific: true, |
| recovery_available: true, |
| } |
| |
| service_contexts { |
| name: "plat_service_contexts", |
| srcs: [":service_contexts_files{.plat_private}"], |
| } |
| |
| service_contexts { |
| name: "plat_service_contexts.recovery", |
| srcs: [":service_contexts_files{.plat_private}"], |
| stem: "plat_service_contexts", |
| recovery: true, |
| } |
| |
| service_contexts { |
| name: "system_ext_service_contexts", |
| srcs: [":service_contexts_files{.system_ext_private}"], |
| system_ext_specific: true, |
| recovery_available: true, |
| } |
| |
| service_contexts { |
| name: "product_service_contexts", |
| srcs: [":service_contexts_files{.product_private}"], |
| product_specific: true, |
| recovery_available: true, |
| } |
| |
| service_contexts { |
| name: "vendor_service_contexts", |
| srcs: [ |
| ":service_contexts_files{.plat_vendor}", |
| ":service_contexts_files{.vendor}", |
| ":service_contexts_files{.reqd_mask}", |
| ], |
| soc_specific: true, |
| recovery_available: true, |
| } |
| |
| service_contexts { |
| name: "odm_service_contexts", |
| srcs: [ |
| ":service_contexts_files{.odm}", |
| ], |
| device_specific: true, |
| recovery_available: true, |
| } |
| |
| keystore2_key_contexts { |
| name: "plat_keystore2_key_contexts", |
| srcs: [":keystore2_key_contexts_files{.plat_private}"], |
| } |
| |
| keystore2_key_contexts { |
| name: "system_keystore2_key_contexts", |
| srcs: [":keystore2_key_contexts_files{.system_ext_private}"], |
| system_ext_specific: true, |
| } |
| |
| keystore2_key_contexts { |
| name: "product_keystore2_key_contexts", |
| srcs: [":keystore2_key_contexts_files{.product_private}"], |
| product_specific: true, |
| } |
| |
| keystore2_key_contexts { |
| name: "vendor_keystore2_key_contexts", |
| srcs: [ |
| ":keystore2_key_contexts_files{.plat_vendor}", |
| ":keystore2_key_contexts_files{.vendor}", |
| ":keystore2_key_contexts_files{.reqd_mask}", |
| ], |
| soc_specific: true, |
| } |
| |
| seapp_contexts { |
| name: "plat_seapp_contexts", |
| srcs: [":seapp_contexts_files{.plat_private}"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| seapp_contexts { |
| name: "system_ext_seapp_contexts", |
| srcs: [":seapp_contexts_files{.system_ext_private}"], |
| neverallow_files: [":seapp_contexts_files{.plat_private}"], |
| system_ext_specific: true, |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| seapp_contexts { |
| name: "product_seapp_contexts", |
| srcs: [":seapp_contexts_files{.product_private}"], |
| neverallow_files: [ |
| ":seapp_contexts_files{.plat_private}", |
| ":seapp_contexts_files{.system_ext_private}", |
| ], |
| product_specific: true, |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| seapp_contexts { |
| name: "vendor_seapp_contexts", |
| srcs: [ |
| ":seapp_contexts_files{.plat_vendor}", |
| ":seapp_contexts_files{.vendor}", |
| ":seapp_contexts_files{.reqd_mask}", |
| ], |
| neverallow_files: [ |
| ":seapp_contexts_files{.plat_private}", |
| ":seapp_contexts_files{.system_ext_private}", |
| ":seapp_contexts_files{.product_private}", |
| ], |
| soc_specific: true, |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| seapp_contexts { |
| name: "odm_seapp_contexts", |
| srcs: [ |
| ":seapp_contexts_files{.odm}", |
| ], |
| neverallow_files: [ |
| ":seapp_contexts_files{.plat_private}", |
| ":seapp_contexts_files{.system_ext_private}", |
| ":seapp_contexts_files{.product_private}", |
| ], |
| device_specific: true, |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| vndservice_contexts { |
| name: "vndservice_contexts", |
| srcs: [ |
| ":vndservice_contexts_files{.plat_vendor}", |
| ":vndservice_contexts_files{.vendor}", |
| ":vndservice_contexts_files{.reqd_mask}", |
| ], |
| soc_specific: true, |
| } |
| |
| // for CTS |
| genrule { |
| name: "plat_seapp_neverallows", |
| srcs: [ |
| ":seapp_contexts_files{.plat_private}", |
| ":seapp_contexts_files{.system_ext_private}", |
| ":seapp_contexts_files{.product_private}", |
| ], |
| out: ["plat_seapp_neverallows"], |
| cmd: "grep -ihe '^neverallow' $(in) > $(out) || true", |
| } |
| |
| ////////////////////////////////// |
| // Run host-side test with contexts files and the sepolicy file |
| file_contexts_test { |
| name: "plat_file_contexts_test", |
| srcs: [":plat_file_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| file_contexts_test { |
| name: "plat_file_contexts_data_test", |
| srcs: [":file_contexts_files{.plat_private}"], |
| test_data: "plat_file_contexts_test", |
| } |
| |
| file_contexts_test { |
| name: "system_ext_file_contexts_test", |
| srcs: [":system_ext_file_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| file_contexts_test { |
| name: "product_file_contexts_test", |
| srcs: [":product_file_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| file_contexts_test { |
| name: "vendor_file_contexts_test", |
| srcs: [":vendor_file_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| file_contexts_test { |
| name: "odm_file_contexts_test", |
| srcs: [":odm_file_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| hwservice_contexts_test { |
| name: "plat_hwservice_contexts_test", |
| srcs: [":plat_hwservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| hwservice_contexts_test { |
| name: "system_ext_hwservice_contexts_test", |
| srcs: [":system_ext_hwservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| hwservice_contexts_test { |
| name: "product_hwservice_contexts_test", |
| srcs: [":product_hwservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| hwservice_contexts_test { |
| name: "vendor_hwservice_contexts_test", |
| srcs: [":vendor_hwservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| hwservice_contexts_test { |
| name: "odm_hwservice_contexts_test", |
| srcs: [":odm_hwservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| property_contexts_test { |
| name: "plat_property_contexts_test", |
| srcs: [":plat_property_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| property_contexts_test { |
| name: "system_ext_property_contexts_test", |
| srcs: [ |
| ":plat_property_contexts", |
| ":system_ext_property_contexts", |
| ], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| property_contexts_test { |
| name: "product_property_contexts_test", |
| srcs: [ |
| ":plat_property_contexts", |
| ":system_ext_property_contexts", |
| ":product_property_contexts", |
| ], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| property_contexts_test { |
| name: "vendor_property_contexts_test", |
| srcs: [ |
| ":plat_property_contexts", |
| ":system_ext_property_contexts", |
| ":product_property_contexts", |
| ":vendor_property_contexts", |
| ], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| property_contexts_test { |
| name: "odm_property_contexts_test", |
| srcs: [ |
| ":plat_property_contexts", |
| ":system_ext_property_contexts", |
| ":product_property_contexts", |
| ":vendor_property_contexts", |
| ":odm_property_contexts", |
| ], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| service_contexts_test { |
| name: "plat_service_contexts_test", |
| srcs: [":plat_service_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| service_contexts_test { |
| name: "system_ext_service_contexts_test", |
| srcs: [":system_ext_service_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| service_contexts_test { |
| name: "product_service_contexts_test", |
| srcs: [":product_service_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| service_contexts_test { |
| name: "vendor_service_contexts_test", |
| srcs: [":vendor_service_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| service_contexts_test { |
| name: "odm_service_contexts_test", |
| srcs: [":odm_service_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| vndservice_contexts_test { |
| name: "vndservice_contexts_test", |
| srcs: [":vndservice_contexts"], |
| sepolicy: ":precompiled_sepolicy", |
| } |
| |
| fuzzer_bindings_test { |
| name: "fuzzer_bindings_test", |
| srcs: [":plat_service_contexts"], |
| } |