| // Copyright 2021 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package selinux |
| |
| import ( |
| "fmt" |
| "path/filepath" |
| "strings" |
| |
| "android/soong/android" |
| ) |
| |
| func init() { |
| android.RegisterModuleType("se_build_files", buildFilesFactory) |
| } |
| |
| // se_build_files gathers policy files from sepolicy dirs, and acts like a filegroup. A tag with |
| // partition(plat, system_ext, product) and scope(public, private) is used to select directories. |
| // Supported tags are: "plat_public", "plat_private", "system_ext_public", "system_ext_private", |
| // "product_public", "product_private", and "reqd_mask". |
| func buildFilesFactory() android.Module { |
| module := &buildFiles{} |
| module.AddProperties(&module.properties) |
| android.InitAndroidModule(module) |
| return module |
| } |
| |
| type buildFilesProperties struct { |
| // list of source file suffixes used to collect selinux policy files. |
| // Source files will be looked up in the following local directories: |
| // system/sepolicy/{public, private, vendor, reqd_mask} |
| // and directories specified by following config variables: |
| // BOARD_SEPOLICY_DIRS, BOARD_ODM_SEPOLICY_DIRS |
| // SYSTEM_EXT_PUBLIC_SEPOLICY_DIR, SYSTEM_EXT_PRIVATE_SEPOLICY_DIR |
| Srcs []string |
| } |
| |
| type buildFiles struct { |
| android.ModuleBase |
| properties buildFilesProperties |
| |
| srcs map[string]android.Paths |
| } |
| |
| func (b *buildFiles) findSrcsInDirs(ctx android.ModuleContext, dirs ...string) android.Paths { |
| result := android.Paths{} |
| for _, file := range b.properties.Srcs { |
| for _, dir := range dirs { |
| path := filepath.Join(dir, file) |
| files, err := ctx.GlobWithDeps(path, nil) |
| if err != nil { |
| ctx.ModuleErrorf("glob: %s", err.Error()) |
| } |
| for _, f := range files { |
| result = append(result, android.PathForSource(ctx, f)) |
| } |
| } |
| } |
| return result |
| } |
| |
| func (b *buildFiles) DepsMutator(ctx android.BottomUpMutatorContext) { |
| // do nothing |
| } |
| |
| func (b *buildFiles) OutputFiles(tag string) (android.Paths, error) { |
| if paths, ok := b.srcs[tag]; ok { |
| return paths, nil |
| } |
| |
| return nil, fmt.Errorf("unknown tag %q. Supported tags are: %q", tag, strings.Join(android.SortedKeys(b.srcs), " ")) |
| } |
| |
| var _ android.OutputFileProducer = (*buildFiles)(nil) |
| |
| type sepolicyDir struct { |
| tag string |
| paths []string |
| } |
| |
| func (b *buildFiles) GenerateAndroidBuildActions(ctx android.ModuleContext) { |
| b.srcs = make(map[string]android.Paths) |
| b.srcs[".reqd_mask"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "reqd_mask")) |
| b.srcs[".plat_public"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "public")) |
| b.srcs[".plat_private"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "private")) |
| b.srcs[".plat_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "vendor")) |
| b.srcs[".system_ext_public"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs()...) |
| b.srcs[".system_ext_private"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPrivateSepolicyDirs()...) |
| b.srcs[".product_public"] = b.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs()...) |
| b.srcs[".product_private"] = b.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs()...) |
| b.srcs[".vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs()...) |
| b.srcs[".odm"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs()...) |
| |
| if ctx.DeviceConfig().PlatformSepolicyVersion() == ctx.DeviceConfig().BoardSepolicyVers() { |
| // vendor uses the same source with plat policy |
| b.srcs[".reqd_mask_for_vendor"] = b.srcs[".reqd_mask"] |
| b.srcs[".plat_vendor_for_vendor"] = b.srcs[".plat_vendor"] |
| b.srcs[".plat_public_for_vendor"] = b.srcs[".plat_public"] |
| b.srcs[".plat_private_for_vendor"] = b.srcs[".plat_private"] |
| b.srcs[".system_ext_public_for_vendor"] = b.srcs[".system_ext_public"] |
| b.srcs[".system_ext_private_for_vendor"] = b.srcs[".system_ext_private"] |
| b.srcs[".product_public_for_vendor"] = b.srcs[".product_public"] |
| b.srcs[".product_private_for_vendor"] = b.srcs[".product_private"] |
| } else { |
| // use vendor-supplied plat prebuilts |
| b.srcs[".reqd_mask_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy()...) |
| b.srcs[".plat_vendor_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardPlatVendorPolicy()...) |
| b.srcs[".plat_public_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "public")) |
| b.srcs[".plat_private_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "private")) |
| b.srcs[".system_ext_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPublicPrebuiltDirs()...) |
| b.srcs[".system_ext_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPrivatePrebuiltDirs()...) |
| b.srcs[".product_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPublicPrebuiltDirs()...) |
| b.srcs[".product_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPrivatePrebuiltDirs()...) |
| } |
| |
| // directories used for compat tests and Treble tests |
| for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() { |
| b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "public")) |
| b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "private")) |
| b.srcs[".system_ext_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public")) |
| b.srcs[".system_ext_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private")) |
| b.srcs[".product_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public")) |
| b.srcs[".product_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private")) |
| } |
| } |