// Copyright (C) 2021 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// This file contains module definitions for various contexts files.

package {
    // See: http://go/android-license-faq
    // A large-scale-change added 'default_applicable_licenses' to import
    // all of the 'license_kinds' from "system_sepolicy_license"
    // to get the below license kinds:
    //   SPDX-license-identifier-Apache-2.0
    default_applicable_licenses: ["system_sepolicy_license"],
}

se_build_files {
    name: "file_contexts_files",
    srcs: ["file_contexts"],
}

se_build_files {
    name: "file_contexts_asan_files",
    srcs: ["file_contexts_asan"],
}

se_build_files {
    name: "file_contexts_overlayfs_files",
    srcs: ["file_contexts_overlayfs"],
}

se_build_files {
    name: "hwservice_contexts_files",
    srcs: ["hwservice_contexts"],
}

se_build_files {
    name: "property_contexts_files",
    srcs: ["property_contexts"],
}

se_build_files {
    name: "service_contexts_files",
    srcs: ["service_contexts"],
}

se_build_files {
    name: "keystore2_key_contexts_files",
    srcs: ["keystore2_key_contexts"],
}

se_build_files {
    name: "seapp_contexts_files",
    srcs: ["seapp_contexts"],
}

se_build_files {
    name: "vndservice_contexts_files",
    srcs: ["vndservice_contexts"],
}

file_contexts {
    name: "plat_file_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.plat_private}"],
    product_variables: {
        address_sanitize: {
            srcs: [":file_contexts_asan_files{.plat_private}"],
        },
        debuggable: {
            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
        },
    },
}

file_contexts {
    name: "plat_file_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.plat_private}"],
    stem: "plat_file_contexts",
    product_variables: {
        address_sanitize: {
            srcs: [":file_contexts_asan_files{.plat_private}"],
        },
        debuggable: {
            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
        },
    },
    recovery: true,
}

file_contexts {
    name: "vendor_file_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":file_contexts_files{.plat_vendor}",
        ":file_contexts_files{.vendor}",
    ],
    soc_specific: true,
    fc_sort: true,
}

file_contexts {
    name: "vendor_file_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":file_contexts_files{.plat_vendor}",
        ":file_contexts_files{.vendor}",
    ],
    stem: "vendor_file_contexts",
    recovery: true,
    fc_sort: true,
}

file_contexts {
    name: "system_ext_file_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.system_ext_private}"],
    system_ext_specific: true,
}

file_contexts {
    name: "system_ext_file_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.system_ext_private}"],
    stem: "system_ext_file_contexts",
    recovery: true,
}

file_contexts {
    name: "product_file_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.product_private}"],
    product_specific: true,
}

file_contexts {
    name: "product_file_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.product_private}"],
    stem: "product_file_contexts",
    recovery: true,
}

file_contexts {
    name: "odm_file_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.odm}"],
    device_specific: true,
    fc_sort: true,
}

file_contexts {
    name: "odm_file_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":file_contexts_files{.odm}"],
    stem: "odm_file_contexts",
    recovery: true,
    fc_sort: true,
}

hwservice_contexts {
    name: "plat_hwservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":hwservice_contexts_files{.plat_private}"],
}

hwservice_contexts {
    name: "system_ext_hwservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":hwservice_contexts_files{.system_ext_private}"],
    system_ext_specific: true,
}

hwservice_contexts {
    name: "product_hwservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":hwservice_contexts_files{.product_private}"],
    product_specific: true,
}

hwservice_contexts {
    name: "vendor_hwservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":hwservice_contexts_files{.plat_vendor}",
        ":hwservice_contexts_files{.vendor}",
        ":hwservice_contexts_files{.reqd_mask}",
    ],
    soc_specific: true,
}

hwservice_contexts {
    name: "odm_hwservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":hwservice_contexts_files{.odm}"],
    device_specific: true,
}

property_contexts {
    name: "plat_property_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":property_contexts_files{.plat_private}"],
}

property_contexts {
    name: "plat_property_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":property_contexts_files{.plat_private}"],
    stem: "plat_property_contexts",
    recovery: true,
}

property_contexts {
    name: "system_ext_property_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":property_contexts_files{.system_ext_private}"],
    system_ext_specific: true,
    recovery_available: true,
}

property_contexts {
    name: "product_property_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":property_contexts_files{.product_private}"],
    product_specific: true,
    recovery_available: true,
}

property_contexts {
    name: "vendor_property_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":property_contexts_files{.plat_vendor}",
        ":property_contexts_files{.vendor}",
        ":property_contexts_files{.reqd_mask}",
    ],
    soc_specific: true,
    recovery_available: true,
}

property_contexts {
    name: "odm_property_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":property_contexts_files{.odm}"],
    device_specific: true,
    recovery_available: true,
}

service_contexts {
    name: "plat_service_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":service_contexts_files{.plat_private}"],
}

service_contexts {
    name: "plat_service_contexts.recovery",
    defaults: ["contexts_flags_defaults"],
    srcs: [":service_contexts_files{.plat_private}"],
    stem: "plat_service_contexts",
    recovery: true,
}

service_contexts {
    name: "system_ext_service_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":service_contexts_files{.system_ext_private}"],
    system_ext_specific: true,
    recovery_available: true,
}

service_contexts {
    name: "product_service_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":service_contexts_files{.product_private}"],
    product_specific: true,
    recovery_available: true,
}

service_contexts {
    name: "vendor_service_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":service_contexts_files{.plat_vendor}",
        ":service_contexts_files{.vendor}",
        ":service_contexts_files{.reqd_mask}",
    ],
    soc_specific: true,
    recovery_available: true,
}

service_contexts {
    name: "odm_service_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":service_contexts_files{.odm}",
    ],
    device_specific: true,
    recovery_available: true,
}

keystore2_key_contexts {
    name: "plat_keystore2_key_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":keystore2_key_contexts_files{.plat_private}"],
}

keystore2_key_contexts {
    name: "system_keystore2_key_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
    system_ext_specific: true,
}

keystore2_key_contexts {
    name: "product_keystore2_key_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":keystore2_key_contexts_files{.product_private}"],
    product_specific: true,
}

keystore2_key_contexts {
    name: "vendor_keystore2_key_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":keystore2_key_contexts_files{.plat_vendor}",
        ":keystore2_key_contexts_files{.vendor}",
        ":keystore2_key_contexts_files{.reqd_mask}",
    ],
    soc_specific: true,
}

seapp_contexts {
    name: "plat_seapp_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":seapp_contexts_files{.plat_private}"],
    sepolicy: ":precompiled_sepolicy",
}

seapp_contexts {
    name: "system_ext_seapp_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":seapp_contexts_files{.system_ext_private}"],
    neverallow_files: [":seapp_contexts_files{.plat_private}"],
    system_ext_specific: true,
    sepolicy: ":precompiled_sepolicy",
}

seapp_contexts {
    name: "product_seapp_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [":seapp_contexts_files{.product_private}"],
    neverallow_files: [
        ":seapp_contexts_files{.plat_private}",
        ":seapp_contexts_files{.system_ext_private}",
    ],
    product_specific: true,
    sepolicy: ":precompiled_sepolicy",
}

seapp_contexts {
    name: "vendor_seapp_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":seapp_contexts_files{.plat_vendor}",
        ":seapp_contexts_files{.vendor}",
        ":seapp_contexts_files{.reqd_mask}",
    ],
    neverallow_files: [
        ":seapp_contexts_files{.plat_private}",
        ":seapp_contexts_files{.system_ext_private}",
        ":seapp_contexts_files{.product_private}",
    ],
    soc_specific: true,
    sepolicy: ":precompiled_sepolicy",
}

seapp_contexts {
    name: "odm_seapp_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":seapp_contexts_files{.odm}",
    ],
    neverallow_files: [
        ":seapp_contexts_files{.plat_private}",
        ":seapp_contexts_files{.system_ext_private}",
        ":seapp_contexts_files{.product_private}",
    ],
    device_specific: true,
    sepolicy: ":precompiled_sepolicy",
}

vndservice_contexts {
    name: "vndservice_contexts",
    defaults: ["contexts_flags_defaults"],
    srcs: [
        ":vndservice_contexts_files{.plat_vendor}",
        ":vndservice_contexts_files{.vendor}",
        ":vndservice_contexts_files{.reqd_mask}",
    ],
    soc_specific: true,
}

// for CTS
genrule {
    name: "plat_seapp_neverallows",
    srcs: [
        ":seapp_contexts_files{.plat_private}",
        ":seapp_contexts_files{.system_ext_private}",
        ":seapp_contexts_files{.product_private}",
    ],
    out: ["plat_seapp_neverallows"],
    cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
}

//////////////////////////////////
// Run host-side test with contexts files and the sepolicy file
file_contexts_test {
    name: "plat_file_contexts_test",
    srcs: [":plat_file_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

file_contexts_test {
    name: "plat_file_contexts_data_test",
    srcs: [":file_contexts_files{.plat_private}"],
    test_data: "plat_file_contexts_test",
}

file_contexts_test {
    name: "system_ext_file_contexts_test",
    srcs: [":system_ext_file_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

file_contexts_test {
    name: "product_file_contexts_test",
    srcs: [":product_file_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

file_contexts_test {
    name: "vendor_file_contexts_test",
    srcs: [":vendor_file_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

file_contexts_test {
    name: "odm_file_contexts_test",
    srcs: [":odm_file_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

hwservice_contexts_test {
    name: "plat_hwservice_contexts_test",
    srcs: [":plat_hwservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

hwservice_contexts_test {
    name: "system_ext_hwservice_contexts_test",
    srcs: [":system_ext_hwservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

hwservice_contexts_test {
    name: "product_hwservice_contexts_test",
    srcs: [":product_hwservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

hwservice_contexts_test {
    name: "vendor_hwservice_contexts_test",
    srcs: [":vendor_hwservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

hwservice_contexts_test {
    name: "odm_hwservice_contexts_test",
    srcs: [":odm_hwservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

property_contexts_test {
    name: "plat_property_contexts_test",
    srcs: [":plat_property_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

property_contexts_test {
    name: "system_ext_property_contexts_test",
    srcs: [
        ":plat_property_contexts",
        ":system_ext_property_contexts",
    ],
    sepolicy: ":precompiled_sepolicy",
}

property_contexts_test {
    name: "product_property_contexts_test",
    srcs: [
        ":plat_property_contexts",
        ":system_ext_property_contexts",
        ":product_property_contexts",
    ],
    sepolicy: ":precompiled_sepolicy",
}

property_contexts_test {
    name: "vendor_property_contexts_test",
    srcs: [
        ":plat_property_contexts",
        ":system_ext_property_contexts",
        ":product_property_contexts",
        ":vendor_property_contexts",
    ],
    sepolicy: ":precompiled_sepolicy",
}

property_contexts_test {
    name: "odm_property_contexts_test",
    srcs: [
        ":plat_property_contexts",
        ":system_ext_property_contexts",
        ":product_property_contexts",
        ":vendor_property_contexts",
        ":odm_property_contexts",
    ],
    sepolicy: ":precompiled_sepolicy",
}

service_contexts_test {
    name: "plat_service_contexts_test",
    srcs: [":plat_service_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

service_contexts_test {
    name: "system_ext_service_contexts_test",
    srcs: [":system_ext_service_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

service_contexts_test {
    name: "product_service_contexts_test",
    srcs: [":product_service_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

service_contexts_test {
    name: "vendor_service_contexts_test",
    srcs: [":vendor_service_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

service_contexts_test {
    name: "odm_service_contexts_test",
    srcs: [":odm_service_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

vndservice_contexts_test {
    name: "vndservice_contexts_test",
    srcs: [":vndservice_contexts"],
    sepolicy: ":precompiled_sepolicy",
}

fuzzer_bindings_test {
    name: "fuzzer_bindings_test",
    srcs: [":plat_service_contexts"],
}