blob: ca518475299b6ae5342baef7f6b1d3c9d8525e92 [file] [log] [blame]
Inseob Kimbaee4a22021-12-21 21:03:32 +09001// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
Bob Badour048e48c2022-01-05 11:14:44 -080017package {
18 // See: http://go/android-license-faq
19 // A large-scale-change added 'default_applicable_licenses' to import
20 // all of the 'license_kinds' from "system_sepolicy_license"
21 // to get the below license kinds:
22 // SPDX-license-identifier-Apache-2.0
23 default_applicable_licenses: ["system_sepolicy_license"],
24}
25
Inseob Kim79fdbeb2022-08-12 22:27:35 +090026se_build_files {
27 name: "file_contexts_files",
28 srcs: ["file_contexts"],
29}
30
31se_build_files {
32 name: "file_contexts_asan_files",
33 srcs: ["file_contexts_asan"],
34}
35
36se_build_files {
37 name: "file_contexts_overlayfs_files",
38 srcs: ["file_contexts_overlayfs"],
39}
40
41se_build_files {
42 name: "hwservice_contexts_files",
43 srcs: ["hwservice_contexts"],
44}
45
46se_build_files {
47 name: "property_contexts_files",
48 srcs: ["property_contexts"],
49}
50
51se_build_files {
52 name: "service_contexts_files",
53 srcs: ["service_contexts"],
54}
55
56se_build_files {
57 name: "keystore2_key_contexts_files",
58 srcs: ["keystore2_key_contexts"],
59}
60
61se_build_files {
62 name: "seapp_contexts_files",
63 srcs: ["seapp_contexts"],
64}
65
66se_build_files {
67 name: "vndservice_contexts_files",
68 srcs: ["vndservice_contexts"],
69}
70
Inseob Kimbaee4a22021-12-21 21:03:32 +090071file_contexts {
72 name: "plat_file_contexts",
73 srcs: [":file_contexts_files{.plat_private}"],
74 product_variables: {
75 address_sanitize: {
76 srcs: [":file_contexts_asan_files{.plat_private}"],
77 },
78 debuggable: {
79 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
80 },
81 },
Inseob Kimbaee4a22021-12-21 21:03:32 +090082}
83
84file_contexts {
85 name: "plat_file_contexts.recovery",
86 srcs: [":file_contexts_files{.plat_private}"],
87 stem: "plat_file_contexts",
88 product_variables: {
89 address_sanitize: {
90 srcs: [":file_contexts_asan_files{.plat_private}"],
91 },
92 debuggable: {
93 srcs: [":file_contexts_overlayfs_files{.plat_private}"],
94 },
95 },
Inseob Kimbaee4a22021-12-21 21:03:32 +090096 recovery: true,
97}
98
99file_contexts {
100 name: "vendor_file_contexts",
101 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900102 ":file_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900103 ":file_contexts_files{.vendor}",
104 ],
105 soc_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900106}
107
108file_contexts {
109 name: "vendor_file_contexts.recovery",
110 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900111 ":file_contexts_files{.plat_vendor}",
Inseob Kim61257ca2022-02-25 11:26:16 +0900112 ":file_contexts_files{.vendor}",
113 ],
114 stem: "vendor_file_contexts",
115 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900116}
117
118file_contexts {
119 name: "system_ext_file_contexts",
120 srcs: [":file_contexts_files{.system_ext_private}"],
121 system_ext_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900122}
123
124file_contexts {
125 name: "system_ext_file_contexts.recovery",
126 srcs: [":file_contexts_files{.system_ext_private}"],
127 stem: "system_ext_file_contexts",
128 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900129}
130
131file_contexts {
132 name: "product_file_contexts",
133 srcs: [":file_contexts_files{.product_private}"],
134 product_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900135}
136
137file_contexts {
138 name: "product_file_contexts.recovery",
139 srcs: [":file_contexts_files{.product_private}"],
140 stem: "product_file_contexts",
141 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900142}
143
144file_contexts {
145 name: "odm_file_contexts",
146 srcs: [":file_contexts_files{.odm}"],
147 device_specific: true,
Inseob Kim61257ca2022-02-25 11:26:16 +0900148}
149
150file_contexts {
151 name: "odm_file_contexts.recovery",
152 srcs: [":file_contexts_files{.odm}"],
153 stem: "odm_file_contexts",
154 recovery: true,
Inseob Kimbaee4a22021-12-21 21:03:32 +0900155}
156
157hwservice_contexts {
158 name: "plat_hwservice_contexts",
159 srcs: [":hwservice_contexts_files{.plat_private}"],
160}
161
162hwservice_contexts {
163 name: "system_ext_hwservice_contexts",
164 srcs: [":hwservice_contexts_files{.system_ext_private}"],
165 system_ext_specific: true,
166}
167
168hwservice_contexts {
169 name: "product_hwservice_contexts",
170 srcs: [":hwservice_contexts_files{.product_private}"],
171 product_specific: true,
172}
173
174hwservice_contexts {
175 name: "vendor_hwservice_contexts",
176 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900177 ":hwservice_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900178 ":hwservice_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900179 ":hwservice_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900180 ],
181 soc_specific: true,
182}
183
184hwservice_contexts {
185 name: "odm_hwservice_contexts",
186 srcs: [":hwservice_contexts_files{.odm}"],
187 device_specific: true,
188}
189
190property_contexts {
191 name: "plat_property_contexts",
192 srcs: [":property_contexts_files{.plat_private}"],
193}
194
195property_contexts {
196 name: "plat_property_contexts.recovery",
197 srcs: [":property_contexts_files{.plat_private}"],
198 stem: "plat_property_contexts",
199 recovery: true,
200}
201
202property_contexts {
203 name: "system_ext_property_contexts",
204 srcs: [":property_contexts_files{.system_ext_private}"],
205 system_ext_specific: true,
206 recovery_available: true,
207}
208
209property_contexts {
210 name: "product_property_contexts",
211 srcs: [":property_contexts_files{.product_private}"],
212 product_specific: true,
213 recovery_available: true,
214}
215
216property_contexts {
217 name: "vendor_property_contexts",
218 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900219 ":property_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900220 ":property_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900221 ":property_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900222 ],
223 soc_specific: true,
224 recovery_available: true,
225}
226
227property_contexts {
228 name: "odm_property_contexts",
229 srcs: [":property_contexts_files{.odm}"],
230 device_specific: true,
231 recovery_available: true,
232}
233
234service_contexts {
235 name: "plat_service_contexts",
236 srcs: [":service_contexts_files{.plat_private}"],
237}
238
239service_contexts {
240 name: "plat_service_contexts.recovery",
241 srcs: [":service_contexts_files{.plat_private}"],
242 stem: "plat_service_contexts",
243 recovery: true,
244}
245
246service_contexts {
247 name: "system_ext_service_contexts",
248 srcs: [":service_contexts_files{.system_ext_private}"],
249 system_ext_specific: true,
250 recovery_available: true,
251}
252
253service_contexts {
254 name: "product_service_contexts",
255 srcs: [":service_contexts_files{.product_private}"],
256 product_specific: true,
257 recovery_available: true,
258}
259
260service_contexts {
261 name: "vendor_service_contexts",
262 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900263 ":service_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900264 ":service_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900265 ":service_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900266 ],
267 soc_specific: true,
268 recovery_available: true,
269}
270
Inseob Kim3bb20332022-10-24 20:41:45 +0900271service_contexts {
272 name: "odm_service_contexts",
273 srcs: [
274 ":service_contexts_files{.odm}",
275 ],
276 device_specific: true,
277 recovery_available: true,
278}
279
Inseob Kimbaee4a22021-12-21 21:03:32 +0900280keystore2_key_contexts {
281 name: "plat_keystore2_key_contexts",
282 srcs: [":keystore2_key_contexts_files{.plat_private}"],
283}
284
285keystore2_key_contexts {
286 name: "system_keystore2_key_contexts",
287 srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
288 system_ext_specific: true,
289}
290
291keystore2_key_contexts {
292 name: "product_keystore2_key_contexts",
293 srcs: [":keystore2_key_contexts_files{.product_private}"],
294 product_specific: true,
295}
296
297keystore2_key_contexts {
298 name: "vendor_keystore2_key_contexts",
299 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900300 ":keystore2_key_contexts_files{.plat_vendor}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900301 ":keystore2_key_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900302 ":keystore2_key_contexts_files{.reqd_mask}",
Inseob Kimbaee4a22021-12-21 21:03:32 +0900303 ],
304 soc_specific: true,
305}
Inseob Kim2dac2672021-12-29 17:54:57 +0900306
307seapp_contexts {
308 name: "plat_seapp_contexts",
309 srcs: [":seapp_contexts_files{.plat_private}"],
310 sepolicy: ":precompiled_sepolicy",
311}
312
313seapp_contexts {
314 name: "system_ext_seapp_contexts",
315 srcs: [":seapp_contexts_files{.system_ext_private}"],
316 neverallow_files: [":seapp_contexts_files{.plat_private}"],
317 system_ext_specific: true,
318 sepolicy: ":precompiled_sepolicy",
319}
320
321seapp_contexts {
322 name: "product_seapp_contexts",
323 srcs: [":seapp_contexts_files{.product_private}"],
324 neverallow_files: [
325 ":seapp_contexts_files{.plat_private}",
326 ":seapp_contexts_files{.system_ext_private}",
327 ],
328 product_specific: true,
329 sepolicy: ":precompiled_sepolicy",
330}
331
332seapp_contexts {
333 name: "vendor_seapp_contexts",
334 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900335 ":seapp_contexts_files{.plat_vendor}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900336 ":seapp_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900337 ":seapp_contexts_files{.reqd_mask}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900338 ],
339 neverallow_files: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900340 ":seapp_contexts_files{.plat_private}",
341 ":seapp_contexts_files{.system_ext_private}",
342 ":seapp_contexts_files{.product_private}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900343 ],
344 soc_specific: true,
345 sepolicy: ":precompiled_sepolicy",
346}
347
348seapp_contexts {
349 name: "odm_seapp_contexts",
350 srcs: [
351 ":seapp_contexts_files{.odm}",
352 ],
353 neverallow_files: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900354 ":seapp_contexts_files{.plat_private}",
355 ":seapp_contexts_files{.system_ext_private}",
356 ":seapp_contexts_files{.product_private}",
Inseob Kim2dac2672021-12-29 17:54:57 +0900357 ],
358 device_specific: true,
359 sepolicy: ":precompiled_sepolicy",
360}
361
Inseob Kimc7596c42022-02-25 11:45:41 +0900362vndservice_contexts {
363 name: "vndservice_contexts",
364 srcs: [
Inseob Kim6c6aa012023-08-31 16:47:38 +0900365 ":vndservice_contexts_files{.plat_vendor}",
Inseob Kimc7596c42022-02-25 11:45:41 +0900366 ":vndservice_contexts_files{.vendor}",
Inseob Kim6c6aa012023-08-31 16:47:38 +0900367 ":vndservice_contexts_files{.reqd_mask}",
Inseob Kimc7596c42022-02-25 11:45:41 +0900368 ],
369 soc_specific: true,
370}
371
Inseob Kim2dac2672021-12-29 17:54:57 +0900372// for CTS
373genrule {
374 name: "plat_seapp_neverallows",
375 srcs: [
376 ":seapp_contexts_files{.plat_private}",
377 ":seapp_contexts_files{.system_ext_private}",
378 ":seapp_contexts_files{.product_private}",
379 ],
380 out: ["plat_seapp_neverallows"],
381 cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
382}
Inseob Kimb5e23532022-02-16 02:26:11 +0000383
384//////////////////////////////////
385// Run host-side test with contexts files and the sepolicy file
386file_contexts_test {
387 name: "plat_file_contexts_test",
388 srcs: [":plat_file_contexts"],
389 sepolicy: ":precompiled_sepolicy",
390}
391
392file_contexts_test {
ThiƩbaud Weksteen3a102a12023-10-20 15:43:29 +1100393 name: "plat_file_contexts_data_test",
394 srcs: [":file_contexts_files{.plat_private}"],
395 test_data: "plat_file_contexts_test",
396}
397
398file_contexts_test {
Inseob Kimb5e23532022-02-16 02:26:11 +0000399 name: "system_ext_file_contexts_test",
400 srcs: [":system_ext_file_contexts"],
401 sepolicy: ":precompiled_sepolicy",
402}
403
404file_contexts_test {
405 name: "product_file_contexts_test",
406 srcs: [":product_file_contexts"],
407 sepolicy: ":precompiled_sepolicy",
408}
409
410file_contexts_test {
411 name: "vendor_file_contexts_test",
412 srcs: [":vendor_file_contexts"],
413 sepolicy: ":precompiled_sepolicy",
414}
415
416file_contexts_test {
417 name: "odm_file_contexts_test",
418 srcs: [":odm_file_contexts"],
419 sepolicy: ":precompiled_sepolicy",
420}
421
422hwservice_contexts_test {
423 name: "plat_hwservice_contexts_test",
424 srcs: [":plat_hwservice_contexts"],
425 sepolicy: ":precompiled_sepolicy",
426}
427
428hwservice_contexts_test {
429 name: "system_ext_hwservice_contexts_test",
430 srcs: [":system_ext_hwservice_contexts"],
431 sepolicy: ":precompiled_sepolicy",
432}
433
434hwservice_contexts_test {
435 name: "product_hwservice_contexts_test",
436 srcs: [":product_hwservice_contexts"],
437 sepolicy: ":precompiled_sepolicy",
438}
439
440hwservice_contexts_test {
441 name: "vendor_hwservice_contexts_test",
442 srcs: [":vendor_hwservice_contexts"],
443 sepolicy: ":precompiled_sepolicy",
444}
445
446hwservice_contexts_test {
447 name: "odm_hwservice_contexts_test",
448 srcs: [":odm_hwservice_contexts"],
449 sepolicy: ":precompiled_sepolicy",
450}
451
452property_contexts_test {
453 name: "plat_property_contexts_test",
454 srcs: [":plat_property_contexts"],
455 sepolicy: ":precompiled_sepolicy",
456}
457
458property_contexts_test {
459 name: "system_ext_property_contexts_test",
460 srcs: [
461 ":plat_property_contexts",
462 ":system_ext_property_contexts",
463 ],
464 sepolicy: ":precompiled_sepolicy",
465}
466
467property_contexts_test {
468 name: "product_property_contexts_test",
469 srcs: [
470 ":plat_property_contexts",
471 ":system_ext_property_contexts",
472 ":product_property_contexts",
473 ],
474 sepolicy: ":precompiled_sepolicy",
475}
476
477property_contexts_test {
478 name: "vendor_property_contexts_test",
479 srcs: [
480 ":plat_property_contexts",
481 ":system_ext_property_contexts",
482 ":product_property_contexts",
483 ":vendor_property_contexts",
484 ],
485 sepolicy: ":precompiled_sepolicy",
486}
487
488property_contexts_test {
489 name: "odm_property_contexts_test",
490 srcs: [
491 ":plat_property_contexts",
492 ":system_ext_property_contexts",
493 ":product_property_contexts",
494 ":vendor_property_contexts",
495 ":odm_property_contexts",
496 ],
497 sepolicy: ":precompiled_sepolicy",
498}
499
500service_contexts_test {
501 name: "plat_service_contexts_test",
502 srcs: [":plat_service_contexts"],
503 sepolicy: ":precompiled_sepolicy",
504}
505
506service_contexts_test {
507 name: "system_ext_service_contexts_test",
508 srcs: [":system_ext_service_contexts"],
509 sepolicy: ":precompiled_sepolicy",
510}
511
512service_contexts_test {
513 name: "product_service_contexts_test",
514 srcs: [":product_service_contexts"],
515 sepolicy: ":precompiled_sepolicy",
516}
517
518service_contexts_test {
519 name: "vendor_service_contexts_test",
520 srcs: [":vendor_service_contexts"],
521 sepolicy: ":precompiled_sepolicy",
522}
Inseob Kimc7596c42022-02-25 11:45:41 +0900523
Inseob Kim3bb20332022-10-24 20:41:45 +0900524service_contexts_test {
525 name: "odm_service_contexts_test",
526 srcs: [":odm_service_contexts"],
527 sepolicy: ":precompiled_sepolicy",
528}
529
Inseob Kimc7596c42022-02-25 11:45:41 +0900530vndservice_contexts_test {
531 name: "vndservice_contexts_test",
532 srcs: [":vndservice_contexts"],
533 sepolicy: ":precompiled_sepolicy",
534}
Pawan0ecf99d2022-09-12 23:20:53 +0000535
536fuzzer_bindings_test {
537 name: "fuzzer_bindings_test",
538 srcs: [":plat_service_contexts"],
539}