Add rust_bindgen target for libselinux.

Generate rust bindings for libselinux. Bug: 159466840 Test: system_security_keystore_selinux_rust_test Change-Id: I5c360b2b92faaffe6e66942559e7c97a48d9d4a9
2020-07-21 13:07:53 -07:00 · 2020-07-21 13:07:53 -07:00 · 3a9d35cc84
commit 3a9d35cc84
parent 3ab0dbf47f
2 changed files with 73 additions and 0 deletions
--- a/libselinux/Android.bp
+++ b/libselinux/Android.bp
@ -227,3 +227,72 @@ cc_binary_host {
    ],
    whole_static_libs: ["libpcre2"],
 }
+
+rust_bindgen {
+    name: "libselinux_bindgen",
+    wrapper_src: "rust/selinux.h",
+    stem: "bindings",
+    local_include_dirs: ["include"],
+
+    // Generate bindings only for the symbols that are actually exported (see exported.map).
+    // This makes the generated bindings much more concise and improves compilation
+    // time.
+    flags: [
+        "--whitelist-function fgetfilecon",
+        "--whitelist-function fgetfilecon_raw",
+        "--whitelist-function freecon",
+        "--whitelist-function fsetfilecon",
+        "--whitelist-function getcon",
+        "--whitelist-function getfilecon",
+        "--whitelist-function getpeercon",
+        "--whitelist-function getpidcon",
+        "--whitelist-function is_selinux_enabled",
+        "--whitelist-function lgetfilecon",
+        "--whitelist-function lsetfilecon",
+        "--whitelist-function security_compute_create",
+        "--whitelist-function security_get_initial_context",
+        "--whitelist-function security_getenforce",
+        "--whitelist-function security_load_policy",
+        "--whitelist-function security_policyvers",
+        "--whitelist-function security_setenforce",
+        "--whitelist-function selabel_close",
+        "--whitelist-function selabel_lookup",
+        "--whitelist-function selabel_lookup_best_match",
+        "--whitelist-function selabel_open",
+        "--whitelist-function selinux_android_file_context_handle",
+        "--whitelist-function selinux_android_hw_service_context_handle",
+        "--whitelist-function selinux_android_load_policy",
+        "--whitelist-function selinux_android_load_policy_from_fd",
+        "--whitelist-function selinux_android_restorecon",
+        "--whitelist-function selinux_android_restorecon_pkgdir",
+        "--whitelist-function selinux_android_seapp_context_init",
+        "--whitelist-function selinux_android_service_context_handle",
+        "--whitelist-function selinux_android_set_sehandle",
+        "--whitelist-function selinux_android_setcon",
+        "--whitelist-function selinux_android_setcontext",
+        "--whitelist-function selinux_android_vendor_service_context_handle",
+        "--whitelist-function selinux_check_access",
+        "--whitelist-function selinux_log_callback",
+        "--whitelist-function selinux_set_callback",
+        "--whitelist-function selinux_status_open",
+        "--whitelist-function selinux_status_updated",
+        "--whitelist-function selinux_vendor_log_callback",
+        "--whitelist-function set_selinuxmnt",
+        "--whitelist-function setcon",
+        "--whitelist-function setexeccon",
+        "--whitelist-function setfilecon",
+        "--whitelist-function setfscreatecon",
+        "--whitelist-function setsockcreatecon",
+        "--whitelist-function setsockcreatecon_raw",
+        "--whitelist-function string_to_security_class",
+        "--whitelist-function selinux_android_context_with_level",
+        "--whitelist-function selinux_android_keystore2_key_context_handle",
+
+        // We also need some constants in addition to the functions.
+        "--whitelist-var SELABEL_.*",
+        "--whitelist-var SELINUX_.*",
+    ],
+
+    // This is mainly to run layout tests for generated bindings on the host.
+    host_supported: true,
+}
--- a/libselinux/rust/selinux.h
+++ b/libselinux/rust/selinux.h
@ -0,0 +1,4 @@
+#pragma once
+
+#include <selinux/android.h>
+#include <selinux/avc.h>