diff --git a/libselinux/Android.bp b/libselinux/Android.bp index 664e9288..50c27372 100644 --- a/libselinux/Android.bp +++ b/libselinux/Android.bp @@ -227,3 +227,72 @@ cc_binary_host { ], whole_static_libs: ["libpcre2"], } + +rust_bindgen { + name: "libselinux_bindgen", + wrapper_src: "rust/selinux.h", + stem: "bindings", + local_include_dirs: ["include"], + + // Generate bindings only for the symbols that are actually exported (see exported.map). + // This makes the generated bindings much more concise and improves compilation + // time. + flags: [ + "--whitelist-function fgetfilecon", + "--whitelist-function fgetfilecon_raw", + "--whitelist-function freecon", + "--whitelist-function fsetfilecon", + "--whitelist-function getcon", + "--whitelist-function getfilecon", + "--whitelist-function getpeercon", + "--whitelist-function getpidcon", + "--whitelist-function is_selinux_enabled", + "--whitelist-function lgetfilecon", + "--whitelist-function lsetfilecon", + "--whitelist-function security_compute_create", + "--whitelist-function security_get_initial_context", + "--whitelist-function security_getenforce", + "--whitelist-function security_load_policy", + "--whitelist-function security_policyvers", + "--whitelist-function security_setenforce", + "--whitelist-function selabel_close", + "--whitelist-function selabel_lookup", + "--whitelist-function selabel_lookup_best_match", + "--whitelist-function selabel_open", + "--whitelist-function selinux_android_file_context_handle", + "--whitelist-function selinux_android_hw_service_context_handle", + "--whitelist-function selinux_android_load_policy", + "--whitelist-function selinux_android_load_policy_from_fd", + "--whitelist-function selinux_android_restorecon", + "--whitelist-function selinux_android_restorecon_pkgdir", + "--whitelist-function selinux_android_seapp_context_init", + "--whitelist-function selinux_android_service_context_handle", + "--whitelist-function selinux_android_set_sehandle", + "--whitelist-function selinux_android_setcon", + "--whitelist-function selinux_android_setcontext", + "--whitelist-function selinux_android_vendor_service_context_handle", + "--whitelist-function selinux_check_access", + "--whitelist-function selinux_log_callback", + "--whitelist-function selinux_set_callback", + "--whitelist-function selinux_status_open", + "--whitelist-function selinux_status_updated", + "--whitelist-function selinux_vendor_log_callback", + "--whitelist-function set_selinuxmnt", + "--whitelist-function setcon", + "--whitelist-function setexeccon", + "--whitelist-function setfilecon", + "--whitelist-function setfscreatecon", + "--whitelist-function setsockcreatecon", + "--whitelist-function setsockcreatecon_raw", + "--whitelist-function string_to_security_class", + "--whitelist-function selinux_android_context_with_level", + "--whitelist-function selinux_android_keystore2_key_context_handle", + + // We also need some constants in addition to the functions. + "--whitelist-var SELABEL_.*", + "--whitelist-var SELINUX_.*", + ], + + // This is mainly to run layout tests for generated bindings on the host. + host_supported: true, +} diff --git a/libselinux/rust/selinux.h b/libselinux/rust/selinux.h new file mode 100644 index 00000000..706f12fe --- /dev/null +++ b/libselinux/rust/selinux.h @@ -0,0 +1,4 @@ +#pragma once + +#include +#include