package { default_applicable_licenses: ["external_selinux_libselinux_license"], } // Added automatically by a large-scale-change that took the approach of // 'apply every license found to every target'. While this makes sure we respect // every license restriction, it may not be entirely correct. // // e.g. GPL in an MIT project might only apply to the contrib/ directory. // // Please consider splitting the single license below into multiple licenses, // taking care not to lose any license_kind information, and overriding the // default license using the 'licenses: [...]' property on targets as needed. // // For unused files, consider creating a 'filegroup' with "//visibility:private" // to attach the license to, and including a comment whether the files may be // used in the current project. // http://go/android-license-faq license { name: "external_selinux_libselinux_license", visibility: [":__subpackages__"], license_kinds: [ "SPDX-license-identifier-Apache-2.0", "SPDX-license-identifier-GPL-2.0", "legacy_unencumbered", ], license_text: [ "LICENSE", ], } common_CFLAGS = [ // Persistently stored patterns (pcre2) are architecture dependent. // In particular paterns built on amd64 can not run on devices with armv7 // (32bit). Therefore, this feature stays off for now. "-DNO_PERSISTENTLY_STORED_PATTERNS", "-DDISABLE_SETRANS", "-DDISABLE_BOOL", "-D_GNU_SOURCE", "-DNO_MEDIA_BACKEND", "-DNO_X_BACKEND", "-DNO_DB_BACKEND", "-Wall", "-Werror", "-Wno-error=missing-noreturn", "-Wno-error=unused-function", "-Wno-error=unused-variable", "-DUSE_PCRE2", // 1003 corresponds to auditd, from system/core/logd/event.logtags "-DAUDITD_LOG_TAG=1003", ] cc_defaults { name: "libselinux_defaults", cflags: common_CFLAGS, srcs: [ "src/android/android.c", "src/android/android_seapp.c", "src/avc.c", "src/avc_internal.c", "src/avc_sidtab.c", "src/booleans.c", "src/callbacks.c", "src/canonicalize_context.c", "src/checkAccess.c", "src/check_context.c", "src/compute_av.c", "src/compute_create.c", "src/compute_member.c", "src/context.c", "src/deny_unknown.c", "src/disable.c", "src/enabled.c", "src/fgetfilecon.c", "src/freecon.c", "src/fsetfilecon.c", "src/get_initial_context.c", "src/getenforce.c", "src/getfilecon.c", "src/getpeercon.c", "src/init.c", "src/label.c", "src/label_backends_android.c", "src/label_file.c", "src/label_support.c", "src/lgetfilecon.c", "src/load_policy.c", "src/lsetfilecon.c", "src/mapping.c", "src/matchpathcon.c", "src/policyvers.c", "src/procattr.c", "src/regex.c", "src/reject_unknown.c", "src/selinux_internal.c", "src/sestatus.c", "src/setenforce.c", "src/setfilecon.c", "src/setrans_client.c", "src/sha1.c", "src/stringrep.c", ], target: { host: { cflags: [ "-DBUILD_HOST", ], }, android: { cflags: [ "-DHAVE_STRLCPY" ], srcs: [ "src/android/android_device.c", ], static: { whole_static_libs: [ "libpackagelistparser", ], }, shared: { shared_libs: [ "libpackagelistparser", ], }, system_shared_libs: ["libc"], }, }, static: { whole_static_libs: [ "libpcre2", "liblog", ], }, shared: { shared_libs: [ "libpcre2", "liblog", ], }, header_libs: [ "libbase_headers", "libcutils_headers", "liblog_headers", ], local_include_dirs: [ "include", "src", ], export_include_dirs: ["include"], stl: "none", } cc_library { name: "libselinux", defaults: ["libselinux_defaults"], llndk: { symbol_file: "exported.map.txt", }, ramdisk_available: true, vendor_ramdisk_available: true, recovery_available: true, host_supported: true, target: { linux_bionic: { enabled: true, }, android: { version_script: "exported.map.txt", }, }, stubs: { symbol_file: "exported.map.txt", versions: ["30"], }, } cc_test_host { name: "libselinux_test", defaults: ["libselinux_defaults"], srcs: ["src/android/android_unittest.cpp"], cflags: [ // regex.h will conflict with the default regex.h from libc. // Skip regex for gtest. "-DGTEST_HAS_POSIX_RE=0", // Disable automatic interactions with sysfs when libselinux is // initialized. This ensures that the tests remain hermetic on the host. "-DANDROID_UNIT_TESTING", ], whole_static_libs: [ "libbase", "liblog", "libpcre2", ], // Use default stl. stl:"" } cc_binary_host { name: "sefcontext_compile", defaults: ["libselinux_defaults"], srcs: ["utils/sefcontext_compile.c"], static_libs: [ "libselinux", "libsepol", ], stl: "", } rust_bindgen { name: "libselinux_bindgen", wrapper_src: "rust/selinux.h", crate_name: "selinux_bindgen", visibility: ["//frameworks/native/libs/binder/rust/tests", "//system/security/keystore2:__subpackages__", "//packages/modules/Virtualization:__subpackages__"], source_stem: "bindings", local_include_dirs: ["include"], // Generate bindings only for the symbols that are actually exported (see exported.map.txt). // This makes the generated bindings much more concise and improves compilation // time. bindgen_flags: [ "--allowlist-function=fgetfilecon", "--allowlist-function=fgetfilecon_raw", "--allowlist-function=freecon", "--allowlist-function=fsetfilecon", "--allowlist-function=getcon", "--allowlist-function=getfilecon", "--allowlist-function=getpeercon", "--allowlist-function=getpidcon", "--allowlist-function=is_selinux_enabled", "--allowlist-function=lgetfilecon", "--allowlist-function=lsetfilecon", "--allowlist-function=security_compute_create", "--allowlist-function=security_get_initial_context", "--allowlist-function=security_getenforce", "--allowlist-function=security_load_policy", "--allowlist-function=security_policyvers", "--allowlist-function=security_setenforce", "--allowlist-function=selabel_close", "--allowlist-function=selabel_lookup", "--allowlist-function=selabel_lookup_best_match", "--allowlist-function=selabel_open", "--allowlist-function=selinux_android_file_context_handle", "--allowlist-function=selinux_android_hw_service_context_handle", "--allowlist-function=selinux_android_load_policy", "--allowlist-function=selinux_android_load_policy_from_fd", "--allowlist-function=selinux_android_restorecon", "--allowlist-function=selinux_android_restorecon_pkgdir", "--allowlist-function=selinux_android_seapp_context_init", "--allowlist-function=selinux_android_service_context_handle", "--allowlist-function=selinux_android_set_sehandle", "--allowlist-function=selinux_android_setcon", "--allowlist-function=selinux_android_setcontext", "--allowlist-function=selinux_android_vendor_service_context_handle", "--allowlist-function=selinux_check_access", "--allowlist-function=selinux_log_callback", "--allowlist-function=selinux_set_callback", "--allowlist-function=selinux_status_open", "--allowlist-function=selinux_status_updated", "--allowlist-function=selinux_vendor_log_callback", "--allowlist-function=set_selinuxmnt", "--allowlist-function=setcon", "--allowlist-function=setexeccon", "--allowlist-function=setfilecon", "--allowlist-function=setfscreatecon", "--allowlist-function=setsockcreatecon", "--allowlist-function=setsockcreatecon_raw", "--allowlist-function=string_to_security_class", "--allowlist-function=selinux_android_context_with_level", "--allowlist-function=selinux_android_keystore2_key_context_handle", // We also need some constants in addition to the functions. "--allowlist-var=SELABEL_.*", "--allowlist-var=SELINUX_.*", ], // This is mainly to run layout tests for generated bindings on the host. host_supported: true, apex_available: [ "com.android.virt", "//apex_available:platform", ], } rust_test { name: "libselinux_bindgen_test", srcs: [ ":libselinux_bindgen", ], crate_name: "selinux_bindgen_test", test_suites: ["general-tests"], auto_gen_config: true, clippy_lints: "none", lints: "none", }