// Copyright (C) 2021 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // This file contains module definitions for various contexts files. package { // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "system_sepolicy_license" // to get the below license kinds: // SPDX-license-identifier-Apache-2.0 default_applicable_licenses: ["system_sepolicy_license"], } se_build_files { name: "file_contexts_files", srcs: ["file_contexts"], } se_build_files { name: "file_contexts_asan_files", srcs: ["file_contexts_asan"], } se_build_files { name: "file_contexts_overlayfs_files", srcs: ["file_contexts_overlayfs"], } se_build_files { name: "hwservice_contexts_files", srcs: ["hwservice_contexts"], } se_build_files { name: "property_contexts_files", srcs: ["property_contexts"], } se_build_files { name: "service_contexts_files", srcs: ["service_contexts"], } se_build_files { name: "keystore2_key_contexts_files", srcs: ["keystore2_key_contexts"], } se_build_files { name: "seapp_contexts_files", srcs: ["seapp_contexts"], } se_build_files { name: "vndservice_contexts_files", srcs: ["vndservice_contexts"], } file_contexts { name: "plat_file_contexts", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.plat_private}"], product_variables: { address_sanitize: { srcs: [":file_contexts_asan_files{.plat_private}"], }, debuggable: { srcs: [":file_contexts_overlayfs_files{.plat_private}"], }, }, } file_contexts { name: "plat_file_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.plat_private}"], stem: "plat_file_contexts", product_variables: { address_sanitize: { srcs: [":file_contexts_asan_files{.plat_private}"], }, debuggable: { srcs: [":file_contexts_overlayfs_files{.plat_private}"], }, }, recovery: true, } file_contexts { name: "vendor_file_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":file_contexts_files{.plat_vendor}", ":file_contexts_files{.vendor}", ], soc_specific: true, fc_sort: true, } file_contexts { name: "vendor_file_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [ ":file_contexts_files{.plat_vendor}", ":file_contexts_files{.vendor}", ], stem: "vendor_file_contexts", recovery: true, fc_sort: true, } file_contexts { name: "system_ext_file_contexts", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.system_ext_private}"], system_ext_specific: true, } file_contexts { name: "system_ext_file_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.system_ext_private}"], stem: "system_ext_file_contexts", recovery: true, } file_contexts { name: "product_file_contexts", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.product_private}"], product_specific: true, } file_contexts { name: "product_file_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.product_private}"], stem: "product_file_contexts", recovery: true, } file_contexts { name: "odm_file_contexts", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.odm}"], device_specific: true, fc_sort: true, } file_contexts { name: "odm_file_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":file_contexts_files{.odm}"], stem: "odm_file_contexts", recovery: true, fc_sort: true, } hwservice_contexts { name: "plat_hwservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [":hwservice_contexts_files{.plat_private}"], } hwservice_contexts { name: "system_ext_hwservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [":hwservice_contexts_files{.system_ext_private}"], system_ext_specific: true, } hwservice_contexts { name: "product_hwservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [":hwservice_contexts_files{.product_private}"], product_specific: true, } hwservice_contexts { name: "vendor_hwservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":hwservice_contexts_files{.plat_vendor}", ":hwservice_contexts_files{.vendor}", ":hwservice_contexts_files{.reqd_mask}", ], soc_specific: true, } hwservice_contexts { name: "odm_hwservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [":hwservice_contexts_files{.odm}"], device_specific: true, } property_contexts { name: "plat_property_contexts", defaults: ["contexts_flags_defaults"], srcs: [":property_contexts_files{.plat_private}"], } property_contexts { name: "plat_property_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":property_contexts_files{.plat_private}"], stem: "plat_property_contexts", recovery: true, } property_contexts { name: "system_ext_property_contexts", defaults: ["contexts_flags_defaults"], srcs: [":property_contexts_files{.system_ext_private}"], system_ext_specific: true, recovery_available: true, } property_contexts { name: "product_property_contexts", defaults: ["contexts_flags_defaults"], srcs: [":property_contexts_files{.product_private}"], product_specific: true, recovery_available: true, } property_contexts { name: "vendor_property_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":property_contexts_files{.plat_vendor}", ":property_contexts_files{.vendor}", ":property_contexts_files{.reqd_mask}", ], soc_specific: true, recovery_available: true, } property_contexts { name: "odm_property_contexts", defaults: ["contexts_flags_defaults"], srcs: [":property_contexts_files{.odm}"], device_specific: true, recovery_available: true, } service_contexts { name: "plat_service_contexts", defaults: ["contexts_flags_defaults"], srcs: [":service_contexts_files{.plat_private}"], } service_contexts { name: "plat_service_contexts.recovery", defaults: ["contexts_flags_defaults"], srcs: [":service_contexts_files{.plat_private}"], stem: "plat_service_contexts", recovery: true, } service_contexts { name: "system_ext_service_contexts", defaults: ["contexts_flags_defaults"], srcs: [":service_contexts_files{.system_ext_private}"], system_ext_specific: true, recovery_available: true, } service_contexts { name: "product_service_contexts", defaults: ["contexts_flags_defaults"], srcs: [":service_contexts_files{.product_private}"], product_specific: true, recovery_available: true, } service_contexts { name: "vendor_service_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":service_contexts_files{.plat_vendor}", ":service_contexts_files{.vendor}", ":service_contexts_files{.reqd_mask}", ], soc_specific: true, recovery_available: true, } service_contexts { name: "odm_service_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":service_contexts_files{.odm}", ], device_specific: true, recovery_available: true, } keystore2_key_contexts { name: "plat_keystore2_key_contexts", defaults: ["contexts_flags_defaults"], srcs: [":keystore2_key_contexts_files{.plat_private}"], } keystore2_key_contexts { name: "system_keystore2_key_contexts", defaults: ["contexts_flags_defaults"], srcs: [":keystore2_key_contexts_files{.system_ext_private}"], system_ext_specific: true, } keystore2_key_contexts { name: "product_keystore2_key_contexts", defaults: ["contexts_flags_defaults"], srcs: [":keystore2_key_contexts_files{.product_private}"], product_specific: true, } keystore2_key_contexts { name: "vendor_keystore2_key_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":keystore2_key_contexts_files{.plat_vendor}", ":keystore2_key_contexts_files{.vendor}", ":keystore2_key_contexts_files{.reqd_mask}", ], soc_specific: true, } seapp_contexts { name: "plat_seapp_contexts", defaults: ["contexts_flags_defaults"], srcs: [":seapp_contexts_files{.plat_private}"], sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "system_ext_seapp_contexts", defaults: ["contexts_flags_defaults"], srcs: [":seapp_contexts_files{.system_ext_private}"], neverallow_files: [":seapp_contexts_files{.plat_private}"], system_ext_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "product_seapp_contexts", defaults: ["contexts_flags_defaults"], srcs: [":seapp_contexts_files{.product_private}"], neverallow_files: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ], product_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "vendor_seapp_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":seapp_contexts_files{.plat_vendor}", ":seapp_contexts_files{.vendor}", ":seapp_contexts_files{.reqd_mask}", ], neverallow_files: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ":seapp_contexts_files{.product_private}", ], soc_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "odm_seapp_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":seapp_contexts_files{.odm}", ], neverallow_files: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ":seapp_contexts_files{.product_private}", ], device_specific: true, sepolicy: ":precompiled_sepolicy", } vndservice_contexts { name: "vndservice_contexts", defaults: ["contexts_flags_defaults"], srcs: [ ":vndservice_contexts_files{.plat_vendor}", ":vndservice_contexts_files{.vendor}", ":vndservice_contexts_files{.reqd_mask}", ], soc_specific: true, } // for CTS genrule { name: "plat_seapp_neverallows", srcs: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ":seapp_contexts_files{.product_private}", ], out: ["plat_seapp_neverallows"], cmd: "grep -ihe '^neverallow' $(in) > $(out) || true", } ////////////////////////////////// // Run host-side test with contexts files and the sepolicy file file_contexts_test { name: "plat_file_contexts_test", srcs: [":plat_file_contexts"], sepolicy: ":precompiled_sepolicy", } file_contexts_test { name: "plat_file_contexts_data_test", srcs: [":file_contexts_files{.plat_private}"], test_data: "plat_file_contexts_test", } file_contexts_test { name: "system_ext_file_contexts_test", srcs: [":system_ext_file_contexts"], sepolicy: ":precompiled_sepolicy", } file_contexts_test { name: "product_file_contexts_test", srcs: [":product_file_contexts"], sepolicy: ":precompiled_sepolicy", } file_contexts_test { name: "vendor_file_contexts_test", srcs: [":vendor_file_contexts"], sepolicy: ":precompiled_sepolicy", } file_contexts_test { name: "odm_file_contexts_test", srcs: [":odm_file_contexts"], sepolicy: ":precompiled_sepolicy", } hwservice_contexts_test { name: "plat_hwservice_contexts_test", srcs: [":plat_hwservice_contexts"], sepolicy: ":precompiled_sepolicy", } hwservice_contexts_test { name: "system_ext_hwservice_contexts_test", srcs: [":system_ext_hwservice_contexts"], sepolicy: ":precompiled_sepolicy", } hwservice_contexts_test { name: "product_hwservice_contexts_test", srcs: [":product_hwservice_contexts"], sepolicy: ":precompiled_sepolicy", } hwservice_contexts_test { name: "vendor_hwservice_contexts_test", srcs: [":vendor_hwservice_contexts"], sepolicy: ":precompiled_sepolicy", } hwservice_contexts_test { name: "odm_hwservice_contexts_test", srcs: [":odm_hwservice_contexts"], sepolicy: ":precompiled_sepolicy", } property_contexts_test { name: "plat_property_contexts_test", srcs: [":plat_property_contexts"], sepolicy: ":precompiled_sepolicy", } property_contexts_test { name: "system_ext_property_contexts_test", srcs: [ ":plat_property_contexts", ":system_ext_property_contexts", ], sepolicy: ":precompiled_sepolicy", } property_contexts_test { name: "product_property_contexts_test", srcs: [ ":plat_property_contexts", ":system_ext_property_contexts", ":product_property_contexts", ], sepolicy: ":precompiled_sepolicy", } property_contexts_test { name: "vendor_property_contexts_test", srcs: [ ":plat_property_contexts", ":system_ext_property_contexts", ":product_property_contexts", ":vendor_property_contexts", ], sepolicy: ":precompiled_sepolicy", } property_contexts_test { name: "odm_property_contexts_test", srcs: [ ":plat_property_contexts", ":system_ext_property_contexts", ":product_property_contexts", ":vendor_property_contexts", ":odm_property_contexts", ], sepolicy: ":precompiled_sepolicy", } service_contexts_test { name: "plat_service_contexts_test", srcs: [":plat_service_contexts"], sepolicy: ":precompiled_sepolicy", } service_contexts_test { name: "system_ext_service_contexts_test", srcs: [":system_ext_service_contexts"], sepolicy: ":precompiled_sepolicy", } service_contexts_test { name: "product_service_contexts_test", srcs: [":product_service_contexts"], sepolicy: ":precompiled_sepolicy", } service_contexts_test { name: "vendor_service_contexts_test", srcs: [":vendor_service_contexts"], sepolicy: ":precompiled_sepolicy", } service_contexts_test { name: "odm_service_contexts_test", srcs: [":odm_service_contexts"], sepolicy: ":precompiled_sepolicy", } vndservice_contexts_test { name: "vndservice_contexts_test", srcs: [":vndservice_contexts"], sepolicy: ":precompiled_sepolicy", } fuzzer_bindings_test { name: "fuzzer_bindings_test", srcs: [":plat_service_contexts"], }