// Copyright (C) 2021 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // This file contains module definitions for various contexts files. package { // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "system_sepolicy_license" // to get the below license kinds: // SPDX-license-identifier-Apache-2.0 default_applicable_licenses: ["system_sepolicy_license"], } file_contexts { name: "plat_file_contexts", srcs: [":file_contexts_files{.plat_private}"], product_variables: { address_sanitize: { srcs: [":file_contexts_asan_files{.plat_private}"], }, debuggable: { srcs: [":file_contexts_overlayfs_files{.plat_private}"], }, }, flatten_apex: { srcs: [":apex_file_contexts_files"], }, } file_contexts { name: "plat_file_contexts.recovery", srcs: [":file_contexts_files{.plat_private}"], stem: "plat_file_contexts", product_variables: { address_sanitize: { srcs: [":file_contexts_asan_files{.plat_private}"], }, debuggable: { srcs: [":file_contexts_overlayfs_files{.plat_private}"], }, }, flatten_apex: { srcs: [":apex_file_contexts_files"], }, recovery: true, } file_contexts { name: "vendor_file_contexts", srcs: [ ":file_contexts_files{.plat_vendor_for_vendor}", ":file_contexts_files{.vendor}", ], soc_specific: true, recovery_available: true, } file_contexts { name: "system_ext_file_contexts", srcs: [":file_contexts_files{.system_ext_private}"], system_ext_specific: true, recovery_available: true, } file_contexts { name: "product_file_contexts", srcs: [":file_contexts_files{.product_private}"], product_specific: true, recovery_available: true, } file_contexts { name: "odm_file_contexts", srcs: [":file_contexts_files{.odm}"], device_specific: true, recovery_available: true, } hwservice_contexts { name: "plat_hwservice_contexts", srcs: [":hwservice_contexts_files{.plat_private}"], } hwservice_contexts { name: "system_ext_hwservice_contexts", srcs: [":hwservice_contexts_files{.system_ext_private}"], system_ext_specific: true, } hwservice_contexts { name: "product_hwservice_contexts", srcs: [":hwservice_contexts_files{.product_private}"], product_specific: true, } hwservice_contexts { name: "vendor_hwservice_contexts", srcs: [ ":hwservice_contexts_files{.plat_vendor_for_vendor}", ":hwservice_contexts_files{.vendor}", ":hwservice_contexts_files{.reqd_mask_for_vendor}", ], soc_specific: true, } hwservice_contexts { name: "odm_hwservice_contexts", srcs: [":hwservice_contexts_files{.odm}"], device_specific: true, } property_contexts { name: "plat_property_contexts", srcs: [":property_contexts_files{.plat_private}"], } property_contexts { name: "plat_property_contexts.recovery", srcs: [":property_contexts_files{.plat_private}"], stem: "plat_property_contexts", recovery: true, } property_contexts { name: "system_ext_property_contexts", srcs: [":property_contexts_files{.system_ext_private}"], system_ext_specific: true, recovery_available: true, } property_contexts { name: "product_property_contexts", srcs: [":property_contexts_files{.product_private}"], product_specific: true, recovery_available: true, } property_contexts { name: "vendor_property_contexts", srcs: [ ":property_contexts_files{.plat_vendor_for_vendor}", ":property_contexts_files{.vendor}", ":property_contexts_files{.reqd_mask_for_vendor}", ], soc_specific: true, recovery_available: true, } property_contexts { name: "odm_property_contexts", srcs: [":property_contexts_files{.odm}"], device_specific: true, recovery_available: true, } service_contexts { name: "plat_service_contexts", srcs: [":service_contexts_files{.plat_private}"], } service_contexts { name: "plat_service_contexts.recovery", srcs: [":service_contexts_files{.plat_private}"], stem: "plat_service_contexts", recovery: true, } service_contexts { name: "system_ext_service_contexts", srcs: [":service_contexts_files{.system_ext_private}"], system_ext_specific: true, recovery_available: true, } service_contexts { name: "product_service_contexts", srcs: [":service_contexts_files{.product_private}"], product_specific: true, recovery_available: true, } service_contexts { name: "vendor_service_contexts", srcs: [ ":service_contexts_files{.plat_vendor_for_vendor}", ":service_contexts_files{.vendor}", ":service_contexts_files{.reqd_mask_for_vendor}", ], soc_specific: true, recovery_available: true, } keystore2_key_contexts { name: "plat_keystore2_key_contexts", srcs: [":keystore2_key_contexts_files{.plat_private}"], } keystore2_key_contexts { name: "system_keystore2_key_contexts", srcs: [":keystore2_key_contexts_files{.system_ext_private}"], system_ext_specific: true, } keystore2_key_contexts { name: "product_keystore2_key_contexts", srcs: [":keystore2_key_contexts_files{.product_private}"], product_specific: true, } keystore2_key_contexts { name: "vendor_keystore2_key_contexts", srcs: [ ":keystore2_key_contexts_files{.plat_vendor_for_vendor}", ":keystore2_key_contexts_files{.vendor}", ":keystore2_key_contexts_files{.reqd_mask_for_vendor}", ], soc_specific: true, } seapp_contexts { name: "plat_seapp_contexts", srcs: [":seapp_contexts_files{.plat_private}"], sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "system_ext_seapp_contexts", srcs: [":seapp_contexts_files{.system_ext_private}"], neverallow_files: [":seapp_contexts_files{.plat_private}"], system_ext_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "product_seapp_contexts", srcs: [":seapp_contexts_files{.product_private}"], neverallow_files: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ], product_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "vendor_seapp_contexts", srcs: [ ":seapp_contexts_files{.plat_vendor_for_vendor}", ":seapp_contexts_files{.vendor}", ":seapp_contexts_files{.reqd_mask_for_vendor}", ], neverallow_files: [ ":seapp_contexts_files{.plat_private_for_vendor}", ":seapp_contexts_files{.system_ext_private_for_vendor}", ":seapp_contexts_files{.product_private_for_vendor}", ], soc_specific: true, sepolicy: ":precompiled_sepolicy", } seapp_contexts { name: "odm_seapp_contexts", srcs: [ ":seapp_contexts_files{.odm}", ], neverallow_files: [ ":seapp_contexts_files{.plat_private_for_vendor}", ":seapp_contexts_files{.system_ext_private_for_vendor}", ":seapp_contexts_files{.product_private_for_vendor}", ], device_specific: true, sepolicy: ":precompiled_sepolicy", } // for CTS genrule { name: "plat_seapp_neverallows", srcs: [ ":seapp_contexts_files{.plat_private}", ":seapp_contexts_files{.system_ext_private}", ":seapp_contexts_files{.product_private}", ], out: ["plat_seapp_neverallows"], cmd: "grep -ihe '^neverallow' $(in) > $(out) || true", }