dfa4a48b1c
Sorting algorithm of fc_sort is not perfect and often causes unexpected behaviors. We are moving from fc_sort to manual ordering of platform file_contexts files. In addition, this sets remove_comment as true by default, as fc_sort has been removing comments / empty lines. Bug: 299839280 Test: TH Change-Id: Ic8a02b64fc70481234467a470506580d2e6efd94
543 lines
13 KiB
Text
543 lines
13 KiB
Text
// Copyright (C) 2021 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// This file contains module definitions for various contexts files.
|
|
|
|
package {
|
|
// See: http://go/android-license-faq
|
|
// A large-scale-change added 'default_applicable_licenses' to import
|
|
// all of the 'license_kinds' from "system_sepolicy_license"
|
|
// to get the below license kinds:
|
|
// SPDX-license-identifier-Apache-2.0
|
|
default_applicable_licenses: ["system_sepolicy_license"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "file_contexts_files",
|
|
srcs: ["file_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "file_contexts_asan_files",
|
|
srcs: ["file_contexts_asan"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "file_contexts_overlayfs_files",
|
|
srcs: ["file_contexts_overlayfs"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "hwservice_contexts_files",
|
|
srcs: ["hwservice_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "property_contexts_files",
|
|
srcs: ["property_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "service_contexts_files",
|
|
srcs: ["service_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "keystore2_key_contexts_files",
|
|
srcs: ["keystore2_key_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "seapp_contexts_files",
|
|
srcs: ["seapp_contexts"],
|
|
}
|
|
|
|
se_build_files {
|
|
name: "vndservice_contexts_files",
|
|
srcs: ["vndservice_contexts"],
|
|
}
|
|
|
|
file_contexts {
|
|
name: "plat_file_contexts",
|
|
srcs: [":file_contexts_files{.plat_private}"],
|
|
product_variables: {
|
|
address_sanitize: {
|
|
srcs: [":file_contexts_asan_files{.plat_private}"],
|
|
},
|
|
debuggable: {
|
|
srcs: [":file_contexts_overlayfs_files{.plat_private}"],
|
|
},
|
|
},
|
|
}
|
|
|
|
file_contexts {
|
|
name: "plat_file_contexts.recovery",
|
|
srcs: [":file_contexts_files{.plat_private}"],
|
|
stem: "plat_file_contexts",
|
|
product_variables: {
|
|
address_sanitize: {
|
|
srcs: [":file_contexts_asan_files{.plat_private}"],
|
|
},
|
|
debuggable: {
|
|
srcs: [":file_contexts_overlayfs_files{.plat_private}"],
|
|
},
|
|
},
|
|
recovery: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "vendor_file_contexts",
|
|
srcs: [
|
|
":file_contexts_files{.plat_vendor}",
|
|
":file_contexts_files{.vendor}",
|
|
],
|
|
soc_specific: true,
|
|
fc_sort: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "vendor_file_contexts.recovery",
|
|
srcs: [
|
|
":file_contexts_files{.plat_vendor}",
|
|
":file_contexts_files{.vendor}",
|
|
],
|
|
stem: "vendor_file_contexts",
|
|
recovery: true,
|
|
fc_sort: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "system_ext_file_contexts",
|
|
srcs: [":file_contexts_files{.system_ext_private}"],
|
|
system_ext_specific: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "system_ext_file_contexts.recovery",
|
|
srcs: [":file_contexts_files{.system_ext_private}"],
|
|
stem: "system_ext_file_contexts",
|
|
recovery: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "product_file_contexts",
|
|
srcs: [":file_contexts_files{.product_private}"],
|
|
product_specific: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "product_file_contexts.recovery",
|
|
srcs: [":file_contexts_files{.product_private}"],
|
|
stem: "product_file_contexts",
|
|
recovery: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "odm_file_contexts",
|
|
srcs: [":file_contexts_files{.odm}"],
|
|
device_specific: true,
|
|
fc_sort: true,
|
|
}
|
|
|
|
file_contexts {
|
|
name: "odm_file_contexts.recovery",
|
|
srcs: [":file_contexts_files{.odm}"],
|
|
stem: "odm_file_contexts",
|
|
recovery: true,
|
|
fc_sort: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "plat_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files{.plat_private}"],
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "system_ext_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files{.system_ext_private}"],
|
|
system_ext_specific: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "product_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files{.product_private}"],
|
|
product_specific: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "vendor_hwservice_contexts",
|
|
srcs: [
|
|
":hwservice_contexts_files{.plat_vendor}",
|
|
":hwservice_contexts_files{.vendor}",
|
|
":hwservice_contexts_files{.reqd_mask}",
|
|
],
|
|
soc_specific: true,
|
|
}
|
|
|
|
hwservice_contexts {
|
|
name: "odm_hwservice_contexts",
|
|
srcs: [":hwservice_contexts_files{.odm}"],
|
|
device_specific: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "plat_property_contexts",
|
|
srcs: [":property_contexts_files{.plat_private}"],
|
|
}
|
|
|
|
property_contexts {
|
|
name: "plat_property_contexts.recovery",
|
|
srcs: [":property_contexts_files{.plat_private}"],
|
|
stem: "plat_property_contexts",
|
|
recovery: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "system_ext_property_contexts",
|
|
srcs: [":property_contexts_files{.system_ext_private}"],
|
|
system_ext_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "product_property_contexts",
|
|
srcs: [":property_contexts_files{.product_private}"],
|
|
product_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "vendor_property_contexts",
|
|
srcs: [
|
|
":property_contexts_files{.plat_vendor}",
|
|
":property_contexts_files{.vendor}",
|
|
":property_contexts_files{.reqd_mask}",
|
|
],
|
|
soc_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
property_contexts {
|
|
name: "odm_property_contexts",
|
|
srcs: [":property_contexts_files{.odm}"],
|
|
device_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "plat_service_contexts",
|
|
srcs: [":service_contexts_files{.plat_private}"],
|
|
}
|
|
|
|
service_contexts {
|
|
name: "plat_service_contexts.recovery",
|
|
srcs: [":service_contexts_files{.plat_private}"],
|
|
stem: "plat_service_contexts",
|
|
recovery: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "system_ext_service_contexts",
|
|
srcs: [":service_contexts_files{.system_ext_private}"],
|
|
system_ext_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "product_service_contexts",
|
|
srcs: [":service_contexts_files{.product_private}"],
|
|
product_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "vendor_service_contexts",
|
|
srcs: [
|
|
":service_contexts_files{.plat_vendor}",
|
|
":service_contexts_files{.vendor}",
|
|
":service_contexts_files{.reqd_mask}",
|
|
],
|
|
soc_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
service_contexts {
|
|
name: "odm_service_contexts",
|
|
srcs: [
|
|
":service_contexts_files{.odm}",
|
|
],
|
|
device_specific: true,
|
|
recovery_available: true,
|
|
}
|
|
|
|
keystore2_key_contexts {
|
|
name: "plat_keystore2_key_contexts",
|
|
srcs: [":keystore2_key_contexts_files{.plat_private}"],
|
|
}
|
|
|
|
keystore2_key_contexts {
|
|
name: "system_keystore2_key_contexts",
|
|
srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
|
|
system_ext_specific: true,
|
|
}
|
|
|
|
keystore2_key_contexts {
|
|
name: "product_keystore2_key_contexts",
|
|
srcs: [":keystore2_key_contexts_files{.product_private}"],
|
|
product_specific: true,
|
|
}
|
|
|
|
keystore2_key_contexts {
|
|
name: "vendor_keystore2_key_contexts",
|
|
srcs: [
|
|
":keystore2_key_contexts_files{.plat_vendor}",
|
|
":keystore2_key_contexts_files{.vendor}",
|
|
":keystore2_key_contexts_files{.reqd_mask}",
|
|
],
|
|
soc_specific: true,
|
|
}
|
|
|
|
seapp_contexts {
|
|
name: "plat_seapp_contexts",
|
|
srcs: [":seapp_contexts_files{.plat_private}"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
seapp_contexts {
|
|
name: "system_ext_seapp_contexts",
|
|
srcs: [":seapp_contexts_files{.system_ext_private}"],
|
|
neverallow_files: [":seapp_contexts_files{.plat_private}"],
|
|
system_ext_specific: true,
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
seapp_contexts {
|
|
name: "product_seapp_contexts",
|
|
srcs: [":seapp_contexts_files{.product_private}"],
|
|
neverallow_files: [
|
|
":seapp_contexts_files{.plat_private}",
|
|
":seapp_contexts_files{.system_ext_private}",
|
|
],
|
|
product_specific: true,
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
seapp_contexts {
|
|
name: "vendor_seapp_contexts",
|
|
srcs: [
|
|
":seapp_contexts_files{.plat_vendor}",
|
|
":seapp_contexts_files{.vendor}",
|
|
":seapp_contexts_files{.reqd_mask}",
|
|
],
|
|
neverallow_files: [
|
|
":seapp_contexts_files{.plat_private}",
|
|
":seapp_contexts_files{.system_ext_private}",
|
|
":seapp_contexts_files{.product_private}",
|
|
],
|
|
soc_specific: true,
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
seapp_contexts {
|
|
name: "odm_seapp_contexts",
|
|
srcs: [
|
|
":seapp_contexts_files{.odm}",
|
|
],
|
|
neverallow_files: [
|
|
":seapp_contexts_files{.plat_private}",
|
|
":seapp_contexts_files{.system_ext_private}",
|
|
":seapp_contexts_files{.product_private}",
|
|
],
|
|
device_specific: true,
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
vndservice_contexts {
|
|
name: "vndservice_contexts",
|
|
srcs: [
|
|
":vndservice_contexts_files{.plat_vendor}",
|
|
":vndservice_contexts_files{.vendor}",
|
|
":vndservice_contexts_files{.reqd_mask}",
|
|
],
|
|
soc_specific: true,
|
|
}
|
|
|
|
// for CTS
|
|
genrule {
|
|
name: "plat_seapp_neverallows",
|
|
srcs: [
|
|
":seapp_contexts_files{.plat_private}",
|
|
":seapp_contexts_files{.system_ext_private}",
|
|
":seapp_contexts_files{.product_private}",
|
|
],
|
|
out: ["plat_seapp_neverallows"],
|
|
cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
|
|
}
|
|
|
|
//////////////////////////////////
|
|
// Run host-side test with contexts files and the sepolicy file
|
|
file_contexts_test {
|
|
name: "plat_file_contexts_test",
|
|
srcs: [":plat_file_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
file_contexts_test {
|
|
name: "plat_file_contexts_data_test",
|
|
srcs: [":file_contexts_files{.plat_private}"],
|
|
test_data: "plat_file_contexts_test",
|
|
}
|
|
|
|
file_contexts_test {
|
|
name: "system_ext_file_contexts_test",
|
|
srcs: [":system_ext_file_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
file_contexts_test {
|
|
name: "product_file_contexts_test",
|
|
srcs: [":product_file_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
file_contexts_test {
|
|
name: "vendor_file_contexts_test",
|
|
srcs: [":vendor_file_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
file_contexts_test {
|
|
name: "odm_file_contexts_test",
|
|
srcs: [":odm_file_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
hwservice_contexts_test {
|
|
name: "plat_hwservice_contexts_test",
|
|
srcs: [":plat_hwservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
hwservice_contexts_test {
|
|
name: "system_ext_hwservice_contexts_test",
|
|
srcs: [":system_ext_hwservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
hwservice_contexts_test {
|
|
name: "product_hwservice_contexts_test",
|
|
srcs: [":product_hwservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
hwservice_contexts_test {
|
|
name: "vendor_hwservice_contexts_test",
|
|
srcs: [":vendor_hwservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
hwservice_contexts_test {
|
|
name: "odm_hwservice_contexts_test",
|
|
srcs: [":odm_hwservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
property_contexts_test {
|
|
name: "plat_property_contexts_test",
|
|
srcs: [":plat_property_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
property_contexts_test {
|
|
name: "system_ext_property_contexts_test",
|
|
srcs: [
|
|
":plat_property_contexts",
|
|
":system_ext_property_contexts",
|
|
],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
property_contexts_test {
|
|
name: "product_property_contexts_test",
|
|
srcs: [
|
|
":plat_property_contexts",
|
|
":system_ext_property_contexts",
|
|
":product_property_contexts",
|
|
],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
property_contexts_test {
|
|
name: "vendor_property_contexts_test",
|
|
srcs: [
|
|
":plat_property_contexts",
|
|
":system_ext_property_contexts",
|
|
":product_property_contexts",
|
|
":vendor_property_contexts",
|
|
],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
property_contexts_test {
|
|
name: "odm_property_contexts_test",
|
|
srcs: [
|
|
":plat_property_contexts",
|
|
":system_ext_property_contexts",
|
|
":product_property_contexts",
|
|
":vendor_property_contexts",
|
|
":odm_property_contexts",
|
|
],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
service_contexts_test {
|
|
name: "plat_service_contexts_test",
|
|
srcs: [":plat_service_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
service_contexts_test {
|
|
name: "system_ext_service_contexts_test",
|
|
srcs: [":system_ext_service_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
service_contexts_test {
|
|
name: "product_service_contexts_test",
|
|
srcs: [":product_service_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
service_contexts_test {
|
|
name: "vendor_service_contexts_test",
|
|
srcs: [":vendor_service_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
service_contexts_test {
|
|
name: "odm_service_contexts_test",
|
|
srcs: [":odm_service_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
vndservice_contexts_test {
|
|
name: "vndservice_contexts_test",
|
|
srcs: [":vndservice_contexts"],
|
|
sepolicy: ":precompiled_sepolicy",
|
|
}
|
|
|
|
fuzzer_bindings_test {
|
|
name: "fuzzer_bindings_test",
|
|
srcs: [":plat_service_contexts"],
|
|
}
|