6d79030d0c
Bug: 33691272 Test: build and compare Change-Id: Iacbd5bcf77f0b1c0b5e2c6691efb4c62bc78fdf8
144 lines
4.1 KiB
Go
144 lines
4.1 KiB
Go
// Copyright (C) 2019 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package selinux
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
|
|
"github.com/google/blueprint/proptools"
|
|
|
|
"android/soong/android"
|
|
)
|
|
|
|
var (
|
|
// Should be synced with keys.conf.
|
|
AllPlatformKeys = []string{
|
|
"platform",
|
|
"sdk_sandbox",
|
|
"media",
|
|
"networkstack",
|
|
"shared",
|
|
"testkey",
|
|
"bluetooth",
|
|
}
|
|
)
|
|
|
|
type macPermissionsProperties struct {
|
|
// keys.conf files to control the mapping of "tags" found in the mac_permissions.xml files.
|
|
Keys []string `android:"path"`
|
|
|
|
// Source files for the generated mac_permissions.xml file.
|
|
Srcs []string `android:"path"`
|
|
|
|
// Output file name. Defaults to module name
|
|
Stem *string
|
|
}
|
|
|
|
type macPermissionsModule struct {
|
|
android.ModuleBase
|
|
|
|
properties macPermissionsProperties
|
|
outputPath android.ModuleOutPath
|
|
installPath android.InstallPath
|
|
}
|
|
|
|
func init() {
|
|
android.RegisterModuleType("mac_permissions", macPermissionsFactory)
|
|
}
|
|
|
|
func getAllPlatformKeyPaths(ctx android.ModuleContext) android.Paths {
|
|
var platformKeys android.Paths
|
|
|
|
defaultCertificateDir := ctx.Config().DefaultAppCertificateDir(ctx)
|
|
for _, key := range AllPlatformKeys {
|
|
platformKeys = append(platformKeys, defaultCertificateDir.Join(ctx, key+".x509.pem"))
|
|
}
|
|
|
|
return platformKeys
|
|
}
|
|
|
|
func (m *macPermissionsModule) DepsMutator(ctx android.BottomUpMutatorContext) {
|
|
// do nothing
|
|
}
|
|
|
|
func (m *macPermissionsModule) stem() string {
|
|
return proptools.StringDefault(m.properties.Stem, m.Name())
|
|
}
|
|
|
|
func buildVariant(ctx android.ModuleContext) string {
|
|
if ctx.Config().Eng() {
|
|
return "eng"
|
|
}
|
|
if ctx.Config().Debuggable() {
|
|
return "userdebug"
|
|
}
|
|
return "user"
|
|
}
|
|
|
|
func (m *macPermissionsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
|
|
platformKeys := getAllPlatformKeyPaths(ctx)
|
|
keys := android.PathsForModuleSrc(ctx, m.properties.Keys)
|
|
srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs)
|
|
|
|
m4Keys := android.PathForModuleGen(ctx, "mac_perms_keys.tmp")
|
|
rule := android.NewRuleBuilder(pctx, ctx)
|
|
rule.Command().
|
|
Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
|
|
Text("--fatal-warnings -s").
|
|
FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
|
|
Inputs(keys).
|
|
FlagWithOutput("> ", m4Keys).
|
|
Implicits(platformKeys)
|
|
|
|
m.outputPath = android.PathForModuleOut(ctx, m.stem())
|
|
rule.Command().Text("DEFAULT_SYSTEM_DEV_CERTIFICATE="+ctx.Config().DefaultAppCertificateDir(ctx).String()).
|
|
Text("MAINLINE_SEPOLICY_DEV_CERTIFICATES="+ctx.Config().MainlineSepolicyDevCertificatesDir(ctx).String()).
|
|
BuiltTool("insertkeys").
|
|
FlagWithArg("-t ", buildVariant(ctx)).
|
|
Input(m4Keys).
|
|
FlagWithOutput("-o ", m.outputPath).
|
|
Inputs(srcs)
|
|
|
|
rule.Build("mac_permission", "build "+m.Name())
|
|
|
|
m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
|
|
ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
|
|
}
|
|
|
|
func (m *macPermissionsModule) AndroidMk() android.AndroidMkData {
|
|
return android.AndroidMkData{
|
|
Class: "ETC",
|
|
OutputFile: android.OptionalPathForPath(m.outputPath),
|
|
Extra: []android.AndroidMkExtraFunc{
|
|
func(w io.Writer, outputFile android.Path) {
|
|
fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.String())
|
|
fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.stem())
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
// mac_permissions module generates a mac_permissions.xml file from given keys.conf and
|
|
// source files. The following variables are supported for keys.conf files.
|
|
//
|
|
// DEFAULT_SYSTEM_DEV_CERTIFICATE
|
|
// MAINLINE_SEPOLICY_DEV_CERTIFICATES
|
|
func macPermissionsFactory() android.Module {
|
|
m := &macPermissionsModule{}
|
|
m.AddProperties(&m.properties)
|
|
android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
|
|
return m
|
|
}
|