1# Copyright (c) 2021-2022 北京万里红科技有限公司 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15import("//base/security/selinux/selinux.gni") 16import("//base/startup/init/begetd.gni") 17import("//build/ohos.gni") 18 19SELINUX_ROOT_DIR = "//base/security/selinux" 20THIRD_PARTY_SELINUX_DIR = "//third_party/selinux" 21LIBSELINUX_ROOT_DIR = "$THIRD_PARTY_SELINUX_DIR/libselinux" 22 23config("selinux_core_config") { 24 include_dirs = [ 25 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 26 "$LIBSELINUX_ROOT_DIR/include", 27 ] 28} 29 30ohos_shared_library("libload_policy") { 31 output_name = "libload_policy" 32 sources = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/load_policy.c" ] 33 include_dirs = [ 34 "$LIBSELINUX_ROOT_DIR/include", 35 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 36 ] 37 deps = [ 38 ":libselinux_klog_static", 39 "$THIRD_PARTY_SELINUX_DIR:libselinux", 40 ] 41 cflags = [ 42 "-D_GNU_SOURCE", 43 "-Wall", 44 "-Werror", 45 ] 46 install_enable = true 47 install_images = [ 48 "system", 49 "ramdisk", 50 "updater", 51 ] 52 license_file = "$SELINUX_ROOT_DIR/LICENSE" 53 part_name = "selinux" 54 subsystem_name = "security" 55} 56 57ohos_shared_library("librestorecon") { 58 output_name = "librestorecon" 59 sources = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/restorecon.c" ] 60 include_dirs = [ 61 "$LIBSELINUX_ROOT_DIR/include", 62 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 63 ] 64 public_configs = [ ":selinux_core_config" ] 65 deps = [ "$THIRD_PARTY_SELINUX_DIR:libselinux" ] 66 cflags = [ 67 "-D_GNU_SOURCE", 68 "-Wall", 69 "-Werror", 70 ] 71 install_enable = true 72 install_images = [ 73 "system", 74 "ramdisk", 75 "updater", 76 ] 77 license_file = "$SELINUX_ROOT_DIR/LICENSE" 78 part_name = "selinux" 79 subsystem_name = "security" 80} 81 82ohos_shared_library("libhap_restorecon") { 83 output_name = "libhap_restorecon" 84 sources = 85 [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/hap_restorecon.cpp" ] 86 include_dirs = [ 87 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 88 "$LIBSELINUX_ROOT_DIR/include", 89 "$LIBSELINUX_ROOT_DIR/src", 90 "//third_party/FreeBSD", 91 ] 92 public_configs = [ ":selinux_core_config" ] 93 deps = [ 94 ":libselinux_error_static", 95 ":libselinux_hilog_static", 96 "$THIRD_PARTY_SELINUX_DIR:libselinux", 97 ] 98 99 cflags = [ 100 "-D_GNU_SOURCE", 101 "-Wall", 102 "-Werror", 103 ] 104 install_enable = true 105 license_file = "$SELINUX_ROOT_DIR/LICENSE" 106 part_name = "selinux" 107 subsystem_name = "security" 108} 109 110ohos_static_library("libselinux_error_static") { 111 output_name = "libselinux_error_static" 112 sources = 113 [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_error.cpp" ] 114 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 115 cflags = [ 116 "-D_GNU_SOURCE", 117 "-w", 118 ] 119 part_name = "selinux" 120 subsystem_name = "security" 121} 122 123ohos_static_library("libselinux_klog_static") { 124 output_name = "libselinux_klog_static" 125 sources = 126 [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_klog.c" ] 127 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 128 deps = [ "//third_party/bounds_checking_function:libsec_shared" ] 129 cflags = [ 130 "-D_GNU_SOURCE", 131 "-Wall", 132 "-Werror", 133 ] 134 part_name = "selinux" 135 subsystem_name = "security" 136} 137 138ohos_static_library("libselinux_hilog_static") { 139 output_name = "libselinux_hilog_static" 140 sources = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_log.c" ] 141 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 142 deps = [ "//third_party/bounds_checking_function:libsec_shared" ] 143 external_deps = [ "hilog_native:libhilog" ] 144 cflags = [ 145 "-D_GNU_SOURCE", 146 "-Wall", 147 "-Werror", 148 ] 149 part_name = "selinux" 150 subsystem_name = "security" 151} 152 153if (!startup_init_with_param_base) { 154 inherited_configs = [ 155 "//build/config/compiler:afdo", 156 "//build/config/compiler:afdo_optimize_size", 157 "//build/config/compiler:compiler", 158 "//build/config/compiler:compiler_arm_fpu", 159 "//build/config/compiler:compiler_arm_thumb", 160 "//build/config/compiler:chromium_code", 161 "//build/config/compiler:default_include_dirs", 162 "//build/config/compiler:default_optimization", 163 "//build/config/compiler:default_stack_frames", 164 "//build/config/compiler:default_symbols", 165 "//build/config/compiler:export_dynamic", 166 "//build/config/compiler:no_exceptions", 167 "//build/config/compiler:no_rtti", 168 "//build/config/compiler:runtime_library", 169 "//build/config/compiler:thin_archive", 170 "//build/config/sanitizers:default_sanitizer_flags", 171 ] 172} 173 174source_set("libselinux_parameter_static") { 175 output_name = "libselinux_parameter_static" 176 sources = [ 177 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/contexts_trie.c", 178 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_map.c", 179 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_parameter.c", 180 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/selinux_share_mem.c", 181 ] 182 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 183 cflags = [ 184 "-D_GNU_SOURCE", 185 "-Wall", 186 "-Werror", 187 ] 188 if (!startup_init_with_param_base) { 189 ldflags = [ "-nostdlib" ] 190 configs -= inherited_configs 191 configs += [ "//build/config/compiler:compiler" ] 192 } 193} 194 195ohos_shared_library("libparaperm_checker") { 196 output_name = "libparaperm_checker" 197 sources = 198 [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/param_checker.c" ] 199 include_dirs = [ 200 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 201 "$LIBSELINUX_ROOT_DIR/src", 202 "//third_party/bounds_checking_function/include", 203 ] 204 public_configs = [ ":selinux_core_config" ] 205 deps = [ 206 ":libselinux_klog_static", 207 "$THIRD_PARTY_SELINUX_DIR:libselinux", 208 "//third_party/bounds_checking_function:libsec_shared", 209 ] 210 if (startup_init_with_param_base) { 211 deps += [ ":libselinux_parameter_static" ] 212 } 213 cflags = [ 214 "-D_GNU_SOURCE", 215 "-Wall", 216 "-Werror", 217 ] 218 install_images = [ 219 "system", 220 "updater", 221 ] 222 part_name = "selinux" 223 subsystem_name = "security" 224} 225 226ohos_shared_library("libservice_checker") { 227 output_name = "libservice_checker" 228 sources = 229 [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/src/service_checker.cpp" ] 230 include_dirs = [ 231 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 232 "$LIBSELINUX_ROOT_DIR/include", 233 "$LIBSELINUX_ROOT_DIR/src", 234 "//third_party/bounds_checking_function/include", 235 ] 236 public_configs = [ ":selinux_core_config" ] 237 deps = [ 238 ":libselinux_error_static", 239 ":libselinux_hilog_static", 240 "$THIRD_PARTY_SELINUX_DIR:libselinux", 241 "//third_party/bounds_checking_function:libsec_shared", 242 ] 243 cflags = [ 244 "-D_GNU_SOURCE", 245 "-Wall", 246 "-Werror", 247 ] 248 part_name = "selinux" 249 subsystem_name = "security" 250} 251 252ohos_executable("load_policy") { 253 install_enable = false 254 sources = [ "$SELINUX_ROOT_DIR/interfaces/tools/load_policy/load_policy.c" ] 255 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 256 deps = [ ":libload_policy" ] 257 cflags = [ 258 "-D_GNU_SOURCE", 259 "-Wall", 260 "-Werror", 261 ] 262 license_file = "$SELINUX_ROOT_DIR/LICENSE" 263 part_name = "selinux" 264 subsystem_name = "security" 265} 266 267ohos_executable("restorecon") { 268 install_enable = true 269 sources = [ "$SELINUX_ROOT_DIR/interfaces/tools/restorecon/restorecon.c" ] 270 include_dirs = [ 271 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 272 "//third_party/bounds_checking_function/include", 273 ] 274 deps = [ 275 ":librestorecon", 276 "//third_party/bounds_checking_function:libsec_shared", 277 ] 278 cflags = [ 279 "-D_GNU_SOURCE", 280 "-Wall", 281 "-Werror", 282 ] 283 license_file = "$SELINUX_ROOT_DIR/LICENSE" 284 part_name = "selinux" 285 subsystem_name = "security" 286} 287 288ohos_executable("hap_restorecon") { 289 install_enable = false 290 sources = [ "$SELINUX_ROOT_DIR/interfaces/tools/hap_restorecon/test.cpp" ] 291 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 292 deps = [ 293 ":libhap_restorecon", 294 ":libselinux_error_static", 295 ] 296 cflags = [ 297 "-D_GNU_SOURCE", 298 "-Wall", 299 "-Werror", 300 ] 301 license_file = "$SELINUX_ROOT_DIR/LICENSE" 302 part_name = "selinux" 303 subsystem_name = "security" 304} 305 306ohos_executable("param_check") { 307 install_enable = false 308 sources = [ "$SELINUX_ROOT_DIR/interfaces/tools/param_check/test.cpp" ] 309 include_dirs = [ 310 "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include", 311 "$LIBSELINUX_ROOT_DIR/include", 312 ] 313 deps = [ 314 ":libparaperm_checker", 315 ":libselinux_error_static", 316 "$THIRD_PARTY_SELINUX_DIR:libselinux", 317 ] 318 if (startup_init_with_param_base) { 319 deps += [ ":libselinux_parameter_static" ] 320 } 321 cflags = [ 322 "-D_GNU_SOURCE", 323 "-DTIME_DISPLAY", 324 "-Wall", 325 "-Werror", 326 ] 327 license_file = "$SELINUX_ROOT_DIR/LICENSE" 328 part_name = "selinux" 329 subsystem_name = "security" 330} 331 332ohos_executable("service_check") { 333 install_enable = false 334 sources = [ "$SELINUX_ROOT_DIR/interfaces/tools/service_check/test.cpp" ] 335 include_dirs = [ "$SELINUX_ROOT_DIR/interfaces/policycoreutils/include" ] 336 deps = [ 337 ":libselinux_error_static", 338 ":libservice_checker", 339 ] 340 cflags = [ 341 "-D_GNU_SOURCE", 342 "-Wall", 343 "-Werror", 344 ] 345 license_file = "$SELINUX_ROOT_DIR/LICENSE" 346 part_name = "selinux" 347 subsystem_name = "security" 348} 349 350build_env = true 351build_updater = false 352debug_version = "disable" 353updater_version = "disable" 354 355action("build_policy") { 356 if (build_env) { 357 debug_version = "enable" 358 } 359 360 if (build_updater) { 361 updater_version = "enable" 362 } 363 364 inputs = exec_script("//build/scripts/find.py", 365 [ rebase_path("$SELINUX_ROOT_DIR/sepolicy") ], 366 "list lines") 367 if (selinux_build_path != "default") { 368 foreach(src, string_split(selinux_build_path, ":")) { 369 src = "//" + src 370 inputs += exec_script("//build/scripts/find.py", 371 [ rebase_path(src) ], 372 "list lines") 373 } 374 } 375 376 script = "$SELINUX_ROOT_DIR/scripts/build_policy.py" 377 args = [ 378 "--dst-file", 379 rebase_path(target_out_dir + "/policy.31"), 380 "--tool-path", 381 rebase_path(root_build_dir + "/clang_x64/security/selinux/"), 382 "--source-root-dir", 383 rebase_path("//"), 384 "--policy_dir_list", 385 selinux_build_path, 386 "--debug-version", 387 debug_version, 388 "--updater-version", 389 updater_version, 390 ] 391 deps = [ 392 "$THIRD_PARTY_SELINUX_DIR:checkpolicy($host_toolchain)", 393 "$THIRD_PARTY_SELINUX_DIR:secilc($host_toolchain)", 394 ] 395 outputs = [ target_out_dir + "/policy.31" ] 396} 397 398action("build_contexts") { 399 inputs = exec_script("//build/scripts/find.py", 400 [ rebase_path("$SELINUX_ROOT_DIR/sepolicy") ], 401 "list lines") 402 if (selinux_build_path != "default") { 403 foreach(src, string_split(selinux_build_path, ":")) { 404 src = "//" + src 405 inputs += exec_script("//build/scripts/find.py", 406 [ rebase_path(src) ], 407 "list lines") 408 } 409 } 410 411 script = "$SELINUX_ROOT_DIR/scripts/build_contexts.py" 412 args = [ 413 "--dst-dir", 414 rebase_path(target_out_dir + "/"), 415 "--tool-path", 416 rebase_path(root_build_dir + "/clang_x64/security/selinux/"), 417 "--policy-file", 418 rebase_path(target_out_dir + "/policy.31"), 419 "--source-root-dir", 420 rebase_path("//"), 421 "--policy_dir_list", 422 selinux_build_path, 423 ] 424 deps = [ 425 ":build_policy", 426 "$THIRD_PARTY_SELINUX_DIR:sefcontext_compile($host_toolchain)", 427 ] 428 outputs = [ 429 target_out_dir + "/file_contexts.bin", 430 target_out_dir + "/file_contexts", 431 target_out_dir + "/sehap_contexts", 432 target_out_dir + "/service_contexts", 433 target_out_dir + "/hdf_service_contexts", 434 target_out_dir + "/parameter_contexts", 435 ] 436} 437 438copy("selinux_config") { 439 if (selinux_enforce) { 440 sources = [ "$SELINUX_ROOT_DIR/config/config.enforce" ] 441 } else { 442 sources = [ "$SELINUX_ROOT_DIR/config/config.permissive" ] 443 } 444 outputs = [ "$target_out_dir/config" ] 445} 446 447ohos_prebuilt_etc("build_sepolicy") { 448 deps = [ ":build_policy" ] 449 source = target_out_dir + "/policy.31" 450 license_file = "$SELINUX_ROOT_DIR/LICENSE" 451 part_name = "selinux" 452 relative_install_dir = "selinux/targeted/policy/" 453} 454 455ohos_prebuilt_etc("config") { 456 deps = [ ":selinux_config" ] 457 source = target_out_dir + "/config" 458 license_file = "$SELINUX_ROOT_DIR/LICENSE" 459 part_name = "selinux" 460 relative_install_dir = "selinux/" 461} 462 463ohos_prebuilt_etc("sehap_contexts") { 464 deps = [ ":build_contexts" ] 465 source = target_out_dir + "/sehap_contexts" 466 license_file = "$SELINUX_ROOT_DIR/LICENSE" 467 part_name = "selinux" 468 relative_install_dir = "selinux/targeted/contexts/" 469} 470 471ohos_prebuilt_etc("parameter_contexts") { 472 deps = [ ":build_contexts" ] 473 source = target_out_dir + "/parameter_contexts" 474 license_file = "$SELINUX_ROOT_DIR/LICENSE" 475 part_name = "selinux" 476 relative_install_dir = "selinux/targeted/contexts/" 477 install_images = [ 478 "system", 479 "updater", 480 ] 481} 482 483ohos_prebuilt_etc("service_contexts") { 484 deps = [ ":build_contexts" ] 485 source = target_out_dir + "/service_contexts" 486 license_file = "$SELINUX_ROOT_DIR/LICENSE" 487 part_name = "selinux" 488 relative_install_dir = "selinux/targeted/contexts/" 489} 490 491ohos_prebuilt_etc("hdf_service_contexts") { 492 deps = [ ":build_contexts" ] 493 source = target_out_dir + "/hdf_service_contexts" 494 license_file = "$SELINUX_ROOT_DIR/LICENSE" 495 part_name = "selinux" 496 relative_install_dir = "selinux/targeted/contexts/" 497} 498 499ohos_prebuilt_etc("file_contexts") { 500 deps = [ ":build_contexts" ] 501 source = target_out_dir + "/file_contexts" 502 license_file = "$SELINUX_ROOT_DIR/LICENSE" 503 part_name = "selinux" 504 505 # 此处不应该改变 file_contexts 的约定路径! 506 # 因为 OpenHarmony 的 e2fsdroid 无法支持五级系统目录,所以在此作出规避, 507 # 但是很显然这是不应当的。 508 #relative_install_dir = "selinux/targeted/contexts/files/" 509 relative_install_dir = "selinux/targeted/contexts/" 510 install_images = [ 511 "system", 512 "updater", 513 ] 514} 515 516group("selinux_group") { 517 if (build_selinux) { 518 deps = [ 519 "//base/security/selinux:build_sepolicy", 520 "//base/security/selinux:config", 521 "//base/security/selinux:file_contexts", 522 "//base/security/selinux:hap_restorecon", 523 "//base/security/selinux:hdf_service_contexts", 524 "//base/security/selinux:load_policy", 525 "//base/security/selinux:param_check", 526 "//base/security/selinux:parameter_contexts", 527 "//base/security/selinux:restorecon", 528 "//base/security/selinux:sehap_contexts", 529 "//base/security/selinux:service_check", 530 "//base/security/selinux:service_contexts", 531 "//third_party/selinux:checkpolicy($host_toolchain)", 532 "//third_party/selinux:chkcon", 533 "//third_party/selinux:getenforce", 534 "//third_party/selinux:getfilecon", 535 "//third_party/selinux:getpidcon", 536 "//third_party/selinux:secilc($host_toolchain)", 537 "//third_party/selinux:sefcontext_compile($host_toolchain)", 538 "//third_party/selinux:selinux_check_access", 539 "//third_party/selinux:selinuxexeccon", 540 "//third_party/selinux:setenforce", 541 "//third_party/selinux:setfilecon", 542 ] 543 } 544} 545