• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6# http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14import("//base/startup/init/begetd.gni")
15import(
16    "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni")
17import("//build/config/clang/clang.gni")
18import("//build/ohos.gni")
19import("//build/ohos/kernel/kernel.gni")
20
21INIT_PART = "init"
22declare_args() {
23  appspawn_featrue = false
24
25  if (defined(global_parts_info) &&
26      defined(global_parts_info.startup_appspawn)) {
27    appspawn_featrue = true
28  }
29}
30
31if (build_variant == "root") {
32  seccomp_enable_debug = true
33} else {
34  seccomp_enable_debug = false
35}
36
37ohos_prebuilt_seccomp("system_filter") {
38  sources = [ "seccomp_policy/system.seccomp.policy" ]
39
40  filtername = "system"
41  process_type = "system"
42
43  part_name = INIT_PART
44  subsystem_name = "startup"
45
46  install_enable = true
47  install_images = [ "system" ]
48}
49
50ohos_prebuilt_seccomp("appspawn_filter") {
51  sources = [ "seccomp_policy/spawn.seccomp.policy" ]
52
53  filtername = "appspawn"
54  process_type = "system"
55
56  part_name = INIT_PART
57  subsystem_name = "startup"
58
59  include_dirs = [ "." ]
60
61  install_enable = true
62  install_images = [ "system" ]
63}
64
65ohos_prebuilt_seccomp("nwebspawn_filter") {
66  sources = [ "seccomp_policy/nwebspawn.seccomp.policy" ]
67
68  filtername = "nwebspawn"
69  process_type = "system"
70
71  part_name = INIT_PART
72  subsystem_name = "startup"
73
74  include_dirs = [ "." ]
75
76  install_enable = true
77  install_images = [ "system" ]
78}
79
80ohos_prebuilt_seccomp("app_filter") {
81  sources = [ "seccomp_policy/app.seccomp.policy" ]
82
83  filtername = "app"
84  process_type = "app"
85
86  part_name = INIT_PART
87  subsystem_name = "startup"
88
89  install_enable = true
90  install_images = [ "system" ]
91}
92
93ohos_prebuilt_seccomp("app_atomic_filter") {
94  sources = [ "seccomp_policy/app_atomic.seccomp.policy" ]
95
96  filtername = "app_atomic"
97  process_type = "app"
98  uid_is_root = true
99
100  part_name = INIT_PART
101  subsystem_name = "startup"
102
103  install_enable = true
104  install_images = [ "system" ]
105}
106
107ohos_prebuilt_seccomp("app_privilege_filter") {
108  sources = [ "seccomp_policy/app_privilege.seccomp.policy" ]
109
110  filtername = "app_privilege"
111  process_type = "system"
112  uid_is_root = true
113
114  part_name = INIT_PART
115  subsystem_name = "startup"
116
117  install_enable = true
118  install_images = [ "system" ]
119}
120
121ohos_prebuilt_seccomp("updater_filter") {
122  sources = [ "seccomp_policy/updater.seccomp.policy" ]
123
124  filtername = "updater"
125  process_type = "system"
126  uid_is_root = true
127
128  part_name = INIT_PART
129  subsystem_name = "startup"
130
131  install_enable = true
132  install_images = [ "updater" ]
133}
134
135ohos_prebuilt_seccomp("app_custom_filter") {
136  sources = [ "seccomp_policy/app_custom.seccomp.policy" ]
137
138  filtername = "app_custom"
139  process_type = "app"
140
141  part_name = INIT_PART
142  subsystem_name = "startup"
143
144  install_enable = true
145  install_images = [ "system" ]
146}
147
148config("libseccomp_static_config") {
149  include_dirs = [
150    "..",
151    "../../../interfaces/innerkits/seccomp/include",
152  ]
153
154  if (seccomp_enable_debug) {
155    include_dirs += [
156      "../../../interfaces/innerkits/include",
157      "../../../interfaces/innerkits/include/param",
158    ]
159
160    defines = [ "WITH_SECCOMP_DEBUG" ]
161  }
162}
163
164ohos_source_set("libseccomp_static") {
165  sources = [
166    "seccomp_policy.c",
167    "seccomp_policy_static.c",
168  ]
169  public_configs = [
170    ":libseccomp_static_config",
171    "../../../interfaces/innerkits/init_module_engine:init_module_engine_exported_config",
172  ]
173
174  external_deps = [
175    "bounds_checking_function:libsec_shared",
176    "config_policy:configpolicy_util",
177  ]
178
179  part_name = INIT_PART
180  subsystem_name = "startup"
181}
182
183group("seccomp_filter") {
184  deps = [
185    ":app_atomic_filter",
186    ":app_filter",
187    ":system_filter",
188    ":updater_filter",
189  ]
190  if (appspawn_featrue) {
191    deps += [
192      ":appspawn_filter",
193      ":nwebspawn_filter",
194    ]
195    if (init_feature_custom_sandbox) {
196      deps += [ ":app_custom_filter" ]
197    }
198    if (init_feature_seccomp_privilege) {
199      deps += [ ":app_privilege_filter" ]
200    }
201  }
202}
203