• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2021 北京万里红科技有限公司
2# Copyright(c) Huawei Technologies Co.,Ltd.
3# 2020-2021.All rights reserved.
4# Copyright(c)2016,Google inc.
5#
6# Permission to use,copy,modify,and/or distribute this software for any
7# purpose with or without fee is hereby granted,provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10
11import("//build/ohos.gni")
12
13LIBSEPOL_ROOT_DIR = "//third_party/selinux/libsepol"
14LIBSELINUX_ROOT_DIR = "//third_party/selinux/libselinux"
15CHECKPOLICY_ROOT_DIR = "//third_party/selinux/checkpolicy"
16SECILC_ROOT_DIR = "//third_party/selinux/secilc"
17
18config("third_party_selinux_config") {
19  include_dirs = [
20    "$LIBSELINUX_ROOT_DIR/include",
21    "$LIBSELINUX_ROOT_DIR",
22  ]
23}
24
25config("third_party_selinux_nolto_config") {
26  if (use_libfuzzer && !is_mac) {
27    cflags = []
28  } else {
29    cflags = [
30      "-fno-emulated-tls",
31      "-fno-lto",
32      "-fno-whole-program-vtables",
33    ]
34  }
35}
36
37action("check_md5_libsepol") {
38  script = "//third_party/selinux/exec_check_md5.sh"
39  inputs = [
40    "libsepol/cil/src/cil_lexer.l",
41  ]
42  args = [
43    rebase_path("//third_party/selinux", root_build_dir),
44    "libsepol",
45    rebase_path("$target_gen_dir", root_build_dir),
46  ]
47  outputs = [ "$target_gen_dir/libsepol/cil/src/cil_lexer.c"]
48}
49
50ohos_shared_library("libsepol") {
51  output_name = "libsepol"
52  version_script = "libsepol.map"
53  sources = [
54    "$LIBSEPOL_ROOT_DIR/cil/src/cil.c",
55    "$LIBSEPOL_ROOT_DIR/cil/src/cil_binary.c",
56    "$LIBSEPOL_ROOT_DIR/cil/src/cil_build_ast.c",
57    "$LIBSEPOL_ROOT_DIR/cil/src/cil_copy_ast.c",
58    "$LIBSEPOL_ROOT_DIR/cil/src/cil_deny.c",
59    "$LIBSEPOL_ROOT_DIR/cil/src/cil_find.c",
60    "$LIBSEPOL_ROOT_DIR/cil/src/cil_fqn.c",
61    "$LIBSEPOL_ROOT_DIR/cil/src/cil_list.c",
62    "$LIBSEPOL_ROOT_DIR/cil/src/cil_log.c",
63    "$LIBSEPOL_ROOT_DIR/cil/src/cil_mem.c",
64    "$LIBSEPOL_ROOT_DIR/cil/src/cil_parser.c",
65    "$LIBSEPOL_ROOT_DIR/cil/src/cil_policy.c",
66    "$LIBSEPOL_ROOT_DIR/cil/src/cil_post.c",
67    "$LIBSEPOL_ROOT_DIR/cil/src/cil_reset_ast.c",
68    "$LIBSEPOL_ROOT_DIR/cil/src/cil_resolve_ast.c",
69    "$LIBSEPOL_ROOT_DIR/cil/src/cil_stack.c",
70    "$LIBSEPOL_ROOT_DIR/cil/src/cil_strpool.c",
71    "$LIBSEPOL_ROOT_DIR/cil/src/cil_symtab.c",
72    "$LIBSEPOL_ROOT_DIR/cil/src/cil_tree.c",
73    "$LIBSEPOL_ROOT_DIR/cil/src/cil_verify.c",
74    "$LIBSEPOL_ROOT_DIR/cil/src/cil_write_ast.c",
75    "$LIBSEPOL_ROOT_DIR/src/assertion.c",
76    "$LIBSEPOL_ROOT_DIR/src/avrule_block.c",
77    "$LIBSEPOL_ROOT_DIR/src/avtab.c",
78    "$LIBSEPOL_ROOT_DIR/src/boolean_record.c",
79    "$LIBSEPOL_ROOT_DIR/src/booleans.c",
80    "$LIBSEPOL_ROOT_DIR/src/conditional.c",
81    "$LIBSEPOL_ROOT_DIR/src/constraint.c",
82    "$LIBSEPOL_ROOT_DIR/src/context.c",
83    "$LIBSEPOL_ROOT_DIR/src/context_record.c",
84    "$LIBSEPOL_ROOT_DIR/src/debug.c",
85    "$LIBSEPOL_ROOT_DIR/src/ebitmap.c",
86    "$LIBSEPOL_ROOT_DIR/src/expand.c",
87    "$LIBSEPOL_ROOT_DIR/src/handle.c",
88    "$LIBSEPOL_ROOT_DIR/src/hashtab.c",
89    "$LIBSEPOL_ROOT_DIR/src/hierarchy.c",
90    "$LIBSEPOL_ROOT_DIR/src/ibendport_record.c",
91    "$LIBSEPOL_ROOT_DIR/src/ibendports.c",
92    "$LIBSEPOL_ROOT_DIR/src/ibpkey_record.c",
93    "$LIBSEPOL_ROOT_DIR/src/ibpkeys.c",
94    "$LIBSEPOL_ROOT_DIR/src/iface_record.c",
95    "$LIBSEPOL_ROOT_DIR/src/interfaces.c",
96    "$LIBSEPOL_ROOT_DIR/src/kernel_to_cil.c",
97    "$LIBSEPOL_ROOT_DIR/src/kernel_to_common.c",
98    "$LIBSEPOL_ROOT_DIR/src/kernel_to_conf.c",
99    "$LIBSEPOL_ROOT_DIR/src/link.c",
100    "$LIBSEPOL_ROOT_DIR/src/mls.c",
101    "$LIBSEPOL_ROOT_DIR/src/module.c",
102    "$LIBSEPOL_ROOT_DIR/src/module_to_cil.c",
103    "$LIBSEPOL_ROOT_DIR/src/node_record.c",
104    "$LIBSEPOL_ROOT_DIR/src/nodes.c",
105    "$LIBSEPOL_ROOT_DIR/src/optimize.c",
106    "$LIBSEPOL_ROOT_DIR/src/polcaps.c",
107    "$LIBSEPOL_ROOT_DIR/src/policydb.c",
108    "$LIBSEPOL_ROOT_DIR/src/policydb_convert.c",
109    "$LIBSEPOL_ROOT_DIR/src/policydb_public.c",
110    "$LIBSEPOL_ROOT_DIR/src/policydb_validate.c",
111    "$LIBSEPOL_ROOT_DIR/src/port_record.c",
112    "$LIBSEPOL_ROOT_DIR/src/ports.c",
113    "$LIBSEPOL_ROOT_DIR/src/services.c",
114    "$LIBSEPOL_ROOT_DIR/src/sidtab.c",
115    "$LIBSEPOL_ROOT_DIR/src/symtab.c",
116    "$LIBSEPOL_ROOT_DIR/src/user_record.c",
117    "$LIBSEPOL_ROOT_DIR/src/users.c",
118    "$LIBSEPOL_ROOT_DIR/src/util.c",
119    "$LIBSEPOL_ROOT_DIR/src/write.c",
120  ]
121  sources += get_target_outputs(":check_md5_libsepol")
122  deps = [ ":check_md5_libsepol" ]
123  include_dirs = [
124    "$LIBSEPOL_ROOT_DIR/cil/include",
125    "$LIBSEPOL_ROOT_DIR/cil/src",
126    "$LIBSEPOL_ROOT_DIR/include",
127  ]
128  cflags = [
129    "-D_GNU_SOURCE",
130    "-DHAVE_REALLOCARRAY",
131    "-w",
132  ]
133  install_enable = true
134  install_images = [
135    "system",
136    "ramdisk",
137    "updater",
138  ]
139  license_file = "$LIBSEPOL_ROOT_DIR/LICENSE"
140  part_name = "selinux"
141  subsystem_name = "thirdparty"
142}
143
144ohos_executable("chkcon") {
145  install_enable = true
146  sources = [ "$LIBSEPOL_ROOT_DIR/utils/chkcon.c" ]
147  deps = [ ":libsepol" ]
148  include_dirs = [ "$LIBSEPOL_ROOT_DIR/include" ]
149  cflags = [
150    "-D_GNU_SOURCE",
151    "-w",
152  ]
153  license_file = "$LIBSEPOL_ROOT_DIR/LICENSE"
154  part_name = "selinux"
155  subsystem_name = "thirdparty"
156}
157
158selinux_sources = [
159  "$LIBSELINUX_ROOT_DIR/src/app_allow_config.c",
160  "$LIBSELINUX_ROOT_DIR/src/avc.c",
161  "$LIBSELINUX_ROOT_DIR/src/avc_internal.c",
162  "$LIBSELINUX_ROOT_DIR/src/avc_sidtab.c",
163  "$LIBSELINUX_ROOT_DIR/src/booleans.c",
164  "$LIBSELINUX_ROOT_DIR/src/callbacks.c",
165  "$LIBSELINUX_ROOT_DIR/src/canonicalize_context.c",
166  "$LIBSELINUX_ROOT_DIR/src/checkAccess.c",
167  "$LIBSELINUX_ROOT_DIR/src/check_context.c",
168  "$LIBSELINUX_ROOT_DIR/src/compute_av.c",
169  "$LIBSELINUX_ROOT_DIR/src/compute_create.c",
170  "$LIBSELINUX_ROOT_DIR/src/compute_member.c",
171  "$LIBSELINUX_ROOT_DIR/src/context.c",
172  "$LIBSELINUX_ROOT_DIR/src/deny_unknown.c",
173  "$LIBSELINUX_ROOT_DIR/src/disable.c",
174  "$LIBSELINUX_ROOT_DIR/src/enabled.c",
175  "$LIBSELINUX_ROOT_DIR/src/fgetfilecon.c",
176  "$LIBSELINUX_ROOT_DIR/src/freecon.c",
177  "$LIBSELINUX_ROOT_DIR/src/fsetfilecon.c",
178  "$LIBSELINUX_ROOT_DIR/src/get_initial_context.c",
179  "$LIBSELINUX_ROOT_DIR/src/getenforce.c",
180  "$LIBSELINUX_ROOT_DIR/src/getfilecon.c",
181  "$LIBSELINUX_ROOT_DIR/src/getpeercon.c",
182  "$LIBSELINUX_ROOT_DIR/src/hashtab.c",
183  "$LIBSELINUX_ROOT_DIR/src/ignore_path.c",
184  "$LIBSELINUX_ROOT_DIR/src/init.c",
185  "$LIBSELINUX_ROOT_DIR/src/is_customizable_type.c",
186  "$LIBSELINUX_ROOT_DIR/src/label.c",
187  "$LIBSELINUX_ROOT_DIR/src/label_backends_android.c",
188  "$LIBSELINUX_ROOT_DIR/src/label_db.c",
189  "$LIBSELINUX_ROOT_DIR/src/label_file.c",
190  "$LIBSELINUX_ROOT_DIR/src/label_media.c",
191  "$LIBSELINUX_ROOT_DIR/src/label_support.c",
192  "$LIBSELINUX_ROOT_DIR/src/label_x.c",
193  "$LIBSELINUX_ROOT_DIR/src/lgetfilecon.c",
194  "$LIBSELINUX_ROOT_DIR/src/load_policy.c",
195  "$LIBSELINUX_ROOT_DIR/src/lsetfilecon.c",
196  "$LIBSELINUX_ROOT_DIR/src/mapping.c",
197  "$LIBSELINUX_ROOT_DIR/src/matchpathcon.c",
198  "$LIBSELINUX_ROOT_DIR/src/policyvers.c",
199  "$LIBSELINUX_ROOT_DIR/src/procattr.c",
200  "$LIBSELINUX_ROOT_DIR/src/regex.c",
201  "$LIBSELINUX_ROOT_DIR/src/reject_unknown.c",
202  "$LIBSELINUX_ROOT_DIR/src/selinux_config.c",
203  "$LIBSELINUX_ROOT_DIR/src/selinux_restorecon.c",
204  "$LIBSELINUX_ROOT_DIR/src/sestatus.c",
205  "$LIBSELINUX_ROOT_DIR/src/setenforce.c",
206  "$LIBSELINUX_ROOT_DIR/src/setfilecon.c",
207  "$LIBSELINUX_ROOT_DIR/src/setrans_client.c",
208  "$LIBSELINUX_ROOT_DIR/src/seusers.c",
209  "$LIBSELINUX_ROOT_DIR/src/sha1.c",
210  "$LIBSELINUX_ROOT_DIR/src/stringrep.c",
211]
212
213ohos_shared_library("libselinux") {
214  branch_protector_ret = "pac_ret"
215
216  output_name = "libselinux"
217
218  sources = selinux_sources
219
220  if (current_toolchain == host_toolchain) {
221    # host build
222    sources += [ "$LIBSELINUX_ROOT_DIR/src/selinux_internal.c" ]
223  }
224
225  include_dirs = [
226    "$LIBSELINUX_ROOT_DIR/include",
227    "$LIBSEPOL_ROOT_DIR/include",
228  ]
229
230  configs = [ ":third_party_selinux_nolto_config" ]
231
232  public_configs = [ ":third_party_selinux_config" ]
233
234  cflags = [
235    "-DOHOS_FC_INIT",
236    "-D_GNU_SOURCE",
237    "-w",
238    "-DSHARED",
239    "-DUSE_PCRE2",
240    "-U__BIONIC__",
241    "-DAUDITD_LOG_TAG=1003",
242    "-DPCRE2_CODE_UNIT_WIDTH=8",
243    "-DHAVE_REALLOCARRAY",
244  ]
245  if (host_cpu == "arm64" && host_os == "linux") {
246    cflags += [ "-DWITH_FREEBSD" ]
247  }
248  external_deps = [ "pcre2:libpcre2" ]
249  public_external_deps = [ "FreeBSD:libfreebsd_static" ]
250  install_enable = true
251  install_images = [
252    "system",
253    "ramdisk",
254    "updater",
255  ]
256  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
257  innerapi_tags = [
258    "platformsdk_indirect",
259    "chipsetsdk_sp_indirect",
260  ]
261  part_name = "selinux"
262  subsystem_name = "thirdparty"
263}
264
265ohos_static_library("libselinux_static") {
266  output_name = "libselinux_static"
267
268  sources = selinux_sources
269
270  if (current_toolchain == host_toolchain) {
271    # host build
272    sources += [ "$LIBSELINUX_ROOT_DIR/src/selinux_internal.c" ]
273  }
274
275  include_dirs = [
276    "$LIBSELINUX_ROOT_DIR/include",
277    "$LIBSEPOL_ROOT_DIR/include",
278  ]
279
280  configs = [ ":third_party_selinux_nolto_config" ]
281
282  public_configs = [ ":third_party_selinux_config" ]
283
284  cflags = [
285    "-DOHOS_FC_INIT",
286    "-D_GNU_SOURCE",
287    "-w",
288    "-DSHARED",
289    "-DUSE_PCRE2",
290    "-U__BIONIC__",
291    "-DAUDITD_LOG_TAG=1003",
292    "-DPCRE2_CODE_UNIT_WIDTH=8",
293  ]
294  external_deps = [ "pcre2:libpcre2_static" ]
295  public_external_deps = [ "FreeBSD:libfreebsd_static" ]
296  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
297  part_name = "selinux"
298  subsystem_name = "thirdparty"
299}
300
301ohos_executable("setenforce") {
302  install_enable = true
303  sources = [ "$LIBSELINUX_ROOT_DIR/utils/setenforce.c" ]
304  deps = [ ":libselinux" ]
305  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
306
307  cflags = [
308    "-D_GNU_SOURCE",
309    "-w",
310  ]
311  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
312  part_name = "selinux"
313  subsystem_name = "thirdparty"
314  install_images = [
315    "system",
316    "updater",
317  ]
318}
319
320ohos_executable("getenforce") {
321  install_enable = true
322  sources = [ "$LIBSELINUX_ROOT_DIR/utils/getenforce.c" ]
323  deps = [ ":libselinux" ]
324  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
325  cflags = [
326    "-D_GNU_SOURCE",
327    "-w",
328  ]
329  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
330  part_name = "selinux"
331  subsystem_name = "thirdparty"
332  install_images = [
333    "system",
334    "updater",
335  ]
336}
337
338ohos_executable("getfilecon") {
339  install_enable = true
340  sources = [ "$LIBSELINUX_ROOT_DIR/utils/getfilecon.c" ]
341  deps = [ ":libselinux" ]
342  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
343  cflags = [
344    "-D_GNU_SOURCE",
345    "-w",
346  ]
347  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
348  part_name = "selinux"
349  subsystem_name = "thirdparty"
350  install_images = [
351    "system",
352    "updater",
353  ]
354}
355
356ohos_executable("setfilecon") {
357  install_enable = true
358  sources = [ "$LIBSELINUX_ROOT_DIR/utils/setfilecon.c" ]
359  deps = [ ":libselinux" ]
360  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
361  cflags = [
362    "-D_GNU_SOURCE",
363    "-w",
364  ]
365  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
366  part_name = "selinux"
367  subsystem_name = "thirdparty"
368  install_images = [
369    "system",
370    "updater",
371  ]
372}
373
374ohos_executable("selinuxexeccon") {
375  install_enable = true
376  sources = [ "$LIBSELINUX_ROOT_DIR/utils/selinuxexeccon.c" ]
377  deps = [ ":libselinux" ]
378  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
379  cflags = [
380    "-D_GNU_SOURCE",
381    "-w",
382  ]
383  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
384  part_name = "selinux"
385  subsystem_name = "thirdparty"
386  install_images = [
387    "system",
388    "updater",
389  ]
390}
391
392ohos_executable("selinux_check_access") {
393  install_enable = true
394  sources = [ "$LIBSELINUX_ROOT_DIR/utils/selinux_check_access.c" ]
395  deps = [ ":libselinux" ]
396  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
397  cflags = [
398    "-D_GNU_SOURCE",
399    "-w",
400  ]
401  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
402  part_name = "selinux"
403  subsystem_name = "thirdparty"
404  install_images = [
405    "system",
406    "updater",
407  ]
408}
409
410ohos_executable("getpidcon") {
411  install_enable = true
412  sources = [ "$LIBSELINUX_ROOT_DIR/utils/getpidcon.c" ]
413  deps = [ ":libselinux" ]
414  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ]
415  cflags = [
416    "-D_GNU_SOURCE",
417    "-w",
418  ]
419  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
420  part_name = "selinux"
421  subsystem_name = "thirdparty"
422  install_images = [
423    "system",
424    "updater",
425  ]
426}
427
428action("check_md5_checkpolicy") {
429  script = "//third_party/selinux/exec_check_md5.sh"
430  inputs = [
431    "checkpolicy/policy_scan.l",
432    "checkpolicy/policy_parse.y",
433  ]
434  args = [
435    rebase_path("//third_party/selinux", root_build_dir),
436    "checkpolicy",
437    rebase_path("$target_gen_dir", root_build_dir),
438  ]
439  outputs = [
440    "$target_gen_dir/checkpolicy/policy_scan.c",
441    "$target_gen_dir/checkpolicy/y.tab.c",
442  ]
443}
444
445ohos_executable("checkpolicy") {
446  install_enable = true
447  sources = [
448    "$CHECKPOLICY_ROOT_DIR/checkpolicy.c",
449    "$CHECKPOLICY_ROOT_DIR/module_compiler.c",
450    "$CHECKPOLICY_ROOT_DIR/parse_util.c",
451    "$CHECKPOLICY_ROOT_DIR/policy_define.c",
452    "$CHECKPOLICY_ROOT_DIR/queue.c",
453  ]
454  sources += get_target_outputs(":check_md5_checkpolicy")
455  deps = [
456    ":libsepol",
457    ":check_md5_checkpolicy",
458  ]
459  include_dirs = [
460    "$LIBSEPOL_ROOT_DIR/cil/include",
461    "$LIBSEPOL_ROOT_DIR/include",
462    "$CHECKPOLICY_ROOT_DIR",
463  ]
464  cflags = [
465    "-Wall",
466    "-Werror",
467    "-Wshadow",
468  ]
469  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
470  part_name = "selinux"
471  subsystem_name = "thirdparty"
472}
473
474ohos_executable("secilc") {
475  install_enable = true
476  sources = [ "$SECILC_ROOT_DIR/secilc.c" ]
477  deps = [ ":libsepol" ]
478  include_dirs = [
479    "$LIBSEPOL_ROOT_DIR/cil/include",
480    "$LIBSEPOL_ROOT_DIR/include",
481  ]
482  cflags = [
483    "-Wall",
484    "-Werror",
485    "-Wshadow",
486  ]
487  license_file = "$LIBSEPOL_ROOT_DIR/LICENSE"
488  part_name = "selinux"
489  subsystem_name = "thirdparty"
490}
491
492ohos_executable("sefcontext_compile") {
493  install_enable = true
494  sources = [ "$LIBSELINUX_ROOT_DIR/utils/sefcontext_compile.c" ]
495  deps = [
496    ":libselinux",
497    ":libsepol",
498  ]
499  external_deps = [ "pcre2:libpcre2" ]
500  include_dirs = [
501    "$LIBSELINUX_ROOT_DIR/include",
502    "$LIBSEPOL_ROOT_DIR/include",
503  ]
504  cflags = [
505    "-D_GNU_SOURCE",
506    "-DUSE_PCRE2",
507    "-DPCRE2_CODE_UNIT_WIDTH=8",
508    "-w",
509  ]
510  license_file = "$LIBSELINUX_ROOT_DIR/LICENSE"
511  part_name = "selinux"
512  subsystem_name = "thirdparty"
513}
514