1// Copyright 2021 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package selinux 16 17import ( 18 "fmt" 19 "path/filepath" 20 "strings" 21 22 "android/soong/android" 23) 24 25func init() { 26 android.RegisterModuleType("se_build_files", buildFilesFactory) 27} 28 29// se_build_files gathers policy files from sepolicy dirs, and acts like a filegroup. A tag with 30// partition(plat, system_ext, product) and scope(public, private) is used to select directories. 31// Supported tags are: "plat_public", "plat_private", "system_ext_public", "system_ext_private", 32// "product_public", "product_private", and "reqd_mask". 33func buildFilesFactory() android.Module { 34 module := &buildFiles{} 35 module.AddProperties(&module.properties) 36 android.InitAndroidModule(module) 37 return module 38} 39 40type buildFilesProperties struct { 41 // list of source file suffixes used to collect selinux policy files. 42 // Source files will be looked up in the following local directories: 43 // system/sepolicy/{public, private, vendor, reqd_mask} 44 // and directories specified by following config variables: 45 // BOARD_SEPOLICY_DIRS, BOARD_ODM_SEPOLICY_DIRS 46 // SYSTEM_EXT_PUBLIC_SEPOLICY_DIR, SYSTEM_EXT_PRIVATE_SEPOLICY_DIR 47 Srcs []string 48} 49 50type buildFiles struct { 51 android.ModuleBase 52 properties buildFilesProperties 53 54 srcs map[string]android.Paths 55} 56 57func (b *buildFiles) findSrcsInDirs(ctx android.ModuleContext, dirs ...string) android.Paths { 58 result := android.Paths{} 59 for _, file := range b.properties.Srcs { 60 for _, dir := range dirs { 61 path := filepath.Join(dir, file) 62 files, err := ctx.GlobWithDeps(path, nil) 63 if err != nil { 64 ctx.ModuleErrorf("glob: %s", err.Error()) 65 } 66 for _, f := range files { 67 result = append(result, android.PathForSource(ctx, f)) 68 } 69 } 70 } 71 return result 72} 73 74func (b *buildFiles) DepsMutator(ctx android.BottomUpMutatorContext) { 75 // do nothing 76} 77 78func (b *buildFiles) OutputFiles(tag string) (android.Paths, error) { 79 if paths, ok := b.srcs[tag]; ok { 80 return paths, nil 81 } 82 83 return nil, fmt.Errorf("unknown tag %q. Supported tags are: %q", tag, strings.Join(android.SortedKeys(b.srcs), " ")) 84} 85 86var _ android.OutputFileProducer = (*buildFiles)(nil) 87 88type sepolicyDir struct { 89 tag string 90 paths []string 91} 92 93func (b *buildFiles) GenerateAndroidBuildActions(ctx android.ModuleContext) { 94 b.srcs = make(map[string]android.Paths) 95 b.srcs[".reqd_mask"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "reqd_mask")) 96 b.srcs[".plat_public"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "public")) 97 b.srcs[".plat_private"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "private")) 98 b.srcs[".plat_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "vendor")) 99 b.srcs[".system_ext_public"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs()...) 100 b.srcs[".system_ext_private"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPrivateSepolicyDirs()...) 101 b.srcs[".product_public"] = b.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs()...) 102 b.srcs[".product_private"] = b.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs()...) 103 b.srcs[".vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs()...) 104 b.srcs[".odm"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs()...) 105 106 if ctx.DeviceConfig().PlatformSepolicyVersion() == ctx.DeviceConfig().BoardSepolicyVers() { 107 // vendor uses the same source with plat policy 108 b.srcs[".reqd_mask_for_vendor"] = b.srcs[".reqd_mask"] 109 b.srcs[".plat_vendor_for_vendor"] = b.srcs[".plat_vendor"] 110 b.srcs[".plat_public_for_vendor"] = b.srcs[".plat_public"] 111 b.srcs[".plat_private_for_vendor"] = b.srcs[".plat_private"] 112 b.srcs[".system_ext_public_for_vendor"] = b.srcs[".system_ext_public"] 113 b.srcs[".system_ext_private_for_vendor"] = b.srcs[".system_ext_private"] 114 b.srcs[".product_public_for_vendor"] = b.srcs[".product_public"] 115 b.srcs[".product_private_for_vendor"] = b.srcs[".product_private"] 116 } else { 117 // use vendor-supplied plat prebuilts 118 b.srcs[".reqd_mask_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy()...) 119 b.srcs[".plat_vendor_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardPlatVendorPolicy()...) 120 b.srcs[".plat_public_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "public")) 121 b.srcs[".plat_private_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "private")) 122 b.srcs[".system_ext_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPublicPrebuiltDirs()...) 123 b.srcs[".system_ext_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPrivatePrebuiltDirs()...) 124 b.srcs[".product_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPublicPrebuiltDirs()...) 125 b.srcs[".product_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPrivatePrebuiltDirs()...) 126 } 127 128 // directories used for compat tests and Treble tests 129 for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() { 130 b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "public")) 131 b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "private")) 132 b.srcs[".system_ext_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public")) 133 b.srcs[".system_ext_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private")) 134 b.srcs[".product_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public")) 135 b.srcs[".product_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private")) 136 } 137} 138