1package { 2 default_applicable_licenses: ["external_selinux_libselinux_license"], 3} 4 5// Added automatically by a large-scale-change that took the approach of 6// 'apply every license found to every target'. While this makes sure we respect 7// every license restriction, it may not be entirely correct. 8// 9// e.g. GPL in an MIT project might only apply to the contrib/ directory. 10// 11// Please consider splitting the single license below into multiple licenses, 12// taking care not to lose any license_kind information, and overriding the 13// default license using the 'licenses: [...]' property on targets as needed. 14// 15// For unused files, consider creating a 'filegroup' with "//visibility:private" 16// to attach the license to, and including a comment whether the files may be 17// used in the current project. 18// http://go/android-license-faq 19license { 20 name: "external_selinux_libselinux_license", 21 visibility: [":__subpackages__"], 22 license_kinds: [ 23 "SPDX-license-identifier-Apache-2.0", 24 "SPDX-license-identifier-GPL-2.0", 25 "legacy_unencumbered", 26 ], 27 license_text: [ 28 "LICENSE", 29 ], 30} 31 32common_CFLAGS = [ 33 // Persistently stored patterns (pcre2) are architecture dependent. 34 // In particular paterns built on amd64 can not run on devices with armv7 35 // (32bit). Therefore, this feature stays off for now. 36 "-DNO_PERSISTENTLY_STORED_PATTERNS", 37 "-DDISABLE_SETRANS", 38 "-DDISABLE_BOOL", 39 "-D_GNU_SOURCE", 40 "-DNO_MEDIA_BACKEND", 41 "-DNO_X_BACKEND", 42 "-DNO_DB_BACKEND", 43 "-Wall", 44 "-Werror", 45 "-Wno-error=missing-noreturn", 46 "-Wno-error=unused-function", 47 "-Wno-error=unused-variable", 48 "-DUSE_PCRE2", 49 // 1003 corresponds to auditd, from system/core/logd/event.logtags 50 "-DAUDITD_LOG_TAG=1003", 51] 52 53cc_defaults { 54 name: "libselinux_defaults", 55 defaults: ["libselinux_flags_defaults"], 56 57 cflags: common_CFLAGS, 58 59 srcs: [ 60 "src/android/android.c", 61 "src/android/android_seapp.c", 62 "src/avc.c", 63 "src/avc_internal.c", 64 "src/avc_sidtab.c", 65 "src/booleans.c", 66 "src/callbacks.c", 67 "src/canonicalize_context.c", 68 "src/checkAccess.c", 69 "src/check_context.c", 70 "src/compute_av.c", 71 "src/compute_create.c", 72 "src/compute_member.c", 73 "src/context.c", 74 "src/deny_unknown.c", 75 "src/disable.c", 76 "src/enabled.c", 77 "src/fgetfilecon.c", 78 "src/freecon.c", 79 "src/fsetfilecon.c", 80 "src/get_initial_context.c", 81 "src/getenforce.c", 82 "src/getfilecon.c", 83 "src/getpeercon.c", 84 "src/init.c", 85 "src/label.c", 86 "src/label_backends_android.c", 87 "src/label_file.c", 88 "src/label_support.c", 89 "src/lgetfilecon.c", 90 "src/load_policy.c", 91 "src/lsetfilecon.c", 92 "src/mapping.c", 93 "src/matchpathcon.c", 94 "src/policyvers.c", 95 "src/procattr.c", 96 "src/regex.c", 97 "src/reject_unknown.c", 98 "src/selinux_internal.c", 99 "src/sestatus.c", 100 "src/setenforce.c", 101 "src/setfilecon.c", 102 "src/setrans_client.c", 103 "src/sha1.c", 104 "src/stringrep.c", 105 ], 106 107 target: { 108 host: { 109 cflags: [ 110 "-DBUILD_HOST", 111 ], 112 }, 113 android: { 114 cflags: [ 115 "-DHAVE_STRLCPY" 116 ], 117 srcs: [ 118 "src/android/android_device.c", 119 ], 120 static: { 121 whole_static_libs: [ 122 "libpackagelistparser", 123 ], 124 }, 125 126 shared: { 127 shared_libs: [ 128 "libpackagelistparser", 129 ], 130 }, 131 system_shared_libs: ["libc"], 132 }, 133 }, 134 135 static: { 136 whole_static_libs: [ 137 "libpcre2", 138 "liblog", 139 ], 140 }, 141 shared: { 142 shared_libs: [ 143 "libpcre2", 144 "liblog", 145 ], 146 }, 147 header_libs: [ 148 "libbase_headers", 149 "libcutils_headers", 150 "liblog_headers", 151 ], 152 local_include_dirs: [ 153 "include", 154 "src", 155 ], 156 export_include_dirs: ["include"], 157 158 stl: "none", 159} 160 161soong_config_module_type { 162 name: "cc_defaults_libselinux_flags", 163 module_type: "cc_defaults", 164 config_namespace: "ANDROID", 165 bool_variables: [ 166 "release_selinux_data_data_ignore", 167 ], 168 properties: [ 169 "cflags", 170 ], 171} 172 173cc_defaults_libselinux_flags { 174 name: "libselinux_flags_defaults", 175 host_supported: true, 176 soong_config_variables: { 177 release_selinux_data_data_ignore: { 178 cflags: ["-DSELINUX_FLAGS_DATA_DATA_IGNORE"], 179 } 180 } 181} 182 183cc_library { 184 name: "libselinux", 185 defaults: ["libselinux_defaults"], 186 187 llndk: { 188 symbol_file: "exported.map.txt", 189 }, 190 191 ramdisk_available: true, 192 vendor_ramdisk_available: true, 193 recovery_available: true, 194 host_supported: true, 195 196 target: { 197 linux_bionic: { 198 enabled: true, 199 }, 200 201 android: { 202 version_script: "exported.map.txt", 203 }, 204 }, 205 206 stubs: { 207 symbol_file: "exported.map.txt", 208 versions: ["30"], 209 }, 210} 211 212cc_test_host { 213 name: "libselinux_test", 214 defaults: ["libselinux_defaults"], 215 srcs: ["src/android/android_unittest.cpp"], 216 217 cflags: [ 218 // regex.h will conflict with the default regex.h from libc. 219 // Skip regex for gtest. 220 "-DGTEST_HAS_POSIX_RE=0", 221 // Disable automatic interactions with sysfs when libselinux is 222 // initialized. This ensures that the tests remain hermetic on the host. 223 "-DANDROID_UNIT_TESTING", 224 ], 225 whole_static_libs: [ 226 "libbase", 227 "liblog", 228 "libpcre2", 229 ], 230 231 // Use default stl. 232 stl:"" 233} 234 235cc_binary_host { 236 name: "sefcontext_compile", 237 defaults: ["libselinux_defaults"], 238 srcs: ["utils/sefcontext_compile.c"], 239 240 static_libs: [ 241 "libselinux", 242 "libsepol", 243 ], 244 245 stl: "", 246} 247 248cc_binary { 249 name: "selabel_get_digests_all_partial_matches", 250 defaults: ["libselinux_defaults"], 251 srcs: ["utils/selabel_get_digests_all_partial_matches.c"], 252 253 static_libs: [ 254 "libselinux", 255 ], 256 257 stl: "", 258} 259 260rust_bindgen { 261 name: "libselinux_bindgen", 262 wrapper_src: "rust/selinux.h", 263 crate_name: "selinux_bindgen", 264 visibility: ["//frameworks/native/libs/binder/rust/tests", "//system/security/keystore2:__subpackages__", "//packages/modules/Virtualization:__subpackages__"], 265 source_stem: "bindings", 266 local_include_dirs: ["include"], 267 268 // Generate bindings only for the symbols that are actually exported (see exported.map.txt). 269 // This makes the generated bindings much more concise and improves compilation 270 // time. 271 bindgen_flags: [ 272 "--allowlist-function=fgetfilecon", 273 "--allowlist-function=fgetfilecon_raw", 274 "--allowlist-function=freecon", 275 "--allowlist-function=fsetfilecon", 276 "--allowlist-function=getcon", 277 "--allowlist-function=getfilecon", 278 "--allowlist-function=getpeercon", 279 "--allowlist-function=getpidcon", 280 "--allowlist-function=is_selinux_enabled", 281 "--allowlist-function=lgetfilecon", 282 "--allowlist-function=lsetfilecon", 283 "--allowlist-function=security_compute_create", 284 "--allowlist-function=security_get_initial_context", 285 "--allowlist-function=security_getenforce", 286 "--allowlist-function=security_load_policy", 287 "--allowlist-function=security_policyvers", 288 "--allowlist-function=security_setenforce", 289 "--allowlist-function=selabel_close", 290 "--allowlist-function=selabel_lookup", 291 "--allowlist-function=selabel_lookup_best_match", 292 "--allowlist-function=selabel_open", 293 "--allowlist-function=selinux_android_file_context_handle", 294 "--allowlist-function=selinux_android_hw_service_context_handle", 295 "--allowlist-function=selinux_android_load_policy", 296 "--allowlist-function=selinux_android_load_policy_from_fd", 297 "--allowlist-function=selinux_android_restorecon", 298 "--allowlist-function=selinux_android_restorecon_pkgdir", 299 "--allowlist-function=selinux_android_seapp_context_init", 300 "--allowlist-function=selinux_android_service_context_handle", 301 "--allowlist-function=selinux_android_set_sehandle", 302 "--allowlist-function=selinux_android_setcon", 303 "--allowlist-function=selinux_android_setcontext", 304 "--allowlist-function=selinux_android_vendor_service_context_handle", 305 "--allowlist-function=selinux_check_access", 306 "--allowlist-function=selinux_log_callback", 307 "--allowlist-function=selinux_set_callback", 308 "--allowlist-function=selinux_status_open", 309 "--allowlist-function=selinux_status_updated", 310 "--allowlist-function=selinux_vendor_log_callback", 311 "--allowlist-function=set_selinuxmnt", 312 "--allowlist-function=setcon", 313 "--allowlist-function=setexeccon", 314 "--allowlist-function=setfilecon", 315 "--allowlist-function=setfscreatecon", 316 "--allowlist-function=setsockcreatecon", 317 "--allowlist-function=setsockcreatecon_raw", 318 "--allowlist-function=string_to_security_class", 319 "--allowlist-function=selinux_android_context_with_level", 320 "--allowlist-function=selinux_android_keystore2_key_context_handle", 321 322 // We also need some constants in addition to the functions. 323 "--allowlist-var=SELABEL_.*", 324 "--allowlist-var=SELINUX_.*", 325 ], 326 327 // This is mainly to run layout tests for generated bindings on the host. 328 host_supported: true, 329 330 apex_available: [ 331 "com.android.virt", 332 "//apex_available:platform", 333 ], 334} 335 336rust_test { 337 name: "libselinux_bindgen_test", 338 srcs: [ 339 ":libselinux_bindgen", 340 ], 341 crate_name: "selinux_bindgen_test", 342 test_suites: ["general-tests"], 343 auto_gen_config: true, 344 clippy_lints: "none", 345 lints: "none", 346} 347