• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
17package {
18    // See: http://go/android-license-faq
19    // A large-scale-change added 'default_applicable_licenses' to import
20    // all of the 'license_kinds' from "system_sepolicy_license"
21    // to get the below license kinds:
22    //   SPDX-license-identifier-Apache-2.0
23    default_applicable_licenses: ["system_sepolicy_license"],
24}
25
26se_build_files {
27    name: "file_contexts_files",
28    srcs: ["file_contexts"],
29}
30
31se_build_files {
32    name: "file_contexts_asan_files",
33    srcs: ["file_contexts_asan"],
34}
35
36se_build_files {
37    name: "file_contexts_overlayfs_files",
38    srcs: ["file_contexts_overlayfs"],
39}
40
41se_build_files {
42    name: "hwservice_contexts_files",
43    srcs: ["hwservice_contexts"],
44}
45
46se_build_files {
47    name: "property_contexts_files",
48    srcs: ["property_contexts"],
49}
50
51se_build_files {
52    name: "service_contexts_files",
53    srcs: ["service_contexts"],
54}
55
56se_build_files {
57    name: "keystore2_key_contexts_files",
58    srcs: ["keystore2_key_contexts"],
59}
60
61se_build_files {
62    name: "seapp_contexts_files",
63    srcs: ["seapp_contexts"],
64}
65
66se_build_files {
67    name: "vndservice_contexts_files",
68    srcs: ["vndservice_contexts"],
69}
70
71se_build_files {
72    name: "tee_service_contexts_files",
73    srcs: ["tee_service_contexts"],
74}
75
76file_contexts {
77    name: "plat_file_contexts",
78    defaults: ["contexts_flags_defaults"],
79    srcs: [":file_contexts_files{.plat_private}"],
80    product_variables: {
81        address_sanitize: {
82            srcs: [":file_contexts_asan_files{.plat_private}"],
83        },
84        debuggable: {
85            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
86        },
87    },
88}
89
90// The platform file context without any extra added. This is used by CTS to
91// ensure that no entries are removed from the AOSP file.
92file_contexts {
93    name: "plat_file_contexts_cts",
94    defaults: ["contexts_flags_defaults"],
95    srcs: [":file_contexts_files{.plat_private}"],
96}
97
98file_contexts {
99    name: "plat_file_contexts.recovery",
100    defaults: ["contexts_flags_defaults"],
101    srcs: [":file_contexts_files{.plat_private}"],
102    stem: "plat_file_contexts",
103    product_variables: {
104        address_sanitize: {
105            srcs: [":file_contexts_asan_files{.plat_private}"],
106        },
107        debuggable: {
108            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
109        },
110    },
111    recovery: true,
112}
113
114file_contexts {
115    name: "vendor_file_contexts",
116    defaults: ["contexts_flags_defaults"],
117    srcs: [
118        ":file_contexts_files{.plat_vendor}",
119        ":file_contexts_files{.vendor}",
120    ],
121    soc_specific: true,
122    fc_sort: true,
123}
124
125file_contexts {
126    name: "vendor_file_contexts.recovery",
127    defaults: ["contexts_flags_defaults"],
128    srcs: [
129        ":file_contexts_files{.plat_vendor}",
130        ":file_contexts_files{.vendor}",
131    ],
132    stem: "vendor_file_contexts",
133    recovery: true,
134    fc_sort: true,
135}
136
137file_contexts {
138    name: "system_ext_file_contexts",
139    defaults: ["contexts_flags_defaults"],
140    srcs: [":file_contexts_files{.system_ext_private}"],
141    system_ext_specific: true,
142}
143
144file_contexts {
145    name: "system_ext_file_contexts.recovery",
146    defaults: ["contexts_flags_defaults"],
147    srcs: [":file_contexts_files{.system_ext_private}"],
148    stem: "system_ext_file_contexts",
149    recovery: true,
150}
151
152file_contexts {
153    name: "product_file_contexts",
154    defaults: ["contexts_flags_defaults"],
155    srcs: [":file_contexts_files{.product_private}"],
156    product_specific: true,
157}
158
159file_contexts {
160    name: "product_file_contexts.recovery",
161    defaults: ["contexts_flags_defaults"],
162    srcs: [":file_contexts_files{.product_private}"],
163    stem: "product_file_contexts",
164    recovery: true,
165}
166
167file_contexts {
168    name: "odm_file_contexts",
169    defaults: ["contexts_flags_defaults"],
170    srcs: [":file_contexts_files{.odm}"],
171    device_specific: true,
172    fc_sort: true,
173}
174
175file_contexts {
176    name: "odm_file_contexts.recovery",
177    defaults: ["contexts_flags_defaults"],
178    srcs: [":file_contexts_files{.odm}"],
179    stem: "odm_file_contexts",
180    recovery: true,
181    fc_sort: true,
182}
183
184hwservice_contexts {
185    name: "plat_hwservice_contexts",
186    defaults: ["contexts_flags_defaults"],
187    srcs: [":hwservice_contexts_files{.plat_private}"],
188}
189
190hwservice_contexts {
191    name: "system_ext_hwservice_contexts",
192    defaults: ["contexts_flags_defaults"],
193    srcs: [":hwservice_contexts_files{.system_ext_private}"],
194    system_ext_specific: true,
195}
196
197hwservice_contexts {
198    name: "product_hwservice_contexts",
199    defaults: ["contexts_flags_defaults"],
200    srcs: [":hwservice_contexts_files{.product_private}"],
201    product_specific: true,
202}
203
204hwservice_contexts {
205    name: "vendor_hwservice_contexts",
206    defaults: ["contexts_flags_defaults"],
207    srcs: [
208        ":hwservice_contexts_files{.plat_vendor}",
209        ":hwservice_contexts_files{.vendor}",
210        ":hwservice_contexts_files{.reqd_mask}",
211    ],
212    soc_specific: true,
213}
214
215hwservice_contexts {
216    name: "odm_hwservice_contexts",
217    defaults: ["contexts_flags_defaults"],
218    srcs: [":hwservice_contexts_files{.odm}"],
219    device_specific: true,
220}
221
222hwservice_contexts {
223    name: "merged_hwservice_contexts",
224    defaults: ["contexts_flags_defaults"],
225    srcs: [
226        ":plat_hwservice_contexts",
227        ":system_ext_hwservice_contexts",
228        ":product_hwservice_contexts",
229        ":vendor_hwservice_contexts",
230        ":odm_hwservice_contexts",
231    ],
232}
233
234property_contexts {
235    name: "plat_property_contexts",
236    defaults: ["contexts_flags_defaults"],
237    srcs: [":property_contexts_files{.plat_private}"],
238}
239
240property_contexts {
241    name: "plat_property_contexts.recovery",
242    defaults: ["contexts_flags_defaults"],
243    srcs: [":property_contexts_files{.plat_private}"],
244    stem: "plat_property_contexts",
245    recovery: true,
246}
247
248property_contexts {
249    name: "system_ext_property_contexts",
250    defaults: ["contexts_flags_defaults"],
251    srcs: [":property_contexts_files{.system_ext_private}"],
252    system_ext_specific: true,
253}
254
255property_contexts {
256    name: "system_ext_property_contexts.recovery",
257    defaults: ["contexts_flags_defaults"],
258    srcs: [":property_contexts_files{.system_ext_private}"],
259    recovery: true,
260    stem: "system_ext_property_contexts",
261}
262
263property_contexts {
264    name: "product_property_contexts",
265    defaults: ["contexts_flags_defaults"],
266    srcs: [":property_contexts_files{.product_private}"],
267    product_specific: true,
268}
269
270property_contexts {
271    name: "product_property_contexts.recovery",
272    defaults: ["contexts_flags_defaults"],
273    srcs: [":property_contexts_files{.product_private}"],
274    recovery: true,
275    stem: "product_property_contexts",
276}
277
278property_contexts {
279    name: "vendor_property_contexts",
280    defaults: ["contexts_flags_defaults"],
281    srcs: [
282        ":property_contexts_files{.plat_vendor}",
283        ":property_contexts_files{.vendor}",
284        ":property_contexts_files{.reqd_mask}",
285    ],
286    soc_specific: true,
287}
288
289property_contexts {
290    name: "vendor_property_contexts.recovery",
291    defaults: ["contexts_flags_defaults"],
292    srcs: [
293        ":property_contexts_files{.plat_vendor}",
294        ":property_contexts_files{.vendor}",
295        ":property_contexts_files{.reqd_mask}",
296    ],
297    recovery: true,
298    stem: "vendor_property_contexts",
299}
300
301property_contexts {
302    name: "odm_property_contexts",
303    defaults: ["contexts_flags_defaults"],
304    srcs: [":property_contexts_files{.odm}"],
305    device_specific: true,
306}
307
308property_contexts {
309    name: "odm_property_contexts.recovery",
310    defaults: ["contexts_flags_defaults"],
311    srcs: [":property_contexts_files{.odm}"],
312    recovery: true,
313    stem: "odm_property_contexts",
314}
315
316service_contexts {
317    name: "plat_service_contexts",
318    defaults: ["contexts_flags_defaults"],
319    srcs: [":service_contexts_files{.plat_private}"],
320}
321
322service_contexts {
323    name: "plat_service_contexts.recovery",
324    defaults: ["contexts_flags_defaults"],
325    srcs: [":service_contexts_files{.plat_private}"],
326    stem: "plat_service_contexts",
327    recovery: true,
328}
329
330service_contexts {
331    name: "system_ext_service_contexts",
332    defaults: ["contexts_flags_defaults"],
333    srcs: [":service_contexts_files{.system_ext_private}"],
334    system_ext_specific: true,
335}
336
337service_contexts {
338    name: "system_ext_service_contexts.recovery",
339    defaults: ["contexts_flags_defaults"],
340    srcs: [":service_contexts_files{.system_ext_private}"],
341    recovery: true,
342    stem: "system_ext_service_contexts",
343}
344
345service_contexts {
346    name: "product_service_contexts",
347    defaults: ["contexts_flags_defaults"],
348    srcs: [":service_contexts_files{.product_private}"],
349    product_specific: true,
350}
351
352service_contexts {
353    name: "product_service_contexts.recovery",
354    defaults: ["contexts_flags_defaults"],
355    srcs: [":service_contexts_files{.product_private}"],
356    recovery: true,
357    stem: "product_service_contexts",
358}
359
360service_contexts {
361    name: "vendor_service_contexts",
362    defaults: ["contexts_flags_defaults"],
363    srcs: [
364        ":service_contexts_files{.plat_vendor}",
365        ":service_contexts_files{.vendor}",
366        ":service_contexts_files{.reqd_mask}",
367    ],
368    soc_specific: true,
369}
370
371service_contexts {
372    name: "vendor_service_contexts.recovery",
373    defaults: ["contexts_flags_defaults"],
374    srcs: [
375        ":service_contexts_files{.plat_vendor}",
376        ":service_contexts_files{.vendor}",
377        ":service_contexts_files{.reqd_mask}",
378    ],
379    recovery: true,
380    stem: "vendor_service_contexts",
381}
382
383service_contexts {
384    name: "odm_service_contexts",
385    defaults: ["contexts_flags_defaults"],
386    srcs: [
387        ":service_contexts_files{.odm}",
388    ],
389    device_specific: true,
390    recovery_available: true,
391}
392
393service_contexts {
394    name: "merged_service_contexts",
395    defaults: ["contexts_flags_defaults"],
396    srcs: [
397        ":plat_service_contexts",
398        ":system_ext_service_contexts",
399        ":product_service_contexts",
400        ":vendor_service_contexts",
401        ":odm_service_contexts",
402    ],
403}
404
405keystore2_key_contexts {
406    name: "plat_keystore2_key_contexts",
407    defaults: ["contexts_flags_defaults"],
408    srcs: [":keystore2_key_contexts_files{.plat_private}"],
409}
410
411keystore2_key_contexts {
412    name: "system_ext_keystore2_key_contexts",
413    defaults: ["contexts_flags_defaults"],
414    srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
415    system_ext_specific: true,
416}
417
418keystore2_key_contexts {
419    name: "product_keystore2_key_contexts",
420    defaults: ["contexts_flags_defaults"],
421    srcs: [":keystore2_key_contexts_files{.product_private}"],
422    product_specific: true,
423}
424
425keystore2_key_contexts {
426    name: "vendor_keystore2_key_contexts",
427    defaults: ["contexts_flags_defaults"],
428    srcs: [
429        ":keystore2_key_contexts_files{.plat_vendor}",
430        ":keystore2_key_contexts_files{.vendor}",
431        ":keystore2_key_contexts_files{.reqd_mask}",
432    ],
433    soc_specific: true,
434}
435
436seapp_contexts {
437    name: "plat_seapp_contexts",
438    defaults: ["contexts_flags_defaults"],
439    srcs: [":seapp_contexts_files{.plat_private}"],
440    sepolicy: ":precompiled_sepolicy",
441}
442
443seapp_contexts {
444    name: "system_ext_seapp_contexts",
445    defaults: ["contexts_flags_defaults"],
446    srcs: [":seapp_contexts_files{.system_ext_private}"],
447    neverallow_files: [":seapp_contexts_files{.plat_private}"],
448    system_ext_specific: true,
449    sepolicy: ":precompiled_sepolicy",
450}
451
452seapp_contexts {
453    name: "product_seapp_contexts",
454    defaults: ["contexts_flags_defaults"],
455    srcs: [":seapp_contexts_files{.product_private}"],
456    neverallow_files: [
457        ":seapp_contexts_files{.plat_private}",
458        ":seapp_contexts_files{.system_ext_private}",
459    ],
460    product_specific: true,
461    sepolicy: ":precompiled_sepolicy",
462}
463
464seapp_contexts {
465    name: "vendor_seapp_contexts",
466    defaults: ["contexts_flags_defaults"],
467    srcs: [
468        ":seapp_contexts_files{.plat_vendor}",
469        ":seapp_contexts_files{.vendor}",
470        ":seapp_contexts_files{.reqd_mask}",
471    ],
472    neverallow_files: [
473        ":seapp_contexts_files{.plat_private}",
474        ":seapp_contexts_files{.system_ext_private}",
475        ":seapp_contexts_files{.product_private}",
476    ],
477    soc_specific: true,
478    sepolicy: ":precompiled_sepolicy",
479}
480
481seapp_contexts {
482    name: "odm_seapp_contexts",
483    defaults: ["contexts_flags_defaults"],
484    srcs: [
485        ":seapp_contexts_files{.odm}",
486    ],
487    neverallow_files: [
488        ":seapp_contexts_files{.plat_private}",
489        ":seapp_contexts_files{.system_ext_private}",
490        ":seapp_contexts_files{.product_private}",
491    ],
492    device_specific: true,
493    sepolicy: ":precompiled_sepolicy",
494}
495
496vndservice_contexts {
497    name: "vndservice_contexts",
498    defaults: ["contexts_flags_defaults"],
499    srcs: [
500        ":vndservice_contexts_files{.plat_vendor}",
501        ":vndservice_contexts_files{.vendor}",
502        ":vndservice_contexts_files{.reqd_mask}",
503    ],
504    soc_specific: true,
505}
506
507// for CTS
508genrule {
509    name: "plat_seapp_neverallows",
510    srcs: [
511        ":seapp_contexts_files{.plat_private}",
512        ":seapp_contexts_files{.system_ext_private}",
513        ":seapp_contexts_files{.product_private}",
514    ],
515    out: ["plat_seapp_neverallows"],
516    cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
517}
518
519//////////////////////////////////
520// Run host-side test with contexts files and the sepolicy file
521file_contexts_test {
522    name: "plat_file_contexts_test",
523    srcs: [":plat_file_contexts"],
524    sepolicy: ":precompiled_sepolicy",
525}
526
527file_contexts_test {
528    name: "plat_file_contexts_data_test",
529    srcs: [":file_contexts_files{.plat_private}"],
530    test_data: "plat_file_contexts_test",
531}
532
533file_contexts_test {
534    name: "system_ext_file_contexts_test",
535    srcs: [":system_ext_file_contexts"],
536    sepolicy: ":precompiled_sepolicy",
537}
538
539file_contexts_test {
540    name: "product_file_contexts_test",
541    srcs: [":product_file_contexts"],
542    sepolicy: ":precompiled_sepolicy",
543}
544
545file_contexts_test {
546    name: "vendor_file_contexts_test",
547    srcs: [":vendor_file_contexts"],
548    sepolicy: ":precompiled_sepolicy",
549}
550
551file_contexts_test {
552    name: "odm_file_contexts_test",
553    srcs: [":odm_file_contexts"],
554    sepolicy: ":precompiled_sepolicy",
555}
556
557hwservice_contexts_test {
558    name: "plat_hwservice_contexts_test",
559    srcs: [":plat_hwservice_contexts"],
560    sepolicy: ":precompiled_sepolicy",
561}
562
563hwservice_contexts_test {
564    name: "system_ext_hwservice_contexts_test",
565    srcs: [":system_ext_hwservice_contexts"],
566    sepolicy: ":precompiled_sepolicy",
567}
568
569hwservice_contexts_test {
570    name: "product_hwservice_contexts_test",
571    srcs: [":product_hwservice_contexts"],
572    sepolicy: ":precompiled_sepolicy",
573}
574
575hwservice_contexts_test {
576    name: "vendor_hwservice_contexts_test",
577    srcs: [":vendor_hwservice_contexts"],
578    sepolicy: ":precompiled_sepolicy",
579}
580
581hwservice_contexts_test {
582    name: "odm_hwservice_contexts_test",
583    srcs: [":odm_hwservice_contexts"],
584    sepolicy: ":precompiled_sepolicy",
585}
586
587hwservice_contexts_test {
588    name: "merged_hwservice_contexts_test",
589    srcs: [":merged_hwservice_contexts"],
590    sepolicy: ":precompiled_sepolicy",
591}
592
593property_contexts_test {
594    name: "plat_property_contexts_test",
595    srcs: [":plat_property_contexts"],
596    sepolicy: ":precompiled_sepolicy",
597}
598
599property_contexts_test {
600    name: "system_ext_property_contexts_test",
601    srcs: [
602        ":plat_property_contexts",
603        ":system_ext_property_contexts",
604    ],
605    sepolicy: ":precompiled_sepolicy",
606}
607
608property_contexts_test {
609    name: "product_property_contexts_test",
610    srcs: [
611        ":plat_property_contexts",
612        ":system_ext_property_contexts",
613        ":product_property_contexts",
614    ],
615    sepolicy: ":precompiled_sepolicy",
616}
617
618property_contexts_test {
619    name: "vendor_property_contexts_test",
620    srcs: [
621        ":plat_property_contexts",
622        ":system_ext_property_contexts",
623        ":product_property_contexts",
624        ":vendor_property_contexts",
625    ],
626    sepolicy: ":precompiled_sepolicy",
627}
628
629property_contexts_test {
630    name: "odm_property_contexts_test",
631    srcs: [
632        ":plat_property_contexts",
633        ":system_ext_property_contexts",
634        ":product_property_contexts",
635        ":vendor_property_contexts",
636        ":odm_property_contexts",
637    ],
638    sepolicy: ":precompiled_sepolicy",
639}
640
641service_contexts_test {
642    name: "plat_service_contexts_test",
643    srcs: [":plat_service_contexts"],
644    sepolicy: ":precompiled_sepolicy",
645}
646
647service_contexts_test {
648    name: "system_ext_service_contexts_test",
649    srcs: [":system_ext_service_contexts"],
650    sepolicy: ":precompiled_sepolicy",
651}
652
653service_contexts_test {
654    name: "product_service_contexts_test",
655    srcs: [":product_service_contexts"],
656    sepolicy: ":precompiled_sepolicy",
657}
658
659service_contexts_test {
660    name: "vendor_service_contexts_test",
661    srcs: [":vendor_service_contexts"],
662    sepolicy: ":precompiled_sepolicy",
663}
664
665service_contexts_test {
666    name: "odm_service_contexts_test",
667    srcs: [":odm_service_contexts"],
668    sepolicy: ":precompiled_sepolicy",
669}
670
671service_contexts_test {
672    name: "merged_service_contexts_test",
673    srcs: [":merged_service_contexts"],
674    sepolicy: ":precompiled_sepolicy",
675}
676
677vndservice_contexts_test {
678    name: "vndservice_contexts_test",
679    srcs: [":vndservice_contexts"],
680    sepolicy: ":precompiled_sepolicy",
681}
682
683fuzzer_bindings_test {
684    name: "fuzzer_bindings_test",
685    srcs: [":plat_service_contexts"],
686}
687
688tee_service_contexts {
689    name: "plat_tee_service_contexts",
690    defaults: ["contexts_flags_defaults"],
691    srcs: [":tee_service_contexts_files{.plat_private}"],
692}
693
694tee_service_contexts {
695    name: "system_ext_tee_service_contexts",
696    defaults: ["contexts_flags_defaults"],
697    srcs: [":tee_service_contexts_files{.system_ext_private}"],
698    system_ext_specific: true,
699}
700
701tee_service_contexts {
702    name: "product_tee_service_contexts",
703    defaults: ["contexts_flags_defaults"],
704    srcs: [":tee_service_contexts_files{.product_private}"],
705    product_specific: true,
706}
707
708tee_service_contexts {
709    name: "vendor_tee_service_contexts",
710    defaults: ["contexts_flags_defaults"],
711    srcs: [
712        ":tee_service_contexts_files{.plat_vendor}",
713        ":tee_service_contexts_files{.vendor}",
714        ":tee_service_contexts_files{.reqd_mask}",
715    ],
716    soc_specific: true,
717}
718