• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright (C) 2023 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This module contains a list of build time flags (defined on AOSP) for sepolicy.
16// Additional se_flags modules can be added anywhere for additional flags.
17se_flags {
18    name: "aosp_selinux_flags",
19    flags: [
20        "RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES",
21        "RELEASE_AVF_ENABLE_EARLY_VM",
22        "RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
23        "RELEASE_AVF_ENABLE_LLPVM_CHANGES",
24        "RELEASE_AVF_ENABLE_NETWORK",
25        "RELEASE_AVF_ENABLE_MICROFUCHSIA",
26        "RELEASE_AVF_ENABLE_VM_TO_TEE_SERVICES_ALLOWLIST",
27        "RELEASE_AVF_ENABLE_WIDEVINE_PVM",
28        "RELEASE_RANGING_STACK",
29        "RELEASE_READ_FROM_NEW_STORAGE",
30        "RELEASE_SUPERVISION_SERVICE",
31        "RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
32        "RELEASE_UNLOCKED_STORAGE_API",
33        "RELEASE_BLUETOOTH_SOCKET_SERVICE",
34        "RELEASE_SEPOLICY_RESTRICT_KERNEL_KEYRING_SEARCH",
35    ],
36    export_to: ["all_selinux_flags"],
37}
38
39// se_flags_collector collects flags from exported se_flags modules and converts it to build flags.
40se_flags_collector {
41    name: "all_selinux_flags",
42}
43
44se_policy_conf_defaults {
45    name: "se_policy_conf_flags_defaults",
46    srcs: [":sepolicy_flagging_macros"],
47    build_flags: ["all_selinux_flags"],
48}
49
50contexts_defaults {
51    name: "contexts_flags_defaults",
52    srcs: [":sepolicy_flagging_macros"],
53    neverallow_files: [":sepolicy_flagging_macros"], // for seapp_contexts
54    build_flags: ["all_selinux_flags"],
55}
56
57filegroup {
58    name: "sepolicy_flagging_macros",
59    srcs: ["flagging_macros"],
60}
61