Android.mk revision 171a06257124401af2e7c33fbbcbc69c18e45486 
1ifeq ($(HAVE_SELINUX),true)
2
3LOCAL_PATH:= $(call my-dir)
4include $(CLEAR_VARS)
5
6# SELinux policy version.
7# Must be <= /selinux/policyvers reported by the Android kernel.
8# Must be within the compatibility range reported by checkpolicy -V.
9POLICYVERS := 24
10
11MLS_SENS=1
12MLS_CATS=1024
13
14LOCAL_POLICY_DIRS := $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)/ device/*/$(TARGET_DEVICE)/ vendor/*/$(TARGET_DEVICE)/
15
16LOCAL_POLICY_FC := $(wildcard $(addsuffix sepolicy.fc, $(LOCAL_POLICY_DIRS)))
17LOCAL_POLICY_TE := $(wildcard $(addsuffix sepolicy.te, $(LOCAL_POLICY_DIRS)))
18LOCAL_POLICY_PC := $(wildcard $(addsuffix sepolicy.pc, $(LOCAL_POLICY_DIRS)))
19LOCAL_POLICY_FS_USE := $(wildcard $(addsuffix sepolicy.fs_use, $(LOCAL_POLICY_DIRS)))
20LOCAL_POLICY_PORT_CONTEXTS := $(wildcard $(addsuffix sepolicy.port_contexts, $(LOCAL_POLICY_DIRS)))
21LOCAL_POLICY_GENFS_CONTEXTS := $(wildcard $(addsuffix sepolicy.genfs_contexts, $(LOCAL_POLICY_DIRS)))
22LOCAL_POLICY_INITIAL_SID_CONTEXTS := $(wildcard $(addsuffix sepolicy.initial_sid_contexts, $(LOCAL_POLICY_DIRS)))
23LOCAL_POLICY_SC := $(wildcard $(addsuffix seapp_contexts, $(LOCAL_POLICY_DIRS)))
24
25##################################
26include $(CLEAR_VARS)
27
28LOCAL_MODULE := sepolicy
29LOCAL_MODULE_CLASS := ETC
30LOCAL_MODULE_TAGS := optional
31LOCAL_MODULE_SUFFIX := .$(POLICYVERS)
32LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
33
34include $(BUILD_SYSTEM)/base_rules.mk
35
36sepolicy_policy.conf := $(intermediates)/policy.conf
37$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
38$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
39$(sepolicy_policy.conf) : $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te) $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users initial_sid_contexts) $(LOCAL_POLICY_INITIAL_SID_CONTEXTS) $(addprefix $(LOCAL_PATH)/,fs_use) $(LOCAL_POLICY_FS_USE) $(addprefix $(LOCAL_PATH)/,genfs_contexts) $(LOCAL_POLICY_GENFS_CONTEXTS) $(addprefix $(LOCAL_PATH)/,port_contexts) $(LOCAL_POLICY_PORT_CONTEXTS))
40	@mkdir -p $(dir $@)
41	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@
42
43$(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
44	@mkdir -p $(dir $@)
45	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $<
46
47sepolicy_policy.conf :=
48##################################
49include $(CLEAR_VARS)
50
51LOCAL_MODULE := file_contexts
52LOCAL_MODULE_CLASS := ETC
53LOCAL_MODULE_TAGS := optional
54LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
55
56include $(BUILD_SYSTEM)/base_rules.mk
57
58file_contexts := $(intermediates)/file_contexts
59$(file_contexts): $(LOCAL_PATH)/file_contexts $(LOCAL_POLICY_FC)
60	@mkdir -p $(dir $@)
61	$(hide) m4 -s $^ > $@
62
63file_contexts :=
64
65##################################
66include $(CLEAR_VARS)
67LOCAL_MODULE := seapp_contexts
68LOCAL_MODULE_CLASS := ETC
69LOCAL_MODULE_TAGS := optional
70LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
71
72include $(BUILD_SYSTEM)/base_rules.mk
73
74seapp_contexts := $(intermediates)/seapp_contexts
75$(seapp_contexts): $(LOCAL_PATH)/seapp_contexts $(LOCAL_POLICY_SC)
76	@mkdir -p $(dir $@)
77	$(hide) m4 -s $^ > $@
78
79seapp_contexts :=
80
81##################################
82include $(CLEAR_VARS)
83
84LOCAL_MODULE := property_contexts
85LOCAL_MODULE_CLASS := ETC
86LOCAL_MODULE_TAGS := optional
87LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
88
89include $(BUILD_SYSTEM)/base_rules.mk
90
91property_contexts := $(intermediates)/property_contexts
92$(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC)
93	@mkdir -p $(dir $@)
94	$(hide) m4 -s $^ > $@
95
96property_contexts :=
97##################################
98
99##################################
100include $(CLEAR_VARS)
101
102LOCAL_MODULE := selinux-network.sh
103LOCAL_SRC_FILES := $(LOCAL_MODULE)
104LOCAL_MODULE_CLASS := EXECUTABLES
105LOCAL_MODULE_TAGS := optional
106LOCAL_MODULE_PATH := $(TARGET_OUT_EXECUTABLES)
107
108include $(BUILD_PREBUILT)
109
110##################################
111include $(CLEAR_VARS)
112
113LOCAL_MODULE := mac_permissions.xml
114LOCAL_MODULE_CLASS := ETC
115LOCAL_MODULE_TAGS := optional
116LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security
117
118LOCAL_SRC_FILES := $(LOCAL_MODULE)
119
120include $(BUILD_PREBUILT)
121
122##################################
123
124endif #ifeq ($(HAVE_SELINUX),true)
125