Android.mk revision 171a06257124401af2e7c33fbbcbc69c18e45486
1ifeq ($(HAVE_SELINUX),true) 2 3LOCAL_PATH:= $(call my-dir) 4include $(CLEAR_VARS) 5 6# SELinux policy version. 7# Must be <= /selinux/policyvers reported by the Android kernel. 8# Must be within the compatibility range reported by checkpolicy -V. 9POLICYVERS := 24 10 11MLS_SENS=1 12MLS_CATS=1024 13 14LOCAL_POLICY_DIRS := $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)/ device/*/$(TARGET_DEVICE)/ vendor/*/$(TARGET_DEVICE)/ 15 16LOCAL_POLICY_FC := $(wildcard $(addsuffix sepolicy.fc, $(LOCAL_POLICY_DIRS))) 17LOCAL_POLICY_TE := $(wildcard $(addsuffix sepolicy.te, $(LOCAL_POLICY_DIRS))) 18LOCAL_POLICY_PC := $(wildcard $(addsuffix sepolicy.pc, $(LOCAL_POLICY_DIRS))) 19LOCAL_POLICY_FS_USE := $(wildcard $(addsuffix sepolicy.fs_use, $(LOCAL_POLICY_DIRS))) 20LOCAL_POLICY_PORT_CONTEXTS := $(wildcard $(addsuffix sepolicy.port_contexts, $(LOCAL_POLICY_DIRS))) 21LOCAL_POLICY_GENFS_CONTEXTS := $(wildcard $(addsuffix sepolicy.genfs_contexts, $(LOCAL_POLICY_DIRS))) 22LOCAL_POLICY_INITIAL_SID_CONTEXTS := $(wildcard $(addsuffix sepolicy.initial_sid_contexts, $(LOCAL_POLICY_DIRS))) 23LOCAL_POLICY_SC := $(wildcard $(addsuffix seapp_contexts, $(LOCAL_POLICY_DIRS))) 24 25################################## 26include $(CLEAR_VARS) 27 28LOCAL_MODULE := sepolicy 29LOCAL_MODULE_CLASS := ETC 30LOCAL_MODULE_TAGS := optional 31LOCAL_MODULE_SUFFIX := .$(POLICYVERS) 32LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 33 34include $(BUILD_SYSTEM)/base_rules.mk 35 36sepolicy_policy.conf := $(intermediates)/policy.conf 37$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) 38$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) 39$(sepolicy_policy.conf) : $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te) $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users initial_sid_contexts) $(LOCAL_POLICY_INITIAL_SID_CONTEXTS) $(addprefix $(LOCAL_PATH)/,fs_use) $(LOCAL_POLICY_FS_USE) $(addprefix $(LOCAL_PATH)/,genfs_contexts) $(LOCAL_POLICY_GENFS_CONTEXTS) $(addprefix $(LOCAL_PATH)/,port_contexts) $(LOCAL_POLICY_PORT_CONTEXTS)) 40 @mkdir -p $(dir $@) 41 $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@ 42 43$(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy 44 @mkdir -p $(dir $@) 45 $(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $< 46 47sepolicy_policy.conf := 48################################## 49include $(CLEAR_VARS) 50 51LOCAL_MODULE := file_contexts 52LOCAL_MODULE_CLASS := ETC 53LOCAL_MODULE_TAGS := optional 54LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 55 56include $(BUILD_SYSTEM)/base_rules.mk 57 58file_contexts := $(intermediates)/file_contexts 59$(file_contexts): $(LOCAL_PATH)/file_contexts $(LOCAL_POLICY_FC) 60 @mkdir -p $(dir $@) 61 $(hide) m4 -s $^ > $@ 62 63file_contexts := 64 65################################## 66include $(CLEAR_VARS) 67LOCAL_MODULE := seapp_contexts 68LOCAL_MODULE_CLASS := ETC 69LOCAL_MODULE_TAGS := optional 70LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 71 72include $(BUILD_SYSTEM)/base_rules.mk 73 74seapp_contexts := $(intermediates)/seapp_contexts 75$(seapp_contexts): $(LOCAL_PATH)/seapp_contexts $(LOCAL_POLICY_SC) 76 @mkdir -p $(dir $@) 77 $(hide) m4 -s $^ > $@ 78 79seapp_contexts := 80 81################################## 82include $(CLEAR_VARS) 83 84LOCAL_MODULE := property_contexts 85LOCAL_MODULE_CLASS := ETC 86LOCAL_MODULE_TAGS := optional 87LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 88 89include $(BUILD_SYSTEM)/base_rules.mk 90 91property_contexts := $(intermediates)/property_contexts 92$(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC) 93 @mkdir -p $(dir $@) 94 $(hide) m4 -s $^ > $@ 95 96property_contexts := 97################################## 98 99################################## 100include $(CLEAR_VARS) 101 102LOCAL_MODULE := selinux-network.sh 103LOCAL_SRC_FILES := $(LOCAL_MODULE) 104LOCAL_MODULE_CLASS := EXECUTABLES 105LOCAL_MODULE_TAGS := optional 106LOCAL_MODULE_PATH := $(TARGET_OUT_EXECUTABLES) 107 108include $(BUILD_PREBUILT) 109 110################################## 111include $(CLEAR_VARS) 112 113LOCAL_MODULE := mac_permissions.xml 114LOCAL_MODULE_CLASS := ETC 115LOCAL_MODULE_TAGS := optional 116LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security 117 118LOCAL_SRC_FILES := $(LOCAL_MODULE) 119 120include $(BUILD_PREBUILT) 121 122################################## 123 124endif #ifeq ($(HAVE_SELINUX),true) 125