Android.mk revision 2e0cd5ad36321fd7a8f21768dac080d09b658920
1LOCAL_PATH:= $(call my-dir) 2 3include $(CLEAR_VARS) 4 5# SELinux policy version. 6# Must be <= /selinux/policyvers reported by the Android kernel. 7# Must be within the compatibility range reported by checkpolicy -V. 8POLICYVERS ?= 26 9 10MLS_SENS=1 11MLS_CATS=1024 12 13# Quick edge case error detection for BOARD_SEPOLICY_REPLACE. 14# Builds the singular path for each replace file. 15sepolicy_replace_paths := 16$(foreach pf, $(BOARD_SEPOLICY_REPLACE), \ 17 $(if $(filter $(pf), $(BOARD_SEPOLICY_UNION)), \ 18 $(error Ambiguous request for sepolicy $(pf). Appears in both \ 19 BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION), \ 20 ) \ 21 $(eval _paths := $(filter-out $(BOARD_SEPOLICY_IGNORE), \ 22 $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS))))) \ 23 $(eval _occurrences := $(words $(_paths))) \ 24 $(if $(filter 0,$(_occurrences)), \ 25 $(error No sepolicy file found for $(pf) in $(BOARD_SEPOLICY_DIRS)), \ 26 ) \ 27 $(if $(filter 1, $(_occurrences)), \ 28 $(eval sepolicy_replace_paths += $(_paths)), \ 29 $(error Multiple occurrences of replace file $(pf) in $(_paths)) \ 30 ) \ 31 $(if $(filter 0, $(words $(wildcard $(addsuffix /$(pf), $(LOCAL_PATH))))), \ 32 $(error Specified the sepolicy file $(pf) in BOARD_SEPOLICY_REPLACE, \ 33 but none found in $(LOCAL_PATH)), \ 34 ) \ 35) 36 37# Quick edge case error detection for BOARD_SEPOLICY_UNION. 38# This ensures that a requested union file exists somewhere 39# in one of the listed BOARD_SEPOLICY_DIRS. 40$(foreach pf, $(BOARD_SEPOLICY_UNION), \ 41 $(if $(filter 0, $(words $(wildcard $(addsuffix /$(pf), $(BOARD_SEPOLICY_DIRS))))), \ 42 $(error No sepolicy file found for $(pf) in $(BOARD_SEPOLICY_DIRS)), \ 43 ) \ 44) 45 46# Builds paths for all requested policy files w.r.t 47# both BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION 48# product variables. 49# $(1): the set of policy name paths to build 50build_policy = $(foreach type, $(1), \ 51 $(filter-out $(BOARD_SEPOLICY_IGNORE), \ 52 $(foreach expanded_type, $(notdir $(wildcard $(addsuffix /$(type), $(LOCAL_PATH)))), \ 53 $(if $(filter $(expanded_type), $(BOARD_SEPOLICY_REPLACE)), \ 54 $(wildcard $(addsuffix $(expanded_type), $(sort $(dir $(sepolicy_replace_paths))))), \ 55 $(LOCAL_PATH)/$(expanded_type) \ 56 ) \ 57 ) \ 58 $(foreach union_policy, $(wildcard $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS))), \ 59 $(if $(filter $(notdir $(union_policy)), $(BOARD_SEPOLICY_UNION)), \ 60 $(union_policy), \ 61 ) \ 62 ) \ 63 ) \ 64) 65 66sepolicy_build_files := security_classes \ 67 initial_sids \ 68 access_vectors \ 69 global_macros \ 70 neverallow_macros \ 71 mls_macros \ 72 mls \ 73 policy_capabilities \ 74 te_macros \ 75 attributes \ 76 *.te \ 77 roles \ 78 users \ 79 initial_sid_contexts \ 80 fs_use \ 81 genfs_contexts \ 82 port_contexts 83 84################################## 85include $(CLEAR_VARS) 86 87LOCAL_MODULE := sepolicy 88LOCAL_MODULE_CLASS := ETC 89LOCAL_MODULE_TAGS := optional 90LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 91 92include $(BUILD_SYSTEM)/base_rules.mk 93 94sepolicy_policy.conf := $(intermediates)/policy.conf 95$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) 96$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) 97$(sepolicy_policy.conf) : $(call build_policy, $(sepolicy_build_files)) 98 @mkdir -p $(dir $@) 99 $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ 100 -D target_build_variant=$(TARGET_BUILD_VARIANT) \ 101 -s $^ > $@ 102 $(hide) sed '/dontaudit/d' $@ > $@.dontaudit 103 104$(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy 105 @mkdir -p $(dir $@) 106 $(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $< 107 $(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $(dir $<)/$(notdir $@).dontaudit $<.dontaudit 108 109built_sepolicy := $(LOCAL_BUILT_MODULE) 110sepolicy_policy.conf := 111 112################################## 113include $(CLEAR_VARS) 114 115LOCAL_MODULE := sepolicy.recovery 116LOCAL_MODULE_CLASS := ETC 117LOCAL_MODULE_TAGS := eng 118 119include $(BUILD_SYSTEM)/base_rules.mk 120 121sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf 122$(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS) 123$(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS) 124$(sepolicy_policy_recovery.conf) : $(call build_policy, $(sepolicy_build_files)) 125 @mkdir -p $(dir $@) 126 $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ 127 -D target_build_variant=$(TARGET_BUILD_VARIANT) \ 128 -D target_recovery=true \ 129 -s $^ > $@ 130 131$(LOCAL_BUILT_MODULE) : $(sepolicy_policy_recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy 132 @mkdir -p $(dir $@) 133 $(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $< 134 135built_sepolicy_recovery := $(LOCAL_BUILT_MODULE) 136sepolicy_policy_recovery.conf := 137 138################################## 139include $(CLEAR_VARS) 140 141LOCAL_MODULE := general_sepolicy.conf 142LOCAL_MODULE_CLASS := ETC 143LOCAL_MODULE_TAGS := tests 144 145include $(BUILD_SYSTEM)/base_rules.mk 146 147exp_sepolicy_build_files :=\ 148 $(wildcard $(addprefix $(LOCAL_PATH)/, $(sepolicy_build_files))) 149 150$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS) 151$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS) 152$(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files) 153 mkdir -p $(dir $@) 154 $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ 155 -D target_build_variant=user \ 156 -s $^ > $@ 157 $(hide) sed '/dontaudit/d' $@ > $@.dontaudit 158 159GENERAL_SEPOLICY_POLICY.CONF = $(LOCAL_BUILT_MODULE) 160 161exp_sepolicy_build_files := 162 163################################## 164include $(CLEAR_VARS) 165 166LOCAL_MODULE := file_contexts 167LOCAL_MODULE_CLASS := ETC 168LOCAL_MODULE_TAGS := optional 169LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 170 171include $(BUILD_SYSTEM)/base_rules.mk 172 173ALL_FC_FILES := $(call build_policy, file_contexts) 174 175$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 176$(LOCAL_BUILT_MODULE): $(ALL_FC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 177 @mkdir -p $(dir $@) 178 $(hide) m4 -s $(ALL_FC_FILES) > $@ 179 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@ 180 181built_fc := $(LOCAL_BUILT_MODULE) 182 183################################## 184include $(CLEAR_VARS) 185 186LOCAL_MODULE := general_file_contexts 187LOCAL_MODULE_CLASS := ETC 188LOCAL_MODULE_TAGS := tests 189 190include $(BUILD_SYSTEM)/base_rules.mk 191 192$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 193$(LOCAL_BUILT_MODULE) : $(addprefix $(LOCAL_PATH)/, file_contexts) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 194 @mkdir -p $(dir $@) 195 $(hide) m4 -s $< > $@ 196 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc $(PRIVATE_SEPOLICY) $@ 197 198GENERAL_FILE_CONTEXTS := $(LOCAL_BUILT_MODULE) 199 200################################## 201include $(CLEAR_VARS) 202LOCAL_MODULE := seapp_contexts 203LOCAL_MODULE_CLASS := ETC 204LOCAL_MODULE_TAGS := optional 205LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 206 207include $(BUILD_SYSTEM)/base_rules.mk 208 209seapp_contexts.tmp := $(intermediates)/seapp_contexts.tmp 210$(seapp_contexts.tmp): $(call build_policy, seapp_contexts) 211 @mkdir -p $(dir $@) 212 $(hide) m4 -s $^ > $@ 213 214$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 215$(LOCAL_BUILT_MODULE) : $(seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkseapp 216 @mkdir -p $(dir $@) 217 $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $< 218 219built_sc := $(LOCAL_BUILT_MODULE) 220seapp_contexts.tmp := 221 222################################## 223include $(CLEAR_VARS) 224LOCAL_MODULE := general_seapp_contexts 225LOCAL_MODULE_CLASS := ETC 226LOCAL_MODULE_TAGS := tests 227 228include $(BUILD_SYSTEM)/base_rules.mk 229 230general_seapp_contexts.tmp := $(intermediates)/general_seapp_contexts.tmp 231$(general_seapp_contexts.tmp): $(addprefix $(LOCAL_PATH)/, seapp_contexts) 232 @mkdir -p $(dir $@) 233 $(hide) m4 -s $^ > $@ 234 235$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 236$(LOCAL_BUILT_MODULE) : $(general_seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkseapp 237 @mkdir -p $(dir $@) 238 $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $< 239 240GENERAL_SEAPP_CONTEXTS := $(LOCAL_BUILT_MODULE) 241general_seapp_contexts.tmp := 242 243################################## 244include $(CLEAR_VARS) 245 246LOCAL_MODULE := property_contexts 247LOCAL_MODULE_CLASS := ETC 248LOCAL_MODULE_TAGS := optional 249LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 250 251include $(BUILD_SYSTEM)/base_rules.mk 252 253ALL_PC_FILES := $(call build_policy, property_contexts) 254 255$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 256$(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 257 @mkdir -p $(dir $@) 258 $(hide) m4 -s $(ALL_PC_FILES) > $@ 259 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@ 260 261built_pc := $(LOCAL_BUILT_MODULE) 262 263################################## 264include $(CLEAR_VARS) 265 266LOCAL_MODULE := general_property_contexts 267LOCAL_MODULE_CLASS := ETC 268LOCAL_MODULE_TAGS := tests 269 270$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 271$(LOCAL_BUILT_MODULE) : $(addprefix $(LOCAL_PATH)/, property_contexts) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 272 @mkdir -p $(dir $@) 273 $(hide) m4 -s $< > $@ 274 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@ 275 276GENERAL_PROPERTY_CONTEXTS := $(LOCAL_BUILT_MODULE) 277 278################################## 279include $(CLEAR_VARS) 280 281LOCAL_MODULE := service_contexts 282LOCAL_MODULE_CLASS := ETC 283LOCAL_MODULE_TAGS := optional 284LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 285 286include $(BUILD_SYSTEM)/base_rules.mk 287 288ALL_SVC_FILES := $(call build_policy, service_contexts) 289 290$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 291$(LOCAL_BUILT_MODULE): $(ALL_SVC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 292 @mkdir -p $(dir $@) 293 $(hide) m4 -s $(ALL_SVC_FILES) > $@ 294 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@ 295 296built_svc := $(LOCAL_BUILT_MODULE) 297 298################################## 299include $(CLEAR_VARS) 300 301LOCAL_MODULE := general_service_contexts 302LOCAL_MODULE_CLASS := ETC 303LOCAL_MODULE_TAGS := tests 304 305include $(BUILD_SYSTEM)/base_rules.mk 306 307$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 308$(LOCAL_BUILT_MODULE) : $(addprefix $(LOCAL_PATH)/, service_contexts) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc 309 @mkdir -p $(dir $@) 310 $(hide) m4 -s $< > $@ 311 $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@ 312 313GENERAL_SERVICE_CONTEXTS := $(LOCAL_BUILT_MODULE) 314 315################################## 316include $(CLEAR_VARS) 317 318LOCAL_MODULE := mac_permissions.xml 319LOCAL_MODULE_CLASS := ETC 320LOCAL_MODULE_TAGS := optional 321LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security 322 323include $(BUILD_SYSTEM)/base_rules.mk 324 325# Build keys.conf 326mac_perms_keys.tmp := $(intermediates)/keys.tmp 327$(mac_perms_keys.tmp) : $(call build_policy, keys.conf) 328 @mkdir -p $(dir $@) 329 $(hide) m4 -s $^ > $@ 330 331ALL_MAC_PERMS_FILES := $(call build_policy, $(LOCAL_MODULE)) 332 333$(LOCAL_BUILT_MODULE) : $(mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py $(ALL_MAC_PERMS_FILES) 334 @mkdir -p $(dir $@) 335 $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \ 336 $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(ALL_MAC_PERMS_FILES) 337 338mac_perms_keys.tmp := 339################################## 340include $(CLEAR_VARS) 341 342LOCAL_MODULE := selinux_version 343LOCAL_MODULE_CLASS := ETC 344LOCAL_MODULE_TAGS := optional 345LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 346 347include $(BUILD_SYSTEM)/base_rules.mk 348$(LOCAL_BUILT_MODULE) : $(built_sepolicy) $(built_pc) $(built_fc) $(built_sc) $(built_svc) 349 @mkdir -p $(dir $@) 350 $(hide) echo -n $(BUILD_FINGERPRINT) > $@ 351 352################################## 353 354build_policy := 355sepolicy_build_files := 356sepolicy_replace_paths := 357built_sepolicy := 358built_sc := 359built_fc := 360built_pc := 361built_svc := 362 363include $(call all-makefiles-under,$(LOCAL_PATH)) 364