Google Git
Sign in
android / platform / external / selinux / 5cc354a639a69b81182709660a318a673829b246 / . / libselinux / Android.bp
blob: ff7dc3d3424a3483b55dfe79d380e2ed4ebff4c0 [file] [log] [blame]
package {
default_applicable_licenses: ["external_selinux_libselinux_license"],
}
// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'filegroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
// http://go/android-license-faq
license {
name: "external_selinux_libselinux_license",
visibility: [":__subpackages__"],
license_kinds: [
"SPDX-license-identifier-Apache-2.0",
"SPDX-license-identifier-GPL-2.0",
"legacy_unencumbered",
],
license_text: [
"LICENSE",
],
}
common_CFLAGS = [
// Persistently stored patterns (pcre2) are architecture dependent.
// In particular paterns built on amd64 can not run on devices with armv7
// (32bit). Therefore, this feature stays off for now.
"-DNO_PERSISTENTLY_STORED_PATTERNS",
"-DDISABLE_SETRANS",
"-DDISABLE_BOOL",
"-D_GNU_SOURCE",
"-DNO_MEDIA_BACKEND",
"-DNO_X_BACKEND",
"-DNO_DB_BACKEND",
"-Wall",
"-Werror",
"-Wno-error=missing-noreturn",
"-Wno-error=unused-function",
"-Wno-error=unused-variable",
"-DUSE_PCRE2",
// 1003 corresponds to auditd, from system/core/logd/event.logtags
"-DAUDITD_LOG_TAG=1003",
]
cc_defaults {
name: "libselinux_defaults",
cflags: common_CFLAGS,
srcs: [
"src/android/android.c",
"src/android/android_seapp.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/booleans.c",
"src/callbacks.c",
"src/canonicalize_context.c",
"src/checkAccess.c",
"src/check_context.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/disable.c",
"src/enabled.c",
"src/fgetfilecon.c",
"src/freecon.c",
"src/fsetfilecon.c",
"src/get_initial_context.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/getpeercon.c",
"src/init.c",
"src/label.c",
"src/label_backends_android.c",
"src/label_file.c",
"src/label_support.c",
"src/lgetfilecon.c",
"src/load_policy.c",
"src/lsetfilecon.c",
"src/mapping.c",
"src/matchpathcon.c",
"src/policyvers.c",
"src/procattr.c",
"src/regex.c",
"src/reject_unknown.c",
"src/selinux_internal.c",
"src/sestatus.c",
"src/setenforce.c",
"src/setfilecon.c",
"src/setrans_client.c",
"src/sha1.c",
"src/stringrep.c",
],
target: {
host: {
cflags: [
"-DBUILD_HOST",
],
},
android: {
cflags: [
"-DHAVE_STRLCPY"
],
srcs: [
"src/android/android_device.c",
],
static: {
whole_static_libs: [
"libpackagelistparser",
],
},
shared: {
shared_libs: [
"libpackagelistparser",
],
},
system_shared_libs: ["libc"],
},
},
static: {
whole_static_libs: [
"libpcre2",
"liblog",
],
},
shared: {
shared_libs: [
"libpcre2",
"liblog",
],
},
header_libs: [
"libbase_headers",
"libcutils_headers",
"liblog_headers",
],
local_include_dirs: [
"include",
"src",
],
export_include_dirs: ["include"],
stl: "none",
}
cc_library {
name: "libselinux",
defaults: ["libselinux_defaults"],
llndk: {
symbol_file: "exported.map.txt",
},
ramdisk_available: true,
vendor_ramdisk_available: true,
recovery_available: true,
host_supported: true,
target: {
linux_bionic: {
enabled: true,
},
android: {
version_script: "exported.map.txt",
},
},
stubs: {
symbol_file: "exported.map.txt",
versions: ["30"],
},
}
cc_test_host {
name: "libselinux_test",
defaults: ["libselinux_defaults"],
srcs: ["src/android/android_unittest.cpp"],
cflags: [
// regex.h will conflict with the default regex.h from libc.
// Skip regex for gtest.
"-DGTEST_HAS_POSIX_RE=0",
// Disable automatic interactions with sysfs when libselinux is
// initialized. This ensures that the tests remain hermetic on the host.
"-DANDROID_UNIT_TESTING",
],
whole_static_libs: [
"libbase",
"liblog",
"libpcre2",
],
// Use default stl.
stl:""
}
cc_binary_host {
name: "sefcontext_compile",
defaults: ["libselinux_defaults"],
srcs: ["utils/sefcontext_compile.c"],
static_libs: [
"libselinux",
"libsepol",
],
stl: "",
}
rust_bindgen {
name: "libselinux_bindgen",
wrapper_src: "rust/selinux.h",
crate_name: "selinux_bindgen",
visibility: ["//frameworks/native/libs/binder/rust/tests", "//system/security/keystore2:__subpackages__", "//packages/modules/Virtualization:__subpackages__"],
source_stem: "bindings",
local_include_dirs: ["include"],
// Generate bindings only for the symbols that are actually exported (see exported.map.txt).
// This makes the generated bindings much more concise and improves compilation
// time.
bindgen_flags: [
"--allowlist-function=fgetfilecon",
"--allowlist-function=fgetfilecon_raw",
"--allowlist-function=freecon",
"--allowlist-function=fsetfilecon",
"--allowlist-function=getcon",
"--allowlist-function=getfilecon",
"--allowlist-function=getpeercon",
"--allowlist-function=getpidcon",
"--allowlist-function=is_selinux_enabled",
"--allowlist-function=lgetfilecon",
"--allowlist-function=lsetfilecon",
"--allowlist-function=security_compute_create",
"--allowlist-function=security_get_initial_context",
"--allowlist-function=security_getenforce",
"--allowlist-function=security_load_policy",
"--allowlist-function=security_policyvers",
"--allowlist-function=security_setenforce",
"--allowlist-function=selabel_close",
"--allowlist-function=selabel_lookup",
"--allowlist-function=selabel_lookup_best_match",
"--allowlist-function=selabel_open",
"--allowlist-function=selinux_android_file_context_handle",
"--allowlist-function=selinux_android_hw_service_context_handle",
"--allowlist-function=selinux_android_load_policy",
"--allowlist-function=selinux_android_load_policy_from_fd",
"--allowlist-function=selinux_android_restorecon",
"--allowlist-function=selinux_android_restorecon_pkgdir",
"--allowlist-function=selinux_android_seapp_context_init",
"--allowlist-function=selinux_android_service_context_handle",
"--allowlist-function=selinux_android_set_sehandle",
"--allowlist-function=selinux_android_setcon",
"--allowlist-function=selinux_android_setcontext",
"--allowlist-function=selinux_android_vendor_service_context_handle",
"--allowlist-function=selinux_check_access",
"--allowlist-function=selinux_log_callback",
"--allowlist-function=selinux_set_callback",
"--allowlist-function=selinux_status_open",
"--allowlist-function=selinux_status_updated",
"--allowlist-function=selinux_vendor_log_callback",
"--allowlist-function=set_selinuxmnt",
"--allowlist-function=setcon",
"--allowlist-function=setexeccon",
"--allowlist-function=setfilecon",
"--allowlist-function=setfscreatecon",
"--allowlist-function=setsockcreatecon",
"--allowlist-function=setsockcreatecon_raw",
"--allowlist-function=string_to_security_class",
"--allowlist-function=selinux_android_context_with_level",
"--allowlist-function=selinux_android_keystore2_key_context_handle",
// We also need some constants in addition to the functions.
"--allowlist-var=SELABEL_.*",
"--allowlist-var=SELINUX_.*",
],
// This is mainly to run layout tests for generated bindings on the host.
host_supported: true,
apex_available: [
"com.android.virt",
"//apex_available:platform",
],
}
rust_test {
name: "libselinux_bindgen_test",
srcs: [
":libselinux_bindgen",
],
crate_name: "selinux_bindgen_test",
test_suites: ["general-tests"],
auto_gen_config: true,
clippy_lints: "none",
lints: "none",
}