1package { 2 default_applicable_licenses: ["external_selinux_libselinux_license"], 3} 4 5// Added automatically by a large-scale-change that took the approach of 6// 'apply every license found to every target'. While this makes sure we respect 7// every license restriction, it may not be entirely correct. 8// 9// e.g. GPL in an MIT project might only apply to the contrib/ directory. 10// 11// Please consider splitting the single license below into multiple licenses, 12// taking care not to lose any license_kind information, and overriding the 13// default license using the 'licenses: [...]' property on targets as needed. 14// 15// For unused files, consider creating a 'filegroup' with "//visibility:private" 16// to attach the license to, and including a comment whether the files may be 17// used in the current project. 18// http://go/android-license-faq 19license { 20 name: "external_selinux_libselinux_license", 21 visibility: [":__subpackages__"], 22 license_kinds: [ 23 "SPDX-license-identifier-Apache-2.0", 24 "SPDX-license-identifier-GPL-2.0", 25 "legacy_unencumbered", 26 ], 27 license_text: [ 28 "LICENSE", 29 ], 30} 31 32common_CFLAGS = [ 33 // Persistently stored patterns (pcre2) are architecture dependent. 34 // In particular paterns built on amd64 can not run on devices with armv7 35 // (32bit). Therefore, this feature stays off for now. 36 "-DNO_PERSISTENTLY_STORED_PATTERNS", 37 "-DDISABLE_SETRANS", 38 "-DDISABLE_BOOL", 39 "-D_GNU_SOURCE", 40 "-DNO_MEDIA_BACKEND", 41 "-DNO_X_BACKEND", 42 "-DNO_DB_BACKEND", 43 "-Wall", 44 "-Werror", 45 "-Wno-error=missing-noreturn", 46 "-Wno-error=unused-function", 47 "-Wno-error=unused-variable", 48 "-DUSE_PCRE2", 49 // 1003 corresponds to auditd, from system/core/logd/event.logtags 50 "-DAUDITD_LOG_TAG=1003", 51] 52 53cc_defaults { 54 name: "libselinux_defaults", 55 defaults: ["libselinux_flags_defaults"], 56 57 cflags: common_CFLAGS, 58 59 srcs: [ 60 "src/android/android.c", 61 "src/android/android_seapp.c", 62 "src/avc.c", 63 "src/avc_internal.c", 64 "src/avc_sidtab.c", 65 "src/booleans.c", 66 "src/callbacks.c", 67 "src/canonicalize_context.c", 68 "src/checkAccess.c", 69 "src/check_context.c", 70 "src/compute_av.c", 71 "src/compute_create.c", 72 "src/compute_member.c", 73 "src/context.c", 74 "src/deny_unknown.c", 75 "src/disable.c", 76 "src/enabled.c", 77 "src/fgetfilecon.c", 78 "src/freecon.c", 79 "src/fsetfilecon.c", 80 "src/get_initial_context.c", 81 "src/getenforce.c", 82 "src/getfilecon.c", 83 "src/getpeercon.c", 84 "src/hashtab.c", 85 "src/init.c", 86 "src/label.c", 87 "src/label_backends_android.c", 88 "src/label_file.c", 89 "src/label_support.c", 90 "src/lgetfilecon.c", 91 "src/load_policy.c", 92 "src/lsetfilecon.c", 93 "src/mapping.c", 94 "src/matchpathcon.c", 95 "src/policyvers.c", 96 "src/procattr.c", 97 "src/regex.c", 98 "src/reject_unknown.c", 99 "src/selinux_internal.c", 100 "src/sestatus.c", 101 "src/setenforce.c", 102 "src/setfilecon.c", 103 "src/setrans_client.c", 104 "src/sha1.c", 105 "src/stringrep.c", 106 ], 107 108 target: { 109 host: { 110 cflags: [ 111 "-DBUILD_HOST", 112 ], 113 }, 114 android: { 115 cflags: [ 116 "-DHAVE_STRLCPY", 117 "-DHAVE_REALLOCARRAY", 118 ], 119 srcs: [ 120 "src/android/android_device.c", 121 ], 122 static: { 123 whole_static_libs: [ 124 "libpackagelistparser", 125 ], 126 }, 127 128 shared: { 129 shared_libs: [ 130 "libpackagelistparser", 131 ], 132 }, 133 system_shared_libs: ["libc"], 134 }, 135 }, 136 137 static: { 138 whole_static_libs: [ 139 "libpcre2", 140 "liblog", 141 ], 142 }, 143 shared: { 144 shared_libs: [ 145 "libpcre2", 146 "liblog", 147 ], 148 }, 149 header_libs: [ 150 "libbase_headers", 151 "libcutils_headers", 152 "liblog_headers", 153 ], 154 local_include_dirs: [ 155 "include", 156 "src", 157 ], 158 export_include_dirs: ["include"], 159 160 stl: "none", 161} 162 163cc_defaults { 164 name: "libselinux_flags_defaults", 165 host_supported: true, 166 cflags: select(release_flag("RELEASE_SELINUX_DATA_DATA_IGNORE"), { 167 true: ["-DSELINUX_FLAGS_DATA_DATA_IGNORE"], 168 default: [], 169 }), 170} 171 172cc_library { 173 name: "libselinux", 174 defaults: ["libselinux_defaults"], 175 176 llndk: { 177 symbol_file: "exported.map.txt", 178 }, 179 180 ramdisk_available: true, 181 vendor_ramdisk_available: true, 182 recovery_available: true, 183 host_supported: true, 184 185 target: { 186 linux_bionic: { 187 enabled: true, 188 }, 189 190 android: { 191 version_script: "exported.map.txt", 192 }, 193 }, 194 195 stubs: { 196 symbol_file: "exported.map.txt", 197 versions: ["30"], 198 }, 199} 200 201cc_test_host { 202 name: "libselinux_test", 203 defaults: ["libselinux_defaults"], 204 srcs: ["src/android/android_unittest.cpp"], 205 206 cflags: [ 207 // regex.h will conflict with the default regex.h from libc. 208 // Skip regex for gtest. 209 "-DGTEST_HAS_POSIX_RE=0", 210 // Disable automatic interactions with sysfs when libselinux is 211 // initialized. This ensures that the tests remain hermetic on the host. 212 "-DANDROID_UNIT_TESTING", 213 ], 214 whole_static_libs: [ 215 "libbase", 216 "liblog", 217 "libpcre2", 218 ], 219 220 // Use default stl. 221 stl: "", 222} 223 224cc_binary_host { 225 name: "sefcontext_compile", 226 defaults: ["libselinux_defaults"], 227 srcs: ["utils/sefcontext_compile.c"], 228 229 static_libs: [ 230 "libselinux", 231 "libsepol", 232 ], 233 234 stl: "", 235} 236 237cc_binary { 238 name: "selabel_get_digests_all_partial_matches", 239 defaults: ["libselinux_defaults"], 240 srcs: ["utils/selabel_get_digests_all_partial_matches.c"], 241 242 static_libs: [ 243 "libselinux", 244 ], 245 246 stl: "", 247} 248 249rust_bindgen { 250 name: "libselinux_bindgen", 251 wrapper_src: "rust/selinux.h", 252 crate_name: "selinux_bindgen", 253 visibility: [ 254 "//frameworks/native/libs/binder/rust/tests", 255 "//system/security/keystore2:__subpackages__", 256 "//packages/modules/Virtualization:__subpackages__", 257 "//system/software_defined_vehicle:__subpackages__", 258 ], 259 source_stem: "bindings", 260 local_include_dirs: ["include"], 261 262 // Generate bindings only for the symbols that are actually exported (see exported.map.txt). 263 // This makes the generated bindings much more concise and improves compilation 264 // time. 265 bindgen_flags: [ 266 "--allowlist-function=fgetfilecon", 267 "--allowlist-function=fgetfilecon_raw", 268 "--allowlist-function=freecon", 269 "--allowlist-function=fsetfilecon", 270 "--allowlist-function=getcon", 271 "--allowlist-function=getfilecon", 272 "--allowlist-function=getpeercon", 273 "--allowlist-function=getpidcon", 274 "--allowlist-function=getprevcon", 275 "--allowlist-function=is_selinux_enabled", 276 "--allowlist-function=lgetfilecon", 277 "--allowlist-function=lsetfilecon", 278 "--allowlist-function=security_compute_create", 279 "--allowlist-function=security_get_initial_context", 280 "--allowlist-function=security_getenforce", 281 "--allowlist-function=security_load_policy", 282 "--allowlist-function=security_policyvers", 283 "--allowlist-function=security_setenforce", 284 "--allowlist-function=selabel_close", 285 "--allowlist-function=selabel_lookup", 286 "--allowlist-function=selabel_lookup_best_match", 287 "--allowlist-function=selabel_open", 288 "--allowlist-function=selinux_android_file_context_handle", 289 "--allowlist-function=selinux_android_hw_service_context_handle", 290 "--allowlist-function=selinux_android_load_policy", 291 "--allowlist-function=selinux_android_load_policy_from_fd", 292 "--allowlist-function=selinux_android_restorecon", 293 "--allowlist-function=selinux_android_restorecon_pkgdir", 294 "--allowlist-function=selinux_android_seapp_context_init", 295 "--allowlist-function=selinux_android_service_context_handle", 296 "--allowlist-function=selinux_android_set_sehandle", 297 "--allowlist-function=selinux_android_setcon", 298 "--allowlist-function=selinux_android_setcontext", 299 "--allowlist-function=selinux_android_vendor_service_context_handle", 300 "--allowlist-function=selinux_check_access", 301 "--allowlist-function=selinux_log_callback", 302 "--allowlist-function=selinux_set_callback", 303 "--allowlist-function=selinux_status_open", 304 "--allowlist-function=selinux_status_updated", 305 "--allowlist-function=selinux_vendor_log_callback", 306 "--allowlist-function=set_selinuxmnt", 307 "--allowlist-function=setcon", 308 "--allowlist-function=setexeccon", 309 "--allowlist-function=setfilecon", 310 "--allowlist-function=setfscreatecon", 311 "--allowlist-function=setsockcreatecon", 312 "--allowlist-function=setsockcreatecon_raw", 313 "--allowlist-function=string_to_security_class", 314 "--allowlist-function=selinux_android_context_with_level", 315 "--allowlist-function=selinux_android_keystore2_key_context_handle", 316 "--allowlist-function=selinux_android_tee_service_context_handle", 317 318 // We also need some constants in addition to the functions. 319 "--allowlist-var=SELABEL_.*", 320 "--allowlist-var=SELINUX_.*", 321 ], 322 323 // This is mainly to run layout tests for generated bindings on the host. 324 host_supported: true, 325 326 apex_available: [ 327 "com.android.virt", 328 "//apex_available:platform", 329 ], 330} 331 332rust_test { 333 name: "libselinux_bindgen_test", 334 srcs: [ 335 ":libselinux_bindgen", 336 ], 337 crate_name: "selinux_bindgen_test", 338 test_suites: ["general-tests"], 339 auto_gen_config: true, 340 clippy_lints: "none", 341 lints: "none", 342} 343