package { default_applicable_licenses: ["external_selinux_libselinux_license"], } // Added automatically by a large-scale-change that took the approach of // 'apply every license found to every target'. While this makes sure we respect // every license restriction, it may not be entirely correct. // // e.g. GPL in an MIT project might only apply to the contrib/ directory. // // Please consider splitting the single license below into multiple licenses, // taking care not to lose any license_kind information, and overriding the // default license using the 'licenses: [...]' property on targets as needed. // // For unused files, consider creating a 'filegroup' with "//visibility:private" // to attach the license to, and including a comment whether the files may be // used in the current project. // http://go/android-license-faq license { name: "external_selinux_libselinux_license", visibility: [":__subpackages__"], license_kinds: [ "SPDX-license-identifier-Apache-2.0", "SPDX-license-identifier-GPL-2.0", "legacy_unencumbered", ], license_text: [ "LICENSE", ], } common_CFLAGS = [ // Persistently stored patterns (pcre2) are architecture dependent. // In particular paterns built on amd64 can not run on devices with armv7 // (32bit). Therefore, this feature stays off for now. "-DNO_PERSISTENTLY_STORED_PATTERNS", "-DDISABLE_SETRANS", "-DDISABLE_BOOL", "-D_GNU_SOURCE", "-DNO_MEDIA_BACKEND", "-DNO_X_BACKEND", "-DNO_DB_BACKEND", "-Wall", "-Werror", "-Wno-error=missing-noreturn", "-Wno-error=unused-function", "-Wno-error=unused-variable", ] cc_defaults { name: "libselinux_defaults", cflags: common_CFLAGS, srcs: [ "src/booleans.c", "src/callbacks.c", "src/freecon.c", "src/label_backends_android.c", "src/label.c", "src/label_support.c", "src/matchpathcon.c", "src/setrans_client.c", "src/sha1.c", ], target: { host: { cflags: [ "-DBUILD_HOST", ], }, android: { srcs: [ "src/android/android.c", "src/avc.c", "src/avc_internal.c", "src/avc_sidtab.c", "src/canonicalize_context.c", "src/checkAccess.c", "src/check_context.c", "src/compute_av.c", "src/compute_create.c", "src/compute_member.c", "src/context.c", "src/deny_unknown.c", "src/disable.c", "src/enabled.c", "src/fgetfilecon.c", "src/fsetfilecon.c", "src/getenforce.c", "src/getfilecon.c", "src/get_initial_context.c", "src/getpeercon.c", "src/init.c", "src/lgetfilecon.c", "src/load_policy.c", "src/lsetfilecon.c", "src/mapping.c", "src/policyvers.c", "src/procattr.c", "src/reject_unknown.c", "src/sestatus.c", "src/setenforce.c", "src/setfilecon.c", "src/stringrep.c", ], shared_libs: [ "liblog", ], header_libs: ["libcutils_headers"], local_include_dirs: [ "src" ], // 1003 corresponds to auditd, from system/core/logd/event.logtags cflags: [ "-DAUDITD_LOG_TAG=1003", ], } }, local_include_dirs: ["include"], export_include_dirs: ["include"], stl: "none", system_shared_libs: ["libc"], } cc_library { name: "libselinux", defaults: ["libselinux_defaults"], llndk: { symbol_file: "exported.map.txt", }, ramdisk_available: true, vendor_ramdisk_available: true, recovery_available: true, host_supported: true, cflags: ["-DUSE_PCRE2"], srcs: [ "src/label_file.c", "src/regex.c", ], target: { linux_glibc: { srcs: [ "src/android/android_host.c", "src/avc.c", "src/avc_internal.c", "src/avc_sidtab.c", "src/compute_av.c", "src/compute_create.c", "src/compute_member.c", "src/context.c", "src/deny_unknown.c", "src/enabled.c", "src/fgetfilecon.c", "src/getenforce.c", "src/getfilecon.c", "src/get_initial_context.c", "src/init.c", "src/lgetfilecon.c", "src/load_policy.c", "src/lsetfilecon.c", "src/mapping.c", "src/procattr.c", "src/reject_unknown.c", "src/setenforce.c", "src/setexecfilecon.c", "src/setfilecon.c", "src/stringrep.c", ], }, linux_bionic: { enabled: true, srcs: [ "src/android/android_host.c", "src/avc.c", "src/avc_internal.c", "src/avc_sidtab.c", "src/compute_av.c", "src/compute_create.c", "src/compute_member.c", "src/context.c", "src/deny_unknown.c", "src/enabled.c", "src/getenforce.c", "src/getfilecon.c", "src/get_initial_context.c", "src/init.c", "src/load_policy.c", "src/mapping.c", "src/procattr.c", "src/reject_unknown.c", "src/setexecfilecon.c", "src/stringrep.c", ], }, android: { srcs: [ "src/android/android_platform.c", ], static: { whole_static_libs: ["libpackagelistparser"], }, shared: { shared_libs: ["libpackagelistparser"], }, version_script: "exported.map.txt", }, vendor: { exclude_srcs: [ "src/android/android_platform.c", ], srcs: [ "src/android/android_vendor.c", ], cflags: ["-DNO_FILE_BACKEND"], exclude_shared_libs: ["libpackagelistparser"], exclude_static_libs: ["libpackagelistparser"], version_script: "exported_vendor.map", }, }, static: { whole_static_libs: ["libpcre2"], }, shared: { shared_libs: ["libpcre2"], }, stubs: { symbol_file: "exported.map.txt", versions: ["30"], }, } cc_binary_host { name: "sefcontext_compile", defaults: ["libselinux_defaults"], cflags: ["-DUSE_PCRE2"], srcs: ["utils/sefcontext_compile.c"], static_libs: [ "libselinux", "libsepol", ], whole_static_libs: ["libpcre2"], } rust_bindgen { name: "libselinux_bindgen", wrapper_src: "rust/selinux.h", crate_name: "selinux_bindgen", source_stem: "bindings", local_include_dirs: ["include"], // Generate bindings only for the symbols that are actually exported (see exported.map.txt). // This makes the generated bindings much more concise and improves compilation // time. bindgen_flags: [ "--allowlist-function=fgetfilecon", "--allowlist-function=fgetfilecon_raw", "--allowlist-function=freecon", "--allowlist-function=fsetfilecon", "--allowlist-function=getcon", "--allowlist-function=getfilecon", "--allowlist-function=getpeercon", "--allowlist-function=getpidcon", "--allowlist-function=is_selinux_enabled", "--allowlist-function=lgetfilecon", "--allowlist-function=lsetfilecon", "--allowlist-function=security_compute_create", "--allowlist-function=security_get_initial_context", "--allowlist-function=security_getenforce", "--allowlist-function=security_load_policy", "--allowlist-function=security_policyvers", "--allowlist-function=security_setenforce", "--allowlist-function=selabel_close", "--allowlist-function=selabel_lookup", "--allowlist-function=selabel_lookup_best_match", "--allowlist-function=selabel_open", "--allowlist-function=selinux_android_file_context_handle", "--allowlist-function=selinux_android_hw_service_context_handle", "--allowlist-function=selinux_android_load_policy", "--allowlist-function=selinux_android_load_policy_from_fd", "--allowlist-function=selinux_android_restorecon", "--allowlist-function=selinux_android_restorecon_pkgdir", "--allowlist-function=selinux_android_seapp_context_init", "--allowlist-function=selinux_android_service_context_handle", "--allowlist-function=selinux_android_set_sehandle", "--allowlist-function=selinux_android_setcon", "--allowlist-function=selinux_android_setcontext", "--allowlist-function=selinux_android_vendor_service_context_handle", "--allowlist-function=selinux_check_access", "--allowlist-function=selinux_log_callback", "--allowlist-function=selinux_set_callback", "--allowlist-function=selinux_status_open", "--allowlist-function=selinux_status_updated", "--allowlist-function=selinux_vendor_log_callback", "--allowlist-function=set_selinuxmnt", "--allowlist-function=setcon", "--allowlist-function=setexeccon", "--allowlist-function=setfilecon", "--allowlist-function=setfscreatecon", "--allowlist-function=setsockcreatecon", "--allowlist-function=setsockcreatecon_raw", "--allowlist-function=string_to_security_class", "--allowlist-function=selinux_android_context_with_level", "--allowlist-function=selinux_android_keystore2_key_context_handle", // We also need some constants in addition to the functions. "--allowlist-var=SELABEL_.*", "--allowlist-var=SELINUX_.*", ], // This is mainly to run layout tests for generated bindings on the host. host_supported: true, }