You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

333 lines
10 KiB

package {
default_applicable_licenses: ["external_selinux_libselinux_license"],
}
// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'filegroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
// http://go/android-license-faq
license {
name: "external_selinux_libselinux_license",
visibility: [":__subpackages__"],
license_kinds: [
"SPDX-license-identifier-Apache-2.0",
"SPDX-license-identifier-GPL-2.0",
"legacy_unencumbered",
],
license_text: [
"LICENSE",
],
}
common_CFLAGS = [
// Persistently stored patterns (pcre2) are architecture dependent.
// In particular paterns built on amd64 can not run on devices with armv7
// (32bit). Therefore, this feature stays off for now.
"-DNO_PERSISTENTLY_STORED_PATTERNS",
"-DDISABLE_SETRANS",
"-DDISABLE_BOOL",
"-D_GNU_SOURCE",
"-DNO_MEDIA_BACKEND",
"-DNO_X_BACKEND",
"-DNO_DB_BACKEND",
"-Wall",
"-Werror",
"-Wno-error=missing-noreturn",
"-Wno-error=unused-function",
"-Wno-error=unused-variable",
]
cc_defaults {
name: "libselinux_defaults",
cflags: common_CFLAGS,
srcs: [
"src/booleans.c",
"src/callbacks.c",
"src/freecon.c",
"src/label_backends_android.c",
"src/label.c",
"src/label_support.c",
"src/matchpathcon.c",
"src/setrans_client.c",
"src/sha1.c",
],
target: {
host: {
cflags: [
"-DBUILD_HOST",
],
},
android: {
srcs: [
"src/android/android.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/canonicalize_context.c",
"src/checkAccess.c",
"src/check_context.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/disable.c",
"src/enabled.c",
"src/fgetfilecon.c",
"src/fsetfilecon.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/get_initial_context.c",
"src/getpeercon.c",
"src/init.c",
"src/lgetfilecon.c",
"src/load_policy.c",
"src/lsetfilecon.c",
"src/mapping.c",
"src/policyvers.c",
"src/procattr.c",
"src/reject_unknown.c",
"src/sestatus.c",
"src/setenforce.c",
"src/setfilecon.c",
"src/stringrep.c",
],
shared_libs: [
"liblog",
],
header_libs: ["libcutils_headers"],
local_include_dirs: [ "src" ],
// 1003 corresponds to auditd, from system/core/logd/event.logtags
cflags: [
"-DAUDITD_LOG_TAG=1003",
],
}
},
local_include_dirs: ["include"],
export_include_dirs: ["include"],
stl: "none",
system_shared_libs: ["libc"],
}
cc_library {
name: "libselinux",
defaults: ["libselinux_defaults"],
llndk: {
symbol_file: "exported.map.txt",
},
ramdisk_available: true,
vendor_ramdisk_available: true,
recovery_available: true,
host_supported: true,
cflags: ["-DUSE_PCRE2"],
srcs: [
"src/label_file.c",
"src/regex.c",
],
target: {
linux_glibc: {
srcs: [
"src/android/android_host.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/enabled.c",
"src/fgetfilecon.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/get_initial_context.c",
"src/init.c",
"src/lgetfilecon.c",
"src/load_policy.c",
"src/lsetfilecon.c",
"src/mapping.c",
"src/procattr.c",
"src/reject_unknown.c",
"src/setenforce.c",
"src/setexecfilecon.c",
"src/setfilecon.c",
"src/stringrep.c",
],
},
linux_bionic: {
enabled: true,
srcs: [
"src/android/android_host.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/enabled.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/get_initial_context.c",
"src/init.c",
"src/load_policy.c",
"src/mapping.c",
"src/procattr.c",
"src/reject_unknown.c",
"src/setexecfilecon.c",
"src/stringrep.c",
],
},
android: {
srcs: [
"src/android/android_platform.c",
],
static: {
whole_static_libs: ["libpackagelistparser"],
},
shared: {
shared_libs: ["libpackagelistparser"],
},
version_script: "exported.map.txt",
},
vendor: {
exclude_srcs: [
"src/android/android_platform.c",
],
srcs: [
"src/android/android_vendor.c",
],
cflags: ["-DNO_FILE_BACKEND"],
exclude_shared_libs: ["libpackagelistparser"],
exclude_static_libs: ["libpackagelistparser"],
version_script: "exported_vendor.map",
},
},
static: {
whole_static_libs: ["libpcre2"],
},
shared: {
shared_libs: ["libpcre2"],
},
stubs: {
symbol_file: "exported.map.txt",
versions: ["30"],
},
}
cc_binary_host {
name: "sefcontext_compile",
defaults: ["libselinux_defaults"],
cflags: ["-DUSE_PCRE2"],
srcs: ["utils/sefcontext_compile.c"],
static_libs: [
"libselinux",
"libsepol",
],
whole_static_libs: ["libpcre2"],
}
rust_bindgen {
name: "libselinux_bindgen",
wrapper_src: "rust/selinux.h",
crate_name: "selinux_bindgen",
source_stem: "bindings",
local_include_dirs: ["include"],
// Generate bindings only for the symbols that are actually exported (see exported.map.txt).
// This makes the generated bindings much more concise and improves compilation
// time.
bindgen_flags: [
"--allowlist-function=fgetfilecon",
"--allowlist-function=fgetfilecon_raw",
"--allowlist-function=freecon",
"--allowlist-function=fsetfilecon",
"--allowlist-function=getcon",
"--allowlist-function=getfilecon",
"--allowlist-function=getpeercon",
"--allowlist-function=getpidcon",
"--allowlist-function=is_selinux_enabled",
"--allowlist-function=lgetfilecon",
"--allowlist-function=lsetfilecon",
"--allowlist-function=security_compute_create",
"--allowlist-function=security_get_initial_context",
"--allowlist-function=security_getenforce",
"--allowlist-function=security_load_policy",
"--allowlist-function=security_policyvers",
"--allowlist-function=security_setenforce",
"--allowlist-function=selabel_close",
"--allowlist-function=selabel_lookup",
"--allowlist-function=selabel_lookup_best_match",
"--allowlist-function=selabel_open",
"--allowlist-function=selinux_android_file_context_handle",
"--allowlist-function=selinux_android_hw_service_context_handle",
"--allowlist-function=selinux_android_load_policy",
"--allowlist-function=selinux_android_load_policy_from_fd",
"--allowlist-function=selinux_android_restorecon",
"--allowlist-function=selinux_android_restorecon_pkgdir",
"--allowlist-function=selinux_android_seapp_context_init",
"--allowlist-function=selinux_android_service_context_handle",
"--allowlist-function=selinux_android_set_sehandle",
"--allowlist-function=selinux_android_setcon",
"--allowlist-function=selinux_android_setcontext",
"--allowlist-function=selinux_android_vendor_service_context_handle",
"--allowlist-function=selinux_check_access",
"--allowlist-function=selinux_log_callback",
"--allowlist-function=selinux_set_callback",
"--allowlist-function=selinux_status_open",
"--allowlist-function=selinux_status_updated",
"--allowlist-function=selinux_vendor_log_callback",
"--allowlist-function=set_selinuxmnt",
"--allowlist-function=setcon",
"--allowlist-function=setexeccon",
"--allowlist-function=setfilecon",
"--allowlist-function=setfscreatecon",
"--allowlist-function=setsockcreatecon",
"--allowlist-function=setsockcreatecon_raw",
"--allowlist-function=string_to_security_class",
"--allowlist-function=selinux_android_context_with_level",
"--allowlist-function=selinux_android_keystore2_key_context_handle",
// We also need some constants in addition to the functions.
"--allowlist-var=SELABEL_.*",
"--allowlist-var=SELINUX_.*",
],
// This is mainly to run layout tests for generated bindings on the host.
host_supported: true,
}