diff --git a/BUILD.gn b/BUILD.gn index 8609d0ae7..dbc28b2bc 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -428,9 +428,13 @@ action("build_contexts") { ] } -action("enforce_selinux") { - script = "scripts/enforce_selinux.sh" - outputs = [ "$target_out_dir/" ] +copy("selinux_config") { + if (selinux_enforce) { + sources = [ "$SELINUX_ROOT_DIR/config/config.enforce" ] + } else { + sources = [ "$SELINUX_ROOT_DIR/config/config.permissive" ] + } + outputs = [ "$target_out_dir/config" ] } ohos_prebuilt_etc("build_sepolicy") { @@ -450,12 +454,10 @@ ohos_prebuilt_etc("file_contexts_bin") { } ohos_prebuilt_etc("config") { - source = "$SELINUX_ROOT_DIR/config/config" + deps = [ ":selinux_config" ] + source = target_out_dir + "/config" license_file = "$SELINUX_ROOT_DIR/LICENSE" part_name = "selinux" - if (enforce_selinux) { - deps = [ ":enforce_selinux" ] - } relative_install_dir = "selinux/" } diff --git a/config/config b/config/config.enforce similarity index 100% rename from config/config rename to config/config.enforce diff --git a/config/config.permissive b/config/config.permissive new file mode 100644 index 000000000..946eb5331 --- /dev/null +++ b/config/config.permissive @@ -0,0 +1,17 @@ +# +# Copyright (c) 2021 北京万里红科技有限公司 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +SELINUX=permissive diff --git a/selinux.gni b/selinux.gni index b6326c893..892cbcd66 100644 --- a/selinux.gni +++ b/selinux.gni @@ -14,3 +14,7 @@ declare_args() { selinux_build_path = "default" } + +declare_args() { + selinux_enforce = true +}