# Copyright (c) 2021-2023 北京万里红科技有限公司 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import("//base/startup/init/begetd.gni") import("//build/ohos.gni") import("selinux.gni") config("selinux_core_config") { include_dirs = [ "interfaces/policycoreutils/include", "$THIRD_PARTY_DIR/selinux/libselinux/include", ] } ohos_shared_library("libload_policy") { output_name = "libload_policy" sources = [ "interfaces/policycoreutils/src/load_policy.cpp" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":libselinux_klog_static", "$THIRD_PARTY_DIR/selinux:libselinux", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] install_enable = true install_images = [ "system", "ramdisk", "updater", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } ohos_shared_library("librestorecon") { output_name = "librestorecon" sources = [ "interfaces/policycoreutils/src/selinux_restorecon.c" ] public_configs = [ ":selinux_core_config" ] deps = [ "$THIRD_PARTY_DIR/selinux:libselinux" ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] install_enable = true install_images = [ "system", "ramdisk", "updater", ] innerapi_tags = [ "platformsdk_indirect" ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } ohos_shared_library("libhap_restorecon") { output_name = "libhap_restorecon" sources = [ "interfaces/policycoreutils/src/hap_restorecon.cpp", "interfaces/policycoreutils/src/sehap_contexts_trie.cpp", ] public_configs = [ ":selinux_core_config" ] deps = [ ":libselinux_error_static", ":libselinux_hilog_static", "$THIRD_PARTY_DIR/selinux:libselinux", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] install_enable = true license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } ohos_static_library("libselinux_error_static") { output_name = "libselinux_error_static" sources = [ "interfaces/policycoreutils/src/selinux_error.cpp" ] include_dirs = [ "interfaces/policycoreutils/include" ] cflags = [ "-D_GNU_SOURCE", "-w", ] part_name = "selinux" subsystem_name = "security" } ohos_static_library("libselinux_klog_static") { output_name = "libselinux_klog_static" sources = [ "interfaces/policycoreutils/src/selinux_klog.c" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ "$THIRD_PARTY_DIR/bounds_checking_function:libsec_shared" ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] part_name = "selinux" subsystem_name = "security" } ohos_static_library("libselinux_hilog_static") { output_name = "libselinux_hilog_static" sources = [ "interfaces/policycoreutils/src/selinux_log.c" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ "$THIRD_PARTY_DIR/bounds_checking_function:libsec_shared" ] external_deps = [ "hilog:libhilog" ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] part_name = "selinux" subsystem_name = "security" } if (!startup_init_with_param_base) { inherited_configs = [ "$BUILD_CONFIG_DIR/compiler:afdo", "$BUILD_CONFIG_DIR/compiler:afdo_optimize_size", "$BUILD_CONFIG_DIR/compiler:compiler", "$BUILD_CONFIG_DIR/compiler:compiler_arm_fpu", "$BUILD_CONFIG_DIR/compiler:compiler_arm_thumb", "$BUILD_CONFIG_DIR/compiler:chromium_code", "$BUILD_CONFIG_DIR/compiler:default_include_dirs", "$BUILD_CONFIG_DIR/compiler:default_optimization", "$BUILD_CONFIG_DIR/compiler:default_stack_frames", "$BUILD_CONFIG_DIR/compiler:default_symbols", "$BUILD_CONFIG_DIR/compiler:export_dynamic", "$BUILD_CONFIG_DIR/compiler:no_exceptions", "$BUILD_CONFIG_DIR/compiler:no_rtti", "$BUILD_CONFIG_DIR/compiler:runtime_library", "$BUILD_CONFIG_DIR/compiler:thin_archive", "$BUILD_CONFIG_DIR/sanitizers:default_sanitizer_flags", ] } source_set("libselinux_parameter_static") { output_name = "libselinux_parameter_static" sources = [ "interfaces/policycoreutils/src/contexts_trie.c", "interfaces/policycoreutils/src/selinux_map.c", "interfaces/policycoreutils/src/selinux_parameter.c", "interfaces/policycoreutils/src/selinux_share_mem.c", ] include_dirs = [ "interfaces/policycoreutils/include" ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] if (!startup_init_with_param_base) { ldflags = [ "-nostdlib" ] configs -= inherited_configs configs += [ "$BUILD_CONFIG_DIR/compiler:compiler" ] } } ohos_shared_library("libparaperm_checker") { output_name = "libparaperm_checker" sources = [ "interfaces/policycoreutils/src/param_checker.c" ] public_configs = [ ":selinux_core_config" ] deps = [ ":libselinux_klog_static", "$THIRD_PARTY_DIR/bounds_checking_function:libsec_shared", "$THIRD_PARTY_DIR/selinux:libselinux", ] if (startup_init_with_param_base) { deps += [ ":libselinux_parameter_static" ] } cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] install_images = [ "system", "updater", ] part_name = "selinux" subsystem_name = "security" } ohos_shared_library("libservice_checker") { output_name = "libservice_checker" sources = [ "interfaces/policycoreutils/src/service_checker.cpp" ] public_configs = [ ":selinux_core_config" ] deps = [ ":libselinux_error_static", ":libselinux_hilog_static", "$THIRD_PARTY_DIR/bounds_checking_function:libsec_shared", "$THIRD_PARTY_DIR/selinux:libselinux", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] innerapi_tags = [ "chipsetsdk" ] part_name = "selinux" subsystem_name = "security" } ohos_executable("load_policy") { install_enable = true sources = [ "interfaces/tools/load_policy/load_policy.c" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":libload_policy" ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" install_images = [ "system", "updater", ] } ohos_executable("restorecon") { install_enable = true sources = [ "interfaces/tools/restorecon/restorecon.c" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":librestorecon", "$THIRD_PARTY_DIR/bounds_checking_function:libsec_shared", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" install_images = [ "system", "updater", ] } ohos_executable("hap_restorecon") { install_enable = false sources = [ "interfaces/tools/hap_restorecon/test.cpp" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":libhap_restorecon", ":libselinux_error_static", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } ohos_executable("param_check") { install_enable = false sources = [ "interfaces/tools/param_check/test.cpp" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":libparaperm_checker", ":libselinux_error_static", ":libselinux_parameter_static", "$THIRD_PARTY_DIR/selinux:libselinux", ] if (startup_init_with_param_base) { deps += [ ":libselinux_parameter_static" ] } cflags = [ "-D_GNU_SOURCE", "-DTIME_DISPLAY", "-Wall", "-Werror", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } ohos_executable("service_check") { install_enable = false sources = [ "interfaces/tools/service_check/test.cpp" ] include_dirs = [ "interfaces/policycoreutils/include" ] deps = [ ":libselinux_error_static", ":libservice_checker", ] cflags = [ "-D_GNU_SOURCE", "-Wall", "-Werror", ] license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" } debug_version = "disable" updater_version = "disable" action("build_policy") { if (build_variant == "user") { debug_version = "disable" } else if (build_variant == "root") { debug_version = "enable" } else { debug_version = "enable" } updater_version = "disable" inputs = exec_script("//build/scripts/find.py", [ rebase_path("sepolicy") ], "list lines") if (selinux_build_path != "default") { foreach(src, string_split(selinux_build_path, ":")) { src = "//" + src inputs += exec_script("//build/scripts/find.py", [ rebase_path(src) ], "list lines") } } if (special_build_policy_script != "default") { script = special_build_policy_script } else { script = "scripts/build_policy.py" } args = [ "--dst-file", rebase_path(target_out_dir + "/policy.31"), "--tool-path", rebase_path(root_build_dir + "/clang_x64/security/selinux/"), "--source-root-dir", rebase_path("//"), "--policy_dir_list", selinux_build_path, "--debug-version", debug_version, "--updater-version", updater_version, "--components", components, ] if (components != "default") { args += [ "--vendor-policy-version", "$vendor_policy_version", ] } if (extra_args != "default") { foreach(arg, string_split(extra_args, " ")) { args += [ arg ] } } deps = [ "$THIRD_PARTY_DIR/selinux:checkpolicy($host_toolchain)", "$THIRD_PARTY_DIR/selinux:secilc($host_toolchain)", ] outputs = [ target_out_dir + "/policy.31", target_out_dir + "/vendor.cil", target_out_dir + "/prebuild_sepolicy.system.cil.sha256", target_out_dir + "/system.cil", target_out_dir + "/system.cil.sha256", target_out_dir + "/$vendor_policy_version.cil", target_out_dir + "/version", target_out_dir + "/public.cil", ] } action("build_update_policy") { if (build_variant == "user") { debug_version = "disable" } else if (build_variant == "root") { debug_version = "enable" } else { debug_version = "enable" } updater_version = "enable" components = "default" inputs = exec_script("//build/scripts/find.py", [ rebase_path("sepolicy") ], "list lines") if (selinux_build_path != "default") { foreach(src, string_split(selinux_build_path, ":")) { src = "//" + src inputs += exec_script("//build/scripts/find.py", [ rebase_path(src) ], "list lines") } } if (special_build_policy_script != "default") { script = special_build_policy_script } else { script = "scripts/build_policy.py" } args = [ "--dst-file", rebase_path(target_out_dir + "/updater/policy.31"), "--tool-path", rebase_path(root_build_dir + "/clang_x64/security/selinux/"), "--source-root-dir", rebase_path("//"), "--policy_dir_list", selinux_build_path, "--debug-version", debug_version, "--updater-version", updater_version, "--components", components, ] if (extra_args != "default") { foreach(arg, string_split(extra_args, " ")) { args += [ arg ] } } deps = [ "$THIRD_PARTY_DIR/selinux:checkpolicy($host_toolchain)", "$THIRD_PARTY_DIR/selinux:secilc($host_toolchain)", ] outputs = [ target_out_dir + "/updater/policy.31" ] } action("build_contexts") { inputs = exec_script("//build/scripts/find.py", [ rebase_path("sepolicy") ], "list lines") if (selinux_build_path != "default") { foreach(src, string_split(selinux_build_path, ":")) { src = "//" + src inputs += exec_script("//build/scripts/find.py", [ rebase_path(src) ], "list lines") } } if (special_build_contexts_script != "default") { script = special_build_contexts_script } else { script = "scripts/build_contexts.py" } args = [ "--dst-dir", rebase_path(target_out_dir + "/"), "--tool-path", rebase_path(root_build_dir + "/clang_x64/security/selinux/"), "--policy-file", rebase_path(target_out_dir + "/policy.31"), "--source-root-dir", rebase_path("//"), "--policy_dir_list", selinux_build_path, "--components", components, ] if (contexts_extra_args != "default") { foreach(arg, string_split(contexts_extra_args, " ")) { args += [ arg ] } } deps = [ ":build_policy", "$THIRD_PARTY_DIR/selinux:sefcontext_compile($host_toolchain)", ] outputs = [ target_out_dir + "/file_contexts.bin", target_out_dir + "/file_contexts", target_out_dir + "/sehap_contexts", target_out_dir + "/service_contexts", target_out_dir + "/hdf_service_contexts", target_out_dir + "/parameter_contexts", ] } copy("selinux_config") { if (selinux_enforce) { sources = [ "config/config.enforce" ] } else { sources = [ "config/config.permissive" ] } outputs = [ "$target_out_dir/config" ] } copy("updater_selinux_config") { sources = [ "config/config.enforce" ] outputs = [ "$target_out_dir/updater/config" ] } ohos_prebuilt_etc("build_sepolicy") { deps = [ ":build_policy" ] source = target_out_dir + "/policy.31" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" if (components == "vendor") { relative_install_dir = "selinux/prebuild_sepolicy/" install_images = [ "vendor" ] } else if (components == "default") { relative_install_dir = "selinux/targeted/policy/" install_images = [ "system" ] } } ohos_prebuilt_etc("build_updater_sepolicy") { deps = [ ":build_update_policy" ] source = target_out_dir + "/updater/policy.31" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/policy/" install_images = [ "updater" ] } ohos_prebuilt_etc("selinux_version") { deps = [ ":build_policy" ] source = target_out_dir + "/version" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "vendor" ] } ohos_prebuilt_etc("config") { deps = [ ":selinux_config" ] source = target_out_dir + "/config" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "system" ] } ohos_prebuilt_etc("updater_config") { deps = [ ":updater_selinux_config" ] source = target_out_dir + "/updater/config" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "updater" ] } ohos_prebuilt_etc("sehap_contexts") { deps = [ ":build_contexts" ] source = target_out_dir + "/sehap_contexts" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/contexts/" } ohos_prebuilt_etc("parameter_contexts") { deps = [ ":build_contexts" ] source = target_out_dir + "/parameter_contexts" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/contexts/" install_images = [ "system", "updater", ] } ohos_prebuilt_etc("service_contexts") { deps = [ ":build_contexts" ] source = target_out_dir + "/service_contexts" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/contexts/" } ohos_prebuilt_etc("hdf_service_contexts") { deps = [ ":build_contexts" ] source = target_out_dir + "/hdf_service_contexts" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/contexts/" } ohos_prebuilt_etc("file_contexts") { deps = [ ":build_contexts" ] source = target_out_dir + "/file_contexts" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/targeted/contexts/" if (components == "vendor") { install_images = [ "vendor" ] } else { install_images = [ "system", "updater", ] } } ohos_prebuilt_etc("vendor_cil") { deps = [ ":build_policy" ] source = target_out_dir + "/vendor.cil" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "vendor" ] } ohos_prebuilt_etc("public_cil") { deps = [ ":build_policy" ] source = target_out_dir + "/public.cil" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "vendor" ] } ohos_prebuilt_etc("version_cil") { deps = [ ":build_policy" ] source = target_out_dir + "/$vendor_policy_version.cil" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/compatible/" install_images = [ "system" ] } ohos_prebuilt_etc("prebuild_sepolicy_system_cil_sha256") { deps = [ ":build_policy" ] source = target_out_dir + "/prebuild_sepolicy.system.cil.sha256" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "vendor" ] } ohos_prebuilt_etc("system_cil") { deps = [ ":build_policy" ] source = target_out_dir + "/system.cil" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "system" ] } ohos_prebuilt_etc("system_cil_sha256") { deps = [ ":build_policy" ] source = target_out_dir + "/system.cil.sha256" license_file = "LICENSE" part_name = "selinux" subsystem_name = "security" relative_install_dir = "selinux/" install_images = [ "system" ] } group("selinux_group") { if (build_selinux) { deps = [ ":build_updater_sepolicy", ":config", ":file_contexts", ":hap_restorecon", ":hdf_service_contexts", ":load_policy", ":param_check", ":parameter_contexts", ":restorecon", ":sehap_contexts", ":service_check", ":service_contexts", ":updater_config", "$THIRD_PARTY_DIR/selinux:checkpolicy($host_toolchain)", "$THIRD_PARTY_DIR/selinux:chkcon", "$THIRD_PARTY_DIR/selinux:getenforce", "$THIRD_PARTY_DIR/selinux:getfilecon", "$THIRD_PARTY_DIR/selinux:getpidcon", "$THIRD_PARTY_DIR/selinux:secilc", "$THIRD_PARTY_DIR/selinux:secilc($host_toolchain)", "$THIRD_PARTY_DIR/selinux:sefcontext_compile($host_toolchain)", "$THIRD_PARTY_DIR/selinux:selinux_check_access", "$THIRD_PARTY_DIR/selinux:selinuxexeccon", "$THIRD_PARTY_DIR/selinux:setenforce", "$THIRD_PARTY_DIR/selinux:setfilecon", ] if (components == "system") { deps += [ ":system_cil", ":system_cil_sha256", ":version_cil", ] } else if (components == "vendor") { deps += [ ":build_sepolicy", ":prebuild_sepolicy_system_cil_sha256", ":public_cil", ":selinux_version", ":vendor_cil", ] } else { deps += [ ":build_sepolicy" ] } } }