| common_CFLAGS = [ |
| // Persistently stored patterns (pcre2) are architecture dependent. |
| // In particular paterns built on amd64 can not run on devices with armv7 |
| // (32bit). Therefore, this feature stays off for now. |
| "-DNO_PERSISTENTLY_STORED_PATTERNS", |
| "-DDISABLE_SETRANS", |
| "-DDISABLE_BOOL", |
| "-D_GNU_SOURCE", |
| "-DNO_MEDIA_BACKEND", |
| "-DNO_X_BACKEND", |
| "-DNO_DB_BACKEND", |
| "-Wall", |
| "-Werror", |
| "-Wno-error=missing-noreturn", |
| "-Wno-error=unused-function", |
| "-Wno-error=unused-variable", |
| ] |
| |
| cc_defaults { |
| name: "libselinux_defaults", |
| |
| cflags: common_CFLAGS, |
| |
| srcs: [ |
| "src/booleans.c", |
| "src/callbacks.c", |
| "src/freecon.c", |
| "src/label_backends_android.c", |
| "src/label.c", |
| "src/label_support.c", |
| "src/matchpathcon.c", |
| "src/setrans_client.c", |
| "src/sha1.c", |
| ], |
| |
| target: { |
| host: { |
| cflags: [ |
| "-DBUILD_HOST", |
| ], |
| }, |
| |
| android: { |
| srcs: [ |
| "src/android/android.c", |
| "src/avc.c", |
| "src/avc_internal.c", |
| "src/avc_sidtab.c", |
| "src/canonicalize_context.c", |
| "src/checkAccess.c", |
| "src/check_context.c", |
| "src/compute_av.c", |
| "src/compute_create.c", |
| "src/compute_member.c", |
| "src/context.c", |
| "src/deny_unknown.c", |
| "src/disable.c", |
| "src/enabled.c", |
| "src/fgetfilecon.c", |
| "src/fsetfilecon.c", |
| "src/getenforce.c", |
| "src/getfilecon.c", |
| "src/get_initial_context.c", |
| "src/getpeercon.c", |
| "src/init.c", |
| "src/lgetfilecon.c", |
| "src/load_policy.c", |
| "src/lsetfilecon.c", |
| "src/mapping.c", |
| "src/policyvers.c", |
| "src/procattr.c", |
| "src/reject_unknown.c", |
| "src/sestatus.c", |
| "src/setenforce.c", |
| "src/setfilecon.c", |
| "src/stringrep.c", |
| ], |
| |
| shared_libs: [ |
| "liblog", |
| ], |
| |
| header_libs: ["libcutils_headers"], |
| |
| local_include_dirs: [ "src" ], |
| |
| // 1003 corresponds to auditd, from system/core/logd/event.logtags |
| cflags: [ |
| "-DAUDITD_LOG_TAG=1003", |
| ], |
| } |
| }, |
| |
| local_include_dirs: ["include"], |
| export_include_dirs: ["include"], |
| |
| stl: "none", |
| system_shared_libs: ["libc"], |
| } |
| |
| cc_library { |
| name: "libselinux", |
| defaults: ["libselinux_defaults"], |
| |
| llndk_stubs: "libselinux.llndk", |
| |
| ramdisk_available: true, |
| vendor_ramdisk_available: true, |
| recovery_available: true, |
| |
| host_supported: true, |
| cflags: ["-DUSE_PCRE2"], |
| |
| srcs: [ |
| "src/label_file.c", |
| "src/regex.c", |
| ], |
| |
| target: { |
| linux_glibc: { |
| srcs: [ |
| "src/android/android_host.c", |
| "src/avc.c", |
| "src/avc_internal.c", |
| "src/avc_sidtab.c", |
| "src/compute_av.c", |
| "src/compute_create.c", |
| "src/compute_member.c", |
| "src/context.c", |
| "src/deny_unknown.c", |
| "src/enabled.c", |
| "src/fgetfilecon.c", |
| "src/getenforce.c", |
| "src/getfilecon.c", |
| "src/get_initial_context.c", |
| "src/init.c", |
| "src/lgetfilecon.c", |
| "src/load_policy.c", |
| "src/lsetfilecon.c", |
| "src/mapping.c", |
| "src/procattr.c", |
| "src/reject_unknown.c", |
| "src/setenforce.c", |
| "src/setexecfilecon.c", |
| "src/setfilecon.c", |
| "src/stringrep.c", |
| ], |
| }, |
| linux_bionic: { |
| enabled: true, |
| srcs: [ |
| "src/android/android_host.c", |
| "src/avc.c", |
| "src/avc_internal.c", |
| "src/avc_sidtab.c", |
| "src/compute_av.c", |
| "src/compute_create.c", |
| "src/compute_member.c", |
| "src/context.c", |
| "src/deny_unknown.c", |
| "src/enabled.c", |
| "src/getenforce.c", |
| "src/getfilecon.c", |
| "src/get_initial_context.c", |
| "src/init.c", |
| "src/load_policy.c", |
| "src/mapping.c", |
| "src/procattr.c", |
| "src/reject_unknown.c", |
| "src/setexecfilecon.c", |
| "src/stringrep.c", |
| ], |
| }, |
| |
| android: { |
| srcs: [ |
| "src/android/android_platform.c", |
| ], |
| |
| static: { |
| whole_static_libs: ["libpackagelistparser"], |
| }, |
| |
| shared: { |
| shared_libs: ["libpackagelistparser"], |
| }, |
| |
| version_script: "exported.map", |
| }, |
| |
| vendor: { |
| exclude_srcs: [ |
| "src/android/android_platform.c", |
| ], |
| srcs: [ |
| "src/android/android_vendor.c", |
| ], |
| cflags: ["-DNO_FILE_BACKEND"], |
| exclude_shared_libs: ["libpackagelistparser"], |
| exclude_static_libs: ["libpackagelistparser"], |
| version_script: "exported_vendor.map", |
| }, |
| }, |
| |
| static: { |
| whole_static_libs: ["libpcre2"], |
| }, |
| shared: { |
| shared_libs: ["libpcre2"], |
| }, |
| |
| stubs: { |
| symbol_file: "exported.map", |
| versions: ["30"], |
| }, |
| } |
| |
| llndk_library { |
| name: "libselinux.llndk", |
| export_include_dirs: ["include"], |
| symbol_file: "exported.map", |
| } |
| |
| cc_binary_host { |
| name: "sefcontext_compile", |
| defaults: ["libselinux_defaults"], |
| cflags: ["-DUSE_PCRE2"], |
| srcs: ["utils/sefcontext_compile.c"], |
| |
| static_libs: [ |
| "libselinux", |
| "libsepol", |
| ], |
| whole_static_libs: ["libpcre2"], |
| } |
| |
| rust_bindgen { |
| name: "libselinux_bindgen", |
| wrapper_src: "rust/selinux.h", |
| crate_name: "selinux_bindgen", |
| source_stem: "bindings", |
| local_include_dirs: ["include"], |
| |
| // Generate bindings only for the symbols that are actually exported (see exported.map). |
| // This makes the generated bindings much more concise and improves compilation |
| // time. |
| bindgen_flags: [ |
| "--whitelist-function=fgetfilecon", |
| "--whitelist-function=fgetfilecon_raw", |
| "--whitelist-function=freecon", |
| "--whitelist-function=fsetfilecon", |
| "--whitelist-function=getcon", |
| "--whitelist-function=getfilecon", |
| "--whitelist-function=getpeercon", |
| "--whitelist-function=getpidcon", |
| "--whitelist-function=is_selinux_enabled", |
| "--whitelist-function=lgetfilecon", |
| "--whitelist-function=lsetfilecon", |
| "--whitelist-function=security_compute_create", |
| "--whitelist-function=security_get_initial_context", |
| "--whitelist-function=security_getenforce", |
| "--whitelist-function=security_load_policy", |
| "--whitelist-function=security_policyvers", |
| "--whitelist-function=security_setenforce", |
| "--whitelist-function=selabel_close", |
| "--whitelist-function=selabel_lookup", |
| "--whitelist-function=selabel_lookup_best_match", |
| "--whitelist-function=selabel_open", |
| "--whitelist-function=selinux_android_file_context_handle", |
| "--whitelist-function=selinux_android_hw_service_context_handle", |
| "--whitelist-function=selinux_android_load_policy", |
| "--whitelist-function=selinux_android_load_policy_from_fd", |
| "--whitelist-function=selinux_android_restorecon", |
| "--whitelist-function=selinux_android_restorecon_pkgdir", |
| "--whitelist-function=selinux_android_seapp_context_init", |
| "--whitelist-function=selinux_android_service_context_handle", |
| "--whitelist-function=selinux_android_set_sehandle", |
| "--whitelist-function=selinux_android_setcon", |
| "--whitelist-function=selinux_android_setcontext", |
| "--whitelist-function=selinux_android_vendor_service_context_handle", |
| "--whitelist-function=selinux_check_access", |
| "--whitelist-function=selinux_log_callback", |
| "--whitelist-function=selinux_set_callback", |
| "--whitelist-function=selinux_status_open", |
| "--whitelist-function=selinux_status_updated", |
| "--whitelist-function=selinux_vendor_log_callback", |
| "--whitelist-function=set_selinuxmnt", |
| "--whitelist-function=setcon", |
| "--whitelist-function=setexeccon", |
| "--whitelist-function=setfilecon", |
| "--whitelist-function=setfscreatecon", |
| "--whitelist-function=setsockcreatecon", |
| "--whitelist-function=setsockcreatecon_raw", |
| "--whitelist-function=string_to_security_class", |
| "--whitelist-function=selinux_android_context_with_level", |
| "--whitelist-function=selinux_android_keystore2_key_context_handle", |
| |
| // We also need some constants in addition to the functions. |
| "--whitelist-var=SELABEL_.*", |
| "--whitelist-var=SELINUX_.*", |
| ], |
| |
| // This is mainly to run layout tests for generated bindings on the host. |
| host_supported: true, |
| } |
