Home | History | Annotate | Download | only in sepolicy 
      1 ifeq ($(HAVE_SELINUX),true)
      2 
      3 LOCAL_PATH:= $(call my-dir)
      4 include $(CLEAR_VARS)
      5 
      6 # SELinux policy version.
      7 # Must be <= /selinux/policyvers reported by the Android kernel.
      8 # Must be within the compatibility range reported by checkpolicy -V.
      9 POLICYVERS := 24
     10 
     11 MLS_SENS=1
     12 MLS_CATS=1024
     13 
     14 LOCAL_POLICY_DIRS := $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)/ device/*/$(TARGET_DEVICE)/ vendor/*/$(TARGET_DEVICE)/
     15 
     16 LOCAL_POLICY_FC := $(wildcard $(addsuffix sepolicy.fc, $(LOCAL_POLICY_DIRS)))
     17 LOCAL_POLICY_TE := $(wildcard $(addsuffix sepolicy.te, $(LOCAL_POLICY_DIRS)))
     18 LOCAL_POLICY_PC := $(wildcard $(addsuffix sepolicy.pc, $(LOCAL_POLICY_DIRS)))
     19 
     20 ##################################
     21 include $(CLEAR_VARS)
     22 
     23 LOCAL_MODULE := sepolicy
     24 LOCAL_MODULE_CLASS := ETC
     25 LOCAL_MODULE_TAGS := optional
     26 LOCAL_MODULE_SUFFIX := .$(POLICYVERS)
     27 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
     28 
     29 include $(BUILD_SYSTEM)/base_rules.mk
     30 
     31 sepolicy_policy.conf := $(intermediates)/policy.conf
     32 $(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
     33 $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
     34 $(sepolicy_policy.conf) : $(wildcard $(addprefix $(LOCAL_PATH)/,security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te) $(LOCAL_POLICY_TE) $(addprefix $(LOCAL_PATH)/, roles users ocontexts))
     35 	@mkdir -p $(dir $@)
     36 	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@
     37 
     38 $(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
     39 	@mkdir -p $(dir $@)
     40 	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $<
     41 
     42 sepolicy_policy.conf :=
     43 ##################################
     44 include $(CLEAR_VARS)
     45 
     46 LOCAL_MODULE := file_contexts
     47 LOCAL_MODULE_CLASS := ETC
     48 LOCAL_MODULE_TAGS := optional
     49 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
     50 
     51 include $(BUILD_SYSTEM)/base_rules.mk
     52 
     53 file_contexts := $(intermediates)/file_contexts
     54 $(file_contexts): $(LOCAL_PATH)/file_contexts $(LOCAL_POLICY_FC)
     55 	@mkdir -p $(dir $@)
     56 	$(hide) cat $^ > $@
     57 
     58 file_contexts :=
     59 ##################################
     60 include $(CLEAR_VARS)
     61 
     62 LOCAL_MODULE := seapp_contexts
     63 LOCAL_SRC_FILES := $(LOCAL_MODULE)
     64 LOCAL_MODULE_CLASS := ETC
     65 LOCAL_MODULE_TAGS := optional
     66 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
     67 
     68 include $(BUILD_PREBUILT)
     69 
     70 ##################################
     71 include $(CLEAR_VARS)
     72 
     73 LOCAL_MODULE := property_contexts
     74 LOCAL_MODULE_CLASS := ETC
     75 LOCAL_MODULE_TAGS := optional
     76 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
     77 
     78 include $(BUILD_SYSTEM)/base_rules.mk
     79 
     80 property_contexts := $(intermediates)/property_contexts
     81 $(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC)
     82 	@mkdir -p $(dir $@)
     83 	$(hide) cat $^ > $@
     84 
     85 property_contexts :=
     86 ##################################
     87 
     88 endif #ifeq ($(HAVE_SELINUX),true)
     89