1include $(CLEAR_VARS) 2LOCAL_MODULE := plat_seapp_contexts 3LOCAL_MODULE_CLASS := ETC 4LOCAL_MODULE_TAGS := optional 5LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux 6 7include $(BUILD_SYSTEM)/base_rules.mk 8 9plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 10 11$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 12$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files) 13$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp 14 @mkdir -p $(dir $@) 15 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) 16 17built_plat_sc := $(LOCAL_BUILT_MODULE) 18plat_sc_files := 19 20################################## 21include $(CLEAR_VARS) 22LOCAL_MODULE := system_ext_seapp_contexts 23LOCAL_MODULE_CLASS := ETC 24LOCAL_MODULE_TAGS := optional 25LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux 26 27include $(BUILD_SYSTEM)/base_rules.mk 28 29system_ext_sc_files := $(call build_policy, seapp_contexts, $(SYSTEM_EXT_PRIVATE_POLICY)) 30plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 31 32$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 33$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(system_ext_sc_files) 34$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 35$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(system_ext_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 36 @mkdir -p $(dir $@) 37 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 38 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 39 40system_ext_sc_files := 41plat_sc_neverallow_files := 42 43################################## 44include $(CLEAR_VARS) 45LOCAL_MODULE := product_seapp_contexts 46LOCAL_MODULE_CLASS := ETC 47LOCAL_MODULE_TAGS := optional 48LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux 49 50include $(BUILD_SYSTEM)/base_rules.mk 51 52product_sc_files := $(call build_policy, seapp_contexts, $(PRODUCT_PRIVATE_POLICY)) 53plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 54 55$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 56$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(product_sc_files) 57$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 58$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(product_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 59 @mkdir -p $(dir $@) 60 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 61 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 62 63product_sc_files := 64plat_sc_neverallow_files := 65 66################################## 67include $(CLEAR_VARS) 68LOCAL_MODULE := vendor_seapp_contexts 69LOCAL_MODULE_CLASS := ETC 70LOCAL_MODULE_TAGS := optional 71LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux 72 73include $(BUILD_SYSTEM)/base_rules.mk 74 75vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 76plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) 77 78$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 79$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(vendor_sc_files) 80$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 81$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(vendor_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 82 @mkdir -p $(dir $@) 83 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 84 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 85 86built_vendor_sc := $(LOCAL_BUILT_MODULE) 87vendor_sc_files := 88 89################################## 90include $(CLEAR_VARS) 91LOCAL_MODULE := odm_seapp_contexts 92LOCAL_MODULE_CLASS := ETC 93LOCAL_MODULE_TAGS := optional 94LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux 95 96include $(BUILD_SYSTEM)/base_rules.mk 97 98odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS)) 99plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) 100 101$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 102$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files) 103$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 104$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(odm_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 105 @mkdir -p $(dir $@) 106 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 107 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 108 109built_odm_sc := $(LOCAL_BUILT_MODULE) 110odm_sc_files := 111 112################################## 113include $(CLEAR_VARS) 114LOCAL_MODULE := plat_seapp_neverallows 115LOCAL_MODULE_CLASS := ETC 116LOCAL_MODULE_TAGS := tests 117 118include $(BUILD_SYSTEM)/base_rules.mk 119 120$(LOCAL_BUILT_MODULE): $(plat_sc_neverallow_files) 121 @mkdir -p $(dir $@) 122 - $(hide) grep -ihe '^neverallow' $< > $@ 123 124plat_sc_neverallow_files := 125