1include $(CLEAR_VARS) 2LOCAL_MODULE := plat_seapp_contexts 3LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 4LOCAL_LICENSE_CONDITIONS := notice unencumbered 5LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 6LOCAL_MODULE_CLASS := ETC 7LOCAL_MODULE_TAGS := optional 8LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux 9 10include $(BUILD_SYSTEM)/base_rules.mk 11 12plat_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 13 14$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 15$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(plat_sc_files) 16$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(plat_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp 17 @mkdir -p $(dir $@) 18 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) 19 20built_plat_sc := $(LOCAL_BUILT_MODULE) 21plat_sc_files := 22 23################################## 24include $(CLEAR_VARS) 25LOCAL_MODULE := system_ext_seapp_contexts 26LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 27LOCAL_LICENSE_CONDITIONS := notice unencumbered 28LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 29LOCAL_MODULE_CLASS := ETC 30LOCAL_MODULE_TAGS := optional 31LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux 32 33include $(BUILD_SYSTEM)/base_rules.mk 34 35system_ext_sc_files := $(call build_policy, seapp_contexts, $(SYSTEM_EXT_PRIVATE_POLICY)) 36plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 37 38$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 39$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(system_ext_sc_files) 40$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 41$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(system_ext_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 42 @mkdir -p $(dir $@) 43 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 44 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 45 46system_ext_sc_files := 47plat_sc_neverallow_files := 48 49################################## 50include $(CLEAR_VARS) 51LOCAL_MODULE := product_seapp_contexts 52LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 53LOCAL_LICENSE_CONDITIONS := notice unencumbered 54LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 55LOCAL_MODULE_CLASS := ETC 56LOCAL_MODULE_TAGS := optional 57LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux 58 59include $(BUILD_SYSTEM)/base_rules.mk 60 61product_sc_files := $(call build_policy, seapp_contexts, $(PRODUCT_PRIVATE_POLICY)) 62plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY)) 63 64$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 65$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(product_sc_files) 66$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 67$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(product_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 68 @mkdir -p $(dir $@) 69 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 70 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 71 72product_sc_files := 73plat_sc_neverallow_files := 74 75################################## 76include $(CLEAR_VARS) 77LOCAL_MODULE := vendor_seapp_contexts 78LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 79LOCAL_LICENSE_CONDITIONS := notice unencumbered 80LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 81LOCAL_MODULE_CLASS := ETC 82LOCAL_MODULE_TAGS := optional 83LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux 84 85include $(BUILD_SYSTEM)/base_rules.mk 86 87vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY)) 88plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) 89 90$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 91$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(vendor_sc_files) 92$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 93$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(vendor_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 94 @mkdir -p $(dir $@) 95 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 96 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 97 98built_vendor_sc := $(LOCAL_BUILT_MODULE) 99vendor_sc_files := 100 101################################## 102include $(CLEAR_VARS) 103LOCAL_MODULE := odm_seapp_contexts 104LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 105LOCAL_LICENSE_CONDITIONS := notice unencumbered 106LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 107LOCAL_MODULE_CLASS := ETC 108LOCAL_MODULE_TAGS := optional 109LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux 110 111include $(BUILD_SYSTEM)/base_rules.mk 112 113odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS)) 114plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)) 115 116$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) 117$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files) 118$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files) 119$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(odm_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files) 120 @mkdir -p $(dir $@) 121 $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp 122 $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp 123 124built_odm_sc := $(LOCAL_BUILT_MODULE) 125odm_sc_files := 126 127################################## 128include $(CLEAR_VARS) 129LOCAL_MODULE := plat_seapp_neverallows 130LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered 131LOCAL_LICENSE_CONDITIONS := notice unencumbered 132LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE 133LOCAL_MODULE_CLASS := ETC 134LOCAL_MODULE_TAGS := tests 135 136include $(BUILD_SYSTEM)/base_rules.mk 137 138$(LOCAL_BUILT_MODULE): $(plat_sc_neverallow_files) 139 @mkdir -p $(dir $@) 140 - $(hide) grep -ihe '^neverallow' $< > $@ 141 142plat_sc_neverallow_files := 143