xref: /aosp_15_r20/system/sepolicy/build/soong/mac_permissions.go (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Worker// Copyright (C) 2019 The Android Open Source Project
2*e4a36f41SAndroid Build Coastguard Worker//
3*e4a36f41SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License");
4*e4a36f41SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License.
5*e4a36f41SAndroid Build Coastguard Worker// You may obtain a copy of the License at
6*e4a36f41SAndroid Build Coastguard Worker//
7*e4a36f41SAndroid Build Coastguard Worker//     http://www.apache.org/licenses/LICENSE-2.0
8*e4a36f41SAndroid Build Coastguard Worker//
9*e4a36f41SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software
10*e4a36f41SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS,
11*e4a36f41SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e4a36f41SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and
13*e4a36f41SAndroid Build Coastguard Worker// limitations under the License.
14*e4a36f41SAndroid Build Coastguard Worker
15*e4a36f41SAndroid Build Coastguard Workerpackage selinux
16*e4a36f41SAndroid Build Coastguard Worker
17*e4a36f41SAndroid Build Coastguard Workerimport (
18*e4a36f41SAndroid Build Coastguard Worker	"fmt"
19*e4a36f41SAndroid Build Coastguard Worker	"io"
20*e4a36f41SAndroid Build Coastguard Worker
21*e4a36f41SAndroid Build Coastguard Worker	"github.com/google/blueprint/proptools"
22*e4a36f41SAndroid Build Coastguard Worker
23*e4a36f41SAndroid Build Coastguard Worker	"android/soong/android"
24*e4a36f41SAndroid Build Coastguard Worker)
25*e4a36f41SAndroid Build Coastguard Worker
26*e4a36f41SAndroid Build Coastguard Workervar (
27*e4a36f41SAndroid Build Coastguard Worker	// Should be synced with keys.conf.
28*e4a36f41SAndroid Build Coastguard Worker	AllPlatformKeys = []string{
29*e4a36f41SAndroid Build Coastguard Worker		"platform",
30*e4a36f41SAndroid Build Coastguard Worker		"sdk_sandbox",
31*e4a36f41SAndroid Build Coastguard Worker		"media",
32*e4a36f41SAndroid Build Coastguard Worker		"networkstack",
33*e4a36f41SAndroid Build Coastguard Worker		"shared",
34*e4a36f41SAndroid Build Coastguard Worker		"testkey",
35*e4a36f41SAndroid Build Coastguard Worker		"bluetooth",
36*e4a36f41SAndroid Build Coastguard Worker	}
37*e4a36f41SAndroid Build Coastguard Worker)
38*e4a36f41SAndroid Build Coastguard Worker
39*e4a36f41SAndroid Build Coastguard Workertype macPermissionsProperties struct {
40*e4a36f41SAndroid Build Coastguard Worker	// keys.conf files to control the mapping of "tags" found in the mac_permissions.xml files.
41*e4a36f41SAndroid Build Coastguard Worker	Keys []string `android:"path"`
42*e4a36f41SAndroid Build Coastguard Worker
43*e4a36f41SAndroid Build Coastguard Worker	// Source files for the generated mac_permissions.xml file.
44*e4a36f41SAndroid Build Coastguard Worker	Srcs []string `android:"path"`
45*e4a36f41SAndroid Build Coastguard Worker
46*e4a36f41SAndroid Build Coastguard Worker	// Output file name. Defaults to module name
47*e4a36f41SAndroid Build Coastguard Worker	Stem *string
48*e4a36f41SAndroid Build Coastguard Worker}
49*e4a36f41SAndroid Build Coastguard Worker
50*e4a36f41SAndroid Build Coastguard Workertype macPermissionsModule struct {
51*e4a36f41SAndroid Build Coastguard Worker	android.ModuleBase
52*e4a36f41SAndroid Build Coastguard Worker
53*e4a36f41SAndroid Build Coastguard Worker	properties  macPermissionsProperties
54*e4a36f41SAndroid Build Coastguard Worker	outputPath  android.ModuleOutPath
55*e4a36f41SAndroid Build Coastguard Worker	installPath android.InstallPath
56*e4a36f41SAndroid Build Coastguard Worker}
57*e4a36f41SAndroid Build Coastguard Worker
58*e4a36f41SAndroid Build Coastguard Workerfunc init() {
59*e4a36f41SAndroid Build Coastguard Worker	android.RegisterModuleType("mac_permissions", macPermissionsFactory)
60*e4a36f41SAndroid Build Coastguard Worker}
61*e4a36f41SAndroid Build Coastguard Worker
62*e4a36f41SAndroid Build Coastguard Workerfunc getAllPlatformKeyPaths(ctx android.ModuleContext) android.Paths {
63*e4a36f41SAndroid Build Coastguard Worker	var platformKeys android.Paths
64*e4a36f41SAndroid Build Coastguard Worker
65*e4a36f41SAndroid Build Coastguard Worker	defaultCertificateDir := ctx.Config().DefaultAppCertificateDir(ctx)
66*e4a36f41SAndroid Build Coastguard Worker	for _, key := range AllPlatformKeys {
67*e4a36f41SAndroid Build Coastguard Worker		platformKeys = append(platformKeys, defaultCertificateDir.Join(ctx, key+".x509.pem"))
68*e4a36f41SAndroid Build Coastguard Worker	}
69*e4a36f41SAndroid Build Coastguard Worker
70*e4a36f41SAndroid Build Coastguard Worker	return platformKeys
71*e4a36f41SAndroid Build Coastguard Worker}
72*e4a36f41SAndroid Build Coastguard Worker
73*e4a36f41SAndroid Build Coastguard Workerfunc (m *macPermissionsModule) DepsMutator(ctx android.BottomUpMutatorContext) {
74*e4a36f41SAndroid Build Coastguard Worker	// do nothing
75*e4a36f41SAndroid Build Coastguard Worker}
76*e4a36f41SAndroid Build Coastguard Worker
77*e4a36f41SAndroid Build Coastguard Workerfunc (m *macPermissionsModule) stem() string {
78*e4a36f41SAndroid Build Coastguard Worker	return proptools.StringDefault(m.properties.Stem, m.Name())
79*e4a36f41SAndroid Build Coastguard Worker}
80*e4a36f41SAndroid Build Coastguard Worker
81*e4a36f41SAndroid Build Coastguard Workerfunc buildVariant(ctx android.ModuleContext) string {
82*e4a36f41SAndroid Build Coastguard Worker	if ctx.Config().Eng() {
83*e4a36f41SAndroid Build Coastguard Worker		return "eng"
84*e4a36f41SAndroid Build Coastguard Worker	}
85*e4a36f41SAndroid Build Coastguard Worker	if ctx.Config().Debuggable() {
86*e4a36f41SAndroid Build Coastguard Worker		return "userdebug"
87*e4a36f41SAndroid Build Coastguard Worker	}
88*e4a36f41SAndroid Build Coastguard Worker	return "user"
89*e4a36f41SAndroid Build Coastguard Worker}
90*e4a36f41SAndroid Build Coastguard Worker
91*e4a36f41SAndroid Build Coastguard Workerfunc (m *macPermissionsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
92*e4a36f41SAndroid Build Coastguard Worker	platformKeys := getAllPlatformKeyPaths(ctx)
93*e4a36f41SAndroid Build Coastguard Worker	keys := android.PathsForModuleSrc(ctx, m.properties.Keys)
94*e4a36f41SAndroid Build Coastguard Worker	srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs)
95*e4a36f41SAndroid Build Coastguard Worker
96*e4a36f41SAndroid Build Coastguard Worker	m4Keys := android.PathForModuleGen(ctx, "mac_perms_keys.tmp")
97*e4a36f41SAndroid Build Coastguard Worker	rule := android.NewRuleBuilder(pctx, ctx)
98*e4a36f41SAndroid Build Coastguard Worker	rule.Command().
99*e4a36f41SAndroid Build Coastguard Worker		Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
100*e4a36f41SAndroid Build Coastguard Worker		Text("--fatal-warnings -s").
101*e4a36f41SAndroid Build Coastguard Worker		FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
102*e4a36f41SAndroid Build Coastguard Worker		Inputs(keys).
103*e4a36f41SAndroid Build Coastguard Worker		FlagWithOutput("> ", m4Keys).
104*e4a36f41SAndroid Build Coastguard Worker		Implicits(platformKeys)
105*e4a36f41SAndroid Build Coastguard Worker
106*e4a36f41SAndroid Build Coastguard Worker	m.outputPath = android.PathForModuleOut(ctx, m.stem())
107*e4a36f41SAndroid Build Coastguard Worker	rule.Command().Text("DEFAULT_SYSTEM_DEV_CERTIFICATE="+ctx.Config().DefaultAppCertificateDir(ctx).String()).
108*e4a36f41SAndroid Build Coastguard Worker		Text("MAINLINE_SEPOLICY_DEV_CERTIFICATES="+ctx.Config().MainlineSepolicyDevCertificatesDir(ctx).String()).
109*e4a36f41SAndroid Build Coastguard Worker		BuiltTool("insertkeys").
110*e4a36f41SAndroid Build Coastguard Worker		FlagWithArg("-t ", buildVariant(ctx)).
111*e4a36f41SAndroid Build Coastguard Worker		Input(m4Keys).
112*e4a36f41SAndroid Build Coastguard Worker		FlagWithOutput("-o ", m.outputPath).
113*e4a36f41SAndroid Build Coastguard Worker		Inputs(srcs)
114*e4a36f41SAndroid Build Coastguard Worker
115*e4a36f41SAndroid Build Coastguard Worker	rule.Build("mac_permission", "build "+m.Name())
116*e4a36f41SAndroid Build Coastguard Worker
117*e4a36f41SAndroid Build Coastguard Worker	m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
118*e4a36f41SAndroid Build Coastguard Worker	ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
119*e4a36f41SAndroid Build Coastguard Worker}
120*e4a36f41SAndroid Build Coastguard Worker
121*e4a36f41SAndroid Build Coastguard Workerfunc (m *macPermissionsModule) AndroidMk() android.AndroidMkData {
122*e4a36f41SAndroid Build Coastguard Worker	return android.AndroidMkData{
123*e4a36f41SAndroid Build Coastguard Worker		Class:      "ETC",
124*e4a36f41SAndroid Build Coastguard Worker		OutputFile: android.OptionalPathForPath(m.outputPath),
125*e4a36f41SAndroid Build Coastguard Worker		Extra: []android.AndroidMkExtraFunc{
126*e4a36f41SAndroid Build Coastguard Worker			func(w io.Writer, outputFile android.Path) {
127*e4a36f41SAndroid Build Coastguard Worker				fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.String())
128*e4a36f41SAndroid Build Coastguard Worker				fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.stem())
129*e4a36f41SAndroid Build Coastguard Worker			},
130*e4a36f41SAndroid Build Coastguard Worker		},
131*e4a36f41SAndroid Build Coastguard Worker	}
132*e4a36f41SAndroid Build Coastguard Worker}
133*e4a36f41SAndroid Build Coastguard Worker
134*e4a36f41SAndroid Build Coastguard Worker// mac_permissions module generates a mac_permissions.xml file from given keys.conf and
135*e4a36f41SAndroid Build Coastguard Worker// source files. The following variables are supported for keys.conf files.
136*e4a36f41SAndroid Build Coastguard Worker//
137*e4a36f41SAndroid Build Coastguard Worker//	DEFAULT_SYSTEM_DEV_CERTIFICATE
138*e4a36f41SAndroid Build Coastguard Worker//	MAINLINE_SEPOLICY_DEV_CERTIFICATES
139*e4a36f41SAndroid Build Coastguard Workerfunc macPermissionsFactory() android.Module {
140*e4a36f41SAndroid Build Coastguard Worker	m := &macPermissionsModule{}
141*e4a36f41SAndroid Build Coastguard Worker	m.AddProperties(&m.properties)
142*e4a36f41SAndroid Build Coastguard Worker	android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
143*e4a36f41SAndroid Build Coastguard Worker	return m
144*e4a36f41SAndroid Build Coastguard Worker}
145