1*e4a36f41SAndroid Build Coastguard Worker// Copyright (C) 2023 The Android Open Source Project 2*e4a36f41SAndroid Build Coastguard Worker// 3*e4a36f41SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*e4a36f41SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*e4a36f41SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*e4a36f41SAndroid Build Coastguard Worker// 7*e4a36f41SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*e4a36f41SAndroid Build Coastguard Worker// 9*e4a36f41SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*e4a36f41SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*e4a36f41SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e4a36f41SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*e4a36f41SAndroid Build Coastguard Worker// limitations under the License. 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Worker// This module contains a list of build time flags (defined on AOSP) for sepolicy. 16*e4a36f41SAndroid Build Coastguard Worker// Additional se_flags modules can be added anywhere for additional flags. 17*e4a36f41SAndroid Build Coastguard Workerse_flags { 18*e4a36f41SAndroid Build Coastguard Worker name: "aosp_selinux_flags", 19*e4a36f41SAndroid Build Coastguard Worker flags: [ 20*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES", 21*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_EARLY_VM", 22*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT", 23*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_LLPVM_CHANGES", 24*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_NETWORK", 25*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_MICROFUCHSIA", 26*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_VM_TO_TEE_SERVICES_ALLOWLIST", 27*e4a36f41SAndroid Build Coastguard Worker "RELEASE_AVF_ENABLE_WIDEVINE_PVM", 28*e4a36f41SAndroid Build Coastguard Worker "RELEASE_RANGING_STACK", 29*e4a36f41SAndroid Build Coastguard Worker "RELEASE_READ_FROM_NEW_STORAGE", 30*e4a36f41SAndroid Build Coastguard Worker "RELEASE_SUPERVISION_SERVICE", 31*e4a36f41SAndroid Build Coastguard Worker "RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE", 32*e4a36f41SAndroid Build Coastguard Worker "RELEASE_UNLOCKED_STORAGE_API", 33*e4a36f41SAndroid Build Coastguard Worker "RELEASE_BLUETOOTH_SOCKET_SERVICE", 34*e4a36f41SAndroid Build Coastguard Worker ], 35*e4a36f41SAndroid Build Coastguard Worker export_to: ["all_selinux_flags"], 36*e4a36f41SAndroid Build Coastguard Worker} 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Worker// se_flags_collector collects flags from exported se_flags modules and converts it to build flags. 39*e4a36f41SAndroid Build Coastguard Workerse_flags_collector { 40*e4a36f41SAndroid Build Coastguard Worker name: "all_selinux_flags", 41*e4a36f41SAndroid Build Coastguard Worker} 42*e4a36f41SAndroid Build Coastguard Worker 43*e4a36f41SAndroid Build Coastguard Workerse_policy_conf_defaults { 44*e4a36f41SAndroid Build Coastguard Worker name: "se_policy_conf_flags_defaults", 45*e4a36f41SAndroid Build Coastguard Worker srcs: [":sepolicy_flagging_macros"], 46*e4a36f41SAndroid Build Coastguard Worker build_flags: ["all_selinux_flags"], 47*e4a36f41SAndroid Build Coastguard Worker} 48*e4a36f41SAndroid Build Coastguard Worker 49*e4a36f41SAndroid Build Coastguard Workercontexts_defaults { 50*e4a36f41SAndroid Build Coastguard Worker name: "contexts_flags_defaults", 51*e4a36f41SAndroid Build Coastguard Worker srcs: [":sepolicy_flagging_macros"], 52*e4a36f41SAndroid Build Coastguard Worker neverallow_files: [":sepolicy_flagging_macros"], // for seapp_contexts 53*e4a36f41SAndroid Build Coastguard Worker build_flags: ["all_selinux_flags"], 54*e4a36f41SAndroid Build Coastguard Worker} 55*e4a36f41SAndroid Build Coastguard Worker 56*e4a36f41SAndroid Build Coastguard Workerfilegroup { 57*e4a36f41SAndroid Build Coastguard Worker name: "sepolicy_flagging_macros", 58*e4a36f41SAndroid Build Coastguard Worker srcs: ["flagging_macros"], 59*e4a36f41SAndroid Build Coastguard Worker} 60