1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14import("//base/startup/init/begetd.gni") 15import( 16 "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni") 17import("//build/config/clang/clang.gni") 18import("//build/ohos.gni") 19import("//build/ohos/kernel/kernel.gni") 20 21INIT_PART = "init" 22declare_args() { 23 appspawn_featrue = false 24 25 if (defined(global_parts_info) && 26 defined(global_parts_info.startup_appspawn)) { 27 appspawn_featrue = true 28 } 29} 30 31if (build_variant == "root") { 32 seccomp_enable_debug = true 33} else { 34 seccomp_enable_debug = false 35} 36 37ohos_prebuilt_seccomp("system_filter") { 38 sources = [ "seccomp_policy/system.seccomp.policy" ] 39 40 filtername = "system" 41 process_type = "system" 42 43 part_name = INIT_PART 44 subsystem_name = "startup" 45 46 install_enable = true 47 install_images = [ "system" ] 48} 49 50ohos_prebuilt_seccomp("appspawn_filter") { 51 sources = [ "seccomp_policy/spawn.seccomp.policy" ] 52 53 filtername = "appspawn" 54 process_type = "system" 55 56 part_name = INIT_PART 57 subsystem_name = "startup" 58 59 include_dirs = [ "." ] 60 61 install_enable = true 62 install_images = [ "system" ] 63} 64 65ohos_prebuilt_seccomp("nwebspawn_filter") { 66 sources = [ "seccomp_policy/nwebspawn.seccomp.policy" ] 67 68 filtername = "nwebspawn" 69 process_type = "system" 70 71 part_name = INIT_PART 72 subsystem_name = "startup" 73 74 include_dirs = [ "." ] 75 76 install_enable = true 77 install_images = [ "system" ] 78} 79 80ohos_prebuilt_seccomp("app_filter") { 81 sources = [ "seccomp_policy/app.seccomp.policy" ] 82 83 filtername = "app" 84 process_type = "app" 85 86 part_name = INIT_PART 87 subsystem_name = "startup" 88 89 install_enable = true 90 install_images = [ "system" ] 91} 92 93ohos_prebuilt_seccomp("app_privilege_filter") { 94 sources = [ "seccomp_policy/app_privilege.seccomp.policy" ] 95 96 filtername = "app_privilege" 97 process_type = "system" 98 uid_is_root = true 99 100 part_name = INIT_PART 101 subsystem_name = "startup" 102 103 install_enable = true 104 install_images = [ "system" ] 105} 106 107ohos_prebuilt_seccomp("updater_filter") { 108 sources = [ "seccomp_policy/updater.seccomp.policy" ] 109 110 filtername = "updater" 111 process_type = "system" 112 uid_is_root = true 113 114 part_name = INIT_PART 115 subsystem_name = "startup" 116 117 install_enable = true 118 install_images = [ "updater" ] 119} 120 121config("libseccomp_static_config") { 122 include_dirs = [ 123 "..", 124 "../../../interfaces/innerkits/seccomp/include", 125 ] 126 127 if (seccomp_enable_debug) { 128 include_dirs += [ 129 "../../../interfaces/innerkits/include", 130 "../../../interfaces/innerkits/include/param", 131 ] 132 133 defines = [ "WITH_SECCOMP_DEBUG" ] 134 } 135} 136 137ohos_source_set("libseccomp_static") { 138 sources = [ 139 "seccomp_policy.c", 140 "seccomp_policy_static.c", 141 ] 142 public_configs = [ 143 ":libseccomp_static_config", 144 "../../../interfaces/innerkits/init_module_engine:init_module_engine_exported_config", 145 ] 146 147 external_deps = [ 148 "bounds_checking_function:libsec_shared", 149 "config_policy:configpolicy_util", 150 ] 151 152 part_name = INIT_PART 153 subsystem_name = "startup" 154} 155 156group("seccomp_filter") { 157 deps = [ 158 ":app_filter", 159 ":system_filter", 160 ":updater_filter", 161 ] 162 if (appspawn_featrue) { 163 deps += [ 164 ":appspawn_filter", 165 ":nwebspawn_filter", 166 ] 167 if (init_feature_seccomp_privilege) { 168 deps += [ ":app_privilege_filter" ] 169 } 170 } 171} 172