1# Copyright (c) 2021 北京万里红科技有限公司 2# Copyright(c) Huawei Technologies Co.,Ltd. 3# 2020-2021.All rights reserved. 4# Copyright(c)2016,Google inc. 5# 6# Permission to use,copy,modify,and/or distribute this software for any 7# purpose with or without fee is hereby granted,provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10 11import("//build/ohos.gni") 12 13LIBSEPOL_ROOT_DIR = "//third_party/selinux/libsepol" 14LIBSELINUX_ROOT_DIR = "//third_party/selinux/libselinux" 15CHECKPOLICY_ROOT_DIR = "//third_party/selinux/checkpolicy" 16SECILC_ROOT_DIR = "//third_party/selinux/secilc" 17 18config("third_party_selinux_config") { 19 include_dirs = [ 20 "$LIBSELINUX_ROOT_DIR/include", 21 "$LIBSELINUX_ROOT_DIR", 22 ] 23} 24 25config("third_party_selinux_nolto_config") { 26 if (use_libfuzzer && !is_mac) { 27 cflags = [] 28 } else { 29 cflags = [ 30 "-fno-emulated-tls", 31 "-fno-lto", 32 "-fno-whole-program-vtables", 33 ] 34 } 35} 36 37ohos_shared_library("libsepol") { 38 md5_check_script = rebase_path("//third_party/selinux/check_md5.sh") 39 _arguments = [ 40 rebase_path("libsepol/cil/src/cil_lexer.c"), 41 rebase_path("libsepol/cil/src/cil_lexer.l"), 42 rebase_path("libsepol/cil/src/cil_lexer.md5"), 43 ] 44 result = exec_script(md5_check_script, _arguments, "string") 45 if (result != "") { 46 exec_script("/usr/bin/flex", 47 [ 48 "-o", 49 rebase_path("libsepol/cil/src/cil_lexer.c"), 50 rebase_path("libsepol/cil/src/cil_lexer.l"), 51 ], 52 "") 53 } 54 55 output_name = "libsepol" 56 version_script = "libsepol.map" 57 sources = [ 58 "$LIBSEPOL_ROOT_DIR/cil/src/cil.c", 59 "$LIBSEPOL_ROOT_DIR/cil/src/cil_binary.c", 60 "$LIBSEPOL_ROOT_DIR/cil/src/cil_build_ast.c", 61 "$LIBSEPOL_ROOT_DIR/cil/src/cil_copy_ast.c", 62 "$LIBSEPOL_ROOT_DIR/cil/src/cil_find.c", 63 "$LIBSEPOL_ROOT_DIR/cil/src/cil_fqn.c", 64 "$LIBSEPOL_ROOT_DIR/cil/src/cil_lexer.c", 65 "$LIBSEPOL_ROOT_DIR/cil/src/cil_list.c", 66 "$LIBSEPOL_ROOT_DIR/cil/src/cil_log.c", 67 "$LIBSEPOL_ROOT_DIR/cil/src/cil_mem.c", 68 "$LIBSEPOL_ROOT_DIR/cil/src/cil_parser.c", 69 "$LIBSEPOL_ROOT_DIR/cil/src/cil_policy.c", 70 "$LIBSEPOL_ROOT_DIR/cil/src/cil_post.c", 71 "$LIBSEPOL_ROOT_DIR/cil/src/cil_reset_ast.c", 72 "$LIBSEPOL_ROOT_DIR/cil/src/cil_resolve_ast.c", 73 "$LIBSEPOL_ROOT_DIR/cil/src/cil_stack.c", 74 "$LIBSEPOL_ROOT_DIR/cil/src/cil_strpool.c", 75 "$LIBSEPOL_ROOT_DIR/cil/src/cil_symtab.c", 76 "$LIBSEPOL_ROOT_DIR/cil/src/cil_tree.c", 77 "$LIBSEPOL_ROOT_DIR/cil/src/cil_verify.c", 78 "$LIBSEPOL_ROOT_DIR/cil/src/cil_write_ast.c", 79 "$LIBSEPOL_ROOT_DIR/src/assertion.c", 80 "$LIBSEPOL_ROOT_DIR/src/avrule_block.c", 81 "$LIBSEPOL_ROOT_DIR/src/avtab.c", 82 "$LIBSEPOL_ROOT_DIR/src/boolean_record.c", 83 "$LIBSEPOL_ROOT_DIR/src/booleans.c", 84 "$LIBSEPOL_ROOT_DIR/src/conditional.c", 85 "$LIBSEPOL_ROOT_DIR/src/constraint.c", 86 "$LIBSEPOL_ROOT_DIR/src/context.c", 87 "$LIBSEPOL_ROOT_DIR/src/context_record.c", 88 "$LIBSEPOL_ROOT_DIR/src/debug.c", 89 "$LIBSEPOL_ROOT_DIR/src/ebitmap.c", 90 "$LIBSEPOL_ROOT_DIR/src/expand.c", 91 "$LIBSEPOL_ROOT_DIR/src/handle.c", 92 "$LIBSEPOL_ROOT_DIR/src/hashtab.c", 93 "$LIBSEPOL_ROOT_DIR/src/hierarchy.c", 94 "$LIBSEPOL_ROOT_DIR/src/ibendport_record.c", 95 "$LIBSEPOL_ROOT_DIR/src/ibendports.c", 96 "$LIBSEPOL_ROOT_DIR/src/ibpkey_record.c", 97 "$LIBSEPOL_ROOT_DIR/src/ibpkeys.c", 98 "$LIBSEPOL_ROOT_DIR/src/iface_record.c", 99 "$LIBSEPOL_ROOT_DIR/src/interfaces.c", 100 "$LIBSEPOL_ROOT_DIR/src/kernel_to_cil.c", 101 "$LIBSEPOL_ROOT_DIR/src/kernel_to_common.c", 102 "$LIBSEPOL_ROOT_DIR/src/kernel_to_conf.c", 103 "$LIBSEPOL_ROOT_DIR/src/link.c", 104 "$LIBSEPOL_ROOT_DIR/src/mls.c", 105 "$LIBSEPOL_ROOT_DIR/src/module.c", 106 "$LIBSEPOL_ROOT_DIR/src/module_to_cil.c", 107 "$LIBSEPOL_ROOT_DIR/src/node_record.c", 108 "$LIBSEPOL_ROOT_DIR/src/nodes.c", 109 "$LIBSEPOL_ROOT_DIR/src/optimize.c", 110 "$LIBSEPOL_ROOT_DIR/src/polcaps.c", 111 "$LIBSEPOL_ROOT_DIR/src/policydb.c", 112 "$LIBSEPOL_ROOT_DIR/src/policydb_convert.c", 113 "$LIBSEPOL_ROOT_DIR/src/policydb_public.c", 114 "$LIBSEPOL_ROOT_DIR/src/policydb_validate.c", 115 "$LIBSEPOL_ROOT_DIR/src/port_record.c", 116 "$LIBSEPOL_ROOT_DIR/src/ports.c", 117 "$LIBSEPOL_ROOT_DIR/src/services.c", 118 "$LIBSEPOL_ROOT_DIR/src/sidtab.c", 119 "$LIBSEPOL_ROOT_DIR/src/symtab.c", 120 "$LIBSEPOL_ROOT_DIR/src/user_record.c", 121 "$LIBSEPOL_ROOT_DIR/src/users.c", 122 "$LIBSEPOL_ROOT_DIR/src/util.c", 123 "$LIBSEPOL_ROOT_DIR/src/write.c", 124 ] 125 include_dirs = [ 126 "$LIBSEPOL_ROOT_DIR/cil/include", 127 "$LIBSEPOL_ROOT_DIR/include", 128 ] 129 cflags = [ 130 "-D_GNU_SOURCE", 131 "-DHAVE_REALLOCARRAY", 132 "-w", 133 ] 134 install_enable = true 135 install_images = [ 136 "system", 137 "ramdisk", 138 "updater", 139 ] 140 license_file = "$LIBSEPOL_ROOT_DIR/LICENSE" 141 part_name = "selinux" 142 subsystem_name = "thirdparty" 143} 144 145ohos_executable("chkcon") { 146 install_enable = true 147 sources = [ "$LIBSEPOL_ROOT_DIR/utils/chkcon.c" ] 148 deps = [ ":libsepol" ] 149 include_dirs = [ "$LIBSEPOL_ROOT_DIR/include" ] 150 cflags = [ 151 "-D_GNU_SOURCE", 152 "-w", 153 ] 154 license_file = "$LIBSEPOL_ROOT_DIR/LICENSE" 155 part_name = "selinux" 156 subsystem_name = "thirdparty" 157} 158 159selinux_sources = [ 160 "$LIBSELINUX_ROOT_DIR/src/avc.c", 161 "$LIBSELINUX_ROOT_DIR/src/avc_internal.c", 162 "$LIBSELINUX_ROOT_DIR/src/avc_sidtab.c", 163 "$LIBSELINUX_ROOT_DIR/src/booleans.c", 164 "$LIBSELINUX_ROOT_DIR/src/callbacks.c", 165 "$LIBSELINUX_ROOT_DIR/src/canonicalize_context.c", 166 "$LIBSELINUX_ROOT_DIR/src/checkAccess.c", 167 "$LIBSELINUX_ROOT_DIR/src/check_context.c", 168 "$LIBSELINUX_ROOT_DIR/src/compute_av.c", 169 "$LIBSELINUX_ROOT_DIR/src/compute_create.c", 170 "$LIBSELINUX_ROOT_DIR/src/compute_member.c", 171 "$LIBSELINUX_ROOT_DIR/src/context.c", 172 "$LIBSELINUX_ROOT_DIR/src/deny_unknown.c", 173 "$LIBSELINUX_ROOT_DIR/src/disable.c", 174 "$LIBSELINUX_ROOT_DIR/src/enabled.c", 175 "$LIBSELINUX_ROOT_DIR/src/fgetfilecon.c", 176 "$LIBSELINUX_ROOT_DIR/src/freecon.c", 177 "$LIBSELINUX_ROOT_DIR/src/fsetfilecon.c", 178 "$LIBSELINUX_ROOT_DIR/src/get_initial_context.c", 179 "$LIBSELINUX_ROOT_DIR/src/getenforce.c", 180 "$LIBSELINUX_ROOT_DIR/src/getfilecon.c", 181 "$LIBSELINUX_ROOT_DIR/src/getpeercon.c", 182 "$LIBSELINUX_ROOT_DIR/src/ignore_path.c", 183 "$LIBSELINUX_ROOT_DIR/src/init.c", 184 "$LIBSELINUX_ROOT_DIR/src/is_customizable_type.c", 185 "$LIBSELINUX_ROOT_DIR/src/label.c", 186 "$LIBSELINUX_ROOT_DIR/src/label_backends_android.c", 187 "$LIBSELINUX_ROOT_DIR/src/label_db.c", 188 "$LIBSELINUX_ROOT_DIR/src/label_file.c", 189 "$LIBSELINUX_ROOT_DIR/src/label_media.c", 190 "$LIBSELINUX_ROOT_DIR/src/label_support.c", 191 "$LIBSELINUX_ROOT_DIR/src/label_x.c", 192 "$LIBSELINUX_ROOT_DIR/src/lgetfilecon.c", 193 "$LIBSELINUX_ROOT_DIR/src/load_policy.c", 194 "$LIBSELINUX_ROOT_DIR/src/lsetfilecon.c", 195 "$LIBSELINUX_ROOT_DIR/src/mapping.c", 196 "$LIBSELINUX_ROOT_DIR/src/matchpathcon.c", 197 "$LIBSELINUX_ROOT_DIR/src/policyvers.c", 198 "$LIBSELINUX_ROOT_DIR/src/procattr.c", 199 "$LIBSELINUX_ROOT_DIR/src/regex.c", 200 "$LIBSELINUX_ROOT_DIR/src/reject_unknown.c", 201 "$LIBSELINUX_ROOT_DIR/src/selinux_config.c", 202 "$LIBSELINUX_ROOT_DIR/src/selinux_restorecon.c", 203 "$LIBSELINUX_ROOT_DIR/src/sestatus.c", 204 "$LIBSELINUX_ROOT_DIR/src/setenforce.c", 205 "$LIBSELINUX_ROOT_DIR/src/setfilecon.c", 206 "$LIBSELINUX_ROOT_DIR/src/setrans_client.c", 207 "$LIBSELINUX_ROOT_DIR/src/seusers.c", 208 "$LIBSELINUX_ROOT_DIR/src/sha1.c", 209 "$LIBSELINUX_ROOT_DIR/src/stringrep.c", 210] 211 212ohos_shared_library("libselinux") { 213 branch_protector_ret = "pac_ret" 214 215 output_name = "libselinux" 216 217 sources = selinux_sources 218 219 if (current_toolchain == host_toolchain) { 220 # host build 221 sources += [ "$LIBSELINUX_ROOT_DIR/src/selinux_internal.c" ] 222 } 223 224 include_dirs = [ 225 "$LIBSELINUX_ROOT_DIR/include", 226 "$LIBSEPOL_ROOT_DIR/include", 227 ] 228 229 configs = [ ":third_party_selinux_nolto_config" ] 230 231 public_configs = [ ":third_party_selinux_config" ] 232 233 cflags = [ 234 "-DOHOS_FC_INIT", 235 "-D_GNU_SOURCE", 236 "-w", 237 "-DSHARED", 238 "-DUSE_PCRE2", 239 "-U__BIONIC__", 240 "-DAUDITD_LOG_TAG=1003", 241 "-DPCRE2_CODE_UNIT_WIDTH=8", 242 ] 243 if (host_cpu == "arm64" && host_os == "linux") { 244 cflags += [ "-DWITH_FREEBSD" ] 245 } 246 external_deps = [ "pcre2:libpcre2" ] 247 public_external_deps = [ "FreeBSD:libfreebsd_static" ] 248 install_enable = true 249 install_images = [ 250 "system", 251 "ramdisk", 252 "updater", 253 ] 254 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 255 innerapi_tags = [ 256 "platformsdk_indirect", 257 "chipsetsdk_indirect", 258 ] 259 part_name = "selinux" 260 subsystem_name = "thirdparty" 261} 262 263ohos_static_library("libselinux_static") { 264 output_name = "libselinux_static" 265 266 sources = selinux_sources 267 268 if (current_toolchain == host_toolchain) { 269 # host build 270 sources += [ "$LIBSELINUX_ROOT_DIR/src/selinux_internal.c" ] 271 } 272 273 include_dirs = [ 274 "$LIBSELINUX_ROOT_DIR/include", 275 "$LIBSEPOL_ROOT_DIR/include", 276 ] 277 278 configs = [ ":third_party_selinux_nolto_config" ] 279 280 public_configs = [ ":third_party_selinux_config" ] 281 282 cflags = [ 283 "-DOHOS_FC_INIT", 284 "-D_GNU_SOURCE", 285 "-w", 286 "-DSHARED", 287 "-DUSE_PCRE2", 288 "-U__BIONIC__", 289 "-DAUDITD_LOG_TAG=1003", 290 "-DPCRE2_CODE_UNIT_WIDTH=8", 291 ] 292 external_deps = [ "pcre2:libpcre2_static" ] 293 public_external_deps = [ "FreeBSD:libfreebsd_static" ] 294 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 295 part_name = "selinux" 296 subsystem_name = "thirdparty" 297} 298 299ohos_executable("setenforce") { 300 install_enable = true 301 sources = [ "$LIBSELINUX_ROOT_DIR/utils/setenforce.c" ] 302 deps = [ ":libselinux" ] 303 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 304 305 cflags = [ 306 "-D_GNU_SOURCE", 307 "-w", 308 ] 309 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 310 part_name = "selinux" 311 subsystem_name = "thirdparty" 312 install_images = [ 313 "system", 314 "updater", 315 ] 316} 317 318ohos_executable("getenforce") { 319 install_enable = true 320 sources = [ "$LIBSELINUX_ROOT_DIR/utils/getenforce.c" ] 321 deps = [ ":libselinux" ] 322 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 323 cflags = [ 324 "-D_GNU_SOURCE", 325 "-w", 326 ] 327 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 328 part_name = "selinux" 329 subsystem_name = "thirdparty" 330 install_images = [ 331 "system", 332 "updater", 333 ] 334} 335 336ohos_executable("getfilecon") { 337 install_enable = true 338 sources = [ "$LIBSELINUX_ROOT_DIR/utils/getfilecon.c" ] 339 deps = [ ":libselinux" ] 340 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 341 cflags = [ 342 "-D_GNU_SOURCE", 343 "-w", 344 ] 345 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 346 part_name = "selinux" 347 subsystem_name = "thirdparty" 348 install_images = [ 349 "system", 350 "updater", 351 ] 352} 353 354ohos_executable("setfilecon") { 355 install_enable = true 356 sources = [ "$LIBSELINUX_ROOT_DIR/utils/setfilecon.c" ] 357 deps = [ ":libselinux" ] 358 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 359 cflags = [ 360 "-D_GNU_SOURCE", 361 "-w", 362 ] 363 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 364 part_name = "selinux" 365 subsystem_name = "thirdparty" 366 install_images = [ 367 "system", 368 "updater", 369 ] 370} 371 372ohos_executable("selinuxexeccon") { 373 install_enable = true 374 sources = [ "$LIBSELINUX_ROOT_DIR/utils/selinuxexeccon.c" ] 375 deps = [ ":libselinux" ] 376 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 377 cflags = [ 378 "-D_GNU_SOURCE", 379 "-w", 380 ] 381 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 382 part_name = "selinux" 383 subsystem_name = "thirdparty" 384 install_images = [ 385 "system", 386 "updater", 387 ] 388} 389 390ohos_executable("selinux_check_access") { 391 install_enable = true 392 sources = [ "$LIBSELINUX_ROOT_DIR/utils/selinux_check_access.c" ] 393 deps = [ ":libselinux" ] 394 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 395 cflags = [ 396 "-D_GNU_SOURCE", 397 "-w", 398 ] 399 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 400 part_name = "selinux" 401 subsystem_name = "thirdparty" 402 install_images = [ 403 "system", 404 "updater", 405 ] 406} 407 408ohos_executable("getpidcon") { 409 install_enable = true 410 sources = [ "$LIBSELINUX_ROOT_DIR/utils/getpidcon.c" ] 411 deps = [ ":libselinux" ] 412 include_dirs = [ "$LIBSELINUX_ROOT_DIR/include" ] 413 cflags = [ 414 "-D_GNU_SOURCE", 415 "-w", 416 ] 417 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 418 part_name = "selinux" 419 subsystem_name = "thirdparty" 420 install_images = [ 421 "system", 422 "updater", 423 ] 424} 425 426ohos_executable("checkpolicy") { 427 md5_check_script = rebase_path("//third_party/selinux/check_md5.sh") 428 _arguments = [ 429 rebase_path("checkpolicy/y.tab.c"), 430 rebase_path("checkpolicy/policy_parse.y"), 431 rebase_path("checkpolicy/y.tab.md5"), 432 ] 433 result = exec_script(md5_check_script, _arguments, "string") 434 if (result != "") { 435 exec_script("/usr/bin/bison", 436 [ 437 "-y", 438 "-d", 439 rebase_path("checkpolicy/policy_parse.y"), 440 "-o", 441 rebase_path("checkpolicy/y.tab.c"), 442 ], 443 "") 444 } 445 _arguments = [] 446 _arguments = [ 447 rebase_path("checkpolicy/policy_scan.c"), 448 rebase_path("checkpolicy/policy_scan.l"), 449 rebase_path("checkpolicy/policy_scan.md5"), 450 ] 451 result = exec_script(md5_check_script, _arguments, "string") 452 if (result != "") { 453 exec_script("/usr/bin/flex", 454 [ 455 "-o", 456 rebase_path("checkpolicy/policy_scan.c"), 457 rebase_path("checkpolicy/policy_scan.l"), 458 ], 459 "") 460 } 461 install_enable = true 462 sources = [ 463 "$CHECKPOLICY_ROOT_DIR/checkpolicy.c", 464 "$CHECKPOLICY_ROOT_DIR/module_compiler.c", 465 "$CHECKPOLICY_ROOT_DIR/parse_util.c", 466 "$CHECKPOLICY_ROOT_DIR/policy_define.c", 467 "$CHECKPOLICY_ROOT_DIR/policy_scan.c", 468 "$CHECKPOLICY_ROOT_DIR/queue.c", 469 "$CHECKPOLICY_ROOT_DIR/y.tab.c", 470 ] 471 deps = [ ":libsepol" ] 472 include_dirs = [ 473 "$LIBSEPOL_ROOT_DIR/cil/include", 474 "$LIBSEPOL_ROOT_DIR/include", 475 "$CHECKPOLICY_ROOT_DIR", 476 ] 477 cflags = [ 478 "-Wall", 479 "-Werror", 480 "-Wshadow", 481 ] 482 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 483 part_name = "selinux" 484 subsystem_name = "thirdparty" 485} 486 487ohos_executable("secilc") { 488 install_enable = true 489 sources = [ "$SECILC_ROOT_DIR/secilc.c" ] 490 deps = [ ":libsepol" ] 491 include_dirs = [ 492 "$LIBSEPOL_ROOT_DIR/cil/include", 493 "$LIBSEPOL_ROOT_DIR/include", 494 ] 495 cflags = [ 496 "-Wall", 497 "-Werror", 498 "-Wshadow", 499 ] 500 license_file = "$LIBSEPOL_ROOT_DIR/LICENSE" 501 part_name = "selinux" 502 subsystem_name = "thirdparty" 503} 504 505ohos_executable("sefcontext_compile") { 506 install_enable = true 507 sources = [ "$LIBSELINUX_ROOT_DIR/utils/sefcontext_compile.c" ] 508 deps = [ 509 ":libselinux", 510 ":libsepol", 511 ] 512 external_deps = [ "pcre2:libpcre2" ] 513 include_dirs = [ 514 "$LIBSELINUX_ROOT_DIR/include", 515 "$LIBSEPOL_ROOT_DIR/include", 516 ] 517 cflags = [ 518 "-D_GNU_SOURCE", 519 "-DUSE_PCRE2", 520 "-DPCRE2_CODE_UNIT_WIDTH=8", 521 "-w", 522 ] 523 license_file = "$LIBSELINUX_ROOT_DIR/LICENSE" 524 part_name = "selinux" 525 subsystem_name = "thirdparty" 526} 527