1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6# http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14import(
15    "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni")
16import("//build/config/clang/clang.gni")
17import("//build/ohos.gni")
18import("//build/ohos/kernel/kernel.gni")
19
20INIT_PART = "init"
21declare_args() {
22  appspawn_featrue = false
23
24  if (defined(global_parts_info) &&
25      defined(global_parts_info.startup_appspawn)) {
26    appspawn_featrue = true
27  }
28}
29
30if (build_variant == "root") {
31  seccomp_enable_debug = true
32} else {
33  seccomp_enable_debug = false
34}
35
36ohos_prebuilt_seccomp("system_filter") {
37  sources = [ "seccomp_policy/system.seccomp.policy" ]
38
39  filtername = "system"
40  process_type = "system"
41
42  part_name = INIT_PART
43  subsystem_name = "startup"
44
45  install_enable = true
46  install_images = [ "system" ]
47}
48
49ohos_prebuilt_seccomp("appspawn_filter") {
50  sources = [ "seccomp_policy/spawn.seccomp.policy" ]
51
52  filtername = "appspawn"
53  process_type = "system"
54
55  part_name = INIT_PART
56  subsystem_name = "startup"
57
58  include_dirs = [ "." ]
59
60  install_enable = true
61  install_images = [ "system" ]
62}
63
64ohos_prebuilt_seccomp("nwebspawn_filter") {
65  sources = [ "seccomp_policy/nwebspawn.seccomp.policy" ]
66
67  filtername = "nwebspawn"
68  process_type = "system"
69
70  part_name = INIT_PART
71  subsystem_name = "startup"
72
73  include_dirs = [ "." ]
74
75  install_enable = true
76  install_images = [ "system" ]
77}
78
79ohos_prebuilt_seccomp("app_filter") {
80  sources = [ "seccomp_policy/app.seccomp.policy" ]
81
82  filtername = "app"
83  process_type = "app"
84
85  part_name = INIT_PART
86  subsystem_name = "startup"
87
88  install_enable = true
89  install_images = [ "system" ]
90}
91
92ohos_prebuilt_seccomp("updater_filter") {
93  sources = [ "seccomp_policy/updater.seccomp.policy" ]
94
95  filtername = "updater"
96  process_type = "system"
97  uid_is_root = true
98
99  part_name = INIT_PART
100  subsystem_name = "startup"
101
102  install_enable = true
103  install_images = [ "updater" ]
104}
105
106config("libseccomp_static_config") {
107  include_dirs = [
108    "..",
109    "../../../interfaces/innerkits/seccomp/include",
110  ]
111
112  if (seccomp_enable_debug) {
113    include_dirs += [
114      "../../../interfaces/innerkits/include",
115      "../../../interfaces/innerkits/include/param",
116    ]
117
118    defines = [ "WITH_SECCOMP_DEBUG" ]
119  }
120}
121
122ohos_source_set("libseccomp_static") {
123  sources = [
124    "seccomp_policy.c",
125    "seccomp_policy_static.c",
126  ]
127  public_configs = [
128    ":libseccomp_static_config",
129    "../../../interfaces/innerkits/init_module_engine:init_module_engine_exported_config",
130  ]
131
132  external_deps = [
133    "bounds_checking_function:libsec_shared",
134    "config_policy:configpolicy_util",
135  ]
136
137  part_name = INIT_PART
138  subsystem_name = "startup"
139}
140
141group("seccomp_filter") {
142  deps = [
143    ":app_filter",
144    ":system_filter",
145    ":updater_filter",
146  ]
147  if (appspawn_featrue) {
148    deps += [
149      ":appspawn_filter",
150      ":nwebspawn_filter",
151    ]
152  }
153}
154