xref: /ohos5.0/base/security/selinux_adapter/BUILD.gn

# Copyright (c) 2021-2023 北京万里红科技有限公司
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import("//build/ohos.gni")
import("selinux.gni")

startup_init_with_param_base = false
if (!use_musl) {
  startup_init_with_param_base = true
}

special_build_selinux_gni_exist =
    selinux_adapter_special_build_selinux_gni_path != "" &&
    exec_script("/bin/sh",
                [
                  "-c",
                  "if [ -f " + rebase_path(
                          selinux_adapter_special_build_selinux_gni_path) +
                      " ]; then echo true; else echo false; fi",
                ],
                "value")
if (special_build_selinux_gni_exist) {
  import(selinux_adapter_special_build_selinux_gni_path)
}

config("selinux_core_config") {
  include_dirs = [ "interfaces/policycoreutils/include" ]
}

ohos_shared_library("libload_policy") {
  output_name = "libload_policy"
  sources = [ "interfaces/policycoreutils/src/load_policy.cpp" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [ ":libselinux_klog_static" ]
  external_deps = [ "selinux:libselinux" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  if (selinux_adapter_support_developer_mode) {
    cflags += [ "-DWITH_DEVELOPER" ]
  }
  install_enable = true
  install_images = [
    "system",
    "ramdisk",
    "updater",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_shared_library("librestorecon") {
  branch_protector_ret = "pac_ret"

  output_name = "librestorecon"
  sources = [ "interfaces/policycoreutils/src/selinux_restorecon.c" ]
  public_configs = [ ":selinux_core_config" ]
  deps = [ ":libselinux_klog_static" ]
  external_deps = [ "hilog:libhilog" ]

  public_external_deps = [ "selinux:libselinux" ]

  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  install_enable = true
  install_images = [
    "system",
    "ramdisk",
    "updater",
  ]
  innerapi_tags = [ "platformsdk_indirect" ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("libselinux_klog_real_static") {
  output_name = "libselinux_klog_real_static"
  sources = [ "interfaces/policycoreutils/src/selinux_klog.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  external_deps = [ "bounds_checking_function:libsec_static" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("libselinux_hilog_real_static") {
  output_name = "libselinux_hilog_real_static"
  sources = [ "interfaces/policycoreutils/src/selinux_log.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  external_deps = [
    "bounds_checking_function:libsec_static",
    "hilog:libhilog_base",
  ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("librestorecon_static") {
  output_name = "librestorecon_static"
  sources = [ "interfaces/policycoreutils/src/selinux_restorecon.c" ]
  public_configs = [ ":selinux_core_config" ]
  deps = [ ":libselinux_klog_real_static" ]
  external_deps = [ "hilog:libhilog_base" ]

  public_external_deps = [ "selinux:libselinux_static" ]

  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_shared_library("libhap_restorecon") {
  output_name = "libhap_restorecon"
  sources = [
    "interfaces/policycoreutils/src/hap_restorecon.cpp",
    "interfaces/policycoreutils/src/sehap_contexts_trie.cpp",
  ]
  public_configs = [ ":selinux_core_config" ]
  deps = [
    ":libselinux_error_static",
    ":libselinux_hilog_static",
  ]
  external_deps = [ "hilog:libhilog" ]

  public_external_deps = [ "selinux:libselinux" ]

  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  install_enable = true
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("libselinux_error_static") {
  output_name = "libselinux_error_static"
  sources = [ "interfaces/policycoreutils/src/selinux_error.cpp" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-w",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("libselinux_klog_static") {
  output_name = "libselinux_klog_static"
  sources = [ "interfaces/policycoreutils/src/selinux_klog.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  external_deps = [ "bounds_checking_function:libsec_shared" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_static_library("libselinux_hilog_static") {
  branch_protector_ret = "pac_ret"

  output_name = "libselinux_hilog_static"
  sources = [ "interfaces/policycoreutils/src/selinux_log.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  external_deps = [
    "bounds_checking_function:libsec_shared",
    "hilog:libhilog",
  ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

if (!startup_init_with_param_base) {
  inherited_configs = [
    "$BUILD_CONFIG_DIR/compiler:afdo",
    "$BUILD_CONFIG_DIR/compiler:afdo_optimize_size",
    "$BUILD_CONFIG_DIR/compiler:compiler",
    "$BUILD_CONFIG_DIR/compiler:compiler_arm_fpu",
    "$BUILD_CONFIG_DIR/compiler:compiler_arm_thumb",
    "$BUILD_CONFIG_DIR/compiler:chromium_code",
    "$BUILD_CONFIG_DIR/compiler:default_include_dirs",
    "$BUILD_CONFIG_DIR/compiler:default_optimization",
    "$BUILD_CONFIG_DIR/compiler:default_stack_frames",
    "$BUILD_CONFIG_DIR/compiler:default_symbols",
    "$BUILD_CONFIG_DIR/compiler:export_dynamic",
    "$BUILD_CONFIG_DIR/compiler:no_exceptions",
    "$BUILD_CONFIG_DIR/compiler:no_rtti",
    "$BUILD_CONFIG_DIR/compiler:runtime_library",
    "$BUILD_CONFIG_DIR/compiler:thin_archive",
    "$BUILD_CONFIG_DIR/sanitizers:default_sanitizer_flags",
  ]
}

static_library("libselinux_parameter_static") {
  output_name = "libselinux_parameter_static"
  sources = [
    "interfaces/policycoreutils/src/contexts_trie.c",
    "interfaces/policycoreutils/src/selinux_map.c",
    "interfaces/policycoreutils/src/selinux_parameter.c",
    "interfaces/policycoreutils/src/selinux_share_mem.c",
  ]
  public_configs = [ ":selinux_core_config" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  if (!startup_init_with_param_base) {
    ldflags = [ "-nostdlib" ]
    configs -= inherited_configs
    configs += [ "$BUILD_CONFIG_DIR/compiler:compiler" ]
  }
}

ohos_shared_library("libparaperm_checker") {
  output_name = "libparaperm_checker"
  sources = [ "interfaces/policycoreutils/src/param_checker.c" ]
  public_configs = [ ":selinux_core_config" ]
  deps = [ ":libselinux_klog_static" ]
  deps += [ ":libselinux_parameter_static" ]
  external_deps = [ "bounds_checking_function:libsec_shared" ]
  public_external_deps = [ "selinux:libselinux" ]

  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  install_images = [
    "system",
    "updater",
  ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_shared_library("libservice_checker") {
  output_name = "libservice_checker"
  sources = [ "interfaces/policycoreutils/src/service_checker.cpp" ]
  public_configs = [ ":selinux_core_config" ]
  deps = [
    ":libselinux_error_static",
    ":libselinux_hilog_static",
  ]
  external_deps = [
    "bounds_checking_function:libsec_shared",
    "hilog:libhilog",
  ]
  public_external_deps = [ "selinux:libselinux" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  innerapi_tags = [ "chipsetsdk" ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_executable("load_policy") {
  install_enable = true
  sources = [ "interfaces/tools/load_policy/load_policy.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [ ":libload_policy" ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  install_images = [
    "system",
    "updater",
  ]
}

ohos_executable("restorecon") {
  install_enable = true
  sources = [ "interfaces/tools/restorecon/restorecon.c" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [ ":librestorecon" ]
  external_deps = [
    "bounds_checking_function:libsec_shared",
    "selinux:libselinux",
  ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  install_images = [
    "system",
    "updater",
  ]
}

ohos_executable("hap_restorecon") {
  install_enable = false
  sources = [ "interfaces/tools/hap_restorecon/test.cpp" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [
    ":libhap_restorecon",
    ":libselinux_error_static",
  ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  external_deps = [ "selinux:libselinux" ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_executable("param_check") {
  install_enable = false
  sources = [ "interfaces/tools/param_check/test.cpp" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [
    ":libparaperm_checker",
    ":libselinux_error_static",
    ":libselinux_parameter_static",
  ]
  external_deps = [
    "pcre2:libpcre2",
    "selinux:libselinux",
  ]
  if (startup_init_with_param_base) {
    deps += [ ":libselinux_parameter_static" ]
  }
  cflags = [
    "-D_GNU_SOURCE",
    "-DTIME_DISPLAY",
    "-Wall",
    "-Werror",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

ohos_executable("service_check") {
  install_enable = false
  sources = [ "interfaces/tools/service_check/test.cpp" ]
  include_dirs = [ "interfaces/policycoreutils/include" ]
  deps = [
    ":libselinux_error_static",
    ":libservice_checker",
  ]
  cflags = [
    "-D_GNU_SOURCE",
    "-Wall",
    "-Werror",
  ]
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

debug_version = "disable"
updater_version = "disable"

action("build_policy") {
  if (build_variant == "user") {
    debug_version = "disable"
  } else if (build_variant == "root") {
    debug_version = "enable"
  } else {
    debug_version = "enable"
  }

  updater_version = "disable"

  inputs = exec_script("//build/scripts/find.py",
                       [ rebase_path("sepolicy") ],
                       "list lines")
  if (selinux_adapter_build_path != "default") {
    foreach(src, string_split(selinux_adapter_build_path, ":")) {
      src = "//" + src
      inputs += exec_script("//build/scripts/find.py",
                            [ rebase_path(src) ],
                            "list lines")
    }
    if (special_build_selinux_gni_exist &&
        selinux_build_path_ext != "default") {
      selinux_adapter_build_path =
          selinux_adapter_build_path + ":" + selinux_build_path_ext
    }
  } else {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (selinux_adapter_special_build_policy_script != "default") {
    script = selinux_adapter_special_build_policy_script
  } else {
    script = "scripts/build_policy.py"
  }

  args = [
    "--dst-file",
    rebase_path(target_out_dir + "/policy.31"),
    "--tool-path",
    rebase_path(root_build_dir + "/clang_${host_cpu}/thirdparty/selinux/"),
    "--source-root-dir",
    rebase_path("//"),
    "--policy_dir_list",
    selinux_adapter_build_path,
    "--debug-version",
    debug_version,
    "--updater-version",
    updater_version,
    "--components",
    selinux_adapter_components,
  ]

  if (selinux_adapter_components != "default") {
    args += [
      "--vendor-policy-version",
      "$selinux_adapter_vendor_policy_version",
    ]
  }

  if (selinux_adapter_extra_args != "default") {
    foreach(arg, string_split(selinux_adapter_extra_args, " ")) {
      args += [ arg ]
    }
  }

  external_deps = [
    "selinux:checkpolicy($host_toolchain)",
    "selinux:secilc($host_toolchain)",
  ]
  outputs = [
    target_out_dir + "/policy.31",
    target_out_dir + "/user_policy",
    target_out_dir + "/vendor.cil",
    target_out_dir + "/prebuild_sepolicy.system.cil.sha256",
    target_out_dir + "/system.cil",
    target_out_dir + "/system.cil.sha256",
    target_out_dir + "/compatible/$selinux_adapter_vendor_policy_version.cil",
    target_out_dir + "/compatible",
    target_out_dir + "/version",
    target_out_dir + "/public.cil",
  ]

  outputs += [
    target_out_dir + "/developer/prebuild_sepolicy.system.cil.sha256",
    target_out_dir + "/developer/system.cil.sha256",
    target_out_dir +
        "/developer/compatible/$selinux_adapter_vendor_policy_version.cil",
    target_out_dir + "/developer/compatible",
    target_out_dir + "/developer/developer_policy",
    target_out_dir + "/developer/policy.31",
    target_out_dir + "/developer/vendor.cil",
    target_out_dir + "/developer/system.cil",
    target_out_dir + "/developer/public.cil",
  ]

  if (selinux_adapter_components != "default") {
    outputs += [
      target_out_dir + "/system_common.cil",
      target_out_dir + "/vendor_common.cil",
      target_out_dir + "/public_common.cil",
    ]
  }
}

action("build_update_policy") {
  if (build_variant == "user") {
    debug_version = "disable"
  } else if (build_variant == "root") {
    debug_version = "enable"
  } else {
    debug_version = "enable"
  }

  updater_version = "enable"
  selinux_adapter_components = "default"
  inputs = exec_script("//build/scripts/find.py",
                       [ rebase_path("sepolicy") ],
                       "list lines")
  if (selinux_adapter_build_path != "default") {
    foreach(src, string_split(selinux_adapter_build_path, ":")) {
      src = "//" + src
      inputs += exec_script("//build/scripts/find.py",
                            [ rebase_path(src) ],
                            "list lines")
    }
    if (special_build_selinux_gni_exist &&
        selinux_build_path_ext_updater != "default") {
      selinux_adapter_build_path =
          selinux_adapter_build_path + ":" + selinux_build_path_ext_updater
    }
  } else {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (selinux_adapter_special_build_policy_script != "default") {
    script = selinux_adapter_special_build_policy_script
  } else {
    script = "scripts/build_policy.py"
  }

  args = [
    "--dst-file",
    rebase_path(target_out_dir + "/updater/policy.31"),
    "--tool-path",
    rebase_path(root_build_dir + "/clang_${host_cpu}/thirdparty/selinux/"),
    "--source-root-dir",
    rebase_path("//"),
    "--policy_dir_list",
    selinux_adapter_build_path,
    "--debug-version",
    debug_version,
    "--updater-version",
    updater_version,
    "--components",
    selinux_adapter_components,
  ]

  if (selinux_adapter_extra_args != "default") {
    foreach(arg, string_split(selinux_adapter_extra_args, " ")) {
      args += [ arg ]
    }
  }

  external_deps = [
    "selinux:checkpolicy($host_toolchain)",
    "selinux:secilc($host_toolchain)",
  ]
  outputs = [ target_out_dir + "/updater/policy.31" ]
}

action("build_contexts") {
  inputs = exec_script("//build/scripts/find.py",
                       [ rebase_path("sepolicy") ],
                       "list lines")
  if (selinux_adapter_build_path != "default") {
    foreach(src, string_split(selinux_adapter_build_path, ":")) {
      src = "//" + src
      inputs += exec_script("//build/scripts/find.py",
                            [ rebase_path(src) ],
                            "list lines")
    }
    if (special_build_selinux_gni_exist &&
        selinux_build_path_ext != "default") {
      selinux_adapter_build_path =
          selinux_adapter_build_path + ":" + selinux_build_path_ext
    }
  } else {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (selinux_adapter_special_build_contexts_script != "default") {
    script = selinux_adapter_special_build_contexts_script
  } else {
    script = "scripts/build_contexts.py"
  }
  args = [
    "--dst-dir",
    rebase_path(target_out_dir + "/"),
    "--tool-path",
    rebase_path(root_build_dir + "/clang_${host_cpu}/thirdparty/selinux/"),
    "--policy-file",
    rebase_path(target_out_dir + "/policy.31"),
    "--source-root-dir",
    rebase_path("//"),
    "--policy_dir_list",
    selinux_adapter_build_path,
    "--components",
    selinux_adapter_components,
  ]
  if (selinux_adapter_contexts_extra_args != "default") {
    foreach(arg, string_split(selinux_adapter_contexts_extra_args, " ")) {
      args += [ arg ]
    }
  }
  deps = [ ":build_policy" ]
  external_deps = [ "selinux:sefcontext_compile($host_toolchain)" ]
  outputs = [
    target_out_dir + "/file_contexts.bin",
    target_out_dir + "/file_contexts",
    target_out_dir + "/sehap_contexts",
    target_out_dir + "/service_contexts",
    target_out_dir + "/hdf_service_contexts",
    target_out_dir + "/parameter_contexts",
  ]
}

action("build_ignore_cfg") {
  inputs = exec_script("//build/scripts/find.py",
                       [ rebase_path("sepolicy") ],
                       "list lines")
  if (selinux_adapter_build_path != "default") {
    foreach(src, string_split(selinux_adapter_build_path, ":")) {
      src = "//" + src
      inputs += exec_script("//build/scripts/find.py",
                            [ rebase_path(src) ],
                            "list lines")
    }
    if (special_build_selinux_gni_exist &&
        selinux_build_path_ext != "default") {
      selinux_adapter_build_path =
          selinux_adapter_build_path + ":" + selinux_build_path_ext
    }
  } else {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (special_build_ignore_cfg != "default") {
    script = special_build_ignore_cfg
  } else {
    script = "scripts/build_ignore_cfg.py"
  }
  args = [
    "--dst-dir",
    rebase_path(target_out_dir + "/"),
    "--source-root-dir",
    rebase_path("//"),
    "--policy-dir-list",
    selinux_adapter_build_path,
    "--components",
    selinux_adapter_components,
  ]
  outputs = [ target_out_dir + "/ignore_cfg" ]
}

action("build_updater_contexts") {
  inputs = exec_script("//build/scripts/find.py",
                       [ rebase_path("sepolicy") ],
                       "list lines")
  if (selinux_adapter_build_path != "default") {
    foreach(src, string_split(selinux_adapter_build_path, ":")) {
      src = "//" + src
      inputs += exec_script("//build/scripts/find.py",
                            [ rebase_path(src) ],
                            "list lines")
    }
    if (special_build_selinux_gni_exist &&
        selinux_build_path_ext_updater != "default") {
      selinux_adapter_build_path =
          selinux_adapter_build_path + ":" + selinux_build_path_ext_updater
    }
  } else {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (selinux_adapter_special_build_contexts_script != "default") {
    script = selinux_adapter_special_build_contexts_script
  } else {
    script = "scripts/build_contexts.py"
  }
  args = [
    "--dst-dir",
    rebase_path(target_out_dir + "/updater"),
    "--tool-path",
    rebase_path(root_build_dir + "/clang_${host_cpu}/thirdparty/selinux/"),
    "--policy-file",
    rebase_path(target_out_dir + "/updater/policy.31"),
    "--source-root-dir",
    rebase_path("//"),
    "--policy_dir_list",
    selinux_adapter_build_path,
    "--components",
    selinux_adapter_components,
  ]
  if (selinux_adapter_contexts_extra_args != "default") {
    foreach(arg, string_split(selinux_adapter_contexts_extra_args, " ")) {
      args += [ arg ]
    }
  }
  deps = [ ":build_update_policy" ]
  external_deps = [ "selinux:sefcontext_compile($host_toolchain)" ]
  outputs = [
    target_out_dir + "/updater/file_contexts.bin",
    target_out_dir + "/updater/file_contexts",
    target_out_dir + "/updater/sehap_contexts",
    target_out_dir + "/updater/service_contexts",
    target_out_dir + "/updater/hdf_service_contexts",
    target_out_dir + "/updater/parameter_contexts",
  ]
}

action("selinux_check") {
  script = "scripts/selinux_check/selinux_check_main.py"

  if (selinux_adapter_build_path == "default") {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + OHOS_PRODUCT_DIR
  }

  if (selinux_adapter_check_extend_list != "default") {
    selinux_adapter_build_path =
        selinux_adapter_build_path + ":" + selinux_adapter_check_extend_list
  }

  args = [
    "--output-path",
    rebase_path(target_out_dir),
    "--source-root-dir",
    rebase_path("//"),
    "--user-policy",
    rebase_path(target_out_dir + "/user_policy"),
    "--developer-policy",
    rebase_path(target_out_dir + "/developer/developer_policy"),
    "--tool-path",
    rebase_path(root_build_dir + "/clang_${host_cpu}/thirdparty/selinux/"),
    "--policy-dir-list",
    selinux_adapter_build_path,
  ]

  if (special_selinux_check_config != "default") {
    args += [
      "--selinux-check-config",
      special_selinux_check_config,
    ]
  } else {
    args += [
      "--selinux-check-config",
      "base/security/selinux_adapter/scripts/selinux_check/config/selinux_check.json",
    ]
  }

  outputs = [ "$target_out_dir" ]

  deps = [
    ":build_contexts",
    ":build_policy",
  ]
}

copy("selinux_config") {
  if (selinux_adapter_enforce) {
    sources = [ "config/config.enforce" ]
  } else {
    sources = [ "config/config.permissive" ]
  }
  outputs = [ "$target_out_dir/config" ]
}

copy("updater_selinux_config") {
  sources = [ "config/config.enforce" ]
  outputs = [ "$target_out_dir/updater/config" ]
}

ohos_prebuilt_etc("build_sepolicy") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/policy.31"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  if (selinux_adapter_components == "vendor") {
    relative_install_dir = "selinux/prebuild_sepolicy/"
    install_images = [ "vendor" ]
  } else if (selinux_adapter_components == "default") {
    if (!selinux_adapter_support_developer_mode) {
      source = target_out_dir + "/developer/policy.31"
    }
    relative_install_dir = "selinux/targeted/policy/"
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("build_updater_sepolicy") {
  deps = [ ":build_update_policy" ]
  source = target_out_dir + "/updater/policy.31"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/policy/"
  install_images = [ "updater" ]
}

ohos_prebuilt_etc("selinux_version") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/version"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "vendor" ]
}

ohos_prebuilt_etc("config") {
  deps = [ ":selinux_config" ]
  source = target_out_dir + "/config"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "system" ]
}

ohos_prebuilt_etc("updater_config") {
  deps = [ ":updater_selinux_config" ]
  source = target_out_dir + "/updater/config"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "updater" ]
}

ohos_prebuilt_etc("sehap_contexts") {
  deps = [ ":build_contexts" ]
  source = target_out_dir + "/sehap_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
}

ohos_prebuilt_etc("parameter_contexts") {
  deps = [ ":build_contexts" ]
  source = target_out_dir + "/parameter_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "vendor" ]
  } else {
    install_images = [
      "system",
      "updater",
    ]
  }
}

ohos_prebuilt_etc("service_contexts") {
  deps = [ ":build_contexts" ]
  source = target_out_dir + "/service_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "vendor" ]
  } else {
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("hdf_service_contexts") {
  deps = [ ":build_contexts" ]
  source = target_out_dir + "/hdf_service_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "vendor" ]
  } else {
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("file_contexts") {
  deps = [ ":build_contexts" ]
  source = target_out_dir + "/file_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "vendor" ]
  } else {
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("ignore_cfg") {
  deps = [ ":build_ignore_cfg" ]
  source = target_out_dir + "/ignore_cfg"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "vendor" ]
  } else {
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("file_contexts_updater") {
  deps = [ ":build_updater_contexts" ]
  source = target_out_dir + "/updater/file_contexts"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/targeted/contexts/"
  if (selinux_adapter_components == "vendor") {
    install_images = [ "updater_vendor" ]
  } else {
    install_images = [ "updater" ]
  }
}

ohos_prebuilt_etc("vendor_cil") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/vendor.cil"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "vendor" ]
}

if (selinux_adapter_components == "vendor") {
  ohos_prebuilt_etc("vendor_common_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/vendor_common.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "vendor" ]
  }
}

ohos_prebuilt_etc("public_cil") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/public.cil"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "vendor" ]
}

if (selinux_adapter_components == "vendor") {
  ohos_prebuilt_etc("public_common_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/public_common.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "vendor" ]
  }
}

ohos_prebuilt_etc("version_cil") {
  deps = [ ":build_policy" ]
  source =
      target_out_dir + "/compatible/$selinux_adapter_vendor_policy_version.cil"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/compatible/"
  install_images = [ "system" ]
}

ohos_prebuilt_etc("prebuild_sepolicy_system_cil_sha256") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/prebuild_sepolicy.system.cil.sha256"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "vendor" ]
}

ohos_prebuilt_etc("system_cil") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/system.cil"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "system" ]
}

if (selinux_adapter_components == "system") {
  ohos_prebuilt_etc("system_common_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/system_common.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "system" ]
  }
}

ohos_prebuilt_etc("system_cil_sha256") {
  deps = [ ":build_policy" ]
  source = target_out_dir + "/system.cil.sha256"
  license_file = "LICENSE"
  part_name = "selinux_adapter"
  subsystem_name = "security"
  relative_install_dir = "selinux/"
  install_images = [ "system" ]
}

if (selinux_adapter_support_developer_mode) {
  ohos_prebuilt_etc("system_developer_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/system.cil"
    output = "system_developer.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "system" ]
  }

  ohos_prebuilt_etc("vendor_developer_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/vendor.cil"
    output = "vendor_developer.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "vendor" ]
  }

  ohos_prebuilt_etc("public_developer_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/public.cil"
    output = "public_developer.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "vendor" ]
  }

  ohos_prebuilt_etc("version_developer_cil") {
    deps = [ ":build_policy" ]
    source = target_out_dir +
             "/developer/compatible/$selinux_adapter_vendor_policy_version.cil"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/compatible_developer/"
    install_images = [ "system" ]
  }

  ohos_prebuilt_etc("developer_policy") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/policy.31"
    output = "developer_policy"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    if (selinux_adapter_components == "vendor") {
      relative_install_dir = "selinux/prebuild_sepolicy/"
      install_images = [ "vendor" ]
    } else if (selinux_adapter_components == "default") {
      relative_install_dir = "selinux/targeted/policy/"
      install_images = [ "system" ]
    }
  }

  ohos_prebuilt_etc("prebuild_sepolicy_system_developer_cil_sha256") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/prebuild_sepolicy.system.cil.sha256"
    output = "prebuild_sepolicy.system_developer.cil.sha256"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "vendor" ]
  }

  ohos_prebuilt_etc("system_developer_cil_sha256") {
    deps = [ ":build_policy" ]
    source = target_out_dir + "/developer/system.cil.sha256"
    output = "system_developer.cil.sha256"
    license_file = "LICENSE"
    part_name = "selinux_adapter"
    subsystem_name = "security"
    relative_install_dir = "selinux/"
    install_images = [ "system" ]
  }
}

if (build_selinux && !ohos_indep_compiler_enable) {
  ohos_copy("libselinux_toolchain") {
    external_deps = [ "selinux:libselinux($host_toolchain)" ]
    sources =
        [ "$root_build_dir/clang_${host_cpu}/thirdparty/selinux/libselinux.so" ]
    outputs =
        [ "$root_build_dir/clang_${host_cpu}/security/selinux/libselinux.so" ]
    part_name = "selinux_adapter"
    subsystem_name = "security"
  }

  ohos_copy("libpcre2_toolchain") {
    external_deps = [ "pcre2:libpcre2($host_toolchain)" ]
    sources =
        [ "$root_build_dir/clang_${host_cpu}/thirdparty/pcre2/libpcre2.so" ]
    outputs =
        [ "$root_build_dir/clang_${host_cpu}/security/selinux/libpcre2.so" ]
    part_name = "selinux_adapter"
    subsystem_name = "security"
  }
}

ohos_copy("filecontexts_toolchain") {
  deps = [ ":build_contexts" ]
  sources = [ "$target_out_dir/file_contexts.bin" ]
  outputs = [ "$target_out_dir/../security/selinux/file_contexts.bin" ]
  part_name = "selinux_adapter"
  subsystem_name = "security"
}

if (selinux_adapter_components != "default") {
  copy("eng_system_compatible") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/compatible" ]
    outputs = [ "$root_out_dir/$eng_system_base_dir/etc/selinux/compatible" ]
  }

  copy("eng_system_compatible_developer") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/compatible" ]
    outputs = [
      "$root_out_dir/$eng_system_base_dir/etc/selinux/compatible_developer",
    ]
  }

  copy("eng_system_system_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/system.cil" ]
    outputs = [ "$root_out_dir/$eng_system_base_dir/etc/selinux/system.cil" ]
  }

  copy("eng_system_system_cil_sha256") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/system.cil.sha256" ]
    outputs =
        [ "$root_out_dir/$eng_system_base_dir/etc/selinux/system.cil.sha256" ]
  }

  copy("eng_system_system_common_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/system_common.cil" ]
    outputs =
        [ "$root_out_dir/$eng_system_base_dir/etc/selinux/system_common.cil" ]
  }

  copy("eng_system_system_developer_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/system.cil" ]
    outputs = [
      "$root_out_dir/$eng_system_base_dir/etc/selinux/system_developer.cil",
    ]
  }

  copy("eng_system_system_developer_cil_sha256") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/system.cil.sha256" ]
    outputs = [ "$root_out_dir/$eng_system_base_dir/etc/selinux/system_developer.cil.sha256" ]
  }

  copy("eng_chipset_developer_policy") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/policy.31" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/prebuild_sepolicy/developer_policy" ]
  }

  copy("eng_chipset_policy") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/policy.31" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/prebuild_sepolicy/policy.31" ]
  }

  copy("eng_chipset_system_cil_sha256") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/prebuild_sepolicy.system.cil.sha256" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/prebuild_sepolicy.system.cil.sha256" ]
  }

  copy("eng_chipset_system_developer_cil_sha256") {
    deps = [ ":build_policy" ]
    sources =
        [ "$target_out_dir/developer/prebuild_sepolicy.system.cil.sha256" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/prebuild_sepolicy.system_developer.cil.sha256" ]
  }

  copy("eng_chipset_public_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/public.cil" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/public.cil" ]
  }

  copy("eng_chipset_public_common_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/public_common.cil" ]
    outputs =
        [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/public_common.cil" ]
  }

  copy("eng_chipset_public_developer_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/public.cil" ]
    outputs = [
      "$root_out_dir/$eng_chipset_base_dir/etc/selinux/public_developer.cil",
    ]
  }

  copy("eng_chipset_vendor_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/vendor.cil" ]
    outputs = [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/vendor.cil" ]
  }

  copy("eng_chipset_vendor_common_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/vendor_common.cil" ]
    outputs =
        [ "$root_out_dir/$eng_chipset_base_dir/etc/selinux/vendor_common.cil" ]
  }

  copy("eng_chipset_vendor_developer_cil") {
    deps = [ ":build_policy" ]
    sources = [ "$target_out_dir/developer/vendor.cil" ]
    outputs = [
      "$root_out_dir/$eng_chipset_base_dir/etc/selinux/vendor_developer.cil",
    ]
  }

  group("eng_system_selinux_group") {
    deps = [
      ":eng_system_compatible",
      ":eng_system_compatible_developer",
      ":eng_system_system_cil",
      ":eng_system_system_cil_sha256",
      ":eng_system_system_common_cil",
      ":eng_system_system_developer_cil",
      ":eng_system_system_developer_cil_sha256",
      ":filecontexts_toolchain",
    ]
  }

  group("eng_chipset_selinux_group") {
    deps = [
      ":eng_chipset_developer_policy",
      ":eng_chipset_policy",
      ":eng_chipset_public_cil",
      ":eng_chipset_public_common_cil",
      ":eng_chipset_public_developer_cil",
      ":eng_chipset_system_cil_sha256",
      ":eng_chipset_system_developer_cil_sha256",
      ":eng_chipset_vendor_cil",
      ":eng_chipset_vendor_common_cil",
      ":eng_chipset_vendor_developer_cil",
      ":filecontexts_toolchain",
    ]
  }
}

group("selinux_group") {
  if (build_selinux) {
    if (!ohos_indep_compiler_enable) {
      deps = [
        ":build_updater_sepolicy",
        ":config",
        ":file_contexts",
        ":file_contexts_updater",
        ":filecontexts_toolchain",
        ":hap_restorecon",
        ":hdf_service_contexts",
        ":ignore_cfg",
        ":libpcre2_toolchain",
        ":libselinux_toolchain",
        ":load_policy",
        ":param_check",
        ":parameter_contexts",
        ":restorecon",
        ":sehap_contexts",
        ":selinux_check",
        ":service_check",
        ":service_contexts",
        ":updater_config",
      ]
      external_deps = [
        "selinux:checkpolicy($host_toolchain)",
        "selinux:chkcon",
        "selinux:getenforce",
        "selinux:getfilecon",
        "selinux:getpidcon",
        "selinux:secilc",
        "selinux:secilc($host_toolchain)",
        "selinux:sefcontext_compile($host_toolchain)",
        "selinux:selinux_check_access",
        "selinux:selinuxexeccon",
        "selinux:setenforce",
        "selinux:setfilecon",
      ]
      if (selinux_adapter_components == "system") {
        deps += [
          ":system_cil",
          ":system_cil_sha256",
          ":system_common_cil",
          ":version_cil",
        ]
        if (selinux_adapter_support_developer_mode) {
          deps += [
            ":system_developer_cil",
            ":system_developer_cil_sha256",
            ":version_developer_cil",
          ]
        }
      } else if (selinux_adapter_components == "vendor") {
        deps += [
          ":build_sepolicy",
          ":prebuild_sepolicy_system_cil_sha256",
          ":public_cil",
          ":public_common_cil",
          ":selinux_version",
          ":vendor_cil",
          ":vendor_common_cil",
        ]
        if (selinux_adapter_support_developer_mode) {
          deps += [
            ":developer_policy",
            ":prebuild_sepolicy_system_developer_cil_sha256",
            ":public_developer_cil",
            ":vendor_developer_cil",
          ]
        }
      } else {
        deps += [ ":build_sepolicy" ]
        if (selinux_adapter_support_developer_mode) {
          deps += [ ":developer_policy" ]
        }
      }
    } else {
      deps = [
        ":hap_restorecon",
        ":load_policy",
        ":param_check",
        ":restorecon",
        ":service_check",
      ]
    }
  }
}