Commit graph

18 commits

Author SHA1 Message Date
Tom Cherry
882faa6448 Verify the SELabels used in property_contexts
Verify that the SELabels used in property_contexts correspond to a
real type in the SEPolicy and that this type has the property_type attribute.

Bug: 74078792
Test: Build property_contexts on bullhead successfully
Test: See failure when using a faulty SELabel in property_contexts
Change-Id: If1618c2c3dae4c0cd3efa5f88056478a6db6bd0b
2018-03-26 09:22:55 -07:00
Tom Cherry
927c5d5fdc Introduce property types
Properties right now can take any format, but that makes it hard to
specify an API for these properties as Treble intends to do.
Therefore this change introduces the idea of property types, described below.

1) 'string' this is the default type and allows any property to be set.
2) 'bool' this allows only boolean values (true|false|1|0)
3) 'int' and 'uint' these allow signed and unsigned integer values
respectively.
4) 'double' this allows floating point numbers with double precision.
5) 'size' this allows for strings matching [0-9]+[gkm].
6) 'enum' this allows only a specific set of space deliminated values
to be set, e.g. 'enum allow these strings' only allows one of 'allow',
'these', or 'strings' to be set.

Bug: 70858511
Test: unit tests, test that properties are only set if their type matches
Change-Id: I7a6b00fb43ec630d1f56c9e9a1f1b61d3914f603
2018-01-16 14:44:40 -08:00
Tom Cherry
4094e5ee2e Rename property 'schema' to 'type'
Bug: 70858511
Test: boot
Change-Id: I8e17596ddd8393f245c7e02ff72765c84d3bb208
2018-01-11 16:26:50 -08:00
Tom Cherry
91094e06ce Reland: Add getprop to toolbox
Add a non-toybox version of getprop, so that we can interface with the
new C++ PropertyInfoAreaFile class to return property context
information.

Bug: 36001741
Test: Compared toolbox getprop results with toybox getprop
Change-Id: I4e90aa5b843cb5cfcbe85f05f23ae8e22729b26e
2018-01-10 11:26:24 -08:00
Tom Cherry
106a0d3266 Properties: remove sanitizers
These are broken on OS X and host linux with the latest clang, so time
to disable this across the board before we hit even more unexpected
breakages.

Test: Boot bullhead
Change-Id: I405f5d96675d20f325853ee29049d80eb009bbd8
2018-01-09 21:45:47 +00:00
Tom Cherry
e69ba761a3 Revert "Add getprop to toolbox"
This reverts commit c73497e17a.

Change-Id: Id6b84c86781a6ad7b675c10f142c3daa4117ec46
2018-01-09 15:53:00 +01:00
Tom Cherry
acaeeeed73 Merge "Add getprop to toolbox" 2018-01-08 22:32:16 +00:00
Tom Cherry
c73497e17a Add getprop to toolbox
Add a non-toybox version of getprop, so that we can interface with the
new C++ PropertyInfoAreaFile class to return property context
information.

Bug: 36001741
Test: Compared toolbox getprop results with toybox getprop
Change-Id: I5f98f9e895d0620a2d9686bc0608490e7d9c3120
2018-01-08 12:36:44 -08:00
Tom Cherry
99a415038b Make property_info_checker a static executable for CTS
property_info_checker is packaged with CTS, therefore it should be a
static exectuable to not require shared libraries.

Bug: 36001741
Test: CTS SELinuxHostTest#testValidPropertyContexts
Change-Id: Ib139094f8217e3d829677ab92b8450287a65d3f7
2018-01-05 13:56:27 -08:00
Andreas Gampe
e4c9acb767 PropertyService: Exclude sanitization for darwin
This doesn't seem to work. All other projects restrict sanitization,
too.

Mac build not actually tested.

Test: m
Test: linux host build still contains ubsan symbols
Change-Id: I60532a46177632320ba3b15b4a7c2d5e31ef2bfc
2018-01-04 19:25:52 -08:00
Tom Cherry
919458c350 Create a host side checker for property info file correctness
Bug: 36001741
Test: verify a valid property info file and fail due to various failures
Change-Id: Iadd38796aa619f87ec559fe5687bbe2009df8b2d
2018-01-04 22:00:11 +00:00
Tom Cherry
b6917a3c99 Add OWNERS file
Change-Id: I13315585ecc74978689d0e033ce93a94b1560d1d
Exempted-From-Owner-Approval: Vacation
2018-01-04 13:54:45 -08:00
Tom Cherry
f5ed661f72 Only apply match if there is something to apply
It is possible for a match to only contain a context and not a schema,
or vice versa and in this case, the previously matched values should
continue to be used.  The serializer already handles this case by
setting the index of the match to ~0u if there is not one, so this
change simply has the parser skip these values.

Bug: 70858511
Test: unit tests, including new ones
Change-Id: Ibc65bd8d637e39f3b1ce7bcc2b88189b75173f88
2017-12-19 16:47:21 -08:00
Treehugger Robot
5b6c9f5fb2 Merge "Include what we use." 2017-12-14 23:52:55 +00:00
Tom Cherry
26eba2879d Always check prefix matches array at each node
Currently, we only check if the name of a given node in the trie is a
prefix match and the prefix matches array of the final node.  This is
incorrect however, as the prefix matches array of intermediate nodes
may contain the prefix for a given property.  This change adds that
check and test cases for this case.

Bug: 36001741
Test: new unit tests
Change-Id: I9f58ebc559f2ac591aa44df9e71205704bf18f66
2017-12-13 16:58:33 -08:00
Dan Albert
629c292dbb Include what we use.
Test: mma
Bug: None
Change-Id: Id8742db719906847bf40506ae8a79cea8bc092dc
Exempt-From-Owner-Approval: trivial cleanup
2017-12-13 13:41:14 -08:00
Tom Cherry
8cc596208c Add an extra set of test cases for libpropertyinfoparser
Test to ensure that exact matches and prefix matches at the root level
work.

Test: these test cases
Change-Id: Idb296329c4c4f1bb1ba336b5cb12d5761239fbf8
2017-12-12 17:33:55 -08:00
Tom Cherry
d853f77ed3 Parse property contexts via a serialized trie
Currently, whenever a new program starts, libc initializes two data
structures related to properties from the raw property_context files.
There are two problems here,
1) This takes roughly 1.2ms on a trivial program to generate contents
   that could otherwise be cached.
2) One of the data structures is a descending list of prefixes, each
   of which needs to be checked, whereas a trie would be more
   efficient.

This change introduces two libraries,
1) libpropertycontextserializer meant to be used by property_service
   to create a serialized trie containing all of the property
   contexts.
2) libpropertycontextparser meant to be used by libc's property
   functions to parse this serialized trie during property lookup.

This new trie also contains the ability to have exact matches instead
of prefix matches for properties, which was not possible before.

Bug: 36001741
Change-Id: I42324f04c4d995a0e055e9685d79f40393dfca51
2017-12-11 16:11:42 -08:00