tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/tests/policy.py

158 lines
5.5 KiB
Python
Raw Normal View History

Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
from ctypes import *
import re
import os
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
import sys
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
class TERule:
def __init__(self, rule):
data = rule.split(',')
self.flavor = data[0]
self.sctx = data[1]
self.tctx = data[2]
self.tclass = data[3]
self.perms = set((data[4].strip()).split(' '))
self.rule = rule
class Policy:
__Rules = None
__FcDict = None
__libsepolwrap = None
__policydbP = None
# Return all file_contexts entries that map to the input Type.
def QueryFc(self, Type):
if Type in self.__FcDict:
return self.__FcDict[Type]
else:
return None
# Return all attributes associated with a type if IsAttr=False or
# all types associated with an attribute if IsAttr=True
def QueryTypeAttribute(self, Type, IsAttr):
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
init_type_iter = self.__libsepolwrap.init_type_iter
init_type_iter.restype = c_void_p
TypeIterP = init_type_iter(c_void_p(self.__policydbP),
create_string_buffer(Type), c_bool(IsAttr))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if (TypeIterP == None):
sys.exit("Failed to initialize type iterator")
buf = create_string_buffer(2048)
while True:
ret = self.__libsepolwrap.get_type(buf, c_int(2048),
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
c_void_p(self.__policydbP), c_void_p(TypeIterP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if ret == 0:
yield buf.value
continue
if ret == 1:
break;
# We should never get here.
sys.exit("Failed to import policy")
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
self.__libsepolwrap.destroy_type_iter(c_void_p(TypeIterP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
# Return all TERules that match:
# (any scontext) or (any tcontext) or (any tclass) or (any perms),
# perms.
# Any unspecified paramenter will match all.
#
# Example: QueryTERule(tcontext=["foo", "bar"], perms=["entrypoint"])
# Will return any rule with:
# (tcontext="foo" or tcontext="bar") and ("entrypoint" in perms)
def QueryTERule(self, **kwargs):
if self.__Rules is None:
self.__InitTERules()
for Rule in self.__Rules:
# Match source type
if "scontext" in kwargs and Rule.sctx not in kwargs['scontext']:
continue
# Match target type
if "tcontext" in kwargs and Rule.tctx not in kwargs['tcontext']:
continue
# Match target class
if "tclass" in kwargs and Rule.tclass not in kwargs['tclass']:
continue
# Match any perms
if "perms" in kwargs and not bool(Rule.perms & set(kwargs['perms'])):
continue
yield Rule
def __GetTERules(self, policydbP, avtabIterP):
if self.__Rules is None:
self.__Rules = set()
buf = create_string_buffer(2048)
ret = 0
while True:
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
ret = self.__libsepolwrap.get_allow_rule(buf, c_int(2048),
c_void_p(policydbP), c_void_p(avtabIterP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if ret == 0:
Rule = TERule(buf.value)
self.__Rules.add(Rule)
continue
if ret == 1:
break;
# We should never get here.
sys.exit("Failed to import policy")
def __InitTERules(self):
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
init_avtab = self.__libsepolwrap.init_avtab
init_avtab.restype = c_void_p
avtabIterP = init_avtab(c_void_p(self.__policydbP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if (avtabIterP == None):
sys.exit("Failed to initialize avtab")
self.__GetTERules(self.__policydbP, avtabIterP)
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
self.__libsepolwrap.destroy_avtab(c_void_p(avtabIterP))
init_cond_avtab = self.__libsepolwrap.init_cond_avtab
init_cond_avtab.restype = c_void_p
avtabIterP = init_cond_avtab(c_void_p(self.__policydbP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if (avtabIterP == None):
sys.exit("Failed to initialize conditional avtab")
self.__GetTERules(self.__policydbP, avtabIterP)
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
self.__libsepolwrap.destroy_avtab(c_void_p(avtabIterP))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
# load ctypes-ified libsepol wrapper
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
def __InitLibsepolwrap(self, LibPath):
if "linux" in sys.platform:
self.__libsepolwrap = CDLL(LibPath + "/libsepolwrap.so")
elif "darwin" in sys.platform:
self.__libsepolwrap = CDLL(LibPath + "/libsepolwrap.dylib")
else:
sys.exit("only Linux and Mac currrently supported")
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
# load file_contexts
def __InitFC(self, FcPaths):
fc = []
for path in FcPaths:
if not os.path.exists(path):
sys.exit("file_contexts file " + path + " does not exist.")
fd = open(path, "r")
fc += fd.readlines()
fd.close()
self.__FcDict = {}
for i in fc:
rec = i.split()
try:
t = rec[-1].split(":")[2]
if t in self.__FcDict:
self.__FcDict[t].append(rec[0])
else:
self.__FcDict[t] = [rec[0]]
except:
pass
# load policy
def __InitPolicy(self, PolicyPath):
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
load_policy = self.__libsepolwrap.load_policy
load_policy.restype = c_void_p
self.__policydbP = load_policy(create_string_buffer(PolicyPath))
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
if (self.__policydbP is None):
sys.exit("Failed to load policy")
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
def __init__(self, PolicyPath, FcPaths, LibPath):
self.__InitLibsepolwrap(LibPath)
Verify correct application of labels and attributes With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf14000da84e5350fff169346594639488)
2017-05-25 18:53:47 +02:00
self.__InitFC(FcPaths)
self.__InitPolicy(PolicyPath)
def __del__(self):
if self.__policydbP is not None:
Run Treble sepolicy tests at build time Bug: 37008075 Test: build policy on Marlin Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544 (cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
2017-06-01 00:36:07 +02:00
self.__libsepolwrap.destroy_policy(c_void_p(self.__policydbP))
Reference in a new issue Copy permalink