From 77c44fc420674fb55b819a12c11baea520a3ab2e Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Tue, 5 Jun 2018 14:11:08 -0700 Subject: [PATCH] Mechanism to exclude neverallows from *TS. build_test_only is used to denote rules that should not verified as part of compliance testing. Use this macro to exclude neverallow rules which we want to check as part of build, but not CTS. Bug: 80499271 Test: SELinuxNeverallowRulesTest on walleye has no more failure of type "Type or attribute * used in neverallow undefined in policy being checked." Number of failing test cases is reduced by 142. Test: policy.conf used to check neverallows at build-time still retains all neverallow rules. Change-Id: I5f1b383d9096bb5a7b8c0f1bc008b5dd07419580 --- Android.mk | 1 + definitions.mk | 1 + public/te_macros | 19 ++++++++++++++++--- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Android.mk b/Android.mk index e1adea4ca..729f3b419 100644 --- a/Android.mk +++ b/Android.mk @@ -769,6 +769,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch) $(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts $(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts +$(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true $(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) $(transform-policy-to-conf) diff --git a/definitions.mk b/definitions.mk index 4b9e0989b..36b75ac04 100644 --- a/definitions.mk +++ b/definitions.mk @@ -10,6 +10,7 @@ $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \ -D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \ -D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \ + -D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \ $(PRIVATE_TGT_RECOVERY) \ -s $^ > $@ endef diff --git a/public/te_macros b/public/te_macros index 949cad96a..cdfdc89ee 100644 --- a/public/te_macros +++ b/public/te_macros @@ -213,10 +213,15 @@ expandattribute hal_$1_client true; attribute hal_$1_server; expandattribute hal_$1_server false; -neverallow { hal_$1_server -hal_$1 } domain:process fork; neverallow { hal_$1_server -halserverdomain } domain:process fork; +# hal_*_client and halclientdomain attributes are always expanded for +# performance reasons. Neverallow rules targeting expanded attributes can not be +# verified by CTS since these attributes are already expanded by that time. +build_test_only(` +neverallow { hal_$1_server -hal_$1 } domain:process fork; neverallow { hal_$1_client -halclientdomain } domain:process fork; ') +') ##################################### # hal_server_domain(domain, hal_type) @@ -498,6 +503,12 @@ define(`userbuild', ifelse(target_build_variant, `user', $1, )) # define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), )) +##################################### +# Build-time-only test +# SELinux rules which are verified during build, but not as part of *TS testing. +# +define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1)) + #################################### # Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp). # @@ -613,7 +624,9 @@ define(`add_hwservice', ` # Used to pair hal_foo_client with hal_foo_hwservice define(`hal_attribute_hwservice', ` allow $1_client $2:hwservice_manager find; - neverallow { domain -$1_client -$1_server } $2:hwservice_manager find; - add_hwservice($1_server, $2) + + build_test_only(` + neverallow { domain -$1_client -$1_server } $2:hwservice_manager find; + ') ')