tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Modify checkfc to check (vnd|hw)service_manager_type.

Browse source 
added checkfc options 'l' and 'v' to verify hwservice_manager_type
and vndservice_manager_type on service context files, respectively.

The checkfc call to verify the new hwservice_contexts files will
be added together with hwservicemanager ACL CLs later.

Bug: 34454312
Bug: 36052864
Test: device boots, works
Change-Id: Ie3b56da30be47c95a6b05d1bc5e5805acb809783
This commit is contained in:
Martijn Coenen 2017-04-06 13:22:44 -07:00
parent ed3458c2ee
commit d48d54a3a1
2 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Android.mk
View file

@ -1091,7 +1091,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@mkdir -p $(dir $@)
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -v $(PRIVATE_SEPOLICY) -e $@
vnd_svcfiles :=
vndservice_contexts.tmp :=

29
tools/checkfc.c
View file

@ -15,12 +15,16 @@
static const char * const CHECK_FC_ASSERT_ATTRS[] = { "fs_type", "dev_type", "file_type", NULL };
static const char * const CHECK_PC_ASSERT_ATTRS[] = { "property_type", NULL };
static const char * const CHECK_SC_ASSERT_ATTRS[] = { "service_manager_type", NULL };
static const char * const CHECK_HW_SC_ASSERT_ATTRS[] = { "hwservice_manager_type", NULL };
static const char * const CHECK_VND_SC_ASSERT_ATTRS[] = { "vndservice_manager_type", NULL };
typedef enum filemode filemode;
enum filemode {
filemode_file_contexts = 0,
filemode_property_contexts,
filemode_service_contexts
filemode_service_contexts,
filemode_hw_service_contexts,
filemode_vendor_service_contexts
};
static struct {
@ -55,6 +59,10 @@ static const char * const *filemode_to_assert_attrs(filemode mode)
return CHECK_PC_ASSERT_ATTRS;
case filemode_service_contexts:
return CHECK_SC_ASSERT_ATTRS;
case filemode_hw_service_contexts:
return CHECK_HW_SC_ASSERT_ATTRS;
case filemode_vendor_service_contexts:
return CHECK_VND_SC_ASSERT_ATTRS;
}
/* die on invalid parameters */
fprintf(stderr, "Error: Invalid mode of operation: %d\n", mode);
@ -185,10 +193,13 @@ static int validate(char **contextp)
}
static void usage(char *name) {
fprintf(stderr, "usage1: %s [-p|-s] [-e] sepolicy context_file\n\n"
fprintf(stderr, "usage1: %s [-l|-p|-s|-v] [-e] sepolicy context_file\n\n"
"Parses a context file and checks for syntax errors.\n"
"The context_file is assumed to be a file_contexts file\n"
"unless the -p or -s option is used to indicate the property or service backend respectively.\n"
"If -p is specified, the property backend is used.\n"
"If -s is specified, the service backend is used to verify binder services.\n"
"If -l is specified, the service backend is used to verify hwbinder services.\n"
"If -v is specified, the service backend is used to verify vndbinder services.\n"
"Otherwise, context_file is assumed to be a file_contexts file\n"
"If -e is specified, then the context_file is allowed to be empty.\n\n"
"usage2: %s -c file_contexts1 file_contexts2\n\n"
@ -332,7 +343,7 @@ int main(int argc, char **argv)
filemode mode = filemode_file_contexts;
while ((c = getopt(argc, argv, "cpse")) != -1) {
while ((c = getopt(argc, argv, "clpsve")) != -1) {
switch (c) {
case 'c':
compare = true;
@ -348,6 +359,14 @@ int main(int argc, char **argv)
mode = filemode_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE;
break;
case 'l':
mode = filemode_hw_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE;
break;
case 'v':
mode = filemode_vendor_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE;
break;
case 'h':
default:
usage(argv[0]);