Modify checkfc to check (vnd|hw)service_manager_type.

added checkfc options 'l' and 'v' to verify hwservice_manager_type
and vndservice_manager_type on service context files, respectively.

The checkfc call to verify the new hwservice_contexts files will
be added together with hwservicemanager ACL CLs later.

Bug: 34454312
Bug: 36052864
Test: device boots, works
Change-Id: Ie3b56da30be47c95a6b05d1bc5e5805acb809783
This commit is contained in:
Martijn Coenen 2017-04-06 13:22:44 -07:00
parent ed3458c2ee
commit d48d54a3a1
2 changed files with 25 additions and 6 deletions

View file

@ -1091,7 +1091,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP) $(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
sed -e 's/#.*$$//' -e '/^$$/d' $< > $@ sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@ $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -v $(PRIVATE_SEPOLICY) -e $@
vnd_svcfiles := vnd_svcfiles :=
vndservice_contexts.tmp := vndservice_contexts.tmp :=

View file

@ -15,12 +15,16 @@
static const char * const CHECK_FC_ASSERT_ATTRS[] = { "fs_type", "dev_type", "file_type", NULL }; static const char * const CHECK_FC_ASSERT_ATTRS[] = { "fs_type", "dev_type", "file_type", NULL };
static const char * const CHECK_PC_ASSERT_ATTRS[] = { "property_type", NULL }; static const char * const CHECK_PC_ASSERT_ATTRS[] = { "property_type", NULL };
static const char * const CHECK_SC_ASSERT_ATTRS[] = { "service_manager_type", NULL }; static const char * const CHECK_SC_ASSERT_ATTRS[] = { "service_manager_type", NULL };
static const char * const CHECK_HW_SC_ASSERT_ATTRS[] = { "hwservice_manager_type", NULL };
static const char * const CHECK_VND_SC_ASSERT_ATTRS[] = { "vndservice_manager_type", NULL };
typedef enum filemode filemode; typedef enum filemode filemode;
enum filemode { enum filemode {
filemode_file_contexts = 0, filemode_file_contexts = 0,
filemode_property_contexts, filemode_property_contexts,
filemode_service_contexts filemode_service_contexts,
filemode_hw_service_contexts,
filemode_vendor_service_contexts
}; };
static struct { static struct {
@ -55,6 +59,10 @@ static const char * const *filemode_to_assert_attrs(filemode mode)
return CHECK_PC_ASSERT_ATTRS; return CHECK_PC_ASSERT_ATTRS;
case filemode_service_contexts: case filemode_service_contexts:
return CHECK_SC_ASSERT_ATTRS; return CHECK_SC_ASSERT_ATTRS;
case filemode_hw_service_contexts:
return CHECK_HW_SC_ASSERT_ATTRS;
case filemode_vendor_service_contexts:
return CHECK_VND_SC_ASSERT_ATTRS;
} }
/* die on invalid parameters */ /* die on invalid parameters */
fprintf(stderr, "Error: Invalid mode of operation: %d\n", mode); fprintf(stderr, "Error: Invalid mode of operation: %d\n", mode);
@ -185,10 +193,13 @@ static int validate(char **contextp)
} }
static void usage(char *name) { static void usage(char *name) {
fprintf(stderr, "usage1: %s [-p|-s] [-e] sepolicy context_file\n\n" fprintf(stderr, "usage1: %s [-l|-p|-s|-v] [-e] sepolicy context_file\n\n"
"Parses a context file and checks for syntax errors.\n" "Parses a context file and checks for syntax errors.\n"
"The context_file is assumed to be a file_contexts file\n" "If -p is specified, the property backend is used.\n"
"unless the -p or -s option is used to indicate the property or service backend respectively.\n" "If -s is specified, the service backend is used to verify binder services.\n"
"If -l is specified, the service backend is used to verify hwbinder services.\n"
"If -v is specified, the service backend is used to verify vndbinder services.\n"
"Otherwise, context_file is assumed to be a file_contexts file\n"
"If -e is specified, then the context_file is allowed to be empty.\n\n" "If -e is specified, then the context_file is allowed to be empty.\n\n"
"usage2: %s -c file_contexts1 file_contexts2\n\n" "usage2: %s -c file_contexts1 file_contexts2\n\n"
@ -332,7 +343,7 @@ int main(int argc, char **argv)
filemode mode = filemode_file_contexts; filemode mode = filemode_file_contexts;
while ((c = getopt(argc, argv, "cpse")) != -1) { while ((c = getopt(argc, argv, "clpsve")) != -1) {
switch (c) { switch (c) {
case 'c': case 'c':
compare = true; compare = true;
@ -348,6 +359,14 @@ int main(int argc, char **argv)
mode = filemode_service_contexts; mode = filemode_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE; backend = SELABEL_CTX_ANDROID_SERVICE;
break; break;
case 'l':
mode = filemode_hw_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE;
break;
case 'v':
mode = filemode_vendor_service_contexts;
backend = SELABEL_CTX_ANDROID_SERVICE;
break;
case 'h': case 'h':
default: default:
usage(argv[0]); usage(argv[0]);