For automotive (and I assume for other verticals) it make sense to keep
vertical-specific policies outside of /system/sepolicy as those not used
by the phones. However, there's no way to do it rather than using
BOARD_PLAT_{PUBLIC|PRIVATE}_SEPOLICY_DIR build variables.
Bug: 70637118
Test: lunch bat_land-userdebug && m
Test: verify it builds, boots and logs seems to be reasonable
Test: enable full treble for aosp_car_x86 - verify it builds, boots and
no denials in the logs
Change-Id: Ia5fd847f7a6152ff6cf99bbbc12e1e322f7946ab
This will test that system/sepolicy/{public/, private/} are identical to
prebuilts if PLATFORM_SEPOLICY_VERSION is not 10000.0.
Bug: 74622750
Test: build policy
Test: correctly catches divergence from prebuilts for frozen policies
Change-Id: I2fa14b672544a021c2d42ad5968dfbac21b72f6a
(cherry picked from commit 81198bb8bb)
Use the user policy when running the compatibility tests.
Bug: 74344625
Test: Built policy for many devices. Booted one device.
Test: Delete some compat rules, verify error on userdebug.
Change-Id: Ib2df2dfc06cdf55a839011e9a528e76160a9e436
(cherry picked from commit c148621815)
Verify that the SELabels used in property_contexts correspond to a
real type in the SEPolicy and that this type has the property_type attribute.
Additionally add a check that vendor property_context files do not
duplicate entries in plat property_contexts, and a similar check that
odm property_contexts doesn't duplicate either plat or vendor
property_contexts.
Bug: 74078792
Test: Build property_contexts on bullhead successfully
Test: See failure when using a faulty SELabel in property_contexts
Test: See failure when duplicating label in vendor and plat property_contexts
Change-Id: I4d2338dab68f1c5a8ed110aa7821f0677f61bafb
(cherry picked from commit a15df75ddf)
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
Merged-In: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
(cherry picked from commit ad6231f546)
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: Ibd71219f60644e57370c0293decf11d82f1cb35c
Merged-In: Ibd71219f60644e57370c0293decf11d82f1cb35c
(cherry picked from commit 1f717b1001)
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I087292fb23d05fc17272778d668ac78a721b2593
Merged-In: I087292fb23d05fc17272778d668ac78a721b2593
(cherry picked from commit bae1517a58)
This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
- BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy
Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.
Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
Merged-In: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
(cherry picked from commit 45457e3a2b)
When building userdebug or eng builds, we still want to build the user
policy when checking neverallow rules so that we can catch compile
errors.
Commit c0713e86 split out a helper function but lost one instance of
using user instead of the real variant. This restores that one and
adds it to the neverallow check.
Bug: 74344625
Test: Added a rule that referred to a type defined only
in userdebug and eng and ensure we throw a compile error when building
userdebug mode.
Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
The intent of this flag is to disable tests during early device
bringup so that vendor drops can occur without build breakages.
When SELINUX_IGNORE_NEVERALLOWS=true also disable labeling tests
sepolicy_tests, and treble_sepolicy_tests.
Bug: 73322735
Test: build, verify known tests failures do not cause build breakage.
Change-Id: I3e7165938d4e34c066bfa0a20e68b7e02dae4a24
This is a list of sepolicy versions that the framework supports.
Test: builds and boots
Bug: 67920434
Change-Id: I0f408fa3967214b47a64101760dbbb2542023dcf
The feature of compatible property has its own neverallow rules and it
is enforced on devices launchig with Android P.
This CL changes hal_nfc to hal_nfc_server in neverallow rules because
sepolicy-analyze doesn't recognize it. Additionally one more neverallow
rule is added to restrict reading nfc_prop.
Bug: 72013705
Bug: 72678352
Test: 'run cts -m CtsSecurityHostTestCases' on walleye with
ro.product.first_api_level=28
Change-Id: I753cc81f7ca0e4ad6a2434b2a047052678f57671
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.
The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.
Bug: 64240127
Test: build bullhead/taimen
Change-Id: Ie0ae4fc5256a550c72954cde5d5dd213a22d159a
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot bullhead/taimen
Change-Id: Iea2210c9c8ab30c9ecbcd8146f074e76e90e6943
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.
The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.
Bug: 64240127
Test: build and boot a device
Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil
is the same as before
Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
This patch adds a flag that can be used to ignore neverallow rules.
By adding
SELINUX_IGNORE_NEVERALLOWS := true
into the BoardConfig.mk file, neverallow violations will be ignored
silently. This flag can only be enabled on userdebug and eng builds.
Users of this flag should be very careful. Since it does not work on
user builds, it must be disabled to pass CTS, and enabling it for
too long could hide issues that need to be addressed.
As a happy side effect, this patch should also improve the error
messages when violating a neverallow rules. Specifically, the file
and line number should be correct.
Bug: 70950899
Bug: 33960443
Test: Built walleye-{user,eng} with and without this new option and
a neverallow violation. Built policy for all targets.
Change-Id: Id0d65123cdd230d6b90faa6bb460d544054bb906
This CL lists all the exported platform properties in
private/exported_property_contexts.
Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.
Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.
Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
1) fc_sort is not needed as there is no reason to sort system
properties, so this is removed and replaced with a simply copy
2) Use the new property_info_checker instead of checkfc for
validating property information. This supports exact match
properties and will be extended to verify property schemas in the
future.
Bug: 36001741
Test: verify bullhead's property contexts correct
Test: verify faulty property contexts result in failures
Change-Id: Id9bbf401f385206e6907449a510e3111424ce59e
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: I53a9715b2f9ddccd214f4cf9ef081ac426721612
PRODUCT_FULL_TREBLE is being broken up into smaller,
more manageable components.
Bug: 62019611
Test: manual
Change-Id: I9b65f120851d9ea134a0059a417f0282777717fc
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
(cherry-pick of commit: 03596f28a4)
Bug: 66358348
Test: File is included on system image.
Change-Id: Ie694061d08acf17453feb596480e42974f8c714c
Allows partners to add a new attribute definition to their public
policy without causing a compatibility failure with the AOSP system
image.
Bug: 67092827
Bug: 37915794
Test: build and boot aosp_sailfish with new type declared in public
policy
Change-Id: I015c26fa7c399423e8a6e7079b5689007d031479
FAILED:
out/target/product/sailfish/obj/ETC/treble_sepolicy_tests_intermediates/treble_sepolicy_tests
Error: library-path out/host/darwin-x86/lib64/libsepolwrap.so
does not exist
Note, fixing here instead of reverting to avoid reverting
changes in CTS.
Test: ctate testing on Mac
Change-Id: I95f483b152d9bece1a16267cbc49eedb1f902990
Bug: 37008075
Test: build, all tests pass. Modify some attributes locally to
cause tests to fail (verify that they are actually working).
Change-Id: If9f9ece61dff835f38ef9c8a57f5a7baddbae5cd
This is a necessary for enforcing these tests in CTS.
Bug: 37008075
Test: build
Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
(cherry picked from commit 8d614b3f81)
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
(cherry-pick of commit: 03596f28a4)
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
