We need to be able to access app data files from core domains such as
installd even for vendor apps. Those file types should not be
core_data_file_type, so we explicitly exempty app_data_file_type as
well as core_data_file_type from the relevant neverallows.
To prevent misuse of the attribute, add a test to check it is not
applied to anything in file_contexts. Exempt the existing violators in
system policy for now.
Test: Builds
Test: Adding a type with just "file_type, data_file_type, app_data_file_type" works
Test: New test successfully catches violators.
Bug: 171795911
Change-Id: I07bf3ec3db615f8b7a33d8235da5e6d8e2508975
Since many files can correspond to the same error, it can be hard to see
which file is causing the error for an attribute
Example, here I couldn't find which file was 'vendor_file':
The following types on / must be associated with the "no_fs_type"
attribute: vendor_file
corresponding to files: /cache/overlay/oem/upper
Bug: 154851797
Test: see above example
Change-Id: Ic96536da3ce55ccc5f600579b9f6b1b4f56fc93d
system_property_type and vendor_property_type can't be assigned
together. For example, the following policy snippet will fail.
system_public_prop(foo_prop)
typeattribute foo_prop vendor_property_type;
product_property_type is currently synonym for system_property_type, so
we only check those two.
Bug: 171437654
Test: m selinux_policy
Test: add "typeattribute default_prop vendor_property_type;" to
property.te and then "m selinux_policy"
Change-Id: I1cdbf3d04264bb045568c30f19339dfe3889dbb4
Types in sysfs should have the sysfs_type attribute, types in
debugfs and tracefs should have the debugfs_type attribute.
TODO: Test that files in procfs have the proc_type attribute.
TODO: Assert these tests in CTS.
Bug: 74182216
Test: build - these are build-time tests.
Change-Id: Icf0ff2a26c05f94da421ba23df0b92d8eef906bf
Two areas need better coverage:
1. Tests are not verifying that files in /data/vendor do not have the
core_data_file_type attribute.
2. No error is thrown if a type lives in both /data/vendor
/data/<not vendor>.
Bug: 72998741
Test: build all selinux policies on master (assert build time tests)
Test: build and boot Marlin and Taimen, verify no selinux denials and
everything works as expected.
Change-Id: I133a068123139a599b9b81ddcc254616894621eb
(cherry picked from commit 55d5e28472)
Bug: 37008075
Test: build, all tests pass. Modify some attributes locally to
cause tests to fail (verify that they are actually working).
Change-Id: If9f9ece61dff835f38ef9c8a57f5a7baddbae5cd
This is a necessary for enforcing these tests in CTS.
Bug: 37008075
Test: build
Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
(cherry picked from commit 8d614b3f81)
With project Treble, we're relying heavily on attributes for
permission inheritance and enforcement of separation between
platform and vendor components.
We neead tests that verify those attributes are correctly applied.
This change adds the framework for those tests including a wrapper
around libsepol for loading and querying policy, and a python module
for running tests on policy and file_contexts.
Included with the testing framework is a test asserting that the
coredomain attribute is only applied to core processes. This
verification is done using the following rules:
1. Domain's entrypoint is on /system - coredomain
2. Domain's entrypoint is on /vendor - not coredomain
3. Domain belongs to a whitelist of known coredomains - coredomain
In a subsequent commit these tests will be applied at build time.
However, I first need to fix existing Treble violations exposed by
this test. These tests will also be applied during CTS.
Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \
treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \
-f $OUT/vendor/etc/selinux/nonplat_file_contexts \
-f $OUT/system/etc/selinux/plat_file_contexts
Bug: 37008075
Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9
(cherry picked from commit 0366afdf14)
