Commit graph

35 commits

Author SHA1 Message Date
Dan Willemsen
fb12c6b8aa Convert sepolicy-analyze to Android.bp
The LOCAL_COMPATIBILITY_SUITES variable has been removed, as the users
are now embedding this binary the same way they do the rest of the
sepolicy tools.

Bug: 122331947
Bug: 130696912
Test: treehugger
Change-Id: Ia83025b18da87204d87684f2c0af025d9cecc824
2020-01-29 13:20:47 -08:00
Treehugger Robot
5dda7f70db Merge "fix memory leaks in sepolicy-analyze tool" 2019-05-17 17:14:20 +00:00
Jinguang Dong
ee62756a7c fix memory leaks in sepolicy-analyze tool
Test: check sepolicy-analyze tool can work well
 sepolicy-analyze out/target/product/<board>/root/sepolicy typecmp -e
 sepolicy-analyze out/target/product/<board>/root/sepolicy typecmp -d
 sepolicy-analyze out/target/product/<board>/root/sepolicy dups
 sepolicy-analyze out/target/product/<board>/root/sepolicy permissive
 sepolicy-analyze out/target/product/<board>/root/sepolicy booleans
 sepolicy-analyze out/target/product/<board>/root/sepolicy attribute <name>

Change-Id: I09d30967f00062c6a807ae4711ccc87b0fd6064c
2019-05-17 09:57:43 +08:00
Stephen Hines
5c081803fc Ensure avrule is initialized.
Bug: http://b/131390872
Test: Builds with -Wconditional-initialize
Change-Id: I14b9316ca392f299745342d61e4fd45ab8e9e307
2019-05-08 17:14:34 -07:00
George Burgess IV
bf2f927019 Fix memory leaks
This CL fixes leaks of the policy that we're building up. The analyzer
only caught the leaks on the error path, but I assume that
`check_assertions` does nothing to free the object that it's handed.

Analyzer warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'avrule'
[clang-analyzer-unix.Malloc]

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'neverallows'
[clang-analyzer-unix.Malloc]

Bug: None
Test: Treehugger; reran the analyzer
Change-Id: I79a0c34e8b53d33a1f01497337590eab660ad3ec
2019-03-19 12:10:51 -07:00
Chih-Hung Hsieh
e0db1651e6 Free type_rules before return or exit.
Test: make with WITH_TIDY=1 and clang-analyzer-* checks.
Change-Id: Ide1eaf8880132c566545710e6287f66a5a2b393c
2018-08-31 10:11:09 -07:00
Ryan Longair
50fec5f819 Fix sepolicy-analyze makefile so it is included in STS builds
Bug:74022614
Test: `sts-tradefed run sts -m CtsSecurityHostTestCases -t
android.cts.security.SELinuxNeverallowRulesTest`

Change-Id: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b
2018-03-01 10:07:11 -08:00
Nicholas Sauer
3257295a0f Make sepolicy-analyze for ATS.
bug: 69430536
Test: make ats-tradefed && ats-tradefed run ats -m
GtsSecurityHostTestCases

Change-Id: I617a7d08b1bf480f970bc8b4339fa6bbdc347311
2017-11-28 13:19:09 -08:00
Keun Soo Yim
5f6fc9c9be package sepolicy-analyze as part of VTS
am: 67b2da4431

Change-Id: I1bbf9b95f0c38fd5f20412e4afb2251ed2c3948e
2017-10-17 03:52:11 +00:00
Keun Soo Yim
67b2da4431 package sepolicy-analyze as part of VTS
Bug: 67848572
Test: mma
Change-Id: I75520b6aa19e44854129697b3c3e375427356e6a
2017-10-16 14:21:07 -07:00
Yifan Hong
43473a00e1 Merge "Make sepolicy-analyze for GTS." into oc-mr1-dev
am: 7c55e171de

Change-Id: Iff2eb18c5898ae5d05c00a3c888d98286b36374a
2017-08-17 01:01:28 +00:00
Yifan Hong
9ffea2f94b Make sepolicy-analyze for GTS.
Test: gts-tradefed run gts-dev --module=GtsSecurityHostTestCases
Bug: 64127136
Change-Id: Ib50294488bb1a5d46faed00d6954db64648fed20
2017-08-15 15:26:07 -07:00
Manoj Gupta
508db351a1 Merge "Fix static analyzer warnings."
am: 4b547a1516

Change-Id: Id5b85ec29220cdbc15aab72ddf4dfbd2d4ef2fc7
2017-08-02 02:47:37 +00:00
Manoj Gupta
3cdd4a4b0d Fix static analyzer warnings.
Fix the following warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by '__s1'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by 'id'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'classperms'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'node'

Bug: b/27101951
Test:Warnings are gone.
Change-Id: Ib9b2e0b9f19950b4b764d438ee58340e6c022ef5
2017-08-01 15:46:44 -07:00
Andreas Gampe
a1ccbd3d67 Sepolicy-Analyze: Plug leak am: ee8b67dfd9 am: 4a318ad697
am: 4c1385a6d4

Change-Id: I4da23806c532acfaaa1535ee87b25383a99723d7
2017-04-28 18:36:36 +00:00
Andreas Gampe
ee8b67dfd9 Sepolicy-Analyze: Plug leak
Destroy the policy before exiting (for successful = expected runs).

Bug: 37757759
Test: ASAN_OPTIONS= SANITIZE_HOST=address m
Change-Id: I67e35fbede696ec020a53b69a6cef9f374fae167
2017-04-27 18:16:26 -07:00
Alex Klyubin
16fcbe8f17 Merge "Do not warn about empty typesets in neverallows" into oc-dev
am: 26564ce754

Change-Id: I8961e581bad56f118c112f6b1e6d2ba11a81ccf6
2017-04-26 00:41:44 +00:00
Alex Klyubin
c60d3ea164 Do not warn about empty typesets in neverallows
Empty typeset is not an issue in neverallow rules. The reason is that
it's completly normal for scontext or tcontext of neverallow rules to
evaluate to an empty type set. For example, there are neverallow rules
whose purpose is to test that all types with particular powers are
associated with a particular attribute:
  neverallow {
    untrusted_app_all
    -untrusted_app
    -untrusted_app_25
  } domain:process fork;

Test: sepolicy-analyze neverallow -w -n \
          'neverallow {} {}:binder call;'
      produces empty output instead of "Warning!  Empty type set"
Bug: 37357742
Change-Id: Id61b4fe22fafaf0522d8769dd4e23dfde6cd9f45
2017-04-25 14:25:04 -07:00
Dan Cashman
9d46f9b4f0 sepolicy-analyze: Add ability to list all attributes.
This could be useful in diffs between policy versions.

Bug: 37357742
Test: sepolicy-analyze lists all attributes in precompiled_policy.
Change-Id: I6532a93d4102cf9cb12b73ee8ed86ece368f9131
2017-04-18 11:08:43 -07:00
Dan Cashman
3a68bd169b Add reverse-attribute mapping to sepolicy-analyze.
sepolicy-analyze allows users to see all types that have a given
attribute, but not the reverse case: all attributes of a given type.
Add a '--reverse' option which enables this, but keeps the previous
interface.

Usage: sepolicy-analyze sepolicy attribute -r init

Bug: 36508258
Test: Build and run against current policy.

(cherry picked from commit d444ebedac)

Change-Id: I9813ebf61d50fb5abbc8e52be4cf62751979bbd4
2017-04-06 09:46:38 -07:00
Dan Cashman
d444ebedac Add reverse-attribute mapping to sepolicy-analyze.
sepolicy-analyze allows users to see all types that have a given
attribute, but not the reverse case: all attributes of a given type.
Add a '--reverse' option which enables this, but keeps the previous
interface.

Usage: sepolicy-analyze sepolicy attribute -r init

Bug: 36508258
Test: Build and run against current policy.
Change-Id: Ice6893cf7aa2ec4706a7411645a8e0a8a3ad01eb
2017-03-31 08:40:26 -07:00
bowgotsai
a6c215bcaf Clean up LOCAL_C_INCLUDES
It should be specified by LOCAL_EXPORT_C_INCLUDE_DIRS from the imported
libraries.

Change-Id: I5b01ac24763a75984227d77671def6561325b7cc
2016-09-23 09:21:25 +08:00
dcashman
48a29397d2 Add cts artifact tag for use in CTS tests.
Bug: 21266225
Change-Id: I649c2ae36340d1f2b3db478e90e125c473b47b6e
2016-03-30 08:54:55 -07:00
dcashman
73f7e76837 sepolicy-analyze: use headers from common selinux project.
Point to external/selinux/libsepol instead of external/libsepol.

(cherry picked from commit 96136d847d)

Change-Id: I09c33a4cbd7b4cd3ef2341c042259b96c0b59372
2015-06-10 10:54:21 -07:00
dcashman
ae6969440b Fix sepolicy-analyze libc++.so loading issue w/CTS.
Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

(cherry-pick of 28acbeab18)

Bug: 19566396
Change-Id: Ieb380d05ae896a8146b80f94fe3b3211178705bb
2015-05-14 09:07:48 -07:00
Dan Albert
0d3bf4beac Revert "Fix sepolicy-analyze libc++.so loading issue w/CTS."
This is causing more harm than good. We'll just make these all link
libc++ again and work out the CTS issues if they still exist.

Bug: 19778891

This reverts commit 3812cf58cb.

Change-Id: Iaea8f6acb147da4275633a760ccb32951db7f8b6
2015-03-17 11:41:04 -07:00
Dan Albert
f0852340af Revert "Don't use address sanitizer for selinux tools."
This is causing more harm than good. We'll just make these all link
libc++ again (another revert) and work out the CTS issues if they still
exist.

Bug: 19778891

This reverts commit a5113a1500.

Change-Id: I35a4c93dae4abb66e3525451d5ce01e33a540895
2015-03-17 17:38:55 +00:00
Dan Albert
a5113a1500 Don't use address sanitizer for selinux tools.
Address sanitizer requires using libc++ (apparently). We removed
libc++ from these projects since they were C and the SDK/CTS was not
able to find libc++.

If we're interested in continuing to use ASAN on these tools
(probably), we should turn libc++ back on once we're sure CTS won't
die.

Bug: 19778891
Change-Id: I3c1913171a15396ead73277ec1186fead730f66d
2015-03-16 17:39:40 -07:00
dcashman
3812cf58cb Fix sepolicy-analyze libc++.so loading issue w/CTS.
Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

Bug: 19617220

Change-Id: I713b3cbd1220655413d399c7cd2b0b50459a5485
2015-03-16 13:07:46 -07:00
Stephen Smalley
0233cd800e sepolicy-analyze: Add attribute command.
Add an attribute command to sepolicy-analyze for displaying the list
of types associated with an attribute in a policy.  This is for use
by CTS to check what domains and types are associated with certain
attributes such as mlstrustedsubject and mlstrustedobject.

Change-Id: Ie19361c02feb1ad14ce36862c6aace9e66c422bb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-13 12:22:39 -04:00
Stephen Smalley
d155914479 sepolicy-analyze: Change booleans command to be more test-friendly.
Instead of displaying the boolean count, display a list of booleans
defined in the policy, if any.  This makes sepolicy-analyze booleans
consistent with sepolicy-analyze permissive and allows automated tests
to simply check whether there was any output at all.

Change-Id: I221b60d94e6e7f6d80399bf0833887af3747fe83
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-12 10:01:49 -04:00
Stephen Smalley
a7b2c5f4ab sepolicy-analyze: Implement booleans test.
Implement the booleans test in sepolicy-analyze so
that we can move the no-booleans check from the
SELinuxTest to the SELinuxHostTest along with the
other policy checks.

Change-Id: I95d7ad34da10c354470f43734d34a6ec631a7b4e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-11 17:03:42 -04:00
dcashman
0de2b45f63 Adjust sepolicy-analyze to reflect libsepol changes.
Commit dc0ab516f11d8e2c413315e733e25a41ba468e4f changed the libsepol
structures on which sepolicy-analyze relies so that it could be compiled
as a C++ library.  Reflect this change in sepolicy-analyze.

Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
2014-12-22 15:31:38 -08:00
William Roberts
47c1461156 Fix sepolicy-analyze build with different toolchains
host C: sepolicy-analyze <= external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c: In function 'usage':
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: error: 'for' loop initial declarations are only allowed in C99 mode
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: note: use option -std=c99 or -std=gnu99 to compile your code
make: *** [out/host/linux-x86/obj/EXECUTABLES/sepolicy-analyze_intermediates/sepolicy-analyze.o] Error 1

Change-Id: I9222e447b032d051c251c9718e2b8d5ffb9e9c35
2014-12-01 11:45:54 -08:00
dcashman
ef4fd30672 Accept command-line input for neverallow-check.
Also, divide each sepolicy-analyze function into its own component for simplified
command-line parsing and potentially eventual modularization.

Bug: 18005561
Change-Id: I45fa07d776cf1bec7d60dba0c03ee05142b86c19
2014-10-31 11:38:32 -07:00