Adding soong module and tool to check if there is fuzzer present
for every service in private/service_contexts. Whenever a service is
added, its is recommended to update
$ANDROID_BUILD_TOP/system/sepolicy/soong/build/service_fuzzer_bindings.go
with service name and its corresponding fuzzer.
Test: m
Bug: 242104782
Change-Id: Id9bc45f50bebf464de7c91c7469d4bb6ff153ebd
Third attempt to roll-forward the apex_sepolicy changes from
aosp/2179294 and aosp/2170746.
I was finally able to figure out the likely root cause of the test
breakages in internal b/243971667. The related CL aosp/2199179 is making
the apex_sepolicy files mandatory for all AOSP builds.
Without the apex_sepolicy files, mixed GSI builds in internal using AOSP
as base would not implement the sdk_sandbox rules, causing breakages for
the SdkSandbox components.
Bug: 243923977
Test: atest SeamendcHostTest
Change-Id: I27ee933da6648cca8ff1f37bde388f72b4fe6ad6
Include Merged-In tag to avoid reverting in git_master
Bug: 199914227
Test: presubmit and manual verification
Ignore-AOSP-First: tm-dev change
Merged-In: I191c4dbe48df026826ddd22770094be4c1d9aec0
Change-Id: Id4c96cc145eab5758650c68b94b80c79bf614932
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.
The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.
Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
This ensures that precompiled policy can be checked against updatable
sepolicy from com.android.sepolicy. This saves ~1s of boot time.
Bug: 199914227
Test: build, verify that precompiled_sepolicy.apex_sepolicy.sha256
exists.
Change-Id: I1ce6b3363d418c073f95f120908107604799fd26
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.
Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.
Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
compat_test tests whether {ver}.compat.cil is compatible to current
policy or not. This commit migrates all tests into a single module named
"sepolicy_compat_tests".
A minor issue is also resolved with this migration. Suppose that the
vendor's speolicy version is {VER}. Then the following cil files are
compiled in runtime.
- system/etc/selinux/plat_sepolicy.cil
- system/etc/selinux/mapping/{VER}.cil
- system/etc/selinux/mapping/{VER}.compat.cil (optional)
- system_ext/etc/selinux/system_ext_sepolicy.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.compat.cil (optional)
- product/etc/selinux/product_sepolicy.cil (optional)
- product/etc/selinux/mapping/{VER}.cil (optional)
- product/etc/selinux/mapping/{VER}.compat.cil (optional)
- vendor/etc/selinux/vendor_sepolicy.cil
- vendor/etc/selinux/plat_pub_versioned.cil
- odm/etc/selinux/odm_sepolicy.cil (optional)
That is, the vendor policy of version {VER} (vendor_sepolicy.cil,
plat_pub_versioned.cil, and odm_sepolicy.cil) is required to be
compatible only to {VER}.compat.cil. So, the vendor policy is included
only to $(BOARD_SEPOLICY_VERS)_compat_test. The other tests will be
built only with platform side policies.
Bug: 33691272
Test: boot
Test: manually edit {ver}.compat.cil files and try build
Change-Id: I16b30a9171f10ee8f08fc03b7bd7c047eec12b19
A new module type se_neverallow_test is added, to migrate
sepolicy_neverallow modules. se_neverallow_test is affected by
SELINUX_IGNORE_NEVERALLOWS.
Bug: 33691272
Test: m selinux_policy
Test: intentionally create neverallow violations and m selinux_policy
Change-Id: I1582353f99f064ff78f3c547a0c13f2b772d54df
Although it's not needed for Treblized devices, some targets are still
requiring it due to PRODUCT_SEPOLICY_SPLIT := false. To mitigate build
breakage, this change revives the sepolicy module.
Bug: 211936491
Test: build/soong/soong_ui.bash --make-mode dist \
TARGET_PRODUCT=bertha_x86_64 ndk_translation_all
Change-Id: Ie64c223db8900967cfb54897f5366ad5ef13d4d9
sepolicy is a module which outputs precompiled sepolicy and performs
permissive domain check on user builds. se_policy_binary module is
updated so it checks permissive domain in user builds.
sepolicy module is removed since we don't need it anymore. Instead,
precompiled_sepolicy is used.
Bug: 33691272
Test: build
Test: add "permissive adbd;" and build on aosp_arm64-user
Change-Id: I3dcf0c32d2fc1312dfceeee74894c08b38395d19
The following files are built with Android.bp:
- vendor_sepolicy.cil
- odm_sepolicy.cil
- prebuilt_sepolicy
Also, prebuilt_policy.mk is removed as it's now redundant.
Bug: 33691272
Test: build and compare artifacts
Test: build with rvc-dev sepolicy
Change-Id: I7bf79c9c85c63cd942b36f7cf5ddda1860626c0b
1. Move BOARD_SEPOLICY_VERS to build/make/core/config.mk where
PLATFORM_SEPOLICY_VERSION is set.
2. Remove hard-coded versions for the treble tests.
Test: build
Change-Id: I57178c9f213b089a276e35b8de1144665788e7ab
BOARD_PLAT_VENDOR_POLICY should be used for all vendor stuff, when in
mixed sepolicy build (BOARD_SEPOLICY_VERS != PLATFORM_SEPOLICY_VERSION).
This fixes an issue that system/sepolicy/vendor has been incorrectly
used in mixed sepolicy build.
Bug: 205924657
Test: Try AOSP + rvc-dev mixed sepolicy build
1) copy cuttlefish sepolicy prebuilts from rvc-dev branch.
2) set prebuilt variables:
- BOARD_PLAT_VENDOR_POLICY
- BOARD_REQD_MASK_POLICY
- BOARD_(SYSTEM_EXT|PRODUCT)_PRIVATE_PREBUILT_DIRS
- BOARD_SEPOLICY_VERS
3) lunch aosp_cf_x86_64_phone-userdebug; m selinux_policy
4) compare $OUT/vendor/etc/selinux with rvc-dev's artifacts.
Change-Id: I2ed1e25255c825c24dab99ae4903328b0400c414
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.
Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
Steps taken to produce the mapping files:
1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.
When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.
2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.
Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687
build_policy gathers a list of files for a given set of folders and
filenames. It's possible that a certain folder doesn't have a certain
filename, in which case the $(wildcard) command will resolve to an
empty string, and there will be sections of many contiguous spaces
in the resulting list of files.
These contiguous spaces can show up in the build.ninja files.
When using a starlark-based device configuration, the number of spaces
is slightly different.
$(strip) not only removes spaces from the beginning/end of text, but
it also deduplicates any spaces in the middle. Use it to get rid
of the extra spaces so we have more consistent build.ninja files.
Bug: 201700692
Test: ./build/bazel/ci/rbc_product_config.sh aosp_arm64-userdebug
with board config changes patched in
Change-Id: I4f458e7805588072ec55be324ece6d2faca4cdd6
Steps taken to produce the mapping files:
1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.
Bug: 189161483
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
Types defined in system_ext/public or product/public
can be referenced by vendor side so it is important
to make sure functionality is not broken across version
bumps. So we are adding the treble sepolicy test cases
for system_ext and product sepolicy.
Bug: 173571515
Change-Id: Ia45979497029f83b1ae6712d2d26ffab263a7f91
Bug: 33691272
Test: build with odm and build without odm
Test: boot and see precompiled sepolicy used
Change-Id: Id84cca38f81ba3ecf7480d41a704085c7fff8b87
plat_sepolicy_vers.txt stores the version of vendor policy. This change
adds sepolicy_vers module to migrate plat_sepolicy_vers.txt to
Android.bp.
- Device's plat_sepolicy_vers: should be BOARD_SEPOLICY_VERS
- Microdroid's plat_sepolicy_vers: should be PLATFORM_SEPOLICY_VERSION
because all microdroid artifacts are bound to platform
Bug: 33691272
Test: boot device && boot microdroid
Change-Id: Ida293e1cb785b44fa1d01543d52d3f8e15b055c2
precompiled_system_ext_and_mapping.sha256 and
precompiled_product_and_mapping.sha256 has been installed, regardless of
existence of system_ext and product policies. This change only installs
such hash files when policy files exist, for consistency.
Bug: 186727553
Test: boot yukawa and see precompiled sepolicy is used
Change-Id: Iaad827cefdbe82e68288cd6cc59b55b5f28c229d
* changes:
Revert "Add a neverallow for debugfs mounting"
Revert "Add neverallows for debugfs access"
Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
Revert "Check that tracefs files are labelled as tracefs_type"
Revert submission 1668411
Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting
Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0