Commit graph

473 commits

Author SHA1 Message Date
Inseob Kim
3bb2033eb1 Add odm_service_contexts module
Bug: 240609481
Test: build and boot
Change-Id: I5412b4a190d30490cad1bf2b9de1afd16085eb26
2022-10-24 20:41:45 +09:00
Sandro
692c3ad3b2 Rollback "Move allow rules of sdk_sandbox to apex policy"
Rolling back the changes from aosp/2206999.

Bug: 243923977#comment9
Test: atest SeamendcHostTest
Change-Id: I361811d021523f48f08bab5353ea5e03bc58fbef
2022-09-26 11:49:45 +00:00
Pawan
0ecf99def5 sepolicy : Recommend fuzzers for new services
Adding soong module and tool to check if there is fuzzer present
for every service in private/service_contexts. Whenever a service is
added, its is recommended to update
$ANDROID_BUILD_TOP/system/sepolicy/soong/build/service_fuzzer_bindings.go
with service name and its corresponding fuzzer.

Test: m
Bug: 242104782
Change-Id: Id9bc45f50bebf464de7c91c7469d4bb6ff153ebd
2022-09-13 18:18:46 +00:00
Sandro
084b41748d Move allow rules of sdk_sandbox to apex policy
Third attempt to roll-forward the apex_sepolicy changes from
aosp/2179294 and aosp/2170746.

I was finally able to figure out the likely root cause of the test
breakages in internal b/243971667. The related CL aosp/2199179 is making
the apex_sepolicy files mandatory for all AOSP builds.

Without the apex_sepolicy files, mixed GSI builds in internal using AOSP
as base would not implement the sdk_sandbox rules, causing breakages for
the SdkSandbox components.

Bug: 243923977
Test: atest SeamendcHostTest
Change-Id: I27ee933da6648cca8ff1f37bde388f72b4fe6ad6
2022-09-01 09:11:38 +00:00
Inseob Kim
6d79030d0c Build mac_permissions.xml with Soong
Bug: 33691272
Test: build and compare
Change-Id: Iacbd5bcf77f0b1c0b5e2c6691efb4c62bc78fdf8
2022-08-17 09:49:35 +09:00
Treehugger Robot
7a015c31ed Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e am: e9cd3e95cb
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Idf614d34ba934688b4d9e7a22be28b5d133c54b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 02:35:02 +00:00
Dan Willemsen
9dd75fe474 Obsolete BOARD_PLAT_*_SEPOLICY_DIR
See If803a33efc38a970247919bf224c12b8c717f955 for more details.

Bug: 235414673
Test: treehugger
Change-Id: Iff939a58e0a8238e085d63f28b5fa8d7982d82a0
2022-06-09 09:36:21 -07:00
satayev
49d1c7ff6d Remove precompiled apex sepolicy from system image.
Include Merged-In tag to avoid reverting in git_master

Bug: 199914227
Test: presubmit and manual verification
Ignore-AOSP-First: tm-dev change
Merged-In: I191c4dbe48df026826ddd22770094be4c1d9aec0
Change-Id: Id4c96cc145eab5758650c68b94b80c79bf614932
2022-04-14 12:27:15 +00:00
Inseob Kim
c7596c4e61 Build vndservice_contexts with Android.bp
Bug: 33691272
Test: boot a device which uses vndservice_contexts
Change-Id: I28c36b74d4176954099f3b7e80a4869b7c44640f
2022-03-02 17:26:44 +09:00
Inseob Kim
61257ca545 Move sepolicy_test to Android.bp
Bug: 33691272
Test: m selinux_policy triggers sepolicy_test
Change-Id: I1618c2a35b3ce9d747db3955788427dc422fd532
2022-03-02 17:25:52 +09:00
Treehugger Robot
8e6b55a13d Merge "Remove compat test from treble sepolicy tests" 2022-02-17 01:26:04 +00:00
Treehugger Robot
8817edcbb4 Merge "Revert^2 "Migrate contexts tests to Android.bp"" 2022-02-16 04:23:47 +00:00
Inseob Kim
73f43ff847 Remove compat test from treble sepolicy tests
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.

The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.

Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
2022-02-16 04:09:29 +00:00
Inseob Kim
b5e235346e Revert^2 "Migrate contexts tests to Android.bp"
This reverts commit baa93cc651.

Reason for revert: amlogic build fixed

Change-Id: I8b046dc810d47a2d87012f02a668873889fce705
2022-02-16 02:26:11 +00:00
Treehugger Robot
d0120eb4ac Merge "Build precompiled_sepolicy.apex_sepolicy.sha256" 2022-01-31 09:11:05 +00:00
Jeff Vander Stoep
fd5dd79984 Build precompiled_sepolicy.apex_sepolicy.sha256
This ensures that precompiled policy can be checked against updatable
sepolicy from com.android.sepolicy. This saves ~1s of boot time.

Bug: 199914227
Test: build, verify that precompiled_sepolicy.apex_sepolicy.sha256
exists.

Change-Id: I1ce6b3363d418c073f95f120908107604799fd26
2022-01-28 13:45:39 +01:00
Inseob Kim
baa93cc651 Revert "Migrate contexts tests to Android.bp"
This reverts commit f612656adf.

Reason for revert: breaking amlogic build

Change-Id: I129b5cb74259c9c028483e84c9b2ac3597c24701
2022-01-14 06:13:28 +00:00
Inseob Kim
f612656adf Migrate contexts tests to Android.bp
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.

Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.

Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
      run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
2022-01-14 10:59:59 +09:00
Inseob Kim
d93c2f7a45 Merge "Use "data: libsepolwrap" in python binaries" 2022-01-10 12:44:27 +00:00
Inseob Kim
483c0b3a7d Merge "Migrate seapp_contexts to Android.bp" 2022-01-10 11:15:28 +00:00
Inseob Kim
16d3be3dac Migrate sepolicy compat test to Android.bp
compat_test tests whether {ver}.compat.cil is compatible to current
policy or not. This commit migrates all tests into a single module named
"sepolicy_compat_tests".

A minor issue is also resolved with this migration. Suppose that the
vendor's speolicy version is {VER}. Then the following cil files are
compiled in runtime.

- system/etc/selinux/plat_sepolicy.cil
- system/etc/selinux/mapping/{VER}.cil
- system/etc/selinux/mapping/{VER}.compat.cil (optional)
- system_ext/etc/selinux/system_ext_sepolicy.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.cil (optional)
- system_ext/etc/selinux/mapping/{VER}.compat.cil (optional)
- product/etc/selinux/product_sepolicy.cil (optional)
- product/etc/selinux/mapping/{VER}.cil (optional)
- product/etc/selinux/mapping/{VER}.compat.cil (optional)
- vendor/etc/selinux/vendor_sepolicy.cil
- vendor/etc/selinux/plat_pub_versioned.cil
- odm/etc/selinux/odm_sepolicy.cil (optional)

That is, the vendor policy of version {VER} (vendor_sepolicy.cil,
plat_pub_versioned.cil, and odm_sepolicy.cil) is required to be
compatible only to {VER}.compat.cil. So, the vendor policy is included
only to $(BOARD_SEPOLICY_VERS)_compat_test. The other tests will be
built only with platform side policies.

Bug: 33691272
Test: boot
Test: manually edit {ver}.compat.cil files and try build
Change-Id: I16b30a9171f10ee8f08fc03b7bd7c047eec12b19
2022-01-07 18:53:46 +09:00
Inseob Kim
2dac267dae Migrate seapp_contexts to Android.bp
Bug: 33691272
Test: build and boot
Test: atest SELinuxHostTest#testValidSeappContexts
Change-Id: I86f9d010d1628f9756cc152b4ee74dea1b9ff955
2021-12-29 17:54:57 +09:00
Inseob Kim
6fa8efdf4a Use "data: libsepolwrap" in python binaries
To avoid hard-coded paths in Android.mk rules.

Test: m selinux_policy
Change-Id: I7b464fa2953e01ccb6fff8daa3e219ae372313c5
2021-12-29 04:58:30 +00:00
Inseob Kim
893eef25ab Remove redundant lines
Test: build
Change-Id: I809874900835503a41117d3f8971d72718d4a075
2021-12-29 13:53:38 +09:00
Inseob Kim
5bbcd68dcc Build recovery policy with Android.bp
Bug: 33691272
Test: enter recovery mode
Change-Id: Ifc38ed99e6615431d81ade76ec10ea4d34fbbf90
2021-12-28 17:51:51 +09:00
Inseob Kim
0de7fcc33a Migrate neverallow tests to Android.bp
A new module type se_neverallow_test is added, to migrate
sepolicy_neverallow modules. se_neverallow_test is affected by
SELINUX_IGNORE_NEVERALLOWS.

Bug: 33691272
Test: m selinux_policy
Test: intentionally create neverallow violations and m selinux_policy
Change-Id: I1582353f99f064ff78f3c547a0c13f2b772d54df
2021-12-28 10:23:22 +09:00
Inseob Kim
81cd51ae15 Revive sepolicy module
Although it's not needed for Treblized devices, some targets are still
requiring it due to PRODUCT_SEPOLICY_SPLIT := false. To mitigate build
breakage, this change revives the sepolicy module.

Bug: 211936491
Test: build/soong/soong_ui.bash --make-mode dist \
    TARGET_PRODUCT=bertha_x86_64 ndk_translation_all
Change-Id: Ie64c223db8900967cfb54897f5366ad5ef13d4d9
2021-12-24 12:56:09 +09:00
Inseob Kim
3d5f9256a4 Perform permissive check on se_policy_binary
sepolicy is a module which outputs precompiled sepolicy and performs
permissive domain check on user builds. se_policy_binary module is
updated so it checks permissive domain in user builds.

sepolicy module is removed since we don't need it anymore. Instead,
precompiled_sepolicy is used.

Bug: 33691272
Test: build
Test: add "permissive adbd;" and build on aosp_arm64-user
Change-Id: I3dcf0c32d2fc1312dfceeee74894c08b38395d19
2021-12-23 21:34:29 +09:00
Inseob Kim
3ac62fe9f6 Build vendor/odm sepolicies with Android.bp
The following files are built with Android.bp:
- vendor_sepolicy.cil
- odm_sepolicy.cil
- prebuilt_sepolicy

Also, prebuilt_policy.mk is removed as it's now redundant.

Bug: 33691272
Test: build and compare artifacts
Test: build with rvc-dev sepolicy
Change-Id: I7bf79c9c85c63cd942b36f7cf5ddda1860626c0b
2021-12-20 21:16:39 +09:00
Inseob Kim
7b63c95fe1 Merge "Refactor sepolicy version related codes" 2021-12-13 03:57:36 +00:00
Inseob Kim
ed2dc8c08e Refactor sepolicy version related codes
1. Move BOARD_SEPOLICY_VERS to build/make/core/config.mk where
PLATFORM_SEPOLICY_VERSION is set.

2. Remove hard-coded versions for the treble tests.

Test: build
Change-Id: I57178c9f213b089a276e35b8de1144665788e7ab
2021-12-10 09:36:58 +00:00
Inseob Kim
7174ffec38 Fix vendor contexts files in mixed build
BOARD_PLAT_VENDOR_POLICY should be used for all vendor stuff, when in
mixed sepolicy build (BOARD_SEPOLICY_VERS != PLATFORM_SEPOLICY_VERSION).
This fixes an issue that system/sepolicy/vendor has been incorrectly
used in mixed sepolicy build.

Bug: 205924657
Test: Try AOSP + rvc-dev mixed sepolicy build
1) copy cuttlefish sepolicy prebuilts from rvc-dev branch.
2) set prebuilt variables:
  - BOARD_PLAT_VENDOR_POLICY
  - BOARD_REQD_MASK_POLICY
  - BOARD_(SYSTEM_EXT|PRODUCT)_PRIVATE_PREBUILT_DIRS
  - BOARD_SEPOLICY_VERS
3) lunch aosp_cf_x86_64_phone-userdebug; m selinux_policy
4) compare $OUT/vendor/etc/selinux with rvc-dev's artifacts.

Change-Id: I2ed1e25255c825c24dab99ae4903328b0400c414
2021-12-09 19:03:35 +09:00
Inseob Kim
9dc6d70044 Remove 26.0 and 27.0 compat support
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.

Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
2021-12-02 10:22:10 +09:00
Inseob Kim
bee558e4bb Add 32.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.

When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.

2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.

Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687
2021-12-01 10:58:25 +09:00
Yi-Yo Chiang
2c18965e27 Treblelize bug_map: split bug_map to multiple partitions
* plat_bug_map: Platform-specific bug_map definitions.
* system_ext_bug_map: Product-specific bug_map definitions.
* vendor_bug_map: SOC-specific bug_map definitions.

Bug: 177977370
Test: Boot and check auditd logs
Change-Id: I6f26b421acfd060e8abb8e4e812c0f422cc6757b
2021-11-08 22:44:34 +08:00
Treehugger Robot
7ba07be13f Merge "Strip excess spaces in build_policy" 2021-10-04 18:28:56 +00:00
Cole Faust
087d527fd3 Strip excess spaces in build_policy
build_policy gathers a list of files for a given set of folders and
filenames. It's possible that a certain folder doesn't have a certain
filename, in which case the $(wildcard) command will resolve to an
empty string, and there will be sections of many contiguous spaces
in the resulting list of files.

These contiguous spaces can show up in the build.ninja files.
When using a starlark-based device configuration, the number of spaces
is slightly different.

$(strip) not only removes spaces from the beginning/end of text, but
it also deduplicates any spaces in the middle. Use it to get rid
of the extra spaces so we have more consistent build.ninja files.

Bug: 201700692
Test: ./build/bazel/ci/rbc_product_config.sh aosp_arm64-userdebug
      with board config changes patched in
Change-Id: I4f458e7805588072ec55be324ece6d2faca4cdd6
2021-09-30 15:48:34 -07:00
Inseob Kim
4d90b7e78b Migrate system sepolicy binaries to Soong
Bug: 33691272
Test: m selinux_policy
Test: boot microdroid
Change-Id: I9210be15b06e0dba01677d5bfe7b27a0ec21eb11
2021-09-28 01:21:39 +00:00
Inseob Kim
d58166165a Migrate freeze test to Soong
Bug: 33691272
Test: m selinux_policy on sc-dev
Change-Id: Ie536d885034e5d888f1329ac189fd0bf9723a6c4
2021-09-16 05:08:56 +00:00
Inseob Kim
4f20ff73ee Add 31.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.

Bug: 189161483
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
2021-06-15 12:08:22 +00:00
Inseob Kim
58f2b83eaa Merge "Adding sepolicy testcase for system_ext and product." 2021-05-20 09:25:14 +00:00
P.Adarsh Reddy
07dd59ff14 Adding sepolicy testcase for system_ext and product.
Types defined in system_ext/public or product/public
can be referenced by vendor side so it is important
to make sure functionality is not broken across version
bumps. So we are adding the treble sepolicy test cases
for system_ext and product sepolicy.

Bug: 173571515
Change-Id: Ia45979497029f83b1ae6712d2d26ffab263a7f91
2021-05-12 18:14:26 +05:30
Inseob Kim
731182a4a1 Migrate precompiled sepolicy hashes to Android.bp
Bug: 33691272
Test: build with odm and build without odm
Test: boot and see precompiled sepolicy used
Change-Id: Id84cca38f81ba3ecf7480d41a704085c7fff8b87
2021-05-06 11:44:37 +00:00
Hridya Valsaraju
a885dd84c7 Revert "Revert "Add a neverallow for debugfs mounting""
This reverts commit f9dbb72654.
Issues with GSI testing fixed with
https://android-review.googlesource.com/c/platform/build/+/1686425/

Bug: 184381659
Test: manual
Change-Id: Icd07430c606e294dfaad2fc9b37d34e3dae8cbfc
2021-05-02 21:41:53 -07:00
Inseob Kim
6cc75f4587 Revert^4 "Build userdebug_plat_sepolicy.cil with Android.bp"
This reverts commit a46d61cd3f.

Reason for revert: fixed debug_ramdisk partition problem

Change-Id: If2350f115f5ff74ee50dac4e5a87c4d171067282
2021-04-30 14:53:25 +09:00
Inseob Kim
785ac2bf1a Merge "Add precompiled hash only when policy exists" 2021-04-30 01:14:15 +00:00
Inseob Kim
1c056b1ad0 Add sepolicy_vers for plat_sepolicy_vers.txt
plat_sepolicy_vers.txt stores the version of vendor policy. This change
adds sepolicy_vers module to migrate plat_sepolicy_vers.txt to
Android.bp.

- Device's plat_sepolicy_vers: should be BOARD_SEPOLICY_VERS
- Microdroid's plat_sepolicy_vers: should be PLATFORM_SEPOLICY_VERSION
because all microdroid artifacts are bound to platform

Bug: 33691272
Test: boot device && boot microdroid
Change-Id: Ida293e1cb785b44fa1d01543d52d3f8e15b055c2
2021-04-30 00:17:39 +09:00
Inseob Kim
a76c0c8540 Add precompiled hash only when policy exists
precompiled_system_ext_and_mapping.sha256 and
precompiled_product_and_mapping.sha256 has been installed, regardless of
existence of system_ext and product policies. This change only installs
such hash files when policy files exist, for consistency.

Bug: 186727553
Test: boot yukawa and see precompiled sepolicy is used
Change-Id: Iaad827cefdbe82e68288cd6cc59b55b5f28c229d
2021-04-29 19:45:50 +09:00
Hridya Valsaraju
7362f58895 Merge changes from topic "revert-1668411-MWQWEZISXF"
* changes:
  Revert "Add a neverallow for debugfs mounting"
  Revert "Add neverallows for debugfs access"
  Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
  Revert "Check that tracefs files are labelled as tracefs_type"
2021-04-23 22:06:31 +00:00
Hridya Valsaraju
f9dbb72654 Revert "Add a neverallow for debugfs mounting"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0
2021-04-23 16:38:20 +00:00