This tests the original private/file_contexts and not the built version
(as it may contain the overlay files or asan entries). This ensures that
all the rules in the base files are used.
Another test will be later added to validate the built version (but
without requiring that all rules are used).
Bug: 299839280
Test: mm
Change-Id: I5efdde3c7f5211472cd9a0cf8def243aef640825
If file_contexts_test is given a test_data attribute, it will use
`checkfc -t` to validate the file_context against it, instead of using
the policy. Both options are mutually exclusive.
Bug: 299839280
Test: m
Change-Id: I3f541e0d0bb5d03ed146e27d67bc811cda3164b1
Keep the type of context and decides on the flags within
GenerateAndroidBuildActions. This is a no-op but will help supporting
other options for checkfc.
Bug: 299839280
Test: mm
Change-Id: I3a6f9db9d890e0a0ccb3eca37c01b2977fa2e2d1
Add test entries for property_service_for_system and virtual_camera.
Re-order file_contexts so that /data/vendor/tombstones/wifi and
/data/misc/perfetto-traces/bugreport are labelled correctly.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./contexts/plat_file_contexts_test pass
Change-Id: Ifb4453d02327b5cf678e6a4cd927b5df0960086b
For the file backend, libselinux keeps track of which rules has matched.
Set up the callback and capture any log message from selinux_stats. If,
at least one rule has not been used, exit with the status code 1.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./tests/plat_file_contexts_test
Change-Id: I33d88b4234756cd13e29c5c8c081d97b6590810e
When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.
Suppress it until the correct policy is ready.
Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
Introduce a new sysprop
`ro.surface_flinger.game_default_frame_rate_override`
to set the default frame rate for games.
Bug: 286084594
Change-Id: Ifdbf5bc9621976a0583df49eb9531de1c423385b
Test: N/A
A new mode for checkfc is introduced (-t) which takes a file_contexts
and a test data file. Each line in the test data file contains a path
and the expected type. checkfc loads the file_contexts and repeatedly
calls selabel_lookup(3) to verify that the computed type is as expected.
This mode can be used to confirm that any modification to file_contexts
or its build process is benign.
A test data file (plat_file_contexts_test) is added. This file was
manually created based on private/file_contexts. Each static path was
copied as-is. Each regular expression was expanded into a couple of
entries. For instance, /dev/adf[0-9]* generated /dev/adf, /dev/adf0 and
/dev/adf123.
libselinux keeps track of which specification is being hit when using
selabel_lookup. When calling selabel_stats(3), the file backend will
output a warning if a specification has not been used. This can be
leveraged to ensure that each rule is at least hit once. This property
will be leveraged in a follow-up change (by running the test as part of
the build process), to ensure that the plat_file_contexts_test file
remains up-to-date (that is, when an entry is added to
private/file_contexts, the build will fail unless a test is also added
to plat_file_contexts_test to exercice the specification/regular
expression).
Test: m checkfc && checkfc -t ./private/file_contexts ./tests/plat_file_contexts_test
Bug: 299839280
Change-Id: Ibf56859a16bd17e1f878ce7b0570b2aead79c7e0
The get_state permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#getState() served by keystore2. That
API has been removed because it was unused
(https://r.android.com/2768246). Therefore, stop granting the get_state
permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
Bug: 296464083
Test: atest CtsKeystoreTestCases
Change-Id: Ie6c7b17a8652f86a75d48c134a6e71a634d63772
When keystore was replaced with keystore2 in Android 12, the SELinux
class of keystore keys was changed from keystore_key to keystore2_key.
However, the rules that granted access to keystore_key were never
removed. This CL removes them, as they are no longer needed.
Don't actually remove the class and its permissions from
private/security_classes and private/access_vectors. That would break
the build because they're referenced by rules in prebuilts/.
Bug: 171305684
Test: atest CtsKeystoreTestCases
Flag: exempt, removing obsolete code
Change-Id: I35d9ea22c0d069049a892def15a18696c4f287a3
We may want to use a dedicated selinux context
for this in the future, but in the mean time we
need this.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib3ed06efc4d2e3a621f187543fad4ab1a84027ec
btfloader is dead. bpfloader is being split in twain.
(it will eventually get it's own context, but for now this works)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7577e777545a0fa77a6467fb425aefc99a6e68d0
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.
Similar to package_native_service.
Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).
Starting the service: ag/24955732
Testing the service: ag/24955733
Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
