Commit graph

474 commits

Author SHA1 Message Date
Hridya Valsaraju
f9dbb72654 Revert "Add a neverallow for debugfs mounting"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0
2021-04-23 16:38:20 +00:00
Treehugger Robot
f02af9d91c Merge "Revert^3 "Build userdebug_plat_sepolicy.cil with Android.bp"" 2021-04-23 13:09:24 +00:00
Inseob Kim
a46d61cd3f Revert^3 "Build userdebug_plat_sepolicy.cil with Android.bp"
e10ceab330

Change-Id: Ia1b38d6b709edb0e819ea4700e70ba68b1b61332
2021-04-22 23:14:58 +00:00
Florian Mayer
e10ceab330 Revert^2 "Build userdebug_plat_sepolicy.cil with Android.bp"
0177004c7f

Change-Id: I40aa5025d487922decd9909c0d35c9e3a6b8dd61
2021-04-22 16:38:47 +00:00
Bowgo Tsai
0177004c7f Revert "Build userdebug_plat_sepolicy.cil with Android.bp"
This reverts commit 57b64bd282.

Because it breaks the usage of boot-debug.img and
vendor_boot-debug.img.

Bug: 185970130
Bug: 185990198
Test: make bootimage_debug
Change-Id: I2c7c4f9954540a9be301b3ed0a6c2f0af2019803
2021-04-22 09:55:21 +08:00
Hridya Valsaraju
1c3d898d87 Add a neverallow for debugfs mounting
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs). This patch
adds a neverallow statement that prevents processes other than init
from being provided access to mount debugfs in non-user builds
when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I289f2d25662a78678929e29f83cb31cebd8ca737
2021-04-21 14:13:02 -07:00
Inseob Kim
57b64bd282 Build userdebug_plat_sepolicy.cil with Android.bp
Bug: 33691272
Test: build and see $OUT/debug_ramdisk
Change-Id: I7994857a3dd4e54f2c2d35ff8e362ecae93ea7a2
2021-04-14 15:54:26 +09:00
Yi-Yo Chiang
8be93c00b1 Add system_ext_$(ver).compat.cil
These are the system_ext counterpart of $(ver).compat.cil. They would
contain device specific compat rules that compliment $(ver).compat.cil,
which are the platform specific compat rules.

Bug: 183362912
Test: Add a $(ver).compat.cil under SYSTEM_EXT_PRIVATE_SEPOLICY_DIR and
  verify the file is installed under /system_ext/etc/selinux/mapping/
Change-Id: I2fb9b10bb3bcf112e33f504964fb705e3b63782b
2021-04-13 02:58:21 +08:00
Inseob Kim
039175bcfe Migrate mapping files to Android.bp
Bug: 33691272
Test: boot cf && boot microdroid && see precompiled sepolicy works
Change-Id: I92c9cb873506d24b335cc0fd489269df216280be
2021-03-25 07:42:52 +00:00
Inseob Kim
a49e724038 Reland "Build platform side policy with Soong"
This reverts commit d869d02758.

Reason for revert: fixed breakage

The breakage was due to the difference between plat_sepolicy.conf and
microdroid_vendor_sepolicy.conf. Now vendor_sepolicy.conf is built with
se_policy_conf module, so it is synced with plat_sepolicy.conf

Test: boot microdroid with and without SANITIZE_TARGET=address
Change-Id: Ia7d79f5a1eba323b23682d2322a61159dd170441
2021-03-22 13:40:13 +09:00
Inseob Kim
d869d02758 Revert "Build platform side policy with Soong"
This reverts commit 7629e86053.

Reason for revert: broke build

Change-Id: I97dc1ea78901cab62404780e7ee096ad45c0b21b
2021-03-19 07:04:51 +00:00
Inseob Kim
7629e86053 Build platform side policy with Soong
This replaces the following policy files with Android.bp modules:

  - reqd_policy_mask.cil
  - plat_sepolicy.cil
  - system_ext_sepolicy.cil
  - product_sepolicy.cil
  - plat_pub_policy.cil
  - system_ext_pub_policy.cil
  - pub_policy.cil
  - general_sepolicy.conf (for CTS)

Also microdroid's system policy now uses above.

Bug: 33691272
Bug: 178993690
Test: policy files stay same
Test: boot normal device and microdroid, see sepolicy works
Test: build CtsSecurityHostTestCases
Change-Id: I908a33badee04fbbdadc6780aab52e989923ba57
2021-03-18 19:54:35 +09:00
Bob Badour
601ebb43a3 [LSC] Add LOCAL_LICENSE_KINDS to system/sepolicy
Added SPDX-license-identifier-Apache-2.0 to:
  build/Android.bp
  build/soong/Android.bp
  tests/Android.bp
  tools/Android.bp

Added SPDX-license-identifier-Apache-2.0 legacy_unencumbered to:
  Android.bp
  Android.mk
  compat.mk
  contexts_tests.mk
  mac_permissions.mk
  seapp_contexts.mk
  treble_sepolicy_tests_for_release.mk

Added legacy_unencumbered to:
  apex/Android.bp
  tools/sepolicy-analyze/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I1ab286543ef1bdcb494cf74f2b35e35a08225d28
2021-02-05 01:28:24 -08:00
Inseob Kim
8ada8a7c1b Support building mixed versions of sepolicy
Now newer system policy and older vendor policy can be built together by
setting following variables:

- BOARD_SEPOLICY_VERS
- BOARD_REQD_MASK_POLICY (copy of older system/sepolicy/reqd_mask)
- BOARD_PLAT_VENDOR_POLICY (copy of older system/sepolicy/vendor)
- BOARD_(SYSTEM_EXT|PRODUCT)_(PUBLIC|PRIVATE)_PREBUILT_DIRS (copy of
  older system_ext and product policies)

Bug: 168159977
Test: try normal build and mixed build
Test: boot and check selinux denials
Change-Id: Ie239580433ffd293fa6891cd665fb5ef83c0a14f
2021-01-06 10:46:15 +09:00
Bowgo Tsai
72b2acb327 Revert "Android.mk: Enforce SYSTEM_EXT_* vars on API >= 31"
This reverts commit 6c99a6781c.

Reason for revert: build breaks on build test
Bug: 171847597
Test: None

Change-Id: I7d3556aa0f06684b43f80f09e4c8194c6c44336c
2020-10-28 05:04:39 +00:00
Felix Elsner
6c99a6781c Android.mk: Enforce SYSTEM_EXT_* vars on API >= 31
Devices launched with S must use the new variable naming
scheme introduced in If8188feb365eb9e500f2270241fa190a20e9de01
"Android.mk: Support SYSTEM_EXT* sepolicy".

The old variable name
`BOARD_PLAT_{PUBLIC,PRIVATE}_SEPOLICY_DIR` does no longer
accurately reflect its usage and as such is deprecated.

Test: `make selinux_policy` with PRODUCT_SHIPPING_API_LEVEL=26
      `BOARD_PLAT_{PUBLIC,PRIVATE}_SEPOLICY_DIR}` set,
      observe additions in `$(TARGET_COPY_OUT_SYSTEM_EXT)/etc/selinux`
Test: `make selinux_policy` with PRODUCT_SHIPPING_API_LEVEL=31
      `BOARD_PLAT_{PUBLIC,PRIVATE}_SEPOLICY_DIR}` set,
      observe error

Signed-off-by: Felix Elsner <google@ix5.org>
Change-Id: Ic4d1164be611836f6aa697fbf1cb1f1c73a3cd39
2020-10-27 03:30:17 +00:00
Inseob Kim
afc09932f6 Enforce sysprop owner
Every property should have an appropriate owner attribute, which can be
one of: system_property_type, product_property_type, or
vendor_property_type. This will be enforced for devices launching with S
or later. Devices launching with R or eariler can relax this by setting
following under BoardConfig.mk:

BUILD_BROKEN_ENFORCE_SYSPROP_OWNER := true

Bug: 131162102
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I7914ef1b7463c9ec00812b9720094531fd63f0c7
2020-10-19 05:07:05 +00:00
Yiming Jing
8fea06a779 Merge "Expand the scope of sepolicy_freeze_test" 2020-10-14 19:33:43 +00:00
Yiming Jing
d4103eed2b Expand the scope of sepolicy_freeze_test
The existing freeze test only covers the policy files in system/sepolicy
alone. There's demand from product teams that would like to implement a
freeze test for their sepolicy. Instead of letting them fork the freeze
test, we believe expanding the scope of the exising one is in the best
interest.

$FREEZE_TEST_EXTRA_DIRS and $FREEZE_TEST_EXTRA_PREBUILT_DIRS are added.
These build variables could be appended like $PRODUCT_PUBLIC_POLICY. The
product team are expected to maintain their policy prebuilts.

Bug: 166455099
Test: manual
Change-Id: I6f350e1e3db2807be4dbfd0ceb34f0d89f94d629
2020-10-13 22:51:56 +00:00
Treehugger Robot
5b238f9799 Merge "Android.mk: Support SYSTEM_EXT* sepolicy" 2020-10-12 03:49:24 +00:00
Justin Yun
0f722695e0 Create selinux_policy_* for /product and /system_ext
Separate selinux_policy_system_ext and selinux_policy_product from
the selinux_policy_nonsystem module. With this CL,
selinux_policy_nonsystem will include the files for /vendor and /odm
partitions only. It will still include selinux_policy_system_ext and
selinux_policy_product as required modules.

Bug: 170282998
Test: build and check boot
Change-Id: Ie2f646a217ec86ede95caec101622bc530d12cfc
2020-10-07 18:28:47 +09:00
Jooyung Han
9cd0f8e73d Merge "Use file_contexts files for flattened APEXes" 2020-10-06 03:26:14 +00:00
Jooyung Han
0606ce79c9 Use file_contexts files for flattened APEXes
Previously, soong emitted APEX_FILE_CONTEXTS_INFOS make var which lists
"all" APEXes and file_contexts.bin used all of them regardless whether
an APEX is installed or not.

This doesn't work when there's a vendor specific APEX which uses vendor
specific labels. Other lunch target may fail to build due to "unknown
label" which is introduced by the vendor APEX which is fact not supposed
to be installed.

Now build/make/core/Makefile creates file_contexts.modules.tmp which is
a collection of file_contexts for flattend apexes which are to be
intalled.

Bug: 166518492
Test: m file_contexts.bin
      check contents of file_contexts.concat.tmp
Change-Id: I00c6b87bdc75fc1e04e6f8ecddae6f18762d888a
2020-09-23 15:44:11 +00:00
Chris Gross
12c0b247ad Only require compat mapping files if they exist.
Call build_policy when determing which compat mapping files should be
included for a given partition.

Bug: 168637766
Test: Built aosp_bonito-userdebug and saw that the compat mapping files
in product/etc/sepolicy/mapping were no longer present.
Test: Added a test 30.0.cil file to bonito's product private compat
directory and saw that it was present at product/etc/sepolicy/mapping.

Change-Id: I83cc28a159b24c0a2c0717dae461983250ab6c25
2020-09-22 11:55:40 -07:00
Janis Danisevskis
c40681f1b5 Add libselinux keystore_key backend.
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
2020-08-05 16:11:48 +00:00
Felix
8c53a331c3 Android.mk: Support SYSTEM_EXT* sepolicy
The new variable name reflects its actual usage.

Keep compatibility with BOARD_PLAT_* because it has been a
convention for years.

Amend the README to document the new variables.

Test: `make selinux_policy` with
      `SYSTEM_EXT_{PUBLIC,PRIVATE}_SEPOLICY_DIRS` set,
      observe additions in `$(TARGET_COPY_OUT_SYSTEM_EXT)/etc/selinux`

Signed-off-by: Felix <google@ix5.org>
Change-Id: If8188feb365eb9e500f2270241fa190a20e9de01
2020-07-14 21:28:51 +02:00
linpeter
87c7261f0a sepolicy: label vendor_service_contexts as vendor_service_contexts_file
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.

Bug: 154066722

Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
2020-06-15 17:09:46 +08:00
Inseob Kim
ace36abec5 Add 30.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.

Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
2020-05-11 04:32:00 +00:00
Oliver Nguyen
fad5f819e7 Clang coverage also enables global write to /data/misc/trace.
Bug: 143977934
Test: kill -37 <pid>, check for file in /data/misc/trace and no selinux
denials

Change-Id: I0d61f9ed4cae9b27694434521d6a066b22ae5f6c
2019-12-09 16:37:59 -08:00
Jooyung Han
a9324749cc Make file_contexts as "android:path" property
Till now, file_contexts has been treated differently that other input
src files. Now it is tagged as `android:"path"` because it is.

Bug: 144732805
Test: m
Change-Id: I6b22a8d22417b75c5cb8cd3b2e534d67e958b074
2019-11-20 17:54:34 +09:00
Tri Vo
94b0e84094 Merge "sepolicy: build error if non-platform classes present" 2019-10-18 20:21:52 +00:00
Tri Vo
6d6ed352ce Merge "sepolicy: support /system_ext and /product mapping files" 2019-10-16 19:25:36 +00:00
Inseob Kim
e2ef86fc9e Fix treble sysprop neverallow rules on system_ext
Bug: 131162102
Bug: 142684203
Test: m sepolicy_tests
Change-Id: Ib21adee404a1ee7d57bc9ff54f3ae1831cdf3b81
2019-10-16 14:14:12 +09:00
Inseob Kim
ed59c22ffc Add BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW
A new sysprop neverallow rules are mandatory only for devices launching
with R or later. For devices already launched, neverallow rules can be
relaxed with adding following line to BoardConfig.mk:

BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true

Bug: 131162102
Test: Set PRODUCT_SHIPPING_API_LEVEL := 30 and try building with
changing some system_public_prop to system_internal_prop
Test: m cts sepolicy_tests

Change-Id: Id978b4d81a8683a57304bb639961105e2d91fa9a
Merged-In: Id978b4d81a8683a57304bb639961105e2d91fa9a
(cherry picked from commit 3be11e7abb)
2019-10-15 09:25:57 +09:00
Tri Vo
71f12392e3 sepolicy: build error if non-platform classes present
Error out if we detect that there is a security_classes or
access_vectors file outside of system/sepolicy.

Of course, this test can't enforce any requirements, as it's not part of
CTS. But it can still serve as an early signal.

Fixes: 142153384
Test: add access_vectors to device policy, observe build error
Change-Id: Ib94b7f85e184340de8ec7943c8da88a0af3427e8
2019-10-14 21:49:52 +00:00
Tri Vo
6117855015 sepolicy: support /system_ext and /product mapping files
Install mapping files in SYSTEM_EXT_PRIVATE_POLICY and
PRODUCT_PRIVATE_POLICY into /system_ext and /product respectively.

Bug: 141084341
Test: boot taimen
Test: system mapping files are unchanged
Test: create mapping files in device/google/wahoo/sepolicy/ and check
that they are correctly expanded and installed.
Change-Id: I4d251c957b30a16df71eec47c871e24e5fc773a4
2019-10-11 12:32:12 -07:00
Jooyung Han
e2c256cadb Fix file_contexts for flattened apexes
APEX modules can be configured with apex_name and file_contexts
properties.
- apex_name overrides the activation point
  for example, if apex_name is 'foo', it will be flattened under
  /system/apex/foo even if its name is 'bar'.
- file_contexts overrides file_contexts filename
  for example, it file_contexts is 'foo',
  /system/sepolicy/apex/foo-file_contexts should be used even if its
  name is 'bar'.

Previously, file_contexts files for flattened apexes are assumed to have
names like "/system/sepolicy/apex/<apex_name>-file_contexts". But, as
described above, calculating <apex_name> from file entries might be
wrong

Now, it relies on Soong's makevar APEX_FILE_CONTEXTS_INFOS which is list of
<apex_name>:<file_contexts> pairs.

Bug: 123314817
Bug: 142300241
Test: add apex module(foo) with apex_name:bar and file_contexts:baz
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m file_contexts.bin
Test: check intermediate files for file_contexts
Change-Id: I3793c0f01469baaa0ddb1965093a56304a10e99c
2019-10-10 12:51:43 +09:00
Ashwini Oruganti
8491445d63 Merge "Show bug_map links on user builds" 2019-10-07 16:37:35 +00:00
Ashwini Oruganti
76beaface5 Show bug_map links on user builds
Android.mk now includes the SELinux denial metadata on user builds.

Bug: 141695494
Test: Generated a tracked denial on a user build and verified that the
bug number shows up in the logs.

Change-Id: I908c08e0d6542fa248d7c798c20a66027f39c390
2019-10-04 10:28:56 -07:00
Bowgo Tsai
7c4150c5d2 Allowing product sepolicy to be empty
Some targets just need to extend product context files, e.g.,
file_contexts, service_contexts, etc., without adding any
product-specific policy files, e.g., *.te files. Or just need to
add private product sepolicy without adding public product sepolicy.

Currently, this will lead to build errors. This CL allows
product_sepolicy.cil and the product mapping file to be empty.

It's now also possible to just set PRODUCT_PRIVATE_POLICY
without setting PRODUCT_PUBLIC_POLICY.

Bug: 131193755
Test: Only adds product private sepolicy, then `mmma system/sepolicy`
Change-Id: Ifed5af7413b2a1e20a0628518582615708c8c31a
2019-10-04 08:27:58 +00:00
Bowgo Tsai
ac3812518c Allowing system_ext sepolicy to be empty
Some targets just need to extend system_ext context files, e.g.,
file_contexts, service_contexts, etc., without adding any system_ext
policy files, e.g., *.te files.

Currently, this will lead to build errors. This CL allows
system_ext_sepolicy.cil and the system_ext mapping file
to be empty.

It's now also possible to just set BOARD_PLAT_PRIVATE_SEPOLICY_DIR
without setting BOARD_PLAT_PUBLIC_SEPOLICY_DIR.

Bug: 137712473
Bug: 141880898
Test: Only adds system_ext context files without policy files (e.g., *.te),
      then `mmma system/sepolicy` can build pass
Change-Id: I72849f2d4aa43e5296cd15c07a8fd058186a6376
2019-10-04 08:27:39 +00:00
Bowgo Tsai
a3429fcc2b Separate system_ext_mac_permissions.xml out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Test: Moving product sepolicy to system_ext and checks the file contents in
      /system_ext/etc/selinux are identical to previous contents in
      /product/etc/selinux.
Change-Id: I434e7f23a1ae7d01d084335783255330329c44e9
2019-09-26 21:29:36 +08:00
Bowgo Tsai
9823116355 Separate system_ext_service_contexts out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Change-Id: If483e7a99dc07f082dd0ecd0162a54140a3267de
2019-09-26 21:29:30 +08:00
Bowgo Tsai
1864cd02fc Separate system_ext_property_contexts out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Change-Id: I27db30edfd9948675793fdfec19081288f8017eb
2019-09-26 21:29:22 +08:00
Bowgo Tsai
241d36eedd Separate system_ext_hwservice_contexts out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Change-Id: Ic5774da74e200b9d7699ac2240a12e7616dc512a
2019-09-26 21:29:15 +08:00
Bowgo Tsai
7bc47f4ba7 Separate system_ext_seapp_contexts out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Change-Id: I2c2acbcf234861feb39834c867a4eb74c506692d
2019-09-26 21:29:05 +08:00
Bowgo Tsai
86a048d4df Separate system_ext_file_contexts out of system sepolicy.
Bug: 137712473
Test: boot crosshatch
Change-Id: I09f63771d08ad18fb41fca801dd587b086be58c7
2019-09-26 21:28:07 +08:00
Bowgo Tsai
948934bae3 Separate system_ext_sepolicy.cil out of system sepolicy
Currently system sepolicy can be extended via:
  - BOARD_PLAT_PUBLIC_SEPOLICY_DIR
  - BOARD_PLAT_PRIVATE_SEPOLICY_DIR

To support having a single shared core system sepolicy, those
customization should be moved to the newly added system_ext partition.

System-ext-specific sepolicy files will be installed into
/system_ext/etc/selinux/*. system_ext_sepolicy.cil is merged into
precompiled_sepolicy at build-time. In case precompiled_sepolicy can't
be used (e.g. system-only-ota), the init will merge this file with
the rest of the sepolicy at runtime.

Bug: 137712473
Test: boot aosp_crosshatch with system_ext_sepolicy.cil
Test: boot aosp_crosshatch without system_ext_sepolicy.cil
Change-Id: I53984e8a973eff15de0653916203020dbabe9c03
2019-09-26 21:25:53 +08:00
Steven Moreland
1cb64c4f59 PRODUCT_SEPOLICY_SPLIT forces Treble tests to run.
This is the flag for when sepolicy is split. Also removed other
commented-out heuristics around fake-treble. We should aim to remove it
entirely instead.

Fixes: 141348590
Test: build w/ and without adding binder_in_vendor_violators to a vendor
    process (and see the expected error there)

Change-Id: I29fb335cc5b5d6e117d93038fe458b8c74acf321
2019-09-25 15:56:52 +00:00
Dan Willemsen
3c3e59b2a2 Use prebuilt m4 instead of system m4
Bug: 117561006
Test: treehugger
Change-Id: Id794aed10fdffef10490561d2cfeb2a92801b331
2019-06-19 10:59:57 -07:00
Pirama Arumuga Nainar
ce9c0c5a5f In native coverage builds, allow all domains to access /data/misc/trace
Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
2019-06-14 08:31:51 -07:00
Tri Vo
fd3c3e2b2d Use BOARD_VENDOR_SEPOLICY_DIRS instead of BOARD_SEPOLICY_DIRS
bug_map is not picked up correctly when BOARD_VENDOR_SEPOLICY_DIRS is
used. And BOARD_SEPOLICY_DIRS is deprecated.

Test: m selinux_policy
Change-Id: I1dcc6ac6f7b6d0f41f29d5894bef81f3fbf841e6
2019-06-06 17:10:15 -07:00
Tri Vo
50aa029f4b Reland "Add 29.0 mapping files"
Steps taken to produce the mapping files:

1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.

2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.

Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
2019-06-01 17:20:34 -07:00
Jooyung Han
749cf93ae8 Test files on intermediates dir, not on /system
*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.

By being FAKE modules, test files are not installed on target.

Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).

Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
2019-05-30 01:05:43 +09:00
Tri Vo
8043136f7f Revert "Add 29.0 mapping files"
This reverts commit 5702e9d758.

Reason for revert: breaks build

Change-Id: I2a1772545ec4aae8723ecce93c9bf9d49e905986
2019-05-29 01:10:07 +00:00
Tri Vo
5702e9d758 Add 29.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.

2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.

Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I59f6251e9baa6527a358dec024e9fae62388db2b
2019-05-26 14:28:40 -07:00
Jeff Vander Stoep
564e292ae6 Add mechanism for granting permissions to old vendor images
This addresses Treble backwards compat issues introduced in
aosp/793958 and aosp/783669.

Bug: 122874820
Test: build/flash blueline with pi-dev vendor and generic_ab system
    images.
Test: adb pull /sys/fs/selinux/policy;
    sesearch policy --allowx -s vendordomain -t dev_type

Change-Id: Ic2b304472bb88051e03740dc387834056aba641a
2019-05-06 12:32:51 -07:00
Treehugger Robot
b60155aeac Merge "Build contexts files with Soong" 2019-04-25 07:46:19 +00:00
Inseob Kim
b554e594ca Build contexts files with Soong
This is to migrate sepolicy Makefiles into Soong. For the first part,
file_contexts, hwservice_contexts, property_contexts, and
service_contexts are migrated. Build-time tests for contexts files are
still in Makefile; they will also be done with Soong after porting the
module sepolicy.

The motivation of migrating is based on generating property_contexts
dynamically: if we were to amend contexts files at build time in the
future, it would be nicer to manage them in Soong. To do that, building
contexts files with Soong can be very helpful.

Bug: 127949646
Bug: 129377144
Test: 1) Build blueline-userdebug, flash, and boot.
Test: 2) Build blueline-userdebug with TARGET_FLATTEN_APEX=true, flash,
and boot.
Test: 3) Build aosp_arm-userdebug.

Change-Id: I576f6f20686f6f2121204f76657274696d652121
2019-04-25 09:59:28 +09:00
Bowgo Tsai
e763667ee1 Adding userdebug_plat_sepolicy.cil
The userdebug sepolicy will be installed into debug ramdisk.
When the ramdisk is used, the device must be unlocked and init will load
this userdebug version of platform sepolicy to allow adb root.

Bug: 126493225
Test: 'make' and checks that the userdebug sepolicy is in debug ramdisk
Change-Id: I9df514054a86d63449b3ebfd1afdee2aee649418
2019-04-20 06:06:27 +00:00
Jeff Vander Stoep
1ca7a4c8f5 fc_sort: delete c version, migrate to python version
Test: build aosp_blueline-userdebug, run build-time tests
Change-Id: I9c466cd718602e6068ee31abd6de7dbab84f4949
2019-04-11 10:19:16 -07:00
Jeff Vander Stoep
ecd288f41d Android.bp: set sepolicy version for use by init
Init needs to be aware of the policy version defined in sepolicy
for on-device compilation.

Bug: 124499219
Test: build and boot a device. Try both precompiled and on-device
compiled policy.

Change-Id: Iba861aeb4566405aedcbe3c2bad48e1e50126370
2019-03-14 17:49:14 +00:00
Tri Vo
24a5587594 Build product hashes together.
Simplifies our reasoning about product hashes. They are either
present on both sides of the Treble boundary or not.

Might be worth installing all four hashes unconditionally in the future.

Fixes: 123996710
Test: boot taimen, precompiled policy loaded
Change-Id: I749e4b0cc4c85870407a10b7d41a2e2001a75ffb
2019-02-07 10:55:23 -08:00
Tri Vo
9918f28981 Restore P BOARD_PLAT_*_SEPOLICY_DIR behavior
BOARD_PLAT_*_SEPOLICY_DIR extends system sepolicy.

PRODUCT_PUBLIC_SEPOLICY_DIRS and PRODUCT_PRIVATE_SEPOLICY_DIRS now
specify locations of public and private product sepolicy respectively.

Bug: 119305624
Test: m selinux_policy
Change-Id: I48d491f0dd22020d96ff0243142153871d2d6b2b
2019-02-01 11:41:11 -08:00
Jiyong Park
e7fab1859f Label APEX files correctly when TARGET_FLATTEN_APEX=true
When TARGET_FLATTEN_APEX=true, APEX files are not packaged in *.apex
files but flattened to the system partition under /system/apex/<name>
directories. There was a bug that those flattened files are not labeled
because the per-APEX file_contexts were applied only when building
*.apex. Fixing this by converting the file_contexts files so that
/system/apex/<name> path is prepended and applying the generated
file_contexts file for system.img when TARGET_FLATTEN_APEX=true.

Bug: 123314817
Test: TARGET_FLATTEN_APEX=true m
ls -alZ /system/apex/*/* shows that the files are correctly labeled

Change-Id: Ia82740a1da0083d5bcfd71354a6d374d2a918342
2019-01-29 10:07:54 +09:00
Tri Vo
8b3016b5db sepolicy: refactor Android.mk
system/sepolicy/Android.mk has become too large (~2k lines) and hard to
navigate. This patch reorganizes build rules for convenience. No
functional changes are made.

Test: m selinux_policy
Change-Id: I9a022b223b2387a4475da6d8209d561bfea228fb
2019-01-25 18:01:17 +00:00
Tri Vo
4eb68150aa Move selinux_denial_metadata to /vendor.
selinux_denial_metadate is an concatenation of different bug maps on the
device, including vendor one. This file is only used for debugging, so
we simply move it to /vendor instead of splitting it up.

/vendor/etc/selinux/selinux_denial_metadata has vendor_configs_file
selinux type, which is logd readable.

Bug: 5159394
Test: bug information is still preserved in avc logs, e.g.
audit(0.0:248): avc: denied { read } for
name="u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=18012
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=0
b/79617173 app=com.android.systemui
Change-Id: Id5eb9abd3bdeed92feb2aca40880903533468d50
2019-01-25 00:13:59 +00:00
Tri Vo
1824e25b1c Split system and product sepolicy hashes.
We need to be able to tell if /system was updated independently
/product, and vice versa.  Otherwise, the device might accidentally load
the precompiled_policy after a /product sepolicy update.

Also change the name of the hash file to more closely reflect how its
generated.

Bug: 119305624
Test: boot aosp_taimen, precompiled policy is loaded
Test: If either of these hashes
/system/etc/selinux/plat_sepolicy_and_mapping.sha256
/product/etc/selinux/product_sepolicy_and_mapping.sha256
are removed, then init falls back to compiling sepolicy at boot time.
Change-Id: I14af81c8d3c5cb85c01592518e22077a8c8c3e5e
2019-01-23 09:19:35 -08:00
Tri Vo
937e66496d Split mapping file into system and product parts
Both mapping files need to be included when building sepolicy at boot
time.

Bug: 119305624
Test: boot taimen
Test: "cnd" type is declared in /vendor; "dataservice_app" type is
declared in /product. This permission is preserved
"allow cnd dataservice_app:binder { transfer call };"
Change-Id: I138f34208ea05e170defd2b4ef4700ffa81f9573
2019-01-18 16:07:33 -08:00
Tri Vo
e68ba59fb3 Rename plat_pub_policy -> pub_policy
Public policy that is available to vendor (and odm) sepolicy is a
combination of system and product public sepolicy. Since "plat_" prefix
implies a pure system sepolicy component, drop "plat_" prefix from
"plat_pub_policy" to be consistent with naming in this file.

Bug: 119305624
Test: m selinux_policy
Change-Id: Iaf094702556ce97371fa1c58c01d707103d7f7d6
2019-01-18 16:07:33 -08:00
Tri Vo
8a2b65244f Remove obsolete mapping build rules.
Mapping files for previous releases are unconditionally packaged on the
device. No need to account for case when BOARD_SEPOLICY_VERS and
PLATFORM_SEPOLICY_VERSION are different.

Bug: 119305624
Test: m selinux_policy
Change-Id: I36c3c43f96870d9a71adf91c8fb8926587c5a50e
2019-01-18 16:07:33 -08:00
Jeff Vander Stoep
e71f4e0c50 Android.mk: remove some build-log spam
This line always prints when building master branch, it's not
particularly useful.

system/sepolicy/Android.mk:77: warning: BOARD_SEPOLICY_VERS not
specified, assuming current platform version

Test: build
Change-Id: I52f8dc2a77966bc0c21168b1339f3029185e5339
2019-01-18 11:33:57 -08:00
Tri Vo
30207acce0 sepolicy: unify *_contexts file install location
This change installs *_contexts files to the same location on Treble and
non-Treble devices.

This was previously not possible because first stage mount was not
required on all platforms. It is now b/79758715.

Bug: 70851112
Test: m selinux_policy
Change-Id: I8124c59b129aef86d78d2ae4ebcfaecd896032fc
2019-01-14 15:43:45 -08:00
Tri Vo
35650d50a1 Separate product_mac_permissions.xml out of system sepolicy.
Bug: 119305624
Test: normal/recovery boot aosp_taimen

Change-Id: I46da995886ce421bb87e741d577f659426ff79c4
2019-01-08 09:49:30 -08:00
Tri Vo
6ac0896b90 Separate product_service_contexts out of system sepolicy.
Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I15aa275fa658b58f5a5d3e651d164f9fcd87c0af
2019-01-08 09:49:30 -08:00
Tri Vo
3507678d2e Separate product_seapp_contexts out of system sepolicy.
Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ia8d69be16011db8dd63fa41672449a4ade7302c2
2019-01-08 09:49:30 -08:00
Tri Vo
5da7200510 Separate product_property_contexts out of system sepolicy.
Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ib7a29a9f8f23dd917cc25c23c7612f9e4ae36ea0
2019-01-08 09:49:30 -08:00
Tri Vo
ade741635f Separate product_hwservice_contexts out of system sepolicy.
Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I1009745686acd51563378dac56e857be0d60e794
2019-01-08 09:49:30 -08:00
Tri Vo
ebf3eacafe sepolicy: fix mac build
sed "-i" flag on Mac has different syntax than on Linux. Replace use of
sed with grep.

A simple fix like this should suffice for this case, but ideally, we
should maintain our own utils instead of using tools on the host
machine.

Fixes: 121235932
Test: m selinux_policy
Change-Id: I46c3bdb90bf7de48d2c942b15a65ce82ae3041c5
2018-12-19 20:28:14 +00:00
Tri Vo
3361ec4358 Separate product_file_contexts out of system sepolicy.
Bug: 119305624
Test: boot blueline
Change-Id: I3ecdeab3bb33c3cb5e80dc10ba1079c9853048f8
2018-12-18 20:01:18 -08:00
Tri Vo
75887dd5af Separate product_sepolicy.cil out of system sepolicy
Product-specific sepolicy will be installed into /product/etc/selinux/*.
This change separates out /product/etc/selinux/product_sepolicy.cil out
of system sepolicy.

This file is merged into precompiled_sepolicy at build-time. In case
precompiled_sepolicy can't be used (e.g. system-only-ota), init wll
merge this file with the rest of the sepolicy at runtime.

I left TODOs to separate other product-specific SELinux artifacts out of
system.

Bug: 119305624
Test: boot aosp_taimen with product_sepolicy.cil
Test: build selinux_policy for aosp_arm64; no product_sepolicy.cil
produced
Change-Id: Idb84a1c8ceb2de78f1460d954497c53fed08935f
2018-12-18 10:42:09 -08:00
Tri Vo
d57789fde8 Replace "grep -f" with python util.
grep can potentially run out of memory on Mac builds for large input
files. So we add a python util to handle filtering out files.

We will also need this util to filter plat_sepolicy.cil out of
product_sepolicy.cil

Bug: 119305624
Test: boot aosp_taimen
Change-Id: I61cd68f407ea5de43a06bf522a5fc149e5067e8c
2018-12-17 16:57:57 -08:00
Tri Vo
5dbaa245e9 Add BOARD_ODM_SEPOLICY_DIRS to neverallow checks.
It doesn't seem like any of our (Google's) devices use
BOARD_ODM_SEPOLICY_DIRS, but this will be helpful for partners.

Also, use BOARD_VENDOR_SEPOLICY_DIRS instead BOARD_SEPOLICY_DIRS for
readability.

Bug: n/a
Test: m selinux_policy
Change-Id: I23f64a24d51ccdb8aa616d0fd8a06d70b6efed32
2018-12-13 13:41:41 -08:00
Anton Hansson
4537587a68 Remove duplicated LOCAL_REQUIRED_MODULES
All these modules are being unconditionally added to
LOCAL_REQUIRED_MODULES a few lines down.

Test: make
Change-Id: I474c5d41e1a6dd34fd2c2f2d10299048df4c2b70
2018-12-06 15:38:16 +00:00
Nick Kralevich
94c88932d8 Add compile time check for expanded attribute neverallow failure
The SELinux policy language supports an expandattribute statement.
Similar to the C "inline" declaration, this expands the permissions
associated with types, instead of using the attribute directly. Please
see
1089665e31
for more detail on this language option.

Expansion of attributes causes consistency problems with CTS. If a
neverallow rule exists which refers to an expanded attribute, the CTS
neverallow test will fail, because the policy does not have the
attribute embedded in it. Examples:

  * b/119783042 (fixed in 536d3413b8)
  * b/67296580 (fixed in 6f7e8609f9)
  * b/63809360 (fixed in 89f215e6a0)
  etc...

Instead of waiting for the CTS test to fail, modify the Android.mk file
so that we do checks similar to CTS. This allows us to fail at compile
time instead of waiting for a CTS bug. For example, for b/119783042,
instead of the compile succeeding, it will now fail with the following
error message:

  [ 70% 190/268] build out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
  FAILED: out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
  /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c
  30 -o out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/policy.conf ) &&
  (out/host/linux-x86/bin/sepolicy-analyze
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  neverallow -w -f out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/policy_2.conf
  || 	  ( echo \"\" 1>&2; echo \"sepolicy-analyze failed. This is most likely due to the use\" 1>&2;
  echo \"of an expanded attribute in a neverallow assertion. Please fix\" 1>&2;
  echo \"the policy.\" 1>&2; exit 1 ) ) &&
  (touch out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp )
  && (mv out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows )"
  libsepol.report_failure: neverallow violated by allow vold hal_bootctl_default:binder { call };
  libsepol.check_assertions: 1 neverallow failures occurred

  sepolicy-analyze failed. This is most likely due to the use
  of an expanded attribute in a neverallow assertion. Please fix
  the policy.
  15:44:27 ninja failed with: exit status 1

Test: Revert 536d3413b8 and verify compile
      fails as above.
Test: Compile succeeds
Bug: 119783042

Change-Id: I5df405b337bb744b838dadf53a2234d8ed94bf39
2018-11-27 15:44:31 -08:00
Nick Kralevich
6b2a4aeacf use tmpfile during build
During the build process, use a temporary file until we've determined
that every step of the build process has completed. Failure to do this
may cause subsequent invocations of the make command to improperly
assume that this step ran to completion when it didn't.

Test: code compiles.
Change-Id: I9a28e653e33b61446a87278975789376769bcc6a
2018-11-26 14:29:06 -08:00
Nick Kralevich
d9047e66c7 Remove obsolete BOARD_SEPOLICY_REPLACE / BOARD_SEPOLICY_IGNORE
Commit b4f17069b3 ("sepolicy:  Drop
BOARD_SEPOLICY_IGNORE/REPLACE support.", Mar 2015) made it a compile
time failure to use BOARD_SEPOLICY_REPLACE or BOARD_SEPOLICY_IGNORE.
As these restrictions have been in place since 2015, we can safely
assume all usages of this have been cleaned up, and there is no further
need to check for this.

8 lines deleted from Android.mk, 1720 lines to go.

Test: compiles.
Change-Id: I23249e4b2e9ec83cb6356a6c5a6e187ae1fc9744
2018-11-20 09:35:26 -08:00
Mustafa Yigit Bilgen
1cffee68b2 Use LOCAL_ADDITIONAL_M4DEFS for file_contexts
Pass LOCAL_ADDITIONAL_M4DEFS to m4 when building vendor_file_contexts
and odm_file_contexts. The build command attempts to use
PRIVATE_ADDITIONAL_M4DEFS - but this is not set in the target-specific
variables.

This allows using custom M4 macros when building non-platform
file_contexts.

Change-Id: I5fa8d9ec91f1a97bee1dd735ba85af93eef91252
2018-11-07 18:03:31 -08:00
Tri Vo
95cfd6904a Unconditionally test mapping files.
Part of an effort to remove Treble-specifics in the way be build
sepolicy.

Fixes: 64541653
Test: m selinux_policy for aosp_arm64
Change-Id: I9e42c720018674e7d3a6c47e01995401c4e748a7
2018-10-08 10:21:12 -07:00
Tri Vo
e3f4f77d39 Don't require private types in mapping file.
Private types are not visible to vendor/odm policy, so we don't need mapping
entries for them.

We build platform-only public policy .cil file and give it as input to
treble_sepolicy_tests. Using this public policy the test can now figure out if
the newly added type in public or private.

Bug: 116344577
Test: adding public type triggers mapping test failure, adding private type does
not.
Change-Id: I421f335e37274b24aa73109e260653d7b73788b5
2018-09-28 17:22:25 -07:00
huangyanjun
250957202f Fix building error for multi-line dontaudit statement
All the *.conf.dontaudit files are generated from *.conf
with the command of 'sed '/dontaudit/d' $@ > $@.dontaudit',
but this command can not be applied to multi-line dontaudit statement.

Test: Set plat_policy.conf.dontaudit as the input_file parameter of
checkpolicy tool, then selinux syntax error will occur during building.

Change-Id: I281de923d8a5f0b46256ec7de4df12a1c1d7e061
2018-09-26 20:42:27 +08:00
Nick Kralevich
1b2ea497aa Android.mk: conditional compilation of odm_sepolicy.cil
Do not attempt to build odm_sepolicy.cil if BOARD_ODM_SEPOLICY_DIRS is
not defined. Attempting to do so will create an empty file, which causes
build problems when
0c6ea1e812
is applied.

Test: "cd system/sepolicy && mma -j55" succeeds
Test: "make checkbuild" succeeds
Change-Id: Iefc458bddff3d08e5fcb86f8be3cad16d7e36e73
2018-09-25 11:03:48 -07:00
Nick Kralevich
764cbd063e m4: add --fatal-warnings
Error out if m4 generates a warning. This will help detect and prevent
malformed macros.

See 855084960f for motivation.

Test: policy compiles
Test: Policy doesn't compile if 855084960f
      is reverted.

Change-Id: Iee6b6273bc2a24b1220861fd662573e76001defc
2018-08-15 09:55:27 -07:00
Mark Salyzyn
9b398f3fb7 fs_mgr: add overlayfs handling for squashfs system filesystems
/cache/overlay directory in support of overlayfs mounts on userdebug
and eng devices.  Overlayfs in turn can be capable of supporting
adb remount for read-only or restricted-storage filesystems like
squashfs or right-sized (zero free space) system partitions
respectively.

Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I3ece03886db7cc97f864497cf93ec6c6c39bccd1
2018-08-08 07:33:10 -07:00
Jae Shin
1fa9634896 Add mapping files for 28.0.[ignore.]cil
Steps taken to produce the mapping files:

1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng

2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.

Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
2018-07-18 20:08:38 -07:00
Anton Hansson
8cfe1e6128 Split selinux_policy module into two.
Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.

The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.

Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)

Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260
2018-07-03 14:04:20 +01:00
Tri Vo
77c44fc420 Mechanism to exclude neverallows from *TS.
build_test_only is used to denote rules that should not verified
as part of compliance testing.

Use this macro to exclude neverallow rules which we want to check as
part of build, but not CTS.

Bug: 80499271
Test: SELinuxNeverallowRulesTest on walleye has no more failure of type
"Type or attribute * used in neverallow undefined in policy being checked."
Number of failing test cases is reduced by 142.
Test: policy.conf used to check neverallows at build-time still retains
all neverallow rules.
Change-Id: I5f1b383d9096bb5a7b8c0f1bc008b5dd07419580
2018-06-06 14:51:39 -07:00
Joel Galenson
98f83b67cc Exclude bug_map from the sepolicy_freeze_test.
The bug_map file is only used whitelisting known test failures.  It
needs to change fairly often to fix new failures and it doesn't affect
users, so it shouldn't matter if it diverges from prebuilts.

Test: Enable this test and build with and without different bug_maps.
Change-Id: I9176a6c7e9f7852a0cd7802fd121b1e86b216b22
2018-05-22 09:22:41 -07:00
Pavel Maltsev
fdec2530ef Allow to specify platform sepolicy dir mult. times
For automotive (and I assume for other verticals) it make sense to keep
vertical-specific policies outside of /system/sepolicy as those not used
by the phones. However, there's no way to do it rather than using
BOARD_PLAT_{PUBLIC|PRIVATE}_SEPOLICY_DIR build variables.

Bug: 70637118
Test: lunch device && m
Test: verify it builds, boots and logs seems to be reasonable
Test: enable full treble for aosp_car_x86 - verify it builds, boots and
no denials in the logs

Change-Id: Ia5fd847f7a6152ff6cf99bbbc12e1e322f7946ab
(cherry picked from commit 34f233640a)
2018-05-16 13:12:09 -07:00
Tri Vo
1f4a28b159 Always build system and vendor policies (and related artifacts).
Part of an effort to remove Treble-specifics from the way be build
sepolicy.

Bug: 70851112
Test: build and boot bullhead.
Change-Id: I236f031e1b017875fb1afcc4f1b201699139516a
2018-05-09 14:00:54 -07:00