Commit graph

19 commits

Author SHA1 Message Date
Jeff Vander Stoep
cc541a80c3 searchpolicy depends on FcSort
Bug: 77965486
Test: run cts -m CtsSecurityHostTestCases -t
    android.cts.security.FileSystemPermissionTest#testDevHwRandomPermissions

Change-Id: Ib5965649e9b2b4bb0259383374dfac76cc0a8bd5
2018-04-24 11:03:22 -07:00
Tri Vo
7698c72f35 Test that /proc files have proc_type attribute.
Bug: 74182216
Test: build sailfish, walleye, etc policy
Change-Id: Ia1c6b67ac93ed6e88c50c1527b48275365bf5fd5
Merged-In: Ia1c6b67ac93ed6e88c50c1527b48275365bf5fd5
(cherry picked from commit 4c80c2caa8)
2018-04-03 13:08:08 -07:00
Jeff Vander Stoep
5cfbf08fdb Assert types labeled in genfs_contexts have correct attributes
Types in sysfs should have the sysfs_type attribute, types in
debugfs and tracefs should have the debugfs_type attribute.

TODO: Test that files in procfs have the proc_type attribute.
TODO: Assert these tests in CTS.

Bug: 74182216
Test: build - these are build-time tests.
Change-Id: Icf0ff2a26c05f94da421ba23df0b92d8eef906bf
Merged-In: Icf0ff2a26c05f94da421ba23df0b92d8eef906bf
(cherry picked from commit 1b8284444c)
2018-04-03 12:15:48 -07:00
Tri Vo
2aa8fbc1d2 Merge "Silence expandtypeattribute build-time warning." am: 969d8cc4dd am: e5017318c6
am: 067bc406fa

Change-Id: I3c71ec9699fae580c374c6e22eb2eae62a2d49b1
2018-02-28 02:08:11 +00:00
Jeff Vander Stoep
55d5e28472 Improve data separation test coverage
To areas need better coverage:
1. Tests are not verifying that files in /data/vendor do not have the
core_data_file_type attribute.
2. No error is thrown if a type lives in both /data/vendor
/data/<not vendor>.

Bug: 72998741
Test: build all selinux policies on master (assert build time tests)
Test: build and boot Marlin and Taimen, verify no selinux denials and
    everything works as expected.

Change-Id: I133a068123139a599b9b81ddcc254616894621eb
2018-02-13 11:01:57 -08:00
Tri Vo
19047a6a32 Silence expandtypeattribute build-time warning.
treble_sepolicy_tests emit during build time warnings for
expandtypeattribute statements in the mapping file.
Silence those warning.

Bug: 72757373
Test: build sepolicy
Change-Id: Ia40d80d8172c96c75854d2e1ec0d284ea0724b5c
2018-02-07 12:59:38 -08:00
Bowgo Tsai
afbcf21bfb Renames nonplat_* to vendor_*
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot bullhead/taimen
Change-Id: Iea2210c9c8ab30c9ecbcd8146f074e76e90e6943
2018-02-05 18:21:55 +08:00
Jeff Vander Stoep
ccf965e9ca Test that /data is properly labeled
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.

Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.

Test: build sepolicy for all targets in master (this is a build time
    test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d)
2018-01-30 10:11:38 -08:00
Tom Cherry
9c778045b2 Remove vendor_init from coredomain
vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.

Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6
2018-01-29 18:07:41 +00:00
Jeff Vander Stoep
e63686011b Fix error message format
"/n" --> "\n"

Fixes: 72225980
Test: build (this is a build test)
Change-Id: Iffd7241b4d7b9b429fff34dc2e25baad32d8008d
2018-01-19 15:00:41 -08:00
Tri Vo
30c3c2a85c Files under /vendor must have attribute vendor_file_type.
Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785
2018-01-12 00:05:41 +00:00
Jeff Vander Stoep
fe0910c9ad Prepare treble_sepolicy_tests for inclusion in CTS
Unconditionally compile treble_sepolicy_tests. Make compat
files conditional on running the compat tests.

Bug: 37008075
Test: build
Change-Id: Ib3aee6e93d285ca141803a13958fbcb38b891b68
2017-11-20 22:29:38 +00:00
Jeff Vander Stoep
3ca843a57d Prepare python tests to be run in CTS
Bug: 37008075
Test: build, all tests pass. Modify some attributes locally to
    cause tests to fail (verify that they are actually working).
Change-Id: If9f9ece61dff835f38ef9c8a57f5a7baddbae5cd
2017-10-04 19:46:12 +00:00
Jeff Vander Stoep
e9777e3402 Move python sepolicy tests to embedded launcher
This is a necessary for enforcing these tests in CTS.

Bug: 37008075
Test: build
Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
(cherry picked from commit 8d614b3f81)
2017-10-04 17:09:30 +00:00
Dan Cashman
91d398d802 Sync internal master and AOSP sepolicy.
Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
2017-09-26 14:38:47 -07:00
Jeff Vander Stoep
a7d2c5bf17 Move python scripts to python_binary_host build rule
Fixes: 65263013
Test: build
Merged-In: I0ec412481c5990927fcbee7c4303bee2da876210
Change-Id: I0a5b9a80e988fcd16a29807ed83b2c65bba9000f
2017-09-23 14:45:02 -07:00
Dan Willemsen
948354abb9 Fix libsepolwrap with SANITIZE_HOST=address
Test: SANITIZE_HOST=true m treble_sepolicy_tests
Change-Id: I9190dc06715bbbac8a267a143801f99f911decf3
2017-09-01 14:08:46 -07:00
Jeff Vander Stoep
1fc0682ec6 Run Treble sepolicy tests at build time
Bug: 37008075
Test: build policy on Marlin
Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544
(cherry picked from commit e1ddc6df75)
2017-06-05 08:09:32 -07:00
Jeff Vander Stoep
bdfc0301a1 Verify correct application of labels and attributes
With project Treble, we're relying heavily on attributes for
permission inheritance and enforcement of separation between
platform and vendor components.

We neead tests that verify those attributes are correctly applied.
This change adds the framework for those tests including a wrapper
around libsepol for loading and querying policy, and a python module
for running tests on policy and file_contexts.

Included with the testing framework is a test asserting that the
coredomain attribute is only applied to core processes. This
verification is done using the following rules:
1. Domain's entrypoint is on /system - coredomain
2. Domain's entrypoint is on /vendor - not coredomain
3. Domain belongs to a whitelist of known coredomains - coredomain

In a subsequent commit these tests will be applied at build time.
However, I first need to fix existing Treble violations exposed by
this test. These tests will also be applied during CTS.

Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \
    treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \
    -f $OUT/vendor/etc/selinux/nonplat_file_contexts \
    -f $OUT/system/etc/selinux/plat_file_contexts
Bug: 37008075
Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9
(cherry picked from commit 0366afdf14)
2017-06-05 08:09:05 -07:00