This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
- BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy
Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.
Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
When building userdebug or eng builds, we still want to build the user
policy when checking neverallow rules so that we can catch compile
errors.
Commit c0713e86 split out a helper function but lost one instance of
using user instead of the real variant. This restores that one and
adds it to the neverallow check.
Bug: 74344625
Test: Added a rule that referred to a type defined only
in userdebug and eng and ensure we throw a compile error when building
userdebug mode.
Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
(cherry picked from commit 053cb34130)
The intent of this flag is to disable tests during early device
bringup so that vendor drops can occur without build breakages.
When SELINUX_IGNORE_NEVERALLOWS=true also disable labeling tests
sepolicy_tests, and treble_sepolicy_tests.
Bug: 73322735
Test: build, verify known tests failures do not cause build breakage.
Change-Id: I3e7165938d4e34c066bfa0a20e68b7e02dae4a24
This is a list of sepolicy versions that the framework supports.
Test: builds and boots
Bug: 67920434
Change-Id: I0f408fa3967214b47a64101760dbbb2542023dcf
The feature of compatible property has its own neverallow rules and it
is enforced on devices launchig with Android P.
This CL changes hal_nfc to hal_nfc_server in neverallow rules because
sepolicy-analyze doesn't recognize it. Additionally one more neverallow
rule is added to restrict reading nfc_prop.
Bug: 72013705
Bug: 72678352
Test: 'run cts -m CtsSecurityHostTestCases' on walleye with
ro.product.first_api_level=28
Change-Id: I753cc81f7ca0e4ad6a2434b2a047052678f57671
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.
The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.
Bug: 64240127
Test: build bullhead/taimen
Change-Id: Ie0ae4fc5256a550c72954cde5d5dd213a22d159a
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot bullhead/taimen
Change-Id: Iea2210c9c8ab30c9ecbcd8146f074e76e90e6943
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.
The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.
Bug: 64240127
Test: build and boot a device
Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil
is the same as before
Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
This patch adds a flag that can be used to ignore neverallow rules.
By adding
SELINUX_IGNORE_NEVERALLOWS := true
into the BoardConfig.mk file, neverallow violations will be ignored
silently. This flag can only be enabled on userdebug and eng builds.
Users of this flag should be very careful. Since it does not work on
user builds, it must be disabled to pass CTS, and enabling it for
too long could hide issues that need to be addressed.
As a happy side effect, this patch should also improve the error
messages when violating a neverallow rules. Specifically, the file
and line number should be correct.
Bug: 70950899
Bug: 33960443
Test: Built walleye-{user,eng} with and without this new option and
a neverallow violation. Built policy for all targets.
Change-Id: Id0d65123cdd230d6b90faa6bb460d544054bb906
This CL lists all the exported platform properties in
private/exported_property_contexts.
Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.
Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.
Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
1) fc_sort is not needed as there is no reason to sort system
properties, so this is removed and replaced with a simply copy
2) Use the new property_info_checker instead of checkfc for
validating property information. This supports exact match
properties and will be extended to verify property schemas in the
future.
Bug: 36001741
Test: verify bullhead's property contexts correct
Test: verify faulty property contexts result in failures
Change-Id: Id9bbf401f385206e6907449a510e3111424ce59e
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: I53a9715b2f9ddccd214f4cf9ef081ac426721612
PRODUCT_FULL_TREBLE is being broken up into smaller,
more manageable components.
Bug: 62019611
Test: manual
Change-Id: I9b65f120851d9ea134a0059a417f0282777717fc
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
(cherry-pick of commit: 03596f28a4)
Bug: 66358348
Test: File is included on system image.
Change-Id: Ie694061d08acf17453feb596480e42974f8c714c
Allows partners to add a new attribute definition to their public
policy without causing a compatibility failure with the AOSP system
image.
Bug: 67092827
Bug: 37915794
Test: build and boot aosp_sailfish with new type declared in public
policy
Change-Id: I015c26fa7c399423e8a6e7079b5689007d031479
FAILED:
out/target/product/sailfish/obj/ETC/treble_sepolicy_tests_intermediates/treble_sepolicy_tests
Error: library-path out/host/darwin-x86/lib64/libsepolwrap.so
does not exist
Note, fixing here instead of reverting to avoid reverting
changes in CTS.
Test: ctate testing on Mac
Change-Id: I95f483b152d9bece1a16267cbc49eedb1f902990
Bug: 37008075
Test: build, all tests pass. Modify some attributes locally to
cause tests to fail (verify that they are actually working).
Change-Id: If9f9ece61dff835f38ef9c8a57f5a7baddbae5cd
This is a necessary for enforcing these tests in CTS.
Bug: 37008075
Test: build
Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
(cherry picked from commit 8d614b3f81)
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
(cherry-pick of commit: 03596f28a4)
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
sort respects locale settings, so the value of LC_ALL can affect
how sort orders things. This can cause labeling issues.
More information on locale and sort can be found via:
* locale(1) - man 1 locale
* sort(1) - man 1 sort
* https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28539
Rather than deal with this locale setting use fc_sort on
property contexts. This also has the side-effect of
stripping comments, and thus sed can be dropped.
Test: This was tested by:
* comparing outputs to previous runs
* compile tested *only*.
Change-Id: I1e1eb4dff76f717b5f82f697e677a108abb69892
Signed-off-by: William Roberts <william.c.roberts@intel.com>
sort respects locale settings, so the value of LC_ALL can affect
how sort orders things. Issues have surfaced when CTS build
servers locale differs from image build server locale. And thus
the prologue of property_contexts differs with what CTS was
expecting.
More information on locale and sort can be found via:
* locale(1) - man 1 locale
* sort(1) - man 1 sort
* https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28539
Rather than deal with this locale setting use fc_sort on
property contexts. This also has the side-effect of
stripping comments, and thus sed can be dropped.
Test: This was tested by:
* comparing outputs to previous runs
* booting the x86-64 emulator
Change-Id: I144ef549cc11d9c61849ffc0e1b1b000f1b8d1a8
Signed-off-by: William Roberts <william.c.roberts@intel.com>
