Commit graph

346 commits

Author SHA1 Message Date
Tri Vo
ebf3eacafe sepolicy: fix mac build
sed "-i" flag on Mac has different syntax than on Linux. Replace use of
sed with grep.

A simple fix like this should suffice for this case, but ideally, we
should maintain our own utils instead of using tools on the host
machine.

Fixes: 121235932
Test: m selinux_policy
Change-Id: I46c3bdb90bf7de48d2c942b15a65ce82ae3041c5
2018-12-19 20:28:14 +00:00
Tri Vo
3361ec4358 Separate product_file_contexts out of system sepolicy.
Bug: 119305624
Test: boot blueline
Change-Id: I3ecdeab3bb33c3cb5e80dc10ba1079c9853048f8
2018-12-18 20:01:18 -08:00
Tri Vo
75887dd5af Separate product_sepolicy.cil out of system sepolicy
Product-specific sepolicy will be installed into /product/etc/selinux/*.
This change separates out /product/etc/selinux/product_sepolicy.cil out
of system sepolicy.

This file is merged into precompiled_sepolicy at build-time. In case
precompiled_sepolicy can't be used (e.g. system-only-ota), init wll
merge this file with the rest of the sepolicy at runtime.

I left TODOs to separate other product-specific SELinux artifacts out of
system.

Bug: 119305624
Test: boot aosp_taimen with product_sepolicy.cil
Test: build selinux_policy for aosp_arm64; no product_sepolicy.cil
produced
Change-Id: Idb84a1c8ceb2de78f1460d954497c53fed08935f
2018-12-18 10:42:09 -08:00
Tri Vo
d57789fde8 Replace "grep -f" with python util.
grep can potentially run out of memory on Mac builds for large input
files. So we add a python util to handle filtering out files.

We will also need this util to filter plat_sepolicy.cil out of
product_sepolicy.cil

Bug: 119305624
Test: boot aosp_taimen
Change-Id: I61cd68f407ea5de43a06bf522a5fc149e5067e8c
2018-12-17 16:57:57 -08:00
Tri Vo
5dbaa245e9 Add BOARD_ODM_SEPOLICY_DIRS to neverallow checks.
It doesn't seem like any of our (Google's) devices use
BOARD_ODM_SEPOLICY_DIRS, but this will be helpful for partners.

Also, use BOARD_VENDOR_SEPOLICY_DIRS instead BOARD_SEPOLICY_DIRS for
readability.

Bug: n/a
Test: m selinux_policy
Change-Id: I23f64a24d51ccdb8aa616d0fd8a06d70b6efed32
2018-12-13 13:41:41 -08:00
Anton Hansson
4537587a68 Remove duplicated LOCAL_REQUIRED_MODULES
All these modules are being unconditionally added to
LOCAL_REQUIRED_MODULES a few lines down.

Test: make
Change-Id: I474c5d41e1a6dd34fd2c2f2d10299048df4c2b70
2018-12-06 15:38:16 +00:00
Nick Kralevich
94c88932d8 Add compile time check for expanded attribute neverallow failure
The SELinux policy language supports an expandattribute statement.
Similar to the C "inline" declaration, this expands the permissions
associated with types, instead of using the attribute directly. Please
see
1089665e31
for more detail on this language option.

Expansion of attributes causes consistency problems with CTS. If a
neverallow rule exists which refers to an expanded attribute, the CTS
neverallow test will fail, because the policy does not have the
attribute embedded in it. Examples:

  * b/119783042 (fixed in 536d3413b8)
  * b/67296580 (fixed in 6f7e8609f9)
  * b/63809360 (fixed in 89f215e6a0)
  etc...

Instead of waiting for the CTS test to fail, modify the Android.mk file
so that we do checks similar to CTS. This allows us to fail at compile
time instead of waiting for a CTS bug. For example, for b/119783042,
instead of the compile succeeding, it will now fail with the following
error message:

  [ 70% 190/268] build out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
  FAILED: out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
  /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c
  30 -o out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/policy.conf ) &&
  (out/host/linux-x86/bin/sepolicy-analyze
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  neverallow -w -f out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/policy_2.conf
  || 	  ( echo \"\" 1>&2; echo \"sepolicy-analyze failed. This is most likely due to the use\" 1>&2;
  echo \"of an expanded attribute in a neverallow assertion. Please fix\" 1>&2;
  echo \"the policy.\" 1>&2; exit 1 ) ) &&
  (touch out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp )
  && (mv out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp
  out/target/product/crosshatch/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows )"
  libsepol.report_failure: neverallow violated by allow vold hal_bootctl_default:binder { call };
  libsepol.check_assertions: 1 neverallow failures occurred

  sepolicy-analyze failed. This is most likely due to the use
  of an expanded attribute in a neverallow assertion. Please fix
  the policy.
  15:44:27 ninja failed with: exit status 1

Test: Revert 536d3413b8 and verify compile
      fails as above.
Test: Compile succeeds
Bug: 119783042

Change-Id: I5df405b337bb744b838dadf53a2234d8ed94bf39
2018-11-27 15:44:31 -08:00
Nick Kralevich
6b2a4aeacf use tmpfile during build
During the build process, use a temporary file until we've determined
that every step of the build process has completed. Failure to do this
may cause subsequent invocations of the make command to improperly
assume that this step ran to completion when it didn't.

Test: code compiles.
Change-Id: I9a28e653e33b61446a87278975789376769bcc6a
2018-11-26 14:29:06 -08:00
Nick Kralevich
d9047e66c7 Remove obsolete BOARD_SEPOLICY_REPLACE / BOARD_SEPOLICY_IGNORE
Commit b4f17069b3 ("sepolicy:  Drop
BOARD_SEPOLICY_IGNORE/REPLACE support.", Mar 2015) made it a compile
time failure to use BOARD_SEPOLICY_REPLACE or BOARD_SEPOLICY_IGNORE.
As these restrictions have been in place since 2015, we can safely
assume all usages of this have been cleaned up, and there is no further
need to check for this.

8 lines deleted from Android.mk, 1720 lines to go.

Test: compiles.
Change-Id: I23249e4b2e9ec83cb6356a6c5a6e187ae1fc9744
2018-11-20 09:35:26 -08:00
Mustafa Yigit Bilgen
1cffee68b2 Use LOCAL_ADDITIONAL_M4DEFS for file_contexts
Pass LOCAL_ADDITIONAL_M4DEFS to m4 when building vendor_file_contexts
and odm_file_contexts. The build command attempts to use
PRIVATE_ADDITIONAL_M4DEFS - but this is not set in the target-specific
variables.

This allows using custom M4 macros when building non-platform
file_contexts.

Change-Id: I5fa8d9ec91f1a97bee1dd735ba85af93eef91252
2018-11-07 18:03:31 -08:00
Tri Vo
95cfd6904a Unconditionally test mapping files.
Part of an effort to remove Treble-specifics in the way be build
sepolicy.

Fixes: 64541653
Test: m selinux_policy for aosp_arm64
Change-Id: I9e42c720018674e7d3a6c47e01995401c4e748a7
2018-10-08 10:21:12 -07:00
Tri Vo
e3f4f77d39 Don't require private types in mapping file.
Private types are not visible to vendor/odm policy, so we don't need mapping
entries for them.

We build platform-only public policy .cil file and give it as input to
treble_sepolicy_tests. Using this public policy the test can now figure out if
the newly added type in public or private.

Bug: 116344577
Test: adding public type triggers mapping test failure, adding private type does
not.
Change-Id: I421f335e37274b24aa73109e260653d7b73788b5
2018-09-28 17:22:25 -07:00
huangyanjun
250957202f Fix building error for multi-line dontaudit statement
All the *.conf.dontaudit files are generated from *.conf
with the command of 'sed '/dontaudit/d' $@ > $@.dontaudit',
but this command can not be applied to multi-line dontaudit statement.

Test: Set plat_policy.conf.dontaudit as the input_file parameter of
checkpolicy tool, then selinux syntax error will occur during building.

Change-Id: I281de923d8a5f0b46256ec7de4df12a1c1d7e061
2018-09-26 20:42:27 +08:00
Nick Kralevich
1b2ea497aa Android.mk: conditional compilation of odm_sepolicy.cil
Do not attempt to build odm_sepolicy.cil if BOARD_ODM_SEPOLICY_DIRS is
not defined. Attempting to do so will create an empty file, which causes
build problems when
0c6ea1e812
is applied.

Test: "cd system/sepolicy && mma -j55" succeeds
Test: "make checkbuild" succeeds
Change-Id: Iefc458bddff3d08e5fcb86f8be3cad16d7e36e73
2018-09-25 11:03:48 -07:00
Nick Kralevich
764cbd063e m4: add --fatal-warnings
Error out if m4 generates a warning. This will help detect and prevent
malformed macros.

See 855084960f for motivation.

Test: policy compiles
Test: Policy doesn't compile if 855084960f
      is reverted.

Change-Id: Iee6b6273bc2a24b1220861fd662573e76001defc
2018-08-15 09:55:27 -07:00
Mark Salyzyn
9b398f3fb7 fs_mgr: add overlayfs handling for squashfs system filesystems
/cache/overlay directory in support of overlayfs mounts on userdebug
and eng devices.  Overlayfs in turn can be capable of supporting
adb remount for read-only or restricted-storage filesystems like
squashfs or right-sized (zero free space) system partitions
respectively.

Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I3ece03886db7cc97f864497cf93ec6c6c39bccd1
2018-08-08 07:33:10 -07:00
Jae Shin
1fa9634896 Add mapping files for 28.0.[ignore.]cil
Steps taken to produce the mapping files:

1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng

2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.

Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
2018-07-18 20:08:38 -07:00
Anton Hansson
8cfe1e6128 Split selinux_policy module into two.
Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.

The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.

Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)

Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260
2018-07-03 14:04:20 +01:00
Tri Vo
77c44fc420 Mechanism to exclude neverallows from *TS.
build_test_only is used to denote rules that should not verified
as part of compliance testing.

Use this macro to exclude neverallow rules which we want to check as
part of build, but not CTS.

Bug: 80499271
Test: SELinuxNeverallowRulesTest on walleye has no more failure of type
"Type or attribute * used in neverallow undefined in policy being checked."
Number of failing test cases is reduced by 142.
Test: policy.conf used to check neverallows at build-time still retains
all neverallow rules.
Change-Id: I5f1b383d9096bb5a7b8c0f1bc008b5dd07419580
2018-06-06 14:51:39 -07:00
Joel Galenson
98f83b67cc Exclude bug_map from the sepolicy_freeze_test.
The bug_map file is only used whitelisting known test failures.  It
needs to change fairly often to fix new failures and it doesn't affect
users, so it shouldn't matter if it diverges from prebuilts.

Test: Enable this test and build with and without different bug_maps.
Change-Id: I9176a6c7e9f7852a0cd7802fd121b1e86b216b22
2018-05-22 09:22:41 -07:00
Pavel Maltsev
fdec2530ef Allow to specify platform sepolicy dir mult. times
For automotive (and I assume for other verticals) it make sense to keep
vertical-specific policies outside of /system/sepolicy as those not used
by the phones. However, there's no way to do it rather than using
BOARD_PLAT_{PUBLIC|PRIVATE}_SEPOLICY_DIR build variables.

Bug: 70637118
Test: lunch device && m
Test: verify it builds, boots and logs seems to be reasonable
Test: enable full treble for aosp_car_x86 - verify it builds, boots and
no denials in the logs

Change-Id: Ia5fd847f7a6152ff6cf99bbbc12e1e322f7946ab
(cherry picked from commit 34f233640a)
2018-05-16 13:12:09 -07:00
Tri Vo
1f4a28b159 Always build system and vendor policies (and related artifacts).
Part of an effort to remove Treble-specifics from the way be build
sepolicy.

Bug: 70851112
Test: build and boot bullhead.
Change-Id: I236f031e1b017875fb1afcc4f1b201699139516a
2018-05-09 14:00:54 -07:00
Tri Vo
a5cfd3e537 Soong module selinux compat maps
And migrate 26.0.cil and 27.0.cil build targets from Android.mk to
Android.bp

Bug: 33691272
Test: 26.0.cil and 27.0.cil mapping files on the device are unchanged.
Change-Id: Id0ea45c149e096996bc0657615ea98915df3c9e1
2018-05-08 11:28:47 -07:00
Tri Vo
81198bb8bb Test frozen sepolicy has not diverged from prebuilts.
This will test that system/sepolicy/{public/, private/} are identical to
prebuilts if PLATFORM_SEPOLICY_VERSION is not 10000.0.

Bug: 74622750
Test: build policy
Test: correctly catches divergence from prebuilts for frozen policies

Change-Id: I2fa14b672544a021c2d42ad5968dfbac21b72f6a
2018-03-29 15:42:28 -07:00
Joel Galenson
c148621815 Use user policy for compatibility tests.
Use the user policy when running the compatibility tests.

Bug: 74344625
Test: Built policy for many devices.  Booted one device.
Test: Delete some compat rules, verify error on userdebug.
Change-Id: Ib2df2dfc06cdf55a839011e9a528e76160a9e436
2018-03-26 18:01:41 -07:00
Tom Cherry
a15df75ddf Verify the SELabels used in property_contexts
Verify that the SELabels used in property_contexts correspond to a
real type in the SEPolicy and that this type has the property_type attribute.

Additionally add a check that vendor property_context files do not
duplicate entries in plat property_contexts, and a similar check that
odm property_contexts doesn't duplicate either plat or vendor
property_contexts.

Bug: 74078792
Test: Build property_contexts on bullhead successfully
Test: See failure when using a faulty SELabel in property_contexts
Test: See failure when duplicating label in vendor and plat property_contexts
Change-Id: I4d2338dab68f1c5a8ed110aa7821f0677f61bafb
2018-03-26 13:36:39 -07:00
Tri Vo
bbb8f5bd04 Fix mapping file build.
Location of mapping files has changed from private/mapping/V.v.cil to
private/compat/V.v/V.v.cil
Change the build rule for current_mapping.cil to reflect that.

Test: Build current mapping file with  BOARD_SEPOLICY_VERS := 27.0 and
make sure that $OUT/obj/ETC/27.0.cil_intermediates/27.0.cil is not empty
Change-Id: I996a717e1c659265cb067da5d621d71ff3b3b63b
2018-03-20 18:16:10 -07:00
Bowgo Tsai
af7d85f83f Add /odm/etc/selinux/odm_mac_permissions.xml
Bug: 64240127
Test: normal boot a device
Change-Id: I276ba6bc88eabb0d5562e4e96d3860eedb76aed5
2018-03-16 15:45:02 +08:00
Bowgo Tsai
ad6231f546 Add /odm/etc/selinux/odm_hwservice_contexts
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
2018-03-16 15:44:55 +08:00
Bowgo Tsai
1f717b1001 Add /odm/etc/selinux/odm_property_contexts
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: Ibd71219f60644e57370c0293decf11d82f1cb35c
2018-03-16 15:44:48 +08:00
Bowgo Tsai
ecf656b06f Add /odm/etc/selinux/odm_seapp_contexts
Bug: 64240127
Test: normal boot a device
Change-Id: I3626357237cc18a99511f1ebd9dd3ff5a7655963
2018-03-16 15:44:41 +08:00
Bowgo Tsai
bae1517a58 Add /odm/etc/selinux/odm_file_contexts
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I087292fb23d05fc17272778d668ac78a721b2593
2018-03-16 15:44:33 +08:00
Bowgo Tsai
45457e3a2b Add /odm/etc/selinux/odm_sepolicy.cil
This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
    - BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy

Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.

Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
2018-03-16 15:44:23 +08:00
Joel Galenson
8c72eea5ff Use user policy when checking neverallow rules.
When building userdebug or eng builds, we still want to build the user
policy when checking neverallow rules so that we can catch compile
errors.

Commit c0713e86 split out a helper function but lost one instance of
using user instead of the real variant.  This restores that one and
adds it to the neverallow check.

Bug: 74344625
Test: Added a rule that referred to a type defined only
in userdebug and eng and ensure we throw a compile error when building
userdebug mode.

Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
(cherry picked from commit 053cb34130)
2018-03-08 09:57:54 -08:00
Tri Vo
9299d93942 Enable treble_sepolicy_tests against 27.0 release.
Bug: 69390067
Test: build sepolicy
Change-Id: I4fc7438e4f825281d93a2849be9d2db819bea4ca
2018-02-27 14:26:48 -08:00
Tri Vo
1406926d09 Refactor build rule for treble sepolicy tests.
Bug: 69390067
Test: policy builds
Change-Id: I9b29a88ec071a17fc429892b5a8720b15fcbcf32
2018-02-27 14:26:31 -08:00
Jeff Vander Stoep
3d4965b2e1 Use SELINUX_IGNORE_NEVERALLOWS flag to disable all tests
The intent of this flag is to disable tests during early device
bringup so that vendor drops can occur without build breakages.
When SELINUX_IGNORE_NEVERALLOWS=true also disable labeling tests
sepolicy_tests, and treble_sepolicy_tests.

Bug: 73322735
Test: build, verify known tests failures do not cause build breakage.
Change-Id: I3e7165938d4e34c066bfa0a20e68b7e02dae4a24
2018-02-14 05:11:59 +00:00
Yifan Hong
617e853560 Use PLATFORM_SEPOLICY_COMPAT_VERSIONS
This is a list of sepolicy versions that the framework supports.

Test: builds and boots

Bug: 67920434
Change-Id: I0f408fa3967214b47a64101760dbbb2542023dcf
2018-02-07 11:15:28 -08:00
Yifan Hong
3dff9ab470 Move PLATFORM_SEPOLICY_VERSION to make/core/config.mk
Test: m framework_compatibility_matrix.xml -j
Test: device boots

Bug: 67920434
Bug: 69390067

Change-Id: I3461873c22f704b9bbaa3a4e6f7e1df34d6b61a3
2018-02-07 11:15:28 -08:00
Tri Vo
fb55808232 Add 27.0 mapping file to system image.
Bug: 69390067
Test: 27.0.cil is installed to /system/etc/selinux/mapping/27.0.cil

Change-Id: If5b37ca7920a66b4fceaa031b6e8e9bafd18ac47
2018-02-06 18:17:07 +00:00
Jaekyun Seok
64ade65d17 Add tests for compatible property (1/2)
The feature of compatible property has its own neverallow rules and it
is enforced on devices launchig with Android P.

This CL changes hal_nfc to hal_nfc_server in neverallow rules because
sepolicy-analyze doesn't recognize it. Additionally one more neverallow
rule is added to restrict reading nfc_prop.

Bug: 72013705
Bug: 72678352
Test: 'run cts -m CtsSecurityHostTestCases' on walleye with
ro.product.first_api_level=28

Change-Id: I753cc81f7ca0e4ad6a2434b2a047052678f57671
2018-02-06 03:06:21 +09:00
Bowgo Tsai
741a70a058 Using a python script to build sepolicy
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.

The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.

Bug: 64240127
Test: build bullhead/taimen
Change-Id: Ie0ae4fc5256a550c72954cde5d5dd213a22d159a
2018-02-05 18:22:12 +08:00
Bowgo Tsai
afbcf21bfb Renames nonplat_* to vendor_*
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot bullhead/taimen
Change-Id: Iea2210c9c8ab30c9ecbcd8146f074e76e90e6943
2018-02-05 18:21:55 +08:00
Bowgo Tsai
e2f6013543 Revert "Renames nonplat_* to vendor_*"
This reverts commit 9aa8496fc9.
Fix angler/bullhead boot failure.

Bug: 72787689
Test: build
Change-Id: I77671a74cd952544a1dbb3daabc2bb449a7c2cf2
2018-02-02 08:14:02 +08:00
Bowgo Tsai
d0cbb90509 Revert "Using a python script to build sepolicy"
This reverts commit 3506ad3f31.
Fix angler/bullhead boot failure.

Bug: 72787689
Test: build
2018-02-02 08:00:38 +08:00
Bowgo Tsai
3506ad3f31 Using a python script to build sepolicy
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.

The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.

Bug: 64240127
Test: build and boot a device
Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil
      is the same as before
Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
2018-01-31 14:37:47 +08:00
Bowgo Tsai
9aa8496fc9 Renames nonplat_* to vendor_*
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
2018-01-31 14:37:39 +08:00
Joel Galenson
5988b5659a Improve neverallow error messages and allow disabling them on userdebug builds.
This patch adds a flag that can be used to ignore neverallow rules.
By adding
SELINUX_IGNORE_NEVERALLOWS := true
into the BoardConfig.mk file, neverallow violations will be ignored
silently.  This flag can only be enabled on userdebug and eng builds.

Users of this flag should be very careful.  Since it does not work on
user builds, it must be disabled to pass CTS, and enabling it for
too long could hide issues that need to be addressed.

As a happy side effect, this patch should also improve the error
messages when violating a neverallow rules.  Specifically, the file
and line number should be correct.

Bug: 70950899
Bug: 33960443
Test: Built walleye-{user,eng} with and without this new option and
a neverallow violation.  Built policy for all targets.

Change-Id: Id0d65123cdd230d6b90faa6bb460d544054bb906
2018-01-12 09:11:59 -08:00
Jaekyun Seok
e49714542e Whitelist exported platform properties
This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
2018-01-10 16:15:25 +00:00
Tom Cherry
f68b4c67d7 Use property_info_checker instead of checkfc and fc_sort for properties
1) fc_sort is not needed as there is no reason to sort system
   properties, so this is removed and replaced with a simply copy
2) Use the new property_info_checker instead of checkfc for
   validating property information.  This supports exact match
   properties and will be extended to verify property schemas in the
   future.

Bug: 36001741
Test: verify bullhead's property contexts correct
Test: verify faulty property contexts result in failures
Change-Id: Id9bbf401f385206e6907449a510e3111424ce59e
2018-01-04 09:49:39 -08:00