The LOCAL_COMPATIBILITY_SUITES variable has been removed, as the users
are now embedding this binary the same way they do the rest of the
sepolicy tools.
Bug: 122331947
Bug: 130696912
Test: treehugger
Change-Id: Ia83025b18da87204d87684f2c0af025d9cecc824
Test: Pass a not cil file to version_policy and see no crash appeared.
example: out/host/linux-x86/bin/version_policy -b `which ls` -m -n 10000.0 -o target
Change-Id: If2b950a02dd94a4813b74377617f90c7a75a9f27
Signed-off-by: liwugang <liwugang@xiaomi.com>
fc_sort uses its own implementation of merge sort, but it's
unnecessarily complex and sorting criteria isn't clear: it only
compares lengths and existences of fields. So it can give different
results on the same input (same set of entries, different order).
This fixes it so that output is always deterministic, regardless of
the order of lines in input files.
Bug: N/A
Test: try to run fc_sort several times on same input with different
line orders, and see the results.
Change-Id: I982a35a4ae9e115030a8598027bbf1181ee77a7d
This CL fixes leaks of the policy that we're building up. The analyzer
only caught the leaks on the error path, but I assume that
`check_assertions` does nothing to free the object that it's handed.
Analyzer warnings:
system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'avrule'
[clang-analyzer-unix.Malloc]
system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'neverallows'
[clang-analyzer-unix.Malloc]
Bug: None
Test: Treehugger; reran the analyzer
Change-Id: I79a0c34e8b53d33a1f01497337590eab660ad3ec
Init needs to be aware of the policy version defined in sepolicy
for on-device compilation.
Bug: 124499219
Test: build and boot a device. Try both precompiled and on-device
compiled policy.
Change-Id: Iba861aeb4566405aedcbe3c2bad48e1e50126370
Running this script sometimes completely hangs all of our computers.
This change seems to work better for me.
Test: Use script to compile many Androids.
Change-Id: I95539034b35a4ff6dbc39cd67856b0bd7e20d587
OOB write if the size of the key value pairs exceeds the max.
Test: Add a long line to the seapp_contexts file
Change-Id: Iaa3e697e7ac134eb6829b8b36b090997ca344b3a
Signed-off-by: liwugang <liwugang@xiaomi.com>
It will not end when other words appeared because of the wrong bound and variable,
rule_map->length will exceed the actual length in the rule_map_new function,
it will lead to crash in the rule_map_validate function because of strcmp(NULL, str).
Test: 1.add "user=shell doman=system_app" to private/seapp_contexts
2.exec "checkseapp private/seapp_contexts" and it will not be crashed
Change-Id: I600206448b38cf2c9b61f9141b40f920b05696c8
Signed-off-by: liwugang <liwugang@xiaomi.com>
Calling execve() on files in an app's home directory isn't allowed
for targetApi >=29. But this is needed by simpleperf to profile
a debuggable app via run-as.
So workaround it by adding runas_app domain, which allows running
app data file. And add a rule in seapp_contexts to use runas_app
domain for setcontext requests from run-as.
Bug: 118737210
Test: boot marlin and run CtsSimpleperfTestCases.
Change-Id: I5c3b54c95337d6d8192861757b858708174ebfd5
Avoid generating build time noise so that real errors stand out.
https://en.wikipedia.org/wiki/Unix_philosophy
Rule of Silence
Developers should design programs so that they do not print
unnecessary output. This rule aims to allow other programs
and developers to pick out the information they need from a
program's output without having to parse verbosity.
Test: Info messages no longer show up at build time.
Bug: 115998215
Change-Id: I33c18e2c7d77ed1bb4132debe13de2ae0907c34c
This scripts checks for common problems with SELinux policy,
including:
- Declared types that are not assigned to any files
- Files that don't exist on a running device
- Rules defined in the wrong file
- Using the wrong version of _file_perms/_dir_perms
These are heuristics, mainly because it does not fully parse regular
expressions and because policy might still be needed even if the
relevant file does not exist on a single device. But it hopefully is
a start at helping cleanup policy.
Bug: 30003114
Bug: 70702017
Test: Run script on core and device-specific policy.
Test: Verify that most of its results are correct.
Change-Id: I1ded4e9b18816841198dcbf72da65f046441d626
The tags property is (and has always been) unused by Soong. The property has
been defined as a list of strings, and the `androidmk` converted any
LOCAL_MODULE_TAGS entries over to it, but we've never done anything with it.
In preparation for removing the definition from Soong, I'm removing it from all
Android.bp files in the tree.
Since this has never done anything, this is a no-op, but if you really did want
the Android.mk behavior, the proper way to define a module to be installed in
userdebug / eng builds is to use PRODUCT_PACKAGES_DEBUG or PRODUCT_PACKAGES_ENG
in the appropriate product makefile.
Change-Id: Ia9a9b1c35533e02047cbb183b317ab93f1eeec6b
Exempt-From-Owner-Approval: global no-op build change
Test: remove `tags` from Soong, see errors go away.
This script will build the SELinux policy for multiple targets in parallel.
To use it, run:
./build_policies.sh <Android root directory> <output directory> [specific targets to build]
If you do not pass any individual targets, it will build all targets it can find.
It will print out the list of failing targets. You can open up the corresponding log file in the output directory to see the exact errors.
This script is still a work in progress. It currently cannot discover all build targets (it misses ones "lunch" does not list).
Bug: 33463570
Test: Ran script to build multiple targets with and without failures.
Change-Id: Iee8ccf4da38e5eb7ce2034431613fe10c65696ab
This CL lists all the exported platform properties in
private/exported_property_contexts.
Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.
Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.
Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
Code review of:
- https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/512420/
had some comments. These were addressed and upstreamed here:
- 65620e0f94
Bring these changes back into the AOSP tree.
Test: verify that output sorted device files did not change hashes when built.
Change-Id: I7f07d3f74923cf731e853629034469784fc669f7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Update to commit:
- 5490639ac9
This solves all reported clang analyzer issues and is inline with upstream.
Test: veerify that md5sum of output files do not change.
Change-Id: I942145b8f9748c8ecd185f730c94d57cb77f5acc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Static analyzer complains the memory pointed by list in bcurrent is not
deallocated before returning. But since this code is in "main" routine,
we don't care about the deallocation. Just ignore the warning.
Bug: b/27101951
Test: Verified warning is gone.
Change-Id: I58d784b61a5ad30d1406bd7c6b28c5713abf2b34
Fix the following warnings:
system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by '__s1'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by 'id'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'classperms'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'node'
Bug: b/27101951
Test:Warnings are gone.
Change-Id: Ib9b2e0b9f19950b4b764d438ee58340e6c022ef5