tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/tests
History
Maciej Żenczykowski b13921c3f0 much more finegrained bpf selinux privs for networking mainline 
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.

BPFFS (ie. /sys/fs/bpf) labelling is as follows:
  subdirectory   selinux context      mainline  usecase / usable by
  /              fs_bpf               no (*)    core operating system (ie. platform)
  /net_private   fs_bpf_net_private   yes, T+   network_stack
  /net_shared    fs_bpf_net_shared    yes, T+   network_stack & system_server
  /netd_readonly fs_bpf_netd_readonly yes, T+   network_stack & system_server & r/o to netd
  /netd_shared   fs_bpf_netd_shared   yes, T+   network_stack & system_server & netd [**]
  /tethering     fs_bpf_tethering     yes, S+   network_stack
  /vendor        fs_bpf_vendor        no, T+    vendor

* initial support for bpf was added back in P,
  but things worked differently back then with no bpfloader,
  and instead netd doing stuff by hand,
  bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
  (and was definitely there in R)

** additionally bpf programs are accesible to netutils_wrapper
   for use by iptables xt_bpf extensions

'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).

The reason for splitting net_private vs tethering is that:
  S+ must support 4.9+ kernels and S era bpfloader v0.2+
  T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+

The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions.  Older kernels have
a tendency to reject programs that newer kernels allow.

/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.

Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
(cherry picked from commit 15715aea32)
2022-06-22 16:07:42 -07:00
..
include Assert types labeled in genfs_contexts have correct attributes 2018-03-23 14:34:46 -07:00
Android.bp compat_generator: find new types and removed types 2022-01-24 10:51:18 +09:00
check_prop_prefix.py Check vendor_property_contexts namespaces 2021-02-17 12:41:38 +09:00
combine_maps.py sepolicy: don't construct mappings for ignored types 2020-01-08 08:53:27 -08:00
fc_sort.py Migrate tests/ to Python 3 2021-12-01 21:45:13 +00:00
fc_sort_test.py Migrate tests/ to Python 3 2021-12-01 21:45:13 +00:00
mini_parser.py Migrate tests/ to Python 3 2021-12-01 21:45:13 +00:00
policy.py Allow policy tests to support space in file names 2022-02-02 15:12:43 +01:00
searchpolicy.py Migrate tests/ to Python 3 2021-12-01 21:45:13 +00:00
sepol_wrap.cpp gracefully handle hashtab_search failures 2018-09-26 14:28:44 -07:00
sepolicy_tests.py much more finegrained bpf selinux privs for networking mainline 2022-06-22 16:07:42 -07:00
treble_sepolicy_tests.py Use "data: libsepolwrap" in python binaries 2021-12-29 04:58:30 +00:00