diff --git a/prebuilts/api/29.0/Android.bp b/prebuilts/api/29.0/Android.bp index f7918783d..fe019b0d5 100644 --- a/prebuilts/api/29.0/Android.bp +++ b/prebuilts/api/29.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "29.0_plat_policy", srcs: [":29.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/prebuilts/api/30.0/Android.bp b/prebuilts/api/30.0/Android.bp index c124c104e..0f89b7c75 100644 --- a/prebuilts/api/30.0/Android.bp +++ b/prebuilts/api/30.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "30.0_plat_policy", srcs: [":30.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/prebuilts/api/31.0/Android.bp b/prebuilts/api/31.0/Android.bp index d6c02db53..10ec80f42 100644 --- a/prebuilts/api/31.0/Android.bp +++ b/prebuilts/api/31.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "31.0_plat_policy", srcs: [":31.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/prebuilts/api/32.0/Android.bp b/prebuilts/api/32.0/Android.bp index 9c4929402..f1fb581bf 100644 --- a/prebuilts/api/32.0/Android.bp +++ b/prebuilts/api/32.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "32.0_plat_policy", srcs: [":32.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/prebuilts/api/33.0/Android.bp b/prebuilts/api/33.0/Android.bp index 327fc1165..980e28873 100644 --- a/prebuilts/api/33.0/Android.bp +++ b/prebuilts/api/33.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "33.0_plat_policy", srcs: [":33.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/prebuilts/api/34.0/Android.bp b/prebuilts/api/34.0/Android.bp index 474e29b2d..30a8075d7 100644 --- a/prebuilts/api/34.0/Android.bp +++ b/prebuilts/api/34.0/Android.bp @@ -52,4 +52,7 @@ se_policy_binary { name: "34.0_plat_policy", srcs: [":34.0_plat_policy.cil"], installable: false, + dist: { + targets: ["base-sepolicy-files-for-mapping"], + }, } diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil index 731568723..408cf335d 100644 --- a/private/compat/29.0/29.0.cil +++ b/private/compat/29.0/29.0.cil @@ -1,13 +1,15 @@ ;; types removed from current policy (type ashmemd) +(type clatd_exec) +(type clatd) (type exported_audio_prop) (type exported_dalvik_prop) (type exported_vold_prop) (type exported2_config_prop) (type exported2_vold_prop) (type hal_wifi_offload_hwservice) -(type install_recovery) (type install_recovery_exec) +(type install_recovery) (type mediacodec_service) (type perfprofd_data_file) (type perfprofd_service) diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index 83d83ff70..f95488cca 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -1,11 +1,16 @@ ;; types removed from current policy +(type adbd_prop) (type cgroup_bpf) +(type device_config_configuration_prop) +(type device_config_storage_native_boot_prop) +(type device_config_sys_traced_prop) +(type device_config_window_manager_native_boot_prop) (type exported_audio_prop) (type exported_dalvik_prop) (type exported_ffs_prop) (type exported_fingerprint_prop) -(type exported_system_radio_prop) (type exported_radio_prop) +(type exported_system_radio_prop) (type exported_vold_prop) (type exported_wifi_prop) (type exported2_config_prop) @@ -16,8 +21,19 @@ (type exported3_default_prop) (type exported3_radio_prop) (type ffs_prop) +(type gsid_prop) +(type init_perf_lsm_hooks_prop) +(type init_svc_debug_prop) +(type last_boot_reason_prop) +(type mediatranscoding_exec) +(type netd_stable_secret_prop) +(type pm_prop) +(type system_adbd_prop) (type system_radio_prop) (type thermalcallback_hwservice) +(type traced_perf_enabled_prop) +(type userspace_reboot_log_prop) +(type userspace_reboot_test_prop) (typeattribute binder_in_vendor_violators) diff --git a/tests/Android.bp b/tests/Android.bp index 544db3758..2c2c9a63f 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -50,9 +50,7 @@ python_binary_host { }, libs: [ "mini_cil_parser", - "pysepolwrap", ], - data: [":libsepolwrap"], } python_binary_host { diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py index b2792a08e..ff1a34817 100644 --- a/tests/treble_sepolicy_tests.py +++ b/tests/treble_sepolicy_tests.py @@ -16,17 +16,11 @@ from optparse import OptionParser from optparse import Option, OptionValueError import os import mini_parser -import pkgutil -import policy -from policy import MatchPathPrefix import re import shutil import sys import tempfile -DEBUG=False -SHARED_LIB_EXTENSION = '.dylib' if sys.platform == 'darwin' else '.so' - ''' Verify that Treble compatibility are not broken. ''' @@ -39,13 +33,13 @@ Verify that Treble compatibility are not broken. ### # Make sure that any new public type introduced in the new policy that was not # present in the old policy has been recorded in the mapping file. -def TestNoUnmappedNewTypes(test_policy): - newt = test_policy.alltypes - test_policy.oldalltypes +def TestNoUnmappedNewTypes(base_pub_policy, old_pub_policy, mapping): + newt = base_pub_policy.types - old_pub_policy.types ret = "" violators = [] for n in newt: - if n in test_policy.pubtypes and test_policy.compatMapping.rTypeattributesets.get(n) is None: + if mapping.rTypeattributesets.get(n) is None: violators.append(n) if len(violators) > 0: @@ -62,13 +56,13 @@ def TestNoUnmappedNewTypes(test_policy): ### # Make sure that any public type removed in the current policy has its # declaration added to the mapping file for use in non-platform policy -def TestNoUnmappedRmTypes(test_policy): - rmt = test_policy.oldalltypes - test_policy.alltypes +def TestNoUnmappedRmTypes(base_pub_policy, old_pub_policy, mapping): + rmt = old_pub_policy.types - base_pub_policy.types ret = "" violators = [] for o in rmt: - if o in test_policy.compatMapping.pubtypes and not o in test_policy.compatMapping.types: + if o in mapping.pubtypes and not o in mapping.types: violators.append(o) if len(violators) > 0: @@ -81,9 +75,9 @@ def TestNoUnmappedRmTypes(test_policy): ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/822743\n" return ret -def TestTrebleCompatMapping(test_policy): - ret = TestNoUnmappedNewTypes(test_policy) - ret += TestNoUnmappedRmTypes(test_policy) +def TestTrebleCompatMapping(base_pub_policy, old_pub_policy, mapping): + ret = TestNoUnmappedNewTypes(base_pub_policy, old_pub_policy, mapping) + ret += TestNoUnmappedRmTypes(base_pub_policy, old_pub_policy, mapping) return ret ### @@ -103,73 +97,38 @@ class MultipleOption(Option): else: Option.take_action(self, action, dest, opt, value, values, parser) -def do_main(libpath): - """ - Args: - libpath: string, path to libsepolwrap.so - """ - test_policy = policy.TestPolicy() - +def do_main(): usage = "treble_sepolicy_tests " - usage += "-p curr_policy -b base_policy -o old_policy " + usage += "-b base_pub_policy -o old_pub_policy " usage += "-m mapping file [--test test] [--help]" parser = OptionParser(option_class=MultipleOption, usage=usage) - parser.add_option("-b", "--basepolicy", dest="basepolicy", metavar="FILE") - parser.add_option("-u", "--base-pub-policy", dest="base_pub_policy", + parser.add_option("-b", "--base-pub-policy", dest="base_pub_policy", metavar="FILE") parser.add_option("-m", "--mapping", dest="mapping", metavar="FILE") - parser.add_option("-o", "--oldpolicy", dest="oldpolicy", metavar="FILE") - parser.add_option("-p", "--policy", dest="policy", metavar="FILE") + parser.add_option("-o", "--old-pub-policy", dest="old_pub_policy", + metavar="FILE") (options, args) = parser.parse_args() - if not options.policy: - sys.exit("Must specify current monolithic policy file\n" + parser.usage) - if not os.path.exists(options.policy): - sys.exit("Error: policy file " + options.policy + " does not exist\n" - + parser.usage) - # Mapping files and public platform policy are only necessary for the # TrebleCompatMapping test. - if not options.basepolicy: - sys.exit("Must specify the current platform-only policy file\n" - + parser.usage) if not options.mapping: sys.exit("Must specify a compatibility mapping file\n" + parser.usage) - if not options.oldpolicy: - sys.exit("Must specify the previous monolithic policy file\n" + if not options.old_pub_policy: + sys.exit("Must specify the previous public policy .cil file\n" + parser.usage) if not options.base_pub_policy: sys.exit("Must specify the current platform-only public policy " + ".cil file\n" + parser.usage) - basepol = policy.Policy(options.basepolicy, None, libpath) - oldpol = policy.Policy(options.oldpolicy, None, libpath) mapping = mini_parser.MiniCilParser(options.mapping) - pubpol = mini_parser.MiniCilParser(options.base_pub_policy) - test_policy.compatSetup(basepol, oldpol, mapping, pubpol.types) + base_pub_policy = mini_parser.MiniCilParser(options.base_pub_policy) + old_pub_policy = mini_parser.MiniCilParser(options.old_pub_policy) - pol = policy.Policy(options.policy, None, libpath) - test_policy.setup(pol) - - if DEBUG: - test_policy.PrintScontexts() - - results = TestTrebleCompatMapping(test_policy) + results = TestTrebleCompatMapping(base_pub_policy, old_pub_policy, mapping) if len(results) > 0: sys.exit(results) if __name__ == '__main__': - temp_dir = tempfile.mkdtemp() - try: - libname = "libsepolwrap" + SHARED_LIB_EXTENSION - libpath = os.path.join(temp_dir, libname) - with open(libpath, "wb") as f: - blob = pkgutil.get_data("treble_sepolicy_tests", libname) - if not blob: - sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n") - f.write(blob) - do_main(libpath) - finally: - shutil.rmtree(temp_dir) + do_main() diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk index 761f59bf1..9d6960bb7 100644 --- a/treble_sepolicy_tests_for_release.mk +++ b/treble_sepolicy_tests_for_release.mk @@ -24,10 +24,7 @@ include $(BUILD_SYSTEM)/base_rules.mk # built to enable us to determine the diff between the current policy and the # $(version) policy, which will be used in tests to make sure that compatibility has # been maintained by our mapping files. -built_$(version)_plat_sepolicy := $(call intermediates-dir-for,ETC,$(version)_plat_policy)/$(version)_plat_policy - -# TODO(b/214336258): move to Soong -$(call dist-for-goals,base-sepolicy-files-for-mapping,$(built_$(version)_plat_sepolicy):$(version)_plat_sepolicy) +built_$(version)_plat_sepolicy_cil := $(call intermediates-dir-for,ETC,$(version)_plat_policy.cil)/$(version)_plat_policy.cil $(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil $(version)_mapping.ignore.cil := \ @@ -58,27 +55,20 @@ $($(version)_mapping.combined.cil): $($(version)_mapping.cil) $($(version)_mappi cat $^ > $@ ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) -built_sepolicy_files := $(built_product_sepolicy) public_cil_files := $(base_product_pub_policy.cil) else -built_sepolicy_files := $(built_plat_sepolicy) public_cil_files := $(base_plat_pub_policy.cil) endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true) -$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) -$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy) +$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy_cil) $(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil) -$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_sepolicy_files) $(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files) $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \ - $(all_fc_files) $(built_sepolicy) \ - $(built_sepolicy_files) \ $(public_cil_files) \ - $(built_$(version)_plat_sepolicy) $($(version)_mapping.combined.cil) + $(built_$(version)_plat_sepolicy_cil) $($(version)_mapping.combined.cil) @mkdir -p $(dir $@) $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \ - -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \ - -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \ - -u $(PRIVATE_PLAT_PUB_SEPOLICY) + -b $(PRIVATE_PLAT_PUB_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \ + -o $(PRIVATE_SEPOLICY_OLD) $(hide) touch $@ built_sepolicy_files :=