PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use "data: libsepolwrap" in python binaries

Browse Source 
To avoid hard-coded paths in Android.mk rules.

Test: m selinux_policy
Change-Id: I7b464fa2953e01ccb6fff8daa3e219ae372313c5
This commit is contained in:
Inseob Kim 2021-12-29 13:56:14 +09:00
parent 5bbcd68dcc
commit 6fa8efdf4a
5 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Android.mk
View File

@ -770,8 +770,7 @@ $(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy) $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests -l $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \ $(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(ALL_FC_ARGS) -p $(PRIVATE_SEPOLICY)
$(ALL_FC_ARGS) -p $(PRIVATE_SEPOLICY)
$(hide) touch $@ $(hide) touch $@
################################## ##################################

5
tests/Android.bp
View File

@ -11,6 +11,7 @@ cc_library_host_shared {
srcs: ["sepol_wrap.cpp"], srcs: ["sepol_wrap.cpp"],
cflags: ["-Wall", "-Werror",], cflags: ["-Wall", "-Werror",],
export_include_dirs: ["include"], export_include_dirs: ["include"],
stl: "c++_static",
// libsepolwrap gets loaded from the system python, which does not have the // libsepolwrap gets loaded from the system python, which does not have the
// ASAN runtime. So turn off sanitization for ourself, and use static // ASAN runtime. So turn off sanitization for ourself, and use static
@ -32,7 +33,7 @@ python_binary_host {
"policy.py", "policy.py",
"treble_sepolicy_tests.py", "treble_sepolicy_tests.py",
], ],
required: ["libsepolwrap"], data: [":libsepolwrap"],
} }
python_binary_host { python_binary_host {
@ -42,7 +43,7 @@ python_binary_host {
"policy.py", "policy.py",
"sepolicy_tests.py", "sepolicy_tests.py",
], ],
required: ["libsepolwrap"], data: [":libsepolwrap"],
} }
python_binary_host { python_binary_host {

16
tests/sepolicy_tests.py
View File

@ -18,6 +18,7 @@ import os
import policy import policy
import re import re
import sys import sys
import distutils.ccompiler
############################################################# #############################################################
# Tests # Tests
@ -141,24 +142,21 @@ Tests = [
] ]
if __name__ == '__main__': if __name__ == '__main__':
usage = "sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so " usage = "sepolicy_tests -f vendor_file_contexts -f "
usage += "-f vendor_file_contexts -f "
usage +="plat_file_contexts -p policy [--test test] [--help]" usage +="plat_file_contexts -p policy [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage) parser = OptionParser(option_class=MultipleOption, usage=usage)
parser.add_option("-f", "--file_contexts", dest="file_contexts", parser.add_option("-f", "--file_contexts", dest="file_contexts",
metavar="FILE", action="extend", type="string") metavar="FILE", action="extend", type="string")
parser.add_option("-p", "--policy", dest="policy", metavar="FILE") parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
parser.add_option("-t", "--test", dest="test", action="extend", parser.add_option("-t", "--test", dest="test", action="extend",
help="Test options include "+str(Tests)) help="Test options include "+str(Tests))
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
if not options.libpath: libpath = os.path.join(os.path.dirname(os.path.realpath(__file__)),
sys.exit("Must specify path to libsepolwrap library\n" + parser.usage) "libsepolwrap" + distutils.ccompiler.new_compiler().shared_lib_extension)
if not os.path.exists(options.libpath): if not os.path.exists(libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n" sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
+ parser.usage)
if not options.policy: if not options.policy:
sys.exit("Must specify monolithic policy file\n" + parser.usage) sys.exit("Must specify monolithic policy file\n" + parser.usage)
@ -173,7 +171,7 @@ if __name__ == '__main__':
sys.exit("Error: File_contexts file " + f + " does not exist\n" + sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage) parser.usage)
pol = policy.Policy(options.policy, options.file_contexts, options.libpath) pol = policy.Policy(options.policy, options.file_contexts, libpath)
results = "" results = ""
# If an individual test is not specified, run all tests. # If an individual test is not specified, run all tests.

20
tests/treble_sepolicy_tests.py
View File

@ -20,6 +20,7 @@ import policy
from policy import MatchPathPrefix from policy import MatchPathPrefix
import re import re
import sys import sys
import distutils.ccompiler
DEBUG=False DEBUG=False
@ -341,7 +342,7 @@ Tests = {"CoredomainViolations": TestCoredomainViolations,
"ViolatorAttributes": TestViolatorAttributes} "ViolatorAttributes": TestViolatorAttributes}
if __name__ == '__main__': if __name__ == '__main__':
usage = "treble_sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so " usage = "treble_sepolicy_tests "
usage += "-f nonplat_file_contexts -f plat_file_contexts " usage += "-f nonplat_file_contexts -f plat_file_contexts "
usage += "-p curr_policy -b base_policy -o old_policy " usage += "-p curr_policy -b base_policy -o old_policy "
usage +="-m mapping file [--test test] [--help]" usage +="-m mapping file [--test test] [--help]"
@ -351,7 +352,6 @@ if __name__ == '__main__':
metavar="FILE") metavar="FILE")
parser.add_option("-f", "--file_contexts", dest="file_contexts", parser.add_option("-f", "--file_contexts", dest="file_contexts",
metavar="FILE", action="extend", type="string") metavar="FILE", action="extend", type="string")
parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
parser.add_option("-m", "--mapping", dest="mapping", metavar="FILE") parser.add_option("-m", "--mapping", dest="mapping", metavar="FILE")
parser.add_option("-o", "--oldpolicy", dest="oldpolicy", metavar="FILE") parser.add_option("-o", "--oldpolicy", dest="oldpolicy", metavar="FILE")
parser.add_option("-p", "--policy", dest="policy", metavar="FILE") parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
@ -362,11 +362,6 @@ if __name__ == '__main__':
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
if not options.libpath:
sys.exit("Must specify path to libsepolwrap library\n" + parser.usage)
if not os.path.exists(options.libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ parser.usage)
if not options.policy: if not options.policy:
sys.exit("Must specify current monolithic policy file\n" + parser.usage) sys.exit("Must specify current monolithic policy file\n" + parser.usage)
if not os.path.exists(options.policy): if not os.path.exists(options.policy):
@ -379,6 +374,11 @@ if __name__ == '__main__':
sys.exit("Error: File_contexts file " + f + " does not exist\n" + sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage) parser.usage)
libpath = os.path.join(os.path.dirname(os.path.realpath(__file__)),
"libsepolwrap" + distutils.ccompiler.new_compiler().shared_lib_extension)
if not os.path.exists(libpath):
sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
# Mapping files and public platform policy are only necessary for the # Mapping files and public platform policy are only necessary for the
# TrebleCompatMapping test. # TrebleCompatMapping test.
if options.tests is None or options.tests == "TrebleCompatMapping": if options.tests is None or options.tests == "TrebleCompatMapping":
@ -394,8 +394,8 @@ if __name__ == '__main__':
if not options.base_pub_policy: if not options.base_pub_policy:
sys.exit("Must specify the current platform-only public policy " sys.exit("Must specify the current platform-only public policy "
+ ".cil file\n" + parser.usage) + ".cil file\n" + parser.usage)
basepol = policy.Policy(options.basepolicy, None, options.libpath) basepol = policy.Policy(options.basepolicy, None, libpath)
oldpol = policy.Policy(options.oldpolicy, None, options.libpath) oldpol = policy.Policy(options.oldpolicy, None, libpath)
mapping = mini_parser.MiniCilParser(options.mapping) mapping = mini_parser.MiniCilParser(options.mapping)
pubpol = mini_parser.MiniCilParser(options.base_pub_policy) pubpol = mini_parser.MiniCilParser(options.base_pub_policy)
compatSetup(basepol, oldpol, mapping, pubpol.types) compatSetup(basepol, oldpol, mapping, pubpol.types)
@ -403,7 +403,7 @@ if __name__ == '__main__':
if options.faketreble: if options.faketreble:
FakeTreble = True FakeTreble = True
pol = policy.Policy(options.policy, options.file_contexts, options.libpath) pol = policy.Policy(options.policy, options.file_contexts, libpath)
setup(pol) setup(pol)
if DEBUG: if DEBUG:

3
treble_sepolicy_tests_for_release.mk
View File

@ -164,8 +164,7 @@ $(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
$(public_cil_files) \ $(public_cil_files) \
$(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil) $(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests -l \ $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests $(ALL_FC_ARGS) \
$(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) $(ALL_FC_ARGS) \
-b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \ -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
-o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \ -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
-u $(PRIVATE_PLAT_PUB_SEPOLICY) \ -u $(PRIVATE_PLAT_PUB_SEPOLICY) \