Install mapping files in SYSTEM_EXT_PRIVATE_POLICY and
PRODUCT_PRIVATE_POLICY into /system_ext and /product respectively.
Bug: 141084341
Test: boot taimen
Test: system mapping files are unchanged
Test: create mapping files in device/google/wahoo/sepolicy/ and check
that they are correctly expanded and installed.
Change-Id: I4d251c957b30a16df71eec47c871e24e5fc773a4
This is the flag for when sepolicy is split. Also removed other
commented-out heuristics around fake-treble. We should aim to remove it
entirely instead.
Fixes: 141348590
Test: build w/ and without adding binder_in_vendor_violators to a vendor
process (and see the expected error there)
Change-Id: I29fb335cc5b5d6e117d93038fe458b8c74acf321
Bug: http://b/135139675
Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type). Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.
Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.
Test: Build 32-bit cuttlefish with coverage:
m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
and verify that there are no selinux denials in kernel log and
logcat.
Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.
By being FAKE modules, test files are not installed on target.
Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).
Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
Emulator device can not be considered a full treble device even though
it has PRODUCT_SHIPPING_API_LEVEL = 28. This is prevents us from merging
neverallow rules that implement Treble requirements (aosp/798433). As a
temporary workaround, disable the checks on that variable.
Bug: 112933807
Bug: 113124961
Bug: 111243627
Test: m selinux_policy
Change-Id: I9a29c01dfcbc70e4ba1e4eef233355bc18ec2108
This is a temporary measure to disable treble sepolicy tests for
non-compliant targets.
Bug: 113124961
Bug: 111243627
Change-Id: I83d6efad0ff5c7d87a4b990560c390b66aeb3653
Test: m selinux_policy
This is a temporary measure to disable treble sepolicy tests for
non-compliant targets.
Bug: 113124961
Bug: 111243627
Test: m selinux_policy
Change-Id: I291b7cc3c8c07b838f1ea22e55550c42c5083d8f
New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.
Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.
Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8
Private types are not visible to vendor/odm policy, so we don't need mapping
entries for them.
We build platform-only public policy .cil file and give it as input to
treble_sepolicy_tests. Using this public policy the test can now figure out if
the newly added type in public or private.
Bug: 116344577
Test: adding public type triggers mapping test failure, adding private type does
not.
Change-Id: I421f335e37274b24aa73109e260653d7b73788b5
(for the build-time tests)
treble_sepolicy_tests applies tests to the SEPolicy for devices which
implement the SEPolicy split introduced in Android O. For devices which
turn this on and also implement all of the other requirements which
together compose PRODUCT_FULL_TREBLE, these tests help ensure that the
backwards compatibility which this feature adds is possible.
When this test was originally written, devices which specified
PRODUCT_FULL_TREBLE_OVERRIDE were only those devices with a
PRODUCT_SHIPPING_API_LEVEL of < 26. This allowed them to update to use
these features but maintain some legacy behaviors. For these devices,
to achieve the same backwards compatibility guarantees, much
other/extra work would have to be done (if it is possible at all).
Since that time, a new category of devices take advantage of
PRODUCT_FULL_TREBLE_OVERRIDE. These devices must either not define a
PRODUCT_SHIPPING_API_LEVEL or they apply this flag even though it is
not required to be applied. For these cases, the full test suite not
being run has caused problems because these failures aren't discoverred
until later (when compliance tests are run).
Fixes: 112933807
Test: treble_sepolicy_tests on marlin, walleye, and 'some other device'
(mma here runs this with the correct parameters)
Change-Id: I04c42d3cb86cda3c82f285919b40ba94e1332daa
Steps taken to produce the mapping files:
1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng
2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.
Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
Use the user policy when running the compatibility tests.
Bug: 74344625
Test: Built policy for many devices. Booted one device.
Test: Delete some compat rules, verify error on userdebug.
Change-Id: Ib2df2dfc06cdf55a839011e9a528e76160a9e436
When building userdebug or eng builds, we still want to build the user
policy when checking neverallow rules so that we can catch compile
errors.
Commit c0713e86 split out a helper function but lost one instance of
using user instead of the real variant. This restores that one and
adds it to the neverallow check.
Bug: 74344625
Test: Added a rule that referred to a type defined only
in userdebug and eng and ensure we throw a compile error when building
userdebug mode.
Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
(cherry picked from commit 053cb34130)
