Skip to content
Snippets Groups Projects
Commit 77a2d71f authored by Jeffrey Vander Stoep's avatar Jeffrey Vander Stoep Committed by Android (Google) Code Review
Browse files

Merge "Test that /data is properly labeled"

parents 20897145 bdd45479
No related branches found
No related tags found
No related merge requests found
......@@ -32,6 +32,7 @@ attribute data_file_type;
expandattribute data_file_type false;
# All types in /data, not in /data/vendor
attribute core_data_file_type;
expandattribute core_data_file_type false;
# All types in /vendor
attribute vendor_file_type;
......@@ -130,6 +131,7 @@ attribute coredomain;
# All socket devices owned by core domain components
attribute coredomain_socket;
expandattribute coredomain_socket false;
# All vendor domains which violate the requirement of not using Binder
# TODO(b/35870313): Remove this once there are no violations
......
......@@ -670,7 +670,6 @@ full_treble_only(`
# On full TREBLE devices, socket communications between core components and vendor components are
# not permitted.
full_treble_only(`
# Most general rules first, more specific rules below.
# Core domains are not permitted to initiate communications to vendor domain sockets.
......@@ -678,6 +677,7 @@ full_treble_only(`
# to obtain an already established socket via some public/official/stable API and then exchange
# data with its peer over that socket. The wire format in this scenario is dicatated by the API
# and thus does not break the core-vendor separation.
full_treble_only(`
neverallow_establish_socket_comms({
coredomain
-init
......@@ -687,7 +687,9 @@ full_treble_only(`
-coredomain
-socket_between_core_and_vendor_violators
});
')
# Vendor domains are not permitted to initiate communications to core domain sockets
full_treble_only(`
neverallow_establish_socket_comms({
domain
-coredomain
......@@ -703,26 +705,33 @@ full_treble_only(`
-incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
-tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
});
')
# Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
full_treble_only(`
neverallow_establish_socket_comms({
domain
-coredomain
-netdomain
-socket_between_core_and_vendor_violators
}, netd);
')
# Vendor domains are not permitted to initiate create/open sockets owned by core domains
full_treble_only(`
neverallow {
domain
-coredomain
-appdomain # appdomain restrictions below
-data_between_core_and_vendor_violators # b/70393317
-socket_between_core_and_vendor_violators
} {
coredomain_socket
core_data_file_type
unlabeled # used only by core domains
}:sock_file ~{ append getattr ioctl read write };
')
full_treble_only(`
neverallow {
appdomain
-coredomain
......@@ -734,8 +743,10 @@ full_treble_only(`
-pdx_endpoint_socket_type # used by VR layer
-pdx_channel_socket_type # used by VR layer
}:sock_file ~{ append getattr ioctl read write };
')
# Core domains are not permitted to create/open sockets owned by vendor domains
full_treble_only(`
neverallow {
coredomain
-init
......
......@@ -319,7 +319,7 @@ type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type, data_file_type, coredomain_socket;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
......@@ -328,7 +328,7 @@ type traced_producer_socket, file_type, coredomain_socket;
type traced_consumer_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type webview_zygote_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;
......
......@@ -23,6 +23,10 @@ def TestDebugfsTypeViolations(pol):
def TestVendorTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
def TestCoreDataTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/data/"], ["/data/vendor/",
"/data/vendor_ce/", "/data/vendor_de/"], "core_data_file_type")
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
......@@ -40,7 +44,9 @@ class MultipleOption(Option):
else:
Option.take_action(self, action, dest, opt, value, values, parser)
Tests = ["TestDataTypeViolators"]
Tests = ["TestDataTypeViolators", "TestSysfsTypeViolations",
"TestDebugfsTypeViolations", "TestVendorTypeViolations",
"TestCoreDataTypeViolations"]
if __name__ == '__main__':
usage = "sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so "
......@@ -87,6 +93,8 @@ if __name__ == '__main__':
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test:
results += TestVendorTypeViolations(pol)
if options.test is None or "TestCoreDataTypeViolations" in options.test:
results += TestCoreDataTypeViolations(pol)
if len(results) > 0:
sys.exit(results)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment