Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
77a2d71f
Commit
77a2d71f
authored
Jan 25, 2018
by
Jeffrey Vander Stoep
Committed by
Android (Google) Code Review
Jan 25, 2018
Browse files
Options
Downloads
Plain Diff
Merge "Test that /data is properly labeled"
parents
20897145
bdd45479
No related branches found
No related tags found
No related merge requests found
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
public/attributes
+2
-0
2 additions, 0 deletions
public/attributes
public/domain.te
+12
-1
12 additions, 1 deletion
public/domain.te
public/file.te
+2
-2
2 additions, 2 deletions
public/file.te
tests/sepolicy_tests.py
+9
-1
9 additions, 1 deletion
tests/sepolicy_tests.py
with
25 additions
and
4 deletions
public/attributes
+
2
−
0
View file @
77a2d71f
...
...
@@ -32,6 +32,7 @@ attribute data_file_type;
expandattribute data_file_type false;
# All types in /data, not in /data/vendor
attribute core_data_file_type;
expandattribute core_data_file_type false;
# All types in /vendor
attribute vendor_file_type;
...
...
@@ -130,6 +131,7 @@ attribute coredomain;
# All socket devices owned by core domain components
attribute coredomain_socket;
expandattribute coredomain_socket false;
# All vendor domains which violate the requirement of not using Binder
# TODO(b/35870313): Remove this once there are no violations
...
...
This diff is collapsed.
Click to expand it.
public/domain.te
+
12
−
1
View file @
77a2d71f
...
...
@@ -670,7 +670,6 @@ full_treble_only(`
# On full TREBLE devices, socket communications between core components and vendor components are
# not permitted.
full_treble_only(`
# Most general rules first, more specific rules below.
# Core domains are not permitted to initiate communications to vendor domain sockets.
...
...
@@ -678,6 +677,7 @@ full_treble_only(`
# to obtain an already established socket via some public/official/stable API and then exchange
# data with its peer over that socket. The wire format in this scenario is dicatated by the API
# and thus does not break the core-vendor separation.
full_treble_only(`
neverallow_establish_socket_comms({
coredomain
-init
...
...
@@ -687,7 +687,9 @@ full_treble_only(`
-coredomain
-socket_between_core_and_vendor_violators
});
')
# Vendor domains are not permitted to initiate communications to core domain sockets
full_treble_only(`
neverallow_establish_socket_comms({
domain
-coredomain
...
...
@@ -703,26 +705,33 @@ full_treble_only(`
-incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
-tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
});
')
# Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
full_treble_only(`
neverallow_establish_socket_comms({
domain
-coredomain
-netdomain
-socket_between_core_and_vendor_violators
}, netd);
')
# Vendor domains are not permitted to initiate create/open sockets owned by core domains
full_treble_only(`
neverallow {
domain
-coredomain
-appdomain # appdomain restrictions below
-data_between_core_and_vendor_violators # b/70393317
-socket_between_core_and_vendor_violators
} {
coredomain_socket
core_data_file_type
unlabeled # used only by core domains
}:sock_file ~{ append getattr ioctl read write };
')
full_treble_only(`
neverallow {
appdomain
-coredomain
...
...
@@ -734,8 +743,10 @@ full_treble_only(`
-pdx_endpoint_socket_type # used by VR layer
-pdx_channel_socket_type # used by VR layer
}:sock_file ~{ append getattr ioctl read write };
')
# Core domains are not permitted to create/open sockets owned by vendor domains
full_treble_only(`
neverallow {
coredomain
-init
...
...
This diff is collapsed.
Click to expand it.
public/file.te
+
2
−
2
View file @
77a2d71f
...
...
@@ -319,7 +319,7 @@ type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type, data_file_type, coredomain_socket;
type system_wpa_socket, file_type, data_file_type,
core_data_file_type,
coredomain_socket;
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
...
...
@@ -328,7 +328,7 @@ type traced_producer_socket, file_type, coredomain_socket;
type traced_consumer_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type webview_zygote_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type;
type wpa_socket, file_type,
data_file_type, core_
data_file_type;
type zygote_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;
...
...
This diff is collapsed.
Click to expand it.
tests/sepolicy_tests.py
+
9
−
1
View file @
77a2d71f
...
...
@@ -23,6 +23,10 @@ def TestDebugfsTypeViolations(pol):
def
TestVendorTypeViolations
(
pol
):
return
pol
.
AssertPathTypesHaveAttr
([
"
/vendor/
"
],
[],
"
vendor_file_type
"
)
def
TestCoreDataTypeViolations
(
pol
):
return
pol
.
AssertPathTypesHaveAttr
([
"
/data/
"
],
[
"
/data/vendor/
"
,
"
/data/vendor_ce/
"
,
"
/data/vendor_de/
"
],
"
core_data_file_type
"
)
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
...
...
@@ -40,7 +44,9 @@ class MultipleOption(Option):
else
:
Option
.
take_action
(
self
,
action
,
dest
,
opt
,
value
,
values
,
parser
)
Tests
=
[
"
TestDataTypeViolators
"
]
Tests
=
[
"
TestDataTypeViolators
"
,
"
TestSysfsTypeViolations
"
,
"
TestDebugfsTypeViolations
"
,
"
TestVendorTypeViolations
"
,
"
TestCoreDataTypeViolations
"
]
if
__name__
==
'
__main__
'
:
usage
=
"
sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so
"
...
...
@@ -87,6 +93,8 @@ if __name__ == '__main__':
results
+=
TestDebugfsTypeViolations
(
pol
)
if
options
.
test
is
None
or
"
TestVendorTypeViolations
"
in
options
.
test
:
results
+=
TestVendorTypeViolations
(
pol
)
if
options
.
test
is
None
or
"
TestCoreDataTypeViolations
"
in
options
.
test
:
results
+=
TestCoreDataTypeViolations
(
pol
)
if
len
(
results
)
>
0
:
sys
.
exit
(
results
)
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment