- Feb 05, 2018
-
-
Bowgo Tsai authored
Current sepolicy CIL files are built by several command-line tools in Android.mk. This change extracts some of the build logic into a python script to relief the effort in Android.mk. The first command is `build_sepolicy build_cil`. It's possible to add more sub-commands under the build_sepolicy script in the future. Bug: 64240127 Test: build bullhead/taimen Change-Id: Ie0ae4fc5256a550c72954cde5d5dd213a22d159a
-
- Feb 02, 2018
-
-
Bowgo Tsai authored
This reverts commit 3506ad3f. Fix angler/bullhead boot failure. Bug: 72787689 Test: build
-
- Jan 31, 2018
-
-
Bowgo Tsai authored
Current sepolicy CIL files are built by several command-line tools in Android.mk. This change extracts some of the build logic into a python script to relief the effort in Android.mk. The first command is `build_sepolicy build_cil`. It's possible to add more sub-commands under the build_sepolicy script in the future. Bug: 64240127 Test: build and boot a device Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil is the same as before Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
-
- Jun 05, 2017
-
-
Jeff Vander Stoep authored
With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9 (cherry picked from commit 0366afdf)
-
- May 31, 2017
-
-
Jeff Vander Stoep authored
With project Treble, we're relying heavily on attributes for permission inheritance and enforcement of separation between platform and vendor components. We neead tests that verify those attributes are correctly applied. This change adds the framework for those tests including a wrapper around libsepol for loading and querying policy, and a python module for running tests on policy and file_contexts. Included with the testing framework is a test asserting that the coredomain attribute is only applied to core processes. This verification is done using the following rules: 1. Domain's entrypoint is on /system - coredomain 2. Domain's entrypoint is on /vendor - not coredomain 3. Domain belongs to a whitelist of known coredomains - coredomain In a subsequent commit these tests will be applied at build time. However, I first need to fix existing Treble violations exposed by this test. These tests will also be applied during CTS. Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \ treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \ -f $OUT/vendor/etc/selinux/nonplat_file_contexts \ -f $OUT/system/etc/selinux/plat_file_contexts Bug: 37008075 Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9
-