Mechanism to exclude neverallows from *TS.

build_test_only is used to denote rules that should not verified as part of compliance testing. Use this macro to exclude neverallow rules which we want to check as part of build, but not CTS. Bug: 80499271 Test: SELinuxNeverallowRulesTest on walleye has no more failure of type "Type or attribute * used in neverallow undefined in policy being checked." Number of failing test cases is reduced by 142. Test: policy.conf used to check neverallows at build-time still retains all neverallow rules. Change-Id: I5f1b383d9096bb5a7b8c0f1bc008b5dd07419580

Mechanism to exclude neverallows from *TS.
build_test_only is used to denote rules that should not verified as part of compliance testing. Use this macro to exclude neverallow rules which we want to check as part of build, but not CTS. Bug: 80499271 Test: SELinuxNeverallowRulesTest on walleye has no more failure of type "Type or attribute * used in neverallow undefined in policy being checked." Number of failing test cases is reduced by 142. Test: policy.conf used to check neverallows at build-time still retains all neverallow rules. Change-Id: I5f1b383d9096bb5a7b8c0f1bc008b5dd07419580
77c44fc4 · Tri Vo · 0578a394 · 77c44fc4 · 77c44fc4 · 77c44fc4
Commit 77c44fc4 authored 6 years ago by Tri Vo
--- a/Android.mk
+++ b/Android.mk
@@ -769,6 +769,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
 $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
 $(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts
+$(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true
 $(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
 $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
 	$(transform-policy-to-conf)

--- a/definitions.mk
+++ b/definitions.mk
@@ -10,6 +10,7 @@ $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
 	-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
 	-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
 	-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
+	-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
 	$(PRIVATE_TGT_RECOVERY) \
 	-s $^ > $@
 endef

--- a/public/te_macros
+++ b/public/te_macros
@@ -213,10 +213,15 @@ expandattribute hal_$1_client true;
 attribute hal_$1_server;
 expandattribute hal_$1_server false;

-neverallow { hal_$1_server -hal_$1 } domain:process fork;
 neverallow { hal_$1_server -halserverdomain } domain:process fork;
+# hal_*_client and halclientdomain attributes are always expanded for
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+# verified by CTS since these attributes are already expanded by that time.
+build_test_only(`
+neverallow { hal_$1_server -hal_$1 } domain:process fork;
 neverallow { hal_$1_client -halclientdomain } domain:process fork;
 ')
+')

 #####################################
 # hal_server_domain(domain, hal_type)
@@ -498,6 +503,12 @@ define(`userbuild', ifelse(target_build_variant, `user', $1, ))
 #
 define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), ))

+#####################################
+# Build-time-only test
+# SELinux rules which are verified during build, but not as part of *TS testing.
+#
+define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1))
+
 ####################################
 # Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
 #
@@ -613,7 +624,9 @@ define(`add_hwservice', `
 # Used to pair hal_foo_client with hal_foo_hwservice
 define(`hal_attribute_hwservice', `
  allow $1_client $2:hwservice_manager find;
-  neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
-
  add_hwservice($1_server, $2)
+
+  build_test_only(`
+    neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
+  ')
 ')