Commits · d115b8ed246a03e364933f0b906354041962a4ec · CodeLinaro / public-release-test / platform / system / sepolicy

Oct 02, 2018

Only maintain maps between current and previous selinux versions. · 438684b3

Tri Vo authored 6 years ago

New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.

Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.

Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8

438684b3

Sep 29, 2018

Don't require private types in mapping file. · e3f4f77d

Tri Vo authored 6 years ago

Private types are not visible to vendor/odm policy, so we don't need mapping
entries for them.

We build platform-only public policy .cil file and give it as input to
treble_sepolicy_tests. Using this public policy the test can now figure out if
the newly added type in public or private.

Bug: 116344577
Test: adding public type triggers mapping test failure, adding private type does
not.
Change-Id: I421f335e37274b24aa73109e260653d7b73788b5

e3f4f77d

Feb 07, 2018

Silence expandtypeattribute build-time warning. · 19047a6a

Tri Vo authored 7 years ago

treble_sepolicy_tests emit during build time warnings for
expandtypeattribute statements in the mapping file.
Silence those warning.

Bug: 72757373
Test: build sepolicy
Change-Id: Ia40d80d8172c96c75854d2e1ec0d284ea0724b5c

19047a6a

Sep 26, 2017

Sync internal master and AOSP sepolicy. · 91d398d8

Dan Cashman authored 7 years ago

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

91d398d8

Aug 09, 2017

treble compat: Add test for removed public types without compat entry. · 8682d712

Dan Cashman authored 7 years ago

Also fix up set() additions in mini_parser.py and add global reference to
the parser in tests for clarity.

Bug: 36899958
Test: rm public type in old policy from policy and observe test failure.
Change-Id: I6cba2473526798be871cd69249c9bbc6df2c5b4c

8682d712

Aug 08, 2017

Add 26.0 api compatibility check infrastructure. · 7f7c3b82

Dan Cashman authored 7 years ago

Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry.  This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access.  It also should prove the basis for additional compatibility
checks between old and new policies.

Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c

7f7c3b82