Google Git
Sign in
android / platform / cts / 2334575^! / .
commit23345754be366c9cdd002819efc04ee13d235ecc[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Fri Mar 13 13:28:47 2015 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Fri Mar 13 13:28:47 2015 -0400
tree677df1412958709f0115c28081878c69092004f7
parentfa060ca9d964fdda96899f18108305b503d3940c [diff]
SELinuxHostTest:  Add testMLSAttributes test.

Using the sepolicy-analyze attribute support added by
Ie19361c02feb1ad14ce36862c6aace9e66c422bb, check that
mlstrustedsubject does not include the untrusted_app domain
and that mlstrustedobject does not include the app_data_file type.
Either of these cases would defeat the purpose of enabling
levelFrom=user in seapp_contexts for per-user isolation of
normal apps.

Change-Id: I5c77283e419363bf8834731bfefa61977402d661
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
index 722c5c2..5f1fbfc 100644
--- a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
+++ b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java

@@ -166,6 +166,44 @@
     }
 
     /**
+     * Asserts that specified type is not associated with the specified
+     * attribute.
+     *
+     * @param attribute
+     *  The attribute name.
+     * @param type
+     *  The type name.
+     */
+    private void assertNotInAttribute(String attribute, String badtype) throws Exception {
+        /* run sepolicy-analyze attribute check on policy file */
+        ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
+                devicePolicyFile.getAbsolutePath(), "attribute", attribute);
+        pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
+        pb.redirectErrorStream(true);
+        Process p = pb.start();
+        p.waitFor();
+        BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
+        String type;
+        while ((type = result.readLine()) != null) {
+            assertFalse("Attribute " + attribute + " includes " + type + "\n",
+                        type.equals(badtype));
+        }
+    }
+
+    /**
+     * Tests that mlstrustedsubject does not include untrusted_app
+     * and that mlstrustedobject does not include app_data_file.
+     * This helps prevent circumventing the per-user isolation of
+     * normal apps via levelFrom=user.
+     *
+     * @throws Exception
+     */
+    public void testMLSAttributes() throws Exception {
+        assertNotInAttribute("mlstrustedsubject", "untrusted_app");
+        assertNotInAttribute("mlstrustedobject", "app_data_file");
+    }
+
+    /**
      * Tests that the seapp_contexts file on the device is valid.
      *
      * @throws Exception