SELinuxHostTest: Add testMLSAttributes test.
Using the sepolicy-analyze attribute support added by
Ie19361c02feb1ad14ce36862c6aace9e66c422bb, check that
mlstrustedsubject does not include the untrusted_app domain
and that mlstrustedobject does not include the app_data_file type.
Either of these cases would defeat the purpose of enabling
levelFrom=user in seapp_contexts for per-user isolation of
normal apps.
Change-Id: I5c77283e419363bf8834731bfefa61977402d661
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
index 722c5c2..5f1fbfc 100644
--- a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
+++ b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
@@ -166,6 +166,44 @@
}
/**
+ * Asserts that specified type is not associated with the specified
+ * attribute.
+ *
+ * @param attribute
+ * The attribute name.
+ * @param type
+ * The type name.
+ */
+ private void assertNotInAttribute(String attribute, String badtype) throws Exception {
+ /* run sepolicy-analyze attribute check on policy file */
+ ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
+ devicePolicyFile.getAbsolutePath(), "attribute", attribute);
+ pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
+ pb.redirectErrorStream(true);
+ Process p = pb.start();
+ p.waitFor();
+ BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
+ String type;
+ while ((type = result.readLine()) != null) {
+ assertFalse("Attribute " + attribute + " includes " + type + "\n",
+ type.equals(badtype));
+ }
+ }
+
+ /**
+ * Tests that mlstrustedsubject does not include untrusted_app
+ * and that mlstrustedobject does not include app_data_file.
+ * This helps prevent circumventing the per-user isolation of
+ * normal apps via levelFrom=user.
+ *
+ * @throws Exception
+ */
+ public void testMLSAttributes() throws Exception {
+ assertNotInAttribute("mlstrustedsubject", "untrusted_app");
+ assertNotInAttribute("mlstrustedobject", "app_data_file");
+ }
+
+ /**
* Tests that the seapp_contexts file on the device is valid.
*
* @throws Exception