build/soong/sepolicy_neverallow.go - platform/system/sepolicy - Git at Google

 // Copyright 2021 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package selinux

 import (
 	"github.com/google/blueprint/proptools"

 	"fmt"
 	"strconv"

 	"android/soong/android"
 )

 func init() {
 	ctx := android.InitRegistrationContext
 	ctx.RegisterModuleType("se_neverallow_test", neverallowTestFactory)
 }

 type neverallowTestProperties struct {
 	// Policy files to be tested.
 	Srcs []string `android:"path"`
 }

 type neverallowTestModule struct {
 	android.ModuleBase
 	properties    neverallowTestProperties
 	testTimestamp android.ModuleOutPath
 }

 type nameProperties struct {
 	Name *string
 }

 var checkpolicyTag = dependencyTag{name: "checkpolicy"}
 var sepolicyAnalyzeTag = dependencyTag{name: "sepolicy_analyze"}

 // se_neverallow_test builds given policy files and checks whether any neverallow violations exist.
 // This module creates two conf files, one with build test and one without build test. Policy with
 // build test will be compiled with checkpolicy, and policy without build test will be tested with
 // sepolicy-analyze's neverallow tool.  This module's check can be skipped by setting
 // SELINUX_IGNORE_NEVERALLOWS := true.
 func neverallowTestFactory() android.Module {
 	n := &neverallowTestModule{}
 	n.AddProperties(&n.properties)
 	android.InitAndroidModule(n)
 	android.AddLoadHook(n, func(ctx android.LoadHookContext) {
 		n.loadHook(ctx)
 	})
 	return n
 }

 // Child conf module name for checkpolicy test.
 func (n *neverallowTestModule) checkpolicyConfModuleName() string {
 	return n.Name() + ".checkpolicy.conf"
 }

 // Child conf module name for sepolicy-analyze test.
 func (n *neverallowTestModule) sepolicyAnalyzeConfModuleName() string {
 	return n.Name() + ".sepolicy_analyze.conf"
 }

 func (n *neverallowTestModule) loadHook(ctx android.LoadHookContext) {
 	checkpolicyConf := n.checkpolicyConfModuleName()
 	ctx.CreateModule(policyConfFactory, &nameProperties{
 		Name: proptools.StringPtr(checkpolicyConf),
 	}, &policyConfProperties{
 		Srcs:          n.properties.Srcs,
 		Build_variant: proptools.StringPtr("user"),
 		Installable:   proptools.BoolPtr(false),
 	})

 	sepolicyAnalyzeConf := n.sepolicyAnalyzeConfModuleName()
 	ctx.CreateModule(policyConfFactory, &nameProperties{
 		Name: proptools.StringPtr(sepolicyAnalyzeConf),
 	}, &policyConfProperties{
 		Srcs:               n.properties.Srcs,
 		Build_variant:      proptools.StringPtr("user"),
 		Exclude_build_test: proptools.BoolPtr(true),
 		Installable:        proptools.BoolPtr(false),
 	})
 }

 func (n *neverallowTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
 	ctx.AddDependency(n, checkpolicyTag, n.checkpolicyConfModuleName())
 	ctx.AddDependency(n, sepolicyAnalyzeTag, n.sepolicyAnalyzeConfModuleName())
 }

 func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 	n.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
 	if ctx.Config().SelinuxIgnoreNeverallows() {
 		// just touch
 		android.WriteFileRule(ctx, n.testTimestamp, "")
 		return
 	}

 	var checkpolicyConfPaths android.Paths
 	var sepolicyAnalyzeConfPaths android.Paths

 	ctx.VisitDirectDeps(func(child android.Module) {
 		depTag := ctx.OtherModuleDependencyTag(child)
 		if depTag != checkpolicyTag && depTag != sepolicyAnalyzeTag {
 			return
 		}

 		o, ok := child.(android.OutputFileProducer)
 		if !ok {
 			panic(fmt.Errorf("Module %q isn't an OutputFileProducer", ctx.OtherModuleName(child)))
 		}

 		outputs, err := o.OutputFiles("")
 		if err != nil {
 			panic(fmt.Errorf("Module %q error while producing output: %v", ctx.OtherModuleName(child), err))
 		}

 		switch ctx.OtherModuleDependencyTag(child) {
 		case checkpolicyTag:
 			checkpolicyConfPaths = outputs
 		case sepolicyAnalyzeTag:
 			sepolicyAnalyzeConfPaths = outputs
 		}
 	})

 	if len(checkpolicyConfPaths) != 1 {
 		panic(fmt.Errorf("Module %q should produce exactly one output", n.checkpolicyConfModuleName()))
 	}

 	if len(sepolicyAnalyzeConfPaths) != 1 {
 		panic(fmt.Errorf("Module %q should produce exactly one output", n.sepolicyAnalyzeConfModuleName()))
 	}

 	checkpolicyConfPath := checkpolicyConfPaths[0]
 	sepolicyAnalyzeConfPath := sepolicyAnalyzeConfPaths[0]

 	rule := android.NewRuleBuilder(pctx, ctx)

 	// Step 1. Build a binary policy from the conf file including build test
 	binaryPolicy := android.PathForModuleOut(ctx, "policy")
 	rule.Command().BuiltTool("checkpolicy").
 		Flag("-M").
 		FlagWithArg("-c ", strconv.Itoa(PolicyVers)).
 		FlagWithOutput("-o ", binaryPolicy).
 		Input(checkpolicyConfPath)
 	rule.Build("neverallow_checkpolicy", "Neverallow check: "+ctx.ModuleName())

 	// Step 2. Run sepolicy-analyze with the conf file without the build test and binary policy
 	// file from Step 1
 	rule = android.NewRuleBuilder(pctx, ctx)
 	msg := `sepolicy-analyze failed. This is most likely due to the use\n` +
 		`of an expanded attribute in a neverallow assertion. Please fix\n` +
 		`the policy.`

 	rule.Command().BuiltTool("sepolicy-analyze").
 		Input(binaryPolicy).
 		Text("neverallow").
 		Flag("-w").
 		FlagWithInput("-f ", sepolicyAnalyzeConfPath).
 		Text("|| (echo").
 		Flag("-e").
 		Text(`"` + msg + `"`).
 		Text("; exit 1)")

 	rule.Command().Text("touch").Output(n.testTimestamp)
 	rule.Build("neverallow_sepolicy-analyze", "Neverallow check: "+ctx.ModuleName())
 }

 func (n *neverallowTestModule) AndroidMkEntries() []android.AndroidMkEntries {
 	return []android.AndroidMkEntries{android.AndroidMkEntries{
 		OutputFile: android.OptionalPathForPath(n.testTimestamp),
 		Class:      "ETC",
 		ExtraEntries: []android.AndroidMkExtraEntriesFunc{
 			func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
 				entries.SetBool("LOCAL_UNINSTALLABLE_MODULE", true)
 			},
 		},
 	}}
 }
	// Copyright 2021 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package selinux

	import (
	"github.com/google/blueprint/proptools"

	"fmt"
	"strconv"

	"android/soong/android"
	)

	func init() {
	ctx := android.InitRegistrationContext
	ctx.RegisterModuleType("se_neverallow_test", neverallowTestFactory)
	}

	type neverallowTestProperties struct {
	// Policy files to be tested.
	Srcs []string `android:"path"`
	}

	type neverallowTestModule struct {
	android.ModuleBase
	properties neverallowTestProperties
	testTimestamp android.ModuleOutPath
	}

	type nameProperties struct {
	Name *string
	}

	var checkpolicyTag = dependencyTag{name: "checkpolicy"}
	var sepolicyAnalyzeTag = dependencyTag{name: "sepolicy_analyze"}

	// se_neverallow_test builds given policy files and checks whether any neverallow violations exist.
	// This module creates two conf files, one with build test and one without build test. Policy with
	// build test will be compiled with checkpolicy, and policy without build test will be tested with
	// sepolicy-analyze's neverallow tool. This module's check can be skipped by setting
	// SELINUX_IGNORE_NEVERALLOWS := true.
	func neverallowTestFactory() android.Module {
	n := &neverallowTestModule{}
	n.AddProperties(&n.properties)
	android.InitAndroidModule(n)
	android.AddLoadHook(n, func(ctx android.LoadHookContext) {
	n.loadHook(ctx)
	})
	return n
	}

	// Child conf module name for checkpolicy test.
	func (n *neverallowTestModule) checkpolicyConfModuleName() string {
	return n.Name() + ".checkpolicy.conf"
	}

	// Child conf module name for sepolicy-analyze test.
	func (n *neverallowTestModule) sepolicyAnalyzeConfModuleName() string {
	return n.Name() + ".sepolicy_analyze.conf"
	}

	func (n *neverallowTestModule) loadHook(ctx android.LoadHookContext) {
	checkpolicyConf := n.checkpolicyConfModuleName()
	ctx.CreateModule(policyConfFactory, &nameProperties{
	Name: proptools.StringPtr(checkpolicyConf),
	}, &policyConfProperties{
	Srcs: n.properties.Srcs,
	Build_variant: proptools.StringPtr("user"),
	Installable: proptools.BoolPtr(false),
	})

	sepolicyAnalyzeConf := n.sepolicyAnalyzeConfModuleName()
	ctx.CreateModule(policyConfFactory, &nameProperties{
	Name: proptools.StringPtr(sepolicyAnalyzeConf),
	}, &policyConfProperties{
	Srcs: n.properties.Srcs,
	Build_variant: proptools.StringPtr("user"),
	Exclude_build_test: proptools.BoolPtr(true),
	Installable: proptools.BoolPtr(false),
	})
	}

	func (n *neverallowTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
	ctx.AddDependency(n, checkpolicyTag, n.checkpolicyConfModuleName())
	ctx.AddDependency(n, sepolicyAnalyzeTag, n.sepolicyAnalyzeConfModuleName())
	}

	func (n *neverallowTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
	n.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
	if ctx.Config().SelinuxIgnoreNeverallows() {
	// just touch
	android.WriteFileRule(ctx, n.testTimestamp, "")
	return
	}

	var checkpolicyConfPaths android.Paths
	var sepolicyAnalyzeConfPaths android.Paths

	ctx.VisitDirectDeps(func(child android.Module) {
	depTag := ctx.OtherModuleDependencyTag(child)
	if depTag != checkpolicyTag && depTag != sepolicyAnalyzeTag {
	return
	}

	o, ok := child.(android.OutputFileProducer)
	if !ok {
	panic(fmt.Errorf("Module %q isn't an OutputFileProducer", ctx.OtherModuleName(child)))
	}

	outputs, err := o.OutputFiles("")
	if err != nil {
	panic(fmt.Errorf("Module %q error while producing output: %v", ctx.OtherModuleName(child), err))
	}

	switch ctx.OtherModuleDependencyTag(child) {
	case checkpolicyTag:
	checkpolicyConfPaths = outputs
	case sepolicyAnalyzeTag:
	sepolicyAnalyzeConfPaths = outputs
	}
	})

	if len(checkpolicyConfPaths) != 1 {
	panic(fmt.Errorf("Module %q should produce exactly one output", n.checkpolicyConfModuleName()))
	}

	if len(sepolicyAnalyzeConfPaths) != 1 {
	panic(fmt.Errorf("Module %q should produce exactly one output", n.sepolicyAnalyzeConfModuleName()))
	}

	checkpolicyConfPath := checkpolicyConfPaths[0]
	sepolicyAnalyzeConfPath := sepolicyAnalyzeConfPaths[0]

	rule := android.NewRuleBuilder(pctx, ctx)

	// Step 1. Build a binary policy from the conf file including build test
	binaryPolicy := android.PathForModuleOut(ctx, "policy")
	rule.Command().BuiltTool("checkpolicy").
	Flag("-M").
	FlagWithArg("-c ", strconv.Itoa(PolicyVers)).
	FlagWithOutput("-o ", binaryPolicy).
	Input(checkpolicyConfPath)
	rule.Build("neverallow_checkpolicy", "Neverallow check: "+ctx.ModuleName())

	// Step 2. Run sepolicy-analyze with the conf file without the build test and binary policy
	// file from Step 1
	rule = android.NewRuleBuilder(pctx, ctx)
	msg := `sepolicy-analyze failed. This is most likely due to the use\n` +
	`of an expanded attribute in a neverallow assertion. Please fix\n` +
	`the policy.`

	rule.Command().BuiltTool("sepolicy-analyze").
	Input(binaryPolicy).
	Text("neverallow").
	Flag("-w").
	FlagWithInput("-f ", sepolicyAnalyzeConfPath).
	Text("\|\| (echo").
	Flag("-e").
	Text(`"` + msg + `"`).
	Text("; exit 1)")

	rule.Command().Text("touch").Output(n.testTimestamp)
	rule.Build("neverallow_sepolicy-analyze", "Neverallow check: "+ctx.ModuleName())
	}

	func (n *neverallowTestModule) AndroidMkEntries() []android.AndroidMkEntries {
	return []android.AndroidMkEntries{android.AndroidMkEntries{
	OutputFile: android.OptionalPathForPath(n.testTimestamp),
	Class: "ETC",
	ExtraEntries: []android.AndroidMkExtraEntriesFunc{
	func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
	entries.SetBool("LOCAL_UNINSTALLABLE_MODULE", true)
	},
	},
	}}
	}