• [GTS]GtsSecurityHostTestCases#testNoExemptionsForSocketsBetweenCoreAndVendorBan


    [GTS]GtsSecurityHostTestCases#testNoExemptionsForSocketsBetweenCoreAndVendorBan

    【问题描述】

    Gts-7.0-r4工具报出失败项
    GtsSecurityHostTestCases
    com.google.android.security.gts.SELinuxHostTest#testNoExemptionsForSocketsBetweenCoreAndVendorBan

        <Failure message="junit.framework.AssertionFailedError: Policy exempts domains from ban on socket communications between core and vendor: [hal_audio_default]">
        <StackTrace>junit.framework.AssertionFailedError: Policy exempts domains from ban on socket communications between core and vendor: [hal_audio_default]
    	at junit.framework.Assert.fail(Assert.java:57)
    	at junit.framework.TestCase.fail(TestCase.java:227)
    	at com.google.android.security.gts.SELinuxHostTest.testNoExemptionsForSocketsBetweenCoreAndVendorBan(SELinuxHostTest.java:221)
    

    这里有个坑,报问题的时候说上个版本有,其实最终查证0004版本(2.20前)就有这个失败项了,当时芯片厂商也告知是waiver项了。。。

    【问题结论】

    是waiver项
    失败项是由google的auto-patch代码导致,如果第一次遇到可以咨询aml是否waiver。

    AuthBlog:秋城https://www.cnblogs.com/houser0323

    【分析详细】

    测试逻辑总览
    使用linux可执行程序:sepolicy-analyze,对机顶盒中的/sys/fs/selinux/policy文件进行解析,要求不能有返回值,命令是:
    sepolicy-analyze policy attribute socket_between_core_and_vendor_violators
    即:不允许有type(类型)与该attribute(属性)“socket_between_core_and_vendor_violators”有关联,字面意思:core与vendor的违规socket特权

    system/sepolicy/tools/sepolicy-analyze/README

    ATTRIBUTE (attribute)
    sepolicy-analyze out/target/product//root/sepolicy attribute
    Displays the types associated with the specified attribute name.

    该权限详细限制在以下代码中有论述,Android TREBLE架构解耦计划相关
    system/sepolicy/prebuilts/api/26.0/public/domain.te
    system/sepolicy/prebuilts/api/27.0/public/domain.te
    system/sepolicy/prebuilts/api/28.0/public/domain.te:
    system/sepolicy/public/domain.te

    # On full TREBLE devices, socket communications between core components and vendor components are
    # not permitted.
    full_treble_only(`
      # Most general rules first, more specific rules below.
    
      # Core domains are not permitted to initiate communications to vendor domain sockets.
      # We are not restricting the use of already established sockets because it is fine for a process
      # to obtain an already established socket via some public/official/stable API and then exchange
      # data with its peer over that socket. The wire format in this scenario is dicatated by the API
      # and thus does not break the core-vendor separation.
    
    

    梳理测试项逻辑
    反编译后定位测试项
    ./com/google/android/security/gts/SELinuxHostTest.java

        public void testNoExemptionsForVendorExecutingCore() throws Exception {
            if (isFullTrebleDevice()) {
                Set<String> types = sepolicyAnalyzeGetTypesAssociatedWithAttribute("vendor_executes_system_violators");//该语句是测试判断,返回测试结果  
                if (!types.isEmpty()) {
                    List<String> sortedTypes = new ArrayList(types);
                    Collections.sort(sortedTypes);
                    fail("Policy exempts vendor domains from ban on executing files in /system: " + sortedTypes);//此处assert,原因是容器types有东西,东西就是‘[hal_audio_default]’  
                }
            }
        }
    

    看一下方法的测试逻辑:sepolicyAnalyzeGetTypesAssociatedWithAttribute()
    通过ProcessBuilder开启一个进程,用于执行linux命令:sepolicy-analyze policy attribute socket_between_core_and_vendor_violators
    然后获取这个命令的标准输出进行结果判断

       private Set<String> sepolicyAnalyzeGetTypesAssociatedWithAttribute(String attribute) throws Exception {
            BufferedReader in;
            Throwable th;
            Throwable th2;
            Set<String> types = new HashSet();
    		//通过ProcessBuilder开启一个进程,用于执行linux命令:sepolicy-analyze policy attribute socket_between_core_and_vendor_violators  
            ProcessBuilder pb = new ProcessBuilder(new String[]{this.mSepolicyAnalyze.getAbsolutePath(), this.mDevicePolicyFile.getAbsolutePath(), "attribute", attribute});
    ......
                in = new BufferedReader(new InputStreamReader(p.getInputStream()));
                th = null;
                while (true) {
                    try {
                        String type = in.readLine();
                        if (type != null) {
                            types.add(type.trim());//获取有效标准输出,写到结果容器中存储  
                        }}} 
    ......
            return types;
    ......
        }
    

    现在基本逻辑就清楚了,只要这个命令执行有结果返回就是不被允许的,现在需要分析这个工具‘sepolicy-analyze’是干嘛的?
    在Android工程源码中搜索,我们找到了这个host可执行程序的源码
    system/sepolicy/tools/sepolicy-analyze/
    结合网络资料以及阅读源码和README文档,澄清测试的命令用途:解析policy文件返回与attribute相关联的type值

    system/sepolicy/tools/sepolicy-analyze/README

    63 ATTRIBUTE (attribute)
    64 sepolicy-analyze out/target/product//root/sepolicy attribute
    65
    66 Displays the types associated with the specified attribute name.

    工程中搜索确认
    搜索确认到底在哪里使得他们关联的,定位到文件

    ./system/sepolicy/vendor/hal_audio_default.te:1
    type hal_audio_default, domain, socket_between_core_and_vendor_violators;
    

    查证git log,我们发现是如下的commit导致的,是google的auto-path

    commit 783f5b52195f0168f4c9db29b5a80ac63fb04020
    Author: xxxxxx
    Date:   Mon Feb 17 11:33:16 2020 +0800
    
        auto patch added:CecAudio
    
    diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
    index 0dc2170..9da0f1b 100644
    --- a/vendor/hal_audio_default.te
    +++ b/vendor/hal_audio_default.te
    @@ -1,4 +1,4 @@
    -type hal_audio_default, domain;
    +type hal_audio_default, domain, socket_between_core_and_vendor_violators; #此处添加的关联,问题找到了根源  
     hal_server_domain(hal_audio_default, hal_audio)
    
    

    到此,问题很大概率可确认为Google-waiver,因为引入问题的代码是Google的。接下来需向芯片厂商或Google沟通确认

    由于报问题的乌龙,事实是该问题很久之前已澄清过,所以这一通分析并木有什么卵用。。。。。。

  • 相关阅读:
    AutoMapper 使用实践
    项目重构之路
    Xamarin对Visual Studio用户免费 Xamarin SDK将开源
    php的文件上传及下载,附带显示文件及目录
    SMARTY静态缓存
    SMARTY的简单实例写法
    SMARTY的知识
    wampserver的使用配置
    php权限管理
    phpcms企业站的一些知识
  • 原文地址:https://www.cnblogs.com/houser0323/p/12495140.html
Copyright © 2020-2023  润新知