15

【GTS-Fail】GtsSecurityHostTestCases#testNoExemptionsForSocketsBetweenCoreAndVen...

 4 years ago
source link: http://www.cnblogs.com/houser0323/p/12495140.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

【GTS-Fail】GtsSecurityHostTestCases#testNoExemptionsForSocketsBetweenCoreAndVendorBan

【问题描述】

Gts-7.0-r4工具报出失败项

GtsSecurityHostTestCases

com.google.android.security.gts.SELinuxHostTest#testNoExemptionsForSocketsBetweenCoreAndVendorBan

<Failure message="junit.framework.AssertionFailedError: Policy exempts domains from ban on socket communications between core and vendor: [hal_audio_default]">
    <StackTrace>junit.framework.AssertionFailedError: Policy exempts domains from ban on socket communications between core and vendor: [hal_audio_default]
    at junit.framework.Assert.fail(Assert.java:57)
    at junit.framework.TestCase.fail(TestCase.java:227)
    at com.google.android.security.gts.SELinuxHostTest.testNoExemptionsForSocketsBetweenCoreAndVendorBan(SELinuxHostTest.java:221)

这里有个坑,报问题的时候说上个版本有,其实最终查证0004版本(2.20前)就有这个失败项了,当时芯片厂商也告知是waiver项了。。。

【问题结论】

是waiver项

失败项是由google的auto-patch代码导致,如果第一次遇到可以咨询aml是否waiver。

【分析详细】

测试逻辑总览

使用linux可执行程序:sepolicy-analyze,对机顶盒中的/sys/fs/selinux/policy文件进行解析,要求不能有返回值,命令是:

sepolicy-analyze policy attribute socket_between_core_and_vendor_violators

即:不允许有type(类型)与该attribute(属性)“socket_between_core_and_vendor_violators”有关联,字面意思:core与vendor的违规socket特权

system/sepolicy/tools/sepolicy-analyze/README

ATTRIBUTE (attribute)

sepolicy-analyze out/target/product/ /root/sepolicy attribute Displays the types associated with the specified attribute name.

该权限详细限制在以下代码中有论述,Android TREBLE架构解耦计划相关

system/sepolicy/prebuilts/api/26.0/public/domain.te

system/sepolicy/prebuilts/api/27.0/public/domain.te

system/sepolicy/prebuilts/api/28.0/public/domain.te:

system/sepolicy/public/domain.te

# On full TREBLE devices, socket communications between core components and vendor components are
# not permitted.
full_treble_only(`
  # Most general rules first, more specific rules below.

  # Core domains are not permitted to initiate communications to vendor domain sockets.
  # We are not restricting the use of already established sockets because it is fine for a process
  # to obtain an already established socket via some public/official/stable API and then exchange
  # data with its peer over that socket. The wire format in this scenario is dicatated by the API
  # and thus does not break the core-vendor separation.

梳理测试项逻辑

反编译后定位测试项

./com/google/android/security/gts/SELinuxHostTest.java

public void testNoExemptionsForVendorExecutingCore() throws Exception {
        if (isFullTrebleDevice()) {
            Set<String> types = sepolicyAnalyzeGetTypesAssociatedWithAttribute("vendor_executes_system_violators");//该语句是测试判断,返回测试结果  
            if (!types.isEmpty()) {
                List<String> sortedTypes = new ArrayList(types);
                Collections.sort(sortedTypes);
                fail("Policy exempts vendor domains from ban on executing files in /system: " + sortedTypes);//此处assert,原因是容器types有东西,东西就是‘[hal_audio_default]’  
            }
        }
    }

看一下方法的测试逻辑:sepolicyAnalyzeGetTypesAssociatedWithAttribute()

通过ProcessBuilder开启一个进程,用于执行linux命令:sepolicy-analyze policy attribute socket_between_core_and_vendor_violators

然后获取这个命令的标准输出进行结果判断

private Set<String> sepolicyAnalyzeGetTypesAssociatedWithAttribute(String attribute) throws Exception {
        BufferedReader in;
        Throwable th;
        Throwable th2;
        Set<String> types = new HashSet();
        //通过ProcessBuilder开启一个进程,用于执行linux命令:sepolicy-analyze policy attribute socket_between_core_and_vendor_violators  
        ProcessBuilder pb = new ProcessBuilder(new String[]{this.mSepolicyAnalyze.getAbsolutePath(), this.mDevicePolicyFile.getAbsolutePath(), "attribute", attribute});
......
            in = new BufferedReader(new InputStreamReader(p.getInputStream()));
            th = null;
            while (true) {
                try {
                    String type = in.readLine();
                    if (type != null) {
                        types.add(type.trim());//获取有效标准输出,写到结果容器中存储  
                    }}} 
......
        return types;
......
    }

现在基本逻辑就清楚了,只要这个命令执行有结果返回就是不被允许的,现在需要分析这个工具‘sepolicy-analyze’是干嘛的?

在Android工程源码中搜索,我们找到了这个host可执行程序的源码

system/sepolicy/tools/sepolicy-analyze/

结合网络资料以及阅读源码和README文档,澄清测试的命令用途:解析policy文件返回与attribute相关联的type值

system/sepolicy/tools/sepolicy-analyze/README

63 ATTRIBUTE (attribute)

64 sepolicy-analyze out/target/product/ /root/sepolicy attribute

65

66 Displays the types associated with the specified attribute name.

工程中搜索确认

搜过确认一下到底在哪里使得他们关联的,定位到一下te文件

./system/sepolicy/vendor/hal_audio_default.te:1
type hal_audio_default, domain, socket_between_core_and_vendor_violators;

查证git log,我们发现是如下的commit导致的,是google的auto-path

commit 783f5b52195f0168f4c9db29b5a80ac63fb04020
Author: xxxxxx
Date:   Mon Feb 17 11:33:16 2020 +0800

    auto patch added:CecAudio

diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 0dc2170..9da0f1b 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -1,4 +1,4 @@
-type hal_audio_default, domain;
+type hal_audio_default, domain, socket_between_core_and_vendor_violators; #此处添加的关联,问题找到了根源  
 hal_server_domain(hal_audio_default, hal_audio)

到此,问题很大概率可确认为Google-waiver,因为引入问题的代码是Google的。接下来需向芯片厂商或Google沟通确认

由于报问题的乌龙,事实是该问题很久之前已澄清过,所以这一通分析并木有什么卵用。。。。。。


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK