Revert "selinux: test no execve() on app data files"
This reverts commit 879ed91e4a338cae998c5d59f31ce87ab8325ec4.
Reason for revert: CtsSimpleperfTestCases CTS test case failures.
See b/118704604 for details.
Bug: 112357170
Bug: 118704604
Change-Id: I10d6e8f1c382062eb3a784d3fb1e94a8a0663ade
diff --git a/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java b/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
index 1209a0e..0de87c6 100644
--- a/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
+++ b/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
@@ -1,6 +1,5 @@
package android.security;
-import android.system.Os;
import android.test.AndroidTestCase;
import java.io.BufferedReader;
import java.io.FileReader;
@@ -82,21 +81,5 @@
assertTrue(msg, m.matches());
}
- protected boolean canExecuteFromHomeDir() throws Exception {
- File appDataDir = getContext().getFilesDir();
- File temp = File.createTempFile("badbin", "exe", appDataDir);
- temp.deleteOnExit();
- String path = temp.getPath();
- Os.chmod(path, 0700);
- try {
- Process process = new ProcessBuilder(path).start();
- } catch (IOException e) {
- return !e.toString().contains("Permission denied");
- } finally {
- temp.delete();
- }
- return true;
- }
-
private static final native String getFileContext(String path);
}
diff --git a/tests/tests/selinux/selinuxTargetSdk25/Android.mk b/tests/tests/selinux/selinuxTargetSdk25/Android.mk
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdk25/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk25/src/android/security/SELinuxTargetSdkTest.java
index 52a30fc..c966e5e 100644
--- a/tests/tests/selinux/selinuxTargetSdk25/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdk25/src/android/security/SELinuxTargetSdkTest.java
@@ -20,14 +20,10 @@
import java.io.IOException;
/**
- * Verify the selinux domain for apps running with targetSdkVersion<=25
+ * Verify the selinux domain for apps running with targetSdkVersion<=25
*/
public class SELinuxTargetSdkTest extends SELinuxTargetSdkTestBase
{
- public void testCanExecuteFromHomeDir() throws Exception {
- assertTrue(canExecuteFromHomeDir());
- }
-
/**
* Verify that selinux context is the expected domain based on
* targetSdkVersion = 25
@@ -45,13 +41,13 @@
/**
* Verify that selinux context is the expected type based on
- * targetSdkVersion = 25
+ * targetSdkVersion = current
*/
public void testAppDataContext() throws Exception {
String context = "u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+";
- String msg = "Untrusted apps with targetSdkVersion of 25 and below " +
- "must use the app_data_file selinux context and use the levelFrom=user " +
- "selector in SELinux seapp_contexts which adds two category types " +
+ String msg = "Untrusted apps with targetSdkVersion of 25 and below and above" +
+ "must use the app_data_file selinux context and use the levelFrom=all " +
+ "selector in SELinux seapp_contexts which adds four category types " +
"to the app_data_file context.\n" +
"Example expected value: u:object_r:app_data_file:s0:c512,c768\n" +
"Actual value: ";
diff --git a/tests/tests/selinux/selinuxTargetSdk27/Android.mk b/tests/tests/selinux/selinuxTargetSdk27/Android.mk
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
index 23ecef7..cc394e2 100644
--- a/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
@@ -20,7 +20,7 @@
import java.io.IOException;
/**
- * Verify the selinux domain for apps running with 25<targetSdkVersion<=27
+ * Verify the selinux domain for apps running with 25<targetSdkVersion<=27
*/
public class SELinuxTargetSdkTest extends SELinuxTargetSdkTestBase
{
@@ -33,7 +33,7 @@
/**
* Verify that selinux context is the expected domain based on
- * targetSdkVersion = 26-27
+ * targetSdkVersion = 27
*/
public void testAppDomainContext() throws IOException {
String context = "u:r:untrusted_app_27:s0:c[0-9]+,c[0-9]+";
@@ -48,13 +48,13 @@
/**
* Verify that selinux context is the expected type based on
- * targetSdkVersion = 26-27
+ * targetSdkVersion = current
*/
public void testAppDataContext() throws Exception {
String context = "u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+";
String msg = "Untrusted apps with targetSdkVersion in range 26-27 " +
- "must use the app_data_file selinux context and use the levelFrom=user " +
- "selector in SELinux seapp_contexts which adds two category types " +
+ "must use the app_data_file selinux context and use the levelFrom=all " +
+ "selector in SELinux seapp_contexts which adds four category types " +
"to the app_data_file context.\n" +
"Example expected value: u:object_r:app_data_file:s0:c512,c768\n" +
"Actual value: ";
diff --git a/tests/tests/selinux/selinuxTargetSdk28/Android.mk b/tests/tests/selinux/selinuxTargetSdk28/Android.mk
deleted file mode 100644
index 5108250..0000000
--- a/tests/tests/selinux/selinuxTargetSdk28/Android.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# Copyright (C) 2018 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH:= $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE_TAGS := tests
-LOCAL_MULTILIB := both
-
-LOCAL_STATIC_JAVA_LIBRARIES := \
- ctstestrunner \
- compatibility-device-util \
-
-LOCAL_JAVA_LIBRARIES := android.test.base.stubs android.test.runner.stubs
-
-LOCAL_JNI_SHARED_LIBRARIES := \
- libc++ \
- libcrypto \
- libcts_jni \
- libctsselinux_jni \
- libnativehelper \
- libnativehelper_compat_libc++ \
- libpackagelistparser \
- libpcre2 \
- libselinux \
-
-LOCAL_SRC_FILES := $(call all-java-files-under, src common)
-LOCAL_PACKAGE_NAME := CtsSelinuxTargetSdk28TestCases
-LOCAL_PRIVATE_PLATFORM_APIS := true
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-
-LOCAL_MIN_SDK_VERSION := 21
-
-include $(BUILD_CTS_PACKAGE)
-
-include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml
deleted file mode 100644
index 11e4cac..0000000
--- a/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- -->
-
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="android.selinuxtargetsdk28.cts">
-
- <!-- This app tests that apps with targetSdkValue==28 are placed in the
- untrusted_app_28 selinux domain -->
- <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="28" />
-
- <application>
- <uses-library android:name="android.test.runner" />
- </application>
-
- <instrumentation android:name="android.support.test.runner.AndroidJUnitRunner"
- android:targetPackage="android.selinuxtargetsdk28.cts"
- android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
- <meta-data android:name="listener"
- android:value="com.android.cts.runner.CtsTestRunListener" />
- </instrumentation>
-
-</manifest>
-
diff --git a/tests/tests/selinux/selinuxTargetSdk28/AndroidTest.xml b/tests/tests/selinux/selinuxTargetSdk28/AndroidTest.xml
deleted file mode 100644
index 6387031..0000000
--- a/tests/tests/selinux/selinuxTargetSdk28/AndroidTest.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2018 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<configuration description="Config for CTS Permission Selinux test cases">
- <option name="test-suite-tag" value="cts" />
- <option name="config-descriptor:metadata" key="component" value="security" />
- <option name="not-shardable" value="true" />
- <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
- <option name="cleanup-apks" value="true" />
- <option name="test-file-name" value="CtsSelinuxTargetSdk28TestCases.apk" />
- </target_preparer>
- <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
- <option name="package" value="android.selinuxtargetsdk28.cts" />
- <option name="runtime-hint" value="2m" />
- </test>
-</configuration>
diff --git a/tests/tests/selinux/selinuxTargetSdk28/common b/tests/tests/selinux/selinuxTargetSdk28/common
deleted file mode 120000
index 581eb17..0000000
--- a/tests/tests/selinux/selinuxTargetSdk28/common
+++ /dev/null
@@ -1 +0,0 @@
-../common/src
\ No newline at end of file
diff --git a/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java
deleted file mode 100644
index 4ccc725..0000000
--- a/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security;
-
-import android.test.AndroidTestCase;
-import java.io.IOException;
-
-/**
- * Verify the selinux domain for apps running with targetSdkVersion==28
- */
-public class SELinuxTargetSdkTest extends SELinuxTargetSdkTestBase
-{
- /**
- * Verify that net.dns properties may not be read
- */
- public void testNoDns() throws IOException {
- noDns();
- }
-
- /**
- * Verify that selinux context is the expected domain based on
- * targetSdkVersion = 28
- */
- public void testAppDomainContext() throws IOException {
- String context = "u:r:untrusted_app_27:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+";
- String msg = "Untrusted apps with targetSdkVersion 28 " +
- "must run in the untrusted_app selinux domain and use the levelFrom=all " +
- "selector in SELinux seapp_contexts which adds four category types " +
- "to the app's selinux context.\n" +
- "Example expected value: u:r:untrusted_app:s0:c89,c256,c512,c768\n" +
- "Actual value: ";
- appDomainContext(context, msg);
- }
-
- /**
- * Verify that selinux context is the expected type based on
- * targetSdkVersion = 28
- */
- public void testAppDataContext() throws Exception {
- String context = "u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+";
- String msg = "Untrusted apps with targetSdkVersion 28 " +
- "must use the app_data_file selinux context and use the levelFrom=all " +
- "selector in SELinux seapp_contexts which adds four category types " +
- "to the app_data_file context.\n" +
- "Example expected value: u:object_r:app_data_file:s0:c89,c256,c512,c768\n" +
- "Actual value: ";
- appDataContext(context, msg);
- }
-}
diff --git a/tests/tests/selinux/selinuxTargetSdkCurrent/Android.mk b/tests/tests/selinux/selinuxTargetSdkCurrent/Android.mk
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml
old mode 100644
new mode 100755
diff --git a/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
index 34c9aa0..cf913fc 100644
--- a/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
@@ -31,18 +31,13 @@
noDns();
}
-
- public void testCanNotExecuteFromHomeDir() throws Exception {
- assertFalse(canExecuteFromHomeDir());
- }
-
/**
* Verify that selinux context is the expected domain based on
* targetSdkVersion = current
*/
public void testAppDomainContext() throws IOException {
String context = "u:r:untrusted_app:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+";
- String msg = "Untrusted apps with targetSdkVersion 29 and above " +
+ String msg = "Untrusted apps with targetSdkVersion 28 and above " +
"must run in the untrusted_app selinux domain and use the levelFrom=all " +
"selector in SELinux seapp_contexts which adds four category types " +
"to the app's selinux context.\n" +
@@ -57,7 +52,7 @@
*/
public void testAppDataContext() throws Exception {
String context = "u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+";
- String msg = "Untrusted apps with targetSdkVersion 29 and above " +
+ String msg = "Untrusted apps with targetSdkVersion 28 and above " +
"must use the app_data_file selinux context and use the levelFrom=all " +
"selector in SELinux seapp_contexts which adds four category types " +
"to the app_data_file context.\n" +