Add unit test for seapp_contexts
Split selinux_android_seapp_context_reload and seapp_context_lookup to prevent the loading and use of the default seapp_contexts files (e.g., /system/etc/selinux/plat_file_contexts). The exposed API and current callers of seapp_context_lookup remain the same. Test: atest --host libselinux_test Bug: 234313751 Change-Id: If3b525b92fa43e5599075509d4de55ff39ec8a6e
This commit is contained in:
Thiébaud Weksteen
parent
65fe8e161f
commit
67fba33f8a
3 changed files with 61 additions and 4 deletions
|
|
@ -64,6 +64,15 @@ int seapp_context_lookup(enum seapp_kind kind,
|
|||
const char *pkgname,
|
||||
context_t ctx);
|
||||
|
||||
/* Similar to seapp_context_lookup, but does not implicitly load and use the
|
||||
* default context files. It should only be used for unit tests. */
|
||||
int seapp_context_lookup_internal(enum seapp_kind kind,
|
||||
uid_t uid,
|
||||
bool isSystemServer,
|
||||
const char *seinfo,
|
||||
const char *pkgname,
|
||||
context_t ctx);
|
||||
|
||||
/* Which categories should be associated to the process */
|
||||
enum levelFrom {
|
||||
/* None */
|
||||
|
|
@ -79,6 +88,9 @@ enum levelFrom {
|
|||
/* Sets the categories of ctx based on the level request */
|
||||
int set_range_from_level(context_t ctx, enum levelFrom levelFrom, uid_t userid, uid_t appid);
|
||||
|
||||
/* Similar to seapp_context_reload, but does not implicitly load the default
|
||||
* context files. It should only be used for unit tests. */
|
||||
int seapp_context_reload_internal(const path_alts_t *context_paths);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -288,7 +288,7 @@ static int32_t get_minTargetSdkVersion(const char *value)
|
|||
}
|
||||
}
|
||||
|
||||
int selinux_android_seapp_context_reload(void)
|
||||
int seapp_context_reload_internal(const path_alts_t *context_paths)
|
||||
{
|
||||
FILE *fp = NULL;
|
||||
char line_buf[BUFSIZ];
|
||||
|
|
@ -300,7 +300,7 @@ int selinux_android_seapp_context_reload(void)
|
|||
int ret;
|
||||
const char* seapp_contexts_files[MAX_CONTEXT_PATHS];
|
||||
|
||||
files_len = find_existing_files(&seapp_context_paths, seapp_contexts_files);
|
||||
files_len = find_existing_files(context_paths, seapp_contexts_files);
|
||||
|
||||
/* Reset the current entries */
|
||||
free_seapp_contexts();
|
||||
|
|
@ -591,6 +591,11 @@ oom:
|
|||
goto out;
|
||||
}
|
||||
|
||||
int selinux_android_seapp_context_reload(void)
|
||||
{
|
||||
return seapp_context_reload_internal(&seapp_context_paths);
|
||||
}
|
||||
|
||||
/* indirection to support pthread_once */
|
||||
static void seapp_context_init(void)
|
||||
{
|
||||
|
|
@ -692,7 +697,7 @@ int set_range_from_level(context_t ctx, enum levelFrom levelFrom, uid_t userid,
|
|||
*/
|
||||
struct passwd *(*seapp_getpwuid)(__uid_t uid) = getpwuid;
|
||||
|
||||
int seapp_context_lookup(enum seapp_kind kind,
|
||||
int seapp_context_lookup_internal(enum seapp_kind kind,
|
||||
uid_t uid,
|
||||
bool isSystemServer,
|
||||
const char *seinfo,
|
||||
|
|
@ -711,7 +716,6 @@ int seapp_context_lookup(enum seapp_kind kind,
|
|||
bool fromRunAs = false;
|
||||
char parsedseinfo[BUFSIZ];
|
||||
|
||||
selinux_android_seapp_context_init();
|
||||
|
||||
if (seinfo) {
|
||||
if (seinfo_parse(parsedseinfo, seinfo, BUFSIZ))
|
||||
|
|
@ -841,3 +845,15 @@ err:
|
|||
oom:
|
||||
return -2;
|
||||
}
|
||||
|
||||
int seapp_context_lookup(enum seapp_kind kind,
|
||||
uid_t uid,
|
||||
bool isSystemServer,
|
||||
const char *seinfo,
|
||||
const char *pkgname,
|
||||
context_t ctx)
|
||||
{
|
||||
// Ensure the default context files are loaded.
|
||||
selinux_android_seapp_context_init();
|
||||
return seapp_context_lookup_internal(kind, uid, isSystemServer, seinfo, pkgname, ctx);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,3 +81,32 @@ TEST_F(AndroidSELinuxTest, FailLoadingServiceContext)
|
|||
SELABEL_CTX_ANDROID_SERVICE, &service_paths, "test_service");
|
||||
EXPECT_EQ(handle, nullptr);
|
||||
}
|
||||
|
||||
TEST_F(AndroidSELinuxTest, LoadAndLookupSeAppContext)
|
||||
{
|
||||
string seapp_contexts =
|
||||
StringPrintf("%s/seapp_contexts", tdir_.path);
|
||||
|
||||
WriteStringToFile(
|
||||
"# some comment\n"
|
||||
"user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user\n",
|
||||
seapp_contexts);
|
||||
|
||||
const path_alts_t seapp_paths = { .paths = {
|
||||
{ seapp_contexts.c_str() }
|
||||
}};
|
||||
|
||||
EXPECT_EQ(seapp_context_reload_internal(&seapp_paths), 0);
|
||||
|
||||
context_t ctx = context_new("u:r:unknown");
|
||||
int ret = seapp_context_lookup_internal(SEAPP_DOMAIN, 10001, false, "platform", "com.android.test1", ctx);
|
||||
EXPECT_EQ(ret, 0);
|
||||
EXPECT_STREQ(context_str(ctx), "u:r:platform_app:s0:c512,c768");
|
||||
context_free(ctx);
|
||||
|
||||
ctx = context_new("u:r:unknown_data_file");
|
||||
ret = seapp_context_lookup_internal(SEAPP_TYPE, 10001, false, "platform", "com.android.test1", ctx);
|
||||
EXPECT_EQ(ret, 0);
|
||||
EXPECT_STREQ(context_str(ctx), "u:r:app_data_file:s0:c512,c768");
|
||||
context_free(ctx);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue