platform_system_sepolicy/tests/sepolicy_freeze_test.py

# Copyright 2023 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from optparse import OptionParser
import mini_parser
import os
import sys

def do_main():
    usage = "sepolicy_freeze_test "
    usage += "-c current_cil -p prebuilt_cil [--help]"
    parser = OptionParser(usage=usage)
    parser.add_option("-c", "--current", dest="current", metavar="FILE")
    parser.add_option("-p", "--prebuilt", dest="prebuilt", metavar="FILE")

    (options, args) = parser.parse_args()

    if not options.current or not options.prebuilt:
        sys.exit("Must specify both current and prebuilt\n" + parser.usage)
    if not os.path.exists(options.current):
        sys.exit("Current policy " + options.current + " does not exist\n"
                + parser.usage)
    if not os.path.exists(options.prebuilt):
        sys.exit("Prebuilt policy " + options.prebuilt + " does not exist\n"
                + parser.usage)

    current_policy = mini_parser.MiniCilParser(options.current)
    prebuilt_policy = mini_parser.MiniCilParser(options.prebuilt)

    results = ""
    removed_types = prebuilt_policy.types - current_policy.types
    removed_attributes = prebuilt_policy.typeattributes - current_policy.typeattributes
    removed_attributes = set(filter(lambda x: "base_typeattr_" not in x, removed_attributes))

    if removed_types:
        results += "The following public types were removed:\n" + ", ".join(removed_types) + "\n"

    if removed_attributes:
        results += "The following public attributes were removed:\n" + ", ".join(removed_attributes) + "\n"

    if len(results) > 0:
        sys.exit(results)

if __name__ == '__main__':
    do_main()
Relax freeze_test to check only compatibility For now, freeze_test compares prebuilts against sources with diff, to ensure that sources are identical to prebuilts. However, it could be the case that the branch should be able to build both REL and ToT. In that case, changes to the sources are inevitable and the freeze test will fail. To fix the issue, freeze_test will now only check compatibility. To be specific, it will check if any public types or attributes are removed. Contexts files and neverallow rules are not checked, but they may be added later. Also to support the new freeze_test - build_files module is changed to use glob (because REL version won't be in compat versions list) - plat_pub_policy modules are added under prebuilts/api (because freeze_test needs that) Bug: 296875906 Test: m selinux_policy Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e 2023-09-04 10:40:03 +02:00			`# Copyright 2023 The Android Open Source Project`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`from optparse import OptionParser`
			`import mini_parser`
			`import os`
			`import sys`

			`def do_main():`
			`usage = "sepolicy_freeze_test "`
			`usage += "-c current_cil -p prebuilt_cil [--help]"`
			`parser = OptionParser(usage=usage)`
			`parser.add_option("-c", "--current", dest="current", metavar="FILE")`
			`parser.add_option("-p", "--prebuilt", dest="prebuilt", metavar="FILE")`

			`(options, args) = parser.parse_args()`

			`if not options.current or not options.prebuilt:`
			`sys.exit("Must specify both current and prebuilt\n" + parser.usage)`
			`if not os.path.exists(options.current):`
			`sys.exit("Current policy " + options.current + " does not exist\n"`
			`+ parser.usage)`
			`if not os.path.exists(options.prebuilt):`
			`sys.exit("Prebuilt policy " + options.prebuilt + " does not exist\n"`
			`+ parser.usage)`

			`current_policy = mini_parser.MiniCilParser(options.current)`
			`prebuilt_policy = mini_parser.MiniCilParser(options.prebuilt)`

			`results = ""`
			`removed_types = prebuilt_policy.types - current_policy.types`
			`removed_attributes = prebuilt_policy.typeattributes - current_policy.typeattributes`
Revert "Check added types/attributes on freeze test too" This reverts commit a6a3726ed273f105fd7dc994931066491b0d4fdd. Reason for revert: Breaks an internal build (see b/329217616) Bug: 329217616 Bug: 296875906 Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa 2024-03-12 16:32:12 +01:00			`removed_attributes = set(filter(lambda x: "base_typeattr_" not in x, removed_attributes))`
Relax freeze_test to check only compatibility For now, freeze_test compares prebuilts against sources with diff, to ensure that sources are identical to prebuilts. However, it could be the case that the branch should be able to build both REL and ToT. In that case, changes to the sources are inevitable and the freeze test will fail. To fix the issue, freeze_test will now only check compatibility. To be specific, it will check if any public types or attributes are removed. Contexts files and neverallow rules are not checked, but they may be added later. Also to support the new freeze_test - build_files module is changed to use glob (because REL version won't be in compat versions list) - plat_pub_policy modules are added under prebuilts/api (because freeze_test needs that) Bug: 296875906 Test: m selinux_policy Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e 2023-09-04 10:40:03 +02:00
			`if removed_types:`
			`results += "The following public types were removed:\n" + ", ".join(removed_types) + "\n"`

			`if removed_attributes:`
			`results += "The following public attributes were removed:\n" + ", ".join(removed_attributes) + "\n"`

Revert "Check added types/attributes on freeze test too" This reverts commit a6a3726ed273f105fd7dc994931066491b0d4fdd. Reason for revert: Breaks an internal build (see b/329217616) Bug: 329217616 Bug: 296875906 Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa 2024-03-12 16:32:12 +01:00			`if len(results) > 0:`
			`sys.exit(results)`
Relax freeze_test to check only compatibility For now, freeze_test compares prebuilts against sources with diff, to ensure that sources are identical to prebuilts. However, it could be the case that the branch should be able to build both REL and ToT. In that case, changes to the sources are inevitable and the freeze test will fail. To fix the issue, freeze_test will now only check compatibility. To be specific, it will check if any public types or attributes are removed. Contexts files and neverallow rules are not checked, but they may be added later. Also to support the new freeze_test - build_files module is changed to use glob (because REL version won't be in compat versions list) - plat_pub_policy modules are added under prebuilts/api (because freeze_test needs that) Bug: 296875906 Test: m selinux_policy Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e 2023-09-04 10:40:03 +02:00
			`if __name__ == '__main__':`
			`do_main()`