Show only violating entries on sepolicy_tests
This is for more visibility upon error. Test: m sepolicy_test Change-Id: Idad76505c9574e356d101c14f24ef68414475f65
This commit is contained in:
parent
c9daa54919
commit
34d6c64705
1 changed files with 24 additions and 17 deletions
|
@ -109,17 +109,22 @@ class Policy:
|
|||
# Query policy for the types associated with Attr
|
||||
TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes)
|
||||
# Search file_contexts to find types associated with input paths.
|
||||
TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
||||
violators = TypesFc.intersection(TypesPol)
|
||||
PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
||||
violators = set()
|
||||
for PathType in PathTypes:
|
||||
filepath, filetype = PathType
|
||||
if filetype in TypesPol:
|
||||
violators.add((str(filetype), str(filepath)))
|
||||
|
||||
ret = ""
|
||||
if len(violators) > 0:
|
||||
ret += "The following types on "
|
||||
ret += " ".join(str(x) for x in sorted(MatchPrefix))
|
||||
ret += " must not be associated with the "
|
||||
ret += "\"" + Attr + "\" attribute: "
|
||||
ret += " ".join(str(x) for x in sorted(violators)) + "\n"
|
||||
ret += " corresponding to files: "
|
||||
ret += " ".join(str(x) for x in sorted(Files)) + "\n"
|
||||
ret += "\"" + Attr + "\" attribute.\n"
|
||||
ret += "Violator types and corresponding paths:\n"
|
||||
ret += "\n".join(str(x) for x in sorted(violators))
|
||||
ret += "\n"
|
||||
return ret
|
||||
|
||||
# Check that all types for "filesystem" have "attribute" associated with them
|
||||
|
@ -146,18 +151,22 @@ class Policy:
|
|||
TypesPol = self.QueryTypeAttribute(Attr, True)
|
||||
# Search file_contexts to find paths/types that should be associated with
|
||||
# Attr.
|
||||
TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
||||
violators = TypesFc.difference(TypesPol)
|
||||
PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
||||
violators = set()
|
||||
for PathType in PathTypes:
|
||||
filepath, filetype = PathType
|
||||
if filetype not in TypesPol:
|
||||
violators.add((str(filetype), str(filepath)))
|
||||
|
||||
ret = ""
|
||||
if len(violators) > 0:
|
||||
ret += "The following types on "
|
||||
ret += " ".join(str(x) for x in sorted(MatchPrefix))
|
||||
ret += " must be associated with the "
|
||||
ret += "\"" + Attr + "\" attribute: "
|
||||
ret += " ".join(str(x) for x in sorted(violators)) + "\n"
|
||||
ret += " corresponding to files: "
|
||||
ret += " ".join(str(x) for x in sorted(Files)) + "\n"
|
||||
ret += "\"" + Attr + "\" attribute.\n"
|
||||
ret += "Violator types and corresponding paths:\n"
|
||||
ret += "\n".join(str(x) for x in sorted(violators))
|
||||
ret += "\n"
|
||||
return ret
|
||||
|
||||
def AssertPropertyOwnersAreExclusive(self):
|
||||
|
@ -334,8 +343,7 @@ class Policy:
|
|||
# Return types that match MatchPrefixes but do not match
|
||||
# DoNotMatchPrefixes
|
||||
def __GetTypesAndFilesByFilePathPrefix(self, MatchPrefixes, DoNotMatchPrefixes):
|
||||
Types = set()
|
||||
Files = set()
|
||||
ret = []
|
||||
|
||||
MatchPrefixesWithIndex = []
|
||||
for MatchPrefix in MatchPrefixes:
|
||||
|
@ -346,9 +354,8 @@ class Policy:
|
|||
for PathType in PathTypes:
|
||||
if MatchPathPrefixes(PathType[0], DoNotMatchPrefixes):
|
||||
continue
|
||||
Types.add(PathType[1])
|
||||
Files.add(PathType[0])
|
||||
return Types, Files
|
||||
ret.append(PathType)
|
||||
return ret
|
||||
|
||||
def __GetTERules(self, policydbP, avtabIterP, Rules):
|
||||
if Rules is None:
|
||||
|
|
Loading…
Reference in a new issue