From 34d6c647058aa15be8776702116314bcc4a433ae Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 27 Sep 2023 17:32:26 +0900 Subject: [PATCH] Show only violating entries on sepolicy_tests This is for more visibility upon error. Test: m sepolicy_test Change-Id: Idad76505c9574e356d101c14f24ef68414475f65 --- tests/policy.py | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/tests/policy.py b/tests/policy.py index 9fdc43c07..8fc2ef7f6 100644 --- a/tests/policy.py +++ b/tests/policy.py @@ -109,17 +109,22 @@ class Policy: # Query policy for the types associated with Attr TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes) # Search file_contexts to find types associated with input paths. - TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix) - violators = TypesFc.intersection(TypesPol) + PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix) + violators = set() + for PathType in PathTypes: + filepath, filetype = PathType + if filetype in TypesPol: + violators.add((str(filetype), str(filepath))) + ret = "" if len(violators) > 0: ret += "The following types on " ret += " ".join(str(x) for x in sorted(MatchPrefix)) ret += " must not be associated with the " - ret += "\"" + Attr + "\" attribute: " - ret += " ".join(str(x) for x in sorted(violators)) + "\n" - ret += " corresponding to files: " - ret += " ".join(str(x) for x in sorted(Files)) + "\n" + ret += "\"" + Attr + "\" attribute.\n" + ret += "Violator types and corresponding paths:\n" + ret += "\n".join(str(x) for x in sorted(violators)) + ret += "\n" return ret # Check that all types for "filesystem" have "attribute" associated with them @@ -146,18 +151,22 @@ class Policy: TypesPol = self.QueryTypeAttribute(Attr, True) # Search file_contexts to find paths/types that should be associated with # Attr. - TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix) - violators = TypesFc.difference(TypesPol) + PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix) + violators = set() + for PathType in PathTypes: + filepath, filetype = PathType + if filetype not in TypesPol: + violators.add((str(filetype), str(filepath))) ret = "" if len(violators) > 0: ret += "The following types on " ret += " ".join(str(x) for x in sorted(MatchPrefix)) ret += " must be associated with the " - ret += "\"" + Attr + "\" attribute: " - ret += " ".join(str(x) for x in sorted(violators)) + "\n" - ret += " corresponding to files: " - ret += " ".join(str(x) for x in sorted(Files)) + "\n" + ret += "\"" + Attr + "\" attribute.\n" + ret += "Violator types and corresponding paths:\n" + ret += "\n".join(str(x) for x in sorted(violators)) + ret += "\n" return ret def AssertPropertyOwnersAreExclusive(self): @@ -334,8 +343,7 @@ class Policy: # Return types that match MatchPrefixes but do not match # DoNotMatchPrefixes def __GetTypesAndFilesByFilePathPrefix(self, MatchPrefixes, DoNotMatchPrefixes): - Types = set() - Files = set() + ret = [] MatchPrefixesWithIndex = [] for MatchPrefix in MatchPrefixes: @@ -346,9 +354,8 @@ class Policy: for PathType in PathTypes: if MatchPathPrefixes(PathType[0], DoNotMatchPrefixes): continue - Types.add(PathType[1]) - Files.add(PathType[0]) - return Types, Files + ret.append(PathType) + return ret def __GetTERules(self, policydbP, avtabIterP, Rules): if Rules is None: