Show only violating entries on sepolicy_tests

This is for more visibility upon error. Test: m sepolicy_test Change-Id: Idad76505c9574e356d101c14f24ef68414475f65
2023-09-27 17:32:26 +09:00 · 2023-09-27 17:32:26 +09:00 · 34d6c64705
commit 34d6c64705
parent c9daa54919
1 changed files with 24 additions and 17 deletions
--- a/tests/policy.py
+++ b/tests/policy.py
@ -109,17 +109,22 @@ class Policy:
        # Query policy for the types associated with Attr
        TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes)
        # Search file_contexts to find types associated with input paths.
-        TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
-        violators = TypesFc.intersection(TypesPol)
+        PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
+        violators = set()
+        for PathType in PathTypes:
+            filepath, filetype = PathType
+            if filetype in TypesPol:
+                violators.add((str(filetype), str(filepath)))
+
        ret = ""
        if len(violators) > 0:
            ret += "The following types on "
            ret += " ".join(str(x) for x in sorted(MatchPrefix))
            ret += " must not be associated with the "
-            ret += "\"" + Attr + "\" attribute: "
-            ret += " ".join(str(x) for x in sorted(violators)) + "\n"
-            ret += " corresponding to files: "
-            ret += " ".join(str(x) for x in sorted(Files)) + "\n"
+            ret += "\"" + Attr + "\" attribute.\n"
+            ret += "Violator types and corresponding paths:\n"
+            ret += "\n".join(str(x) for x in sorted(violators))
+            ret += "\n"
        return ret

    # Check that all types for "filesystem" have "attribute" associated with them
@ -146,18 +151,22 @@ class Policy:
        TypesPol = self.QueryTypeAttribute(Attr, True)
        # Search file_contexts to find paths/types that should be associated with
        # Attr.
-        TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
-        violators = TypesFc.difference(TypesPol)
+        PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
+        violators = set()
+        for PathType in PathTypes:
+            filepath, filetype = PathType
+            if filetype not in TypesPol:
+                violators.add((str(filetype), str(filepath)))

        ret = ""
        if len(violators) > 0:
            ret += "The following types on "
            ret += " ".join(str(x) for x in sorted(MatchPrefix))
            ret += " must be associated with the "
-            ret += "\"" + Attr + "\" attribute: "
-            ret += " ".join(str(x) for x in sorted(violators)) + "\n"
-            ret += " corresponding to files: "
-            ret += " ".join(str(x) for x in sorted(Files)) + "\n"
+            ret += "\"" + Attr + "\" attribute.\n"
+            ret += "Violator types and corresponding paths:\n"
+            ret += "\n".join(str(x) for x in sorted(violators))
+            ret += "\n"
        return ret

    def AssertPropertyOwnersAreExclusive(self):
@ -334,8 +343,7 @@ class Policy:
    # Return types that match MatchPrefixes but do not match
    # DoNotMatchPrefixes
    def __GetTypesAndFilesByFilePathPrefix(self, MatchPrefixes, DoNotMatchPrefixes):
-        Types = set()
-        Files = set()
+        ret = []

        MatchPrefixesWithIndex = []
        for MatchPrefix in MatchPrefixes:
@ -346,9 +354,8 @@ class Policy:
            for PathType in PathTypes:
                if MatchPathPrefixes(PathType[0], DoNotMatchPrefixes):
                    continue
-                Types.add(PathType[1])
-                Files.add(PathType[0])
-        return Types, Files
+                ret.append(PathType)
+        return ret

    def __GetTERules(self, policydbP, avtabIterP, Rules):
        if Rules is None: