Fix apex_sepolicy_tests_test
In QueryTERule(), scontext argument works like OR-set while the test rules should treat them as AND-set. Bug: 285075529 Test: apex_sepolicy_tests_test Change-Id: Ie33b8dd6bf62db67ad3762835c1500c81d975707
This commit is contained in:
Jooyung Han
parent
46288c6b97
commit
61b46b6159
2 changed files with 11 additions and 7 deletions
|
|
@ -83,14 +83,16 @@ def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
|
|||
"""Returns error message if scontext can't read the target"""
|
||||
match rule:
|
||||
case AllowRead(tclass, scontext):
|
||||
te_rules = list(pol.QueryTERule(scontext=scontext,
|
||||
tcontext={tcontext},
|
||||
tclass={tclass},
|
||||
perms={'read'}))
|
||||
if len(te_rules) > 0:
|
||||
return [] # no errors
|
||||
# Test every source in scontext(set)
|
||||
for s in scontext:
|
||||
te_rules = list(pol.QueryTERule(scontext={s},
|
||||
tcontext={tcontext},
|
||||
tclass={tclass},
|
||||
perms={'read'}))
|
||||
if len(te_rules) > 0:
|
||||
return [] # no errors
|
||||
|
||||
return [f"Error: {path}: {scontext} can't read. (tcontext={tcontext})"]
|
||||
return [f"Error: {path}: {s} can't read. (tcontext={tcontext})"]
|
||||
|
||||
|
||||
rules = [
|
||||
|
|
|
|||
|
|
@ -93,6 +93,8 @@ class ApexSepolicyTests(unittest.TestCase):
|
|||
self.assert_ok('./etc/linker.config.pb u:object_r:linkerconfig_file:s0')
|
||||
self.assert_error('./etc/linker.config.pb u:object_r:vendor_file:s0',
|
||||
r'Error: .*linkerconfig.* can\'t read')
|
||||
self.assert_error('./ u:object_r:apex_data_file:s0',
|
||||
r'Error: .*linkerconfig.* can\'t read')
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main(verbosity=2)
|
||||
|
|
|
|||
Loading…
Reference in a new issue