Merge "Fix apex_sepolicy_tests_test" am: 370d741453

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606716

Change-Id: Ieeb02885d17d975d006f0ff8dbdbdf43880d3129
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Jooyung Han 2023-06-01 02:48:17 +00:00 committed by Automerger Merge Worker
commit a7e2e1a229
2 changed files with 11 additions and 7 deletions

View file

@ -83,14 +83,16 @@ def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
"""Returns error message if scontext can't read the target"""
match rule:
case AllowRead(tclass, scontext):
te_rules = list(pol.QueryTERule(scontext=scontext,
tcontext={tcontext},
tclass={tclass},
perms={'read'}))
if len(te_rules) > 0:
return [] # no errors
# Test every source in scontext(set)
for s in scontext:
te_rules = list(pol.QueryTERule(scontext={s},
tcontext={tcontext},
tclass={tclass},
perms={'read'}))
if len(te_rules) > 0:
return [] # no errors
return [f"Error: {path}: {scontext} can't read. (tcontext={tcontext})"]
return [f"Error: {path}: {s} can't read. (tcontext={tcontext})"]
rules = [

View file

@ -93,6 +93,8 @@ class ApexSepolicyTests(unittest.TestCase):
self.assert_ok('./etc/linker.config.pb u:object_r:linkerconfig_file:s0')
self.assert_error('./etc/linker.config.pb u:object_r:vendor_file:s0',
r'Error: .*linkerconfig.* can\'t read')
self.assert_error('./ u:object_r:apex_data_file:s0',
r'Error: .*linkerconfig.* can\'t read')
if __name__ == '__main__':
unittest.main(verbosity=2)