This can detect a common mistake of not labeling binaries in APEX.
Note - we can't simply check if the lable has exec_type attribute
because there're many exceptions.
Bug: 324005965
Test: atest apex_sepolicy_tests_test
Change-Id: Ib643e8b73fac1a3b8851804e58e69b19d32b997d
Narrow down the check for apex roots. It was 'read', but 'search' should
be enough.
Bug: 310528686
Test: m
Change-Id: Ibe5f2e948464580832d87e8d8364c33a437efed2
A new test mode (--all) tests if every file context label used in APEX
is "known". It should fail if unknown label is used in APEX.
Bug: 299391194
Test: atest apex_sepolicy_tests_test
Change-Id: Ie467019a6dc74bba9901ba8d705b31e6de24cd62
check_rule() should collect errors and return them. The previous fix was
early returing when there's a successful case.
Bug: 285225556
Test: atest apex_sepolicy_tests_test
Change-Id: I71c207210c565ab280f8794d201c074812b49acb
In QueryTERule(), scontext argument works like OR-set while the test
rules should treat them as AND-set.
Bug: 285075529
Test: apex_sepolicy_tests_test
Change-Id: Ie33b8dd6bf62db67ad3762835c1500c81d975707
In apex, ./etc/linker.config.pb file should be readable by linkerconfig.
Bug: 218922042
Test: apex_sepolicy_tests_test
Change-Id: Id41710dc127b5f5bda2d5bbb65271bcc0c5179b1
This is to prevent common mistakes when building an APEX. For example,
etc/vintf should be read-able by servicemanager.
Bug: 267269895
Test: apex_sepolicy_tests -f <(deapexer list --dir -Z foo.apex)
Test: atest apex_sepolicy_tests_test
Change-Id: I2e86096add1bb4c9daa0e841b10732c16a09efa3
