Assert types labeled in genfs_contexts have correct attributes
Types in sysfs should have the sysfs_type attribute, types in
debugfs and tracefs should have the debugfs_type attribute.
TODO: Test that files in procfs have the proc_type attribute.
TODO: Assert these tests in CTS.
Bug: 74182216
Test: build - these are build-time tests.
Change-Id: Icf0ff2a26c05f94da421ba23df0b92d8eef906bf
diff --git a/tests/policy.py b/tests/policy.py
index b51ebf2..90e387f 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -47,6 +47,7 @@
__Rules = set()
__FcDict = None
__FcSorted = None
+ __GenfsDict = None
__libsepolwrap = None
__policydbP = None
__BUFSIZE = 2048
@@ -66,6 +67,21 @@
ret += " ".join(str(x) for x in sorted(violators)) + "\n"
return ret
+ # Check that all types for "filesystem" have "attribute" associated with them
+ # for types labeled in genfs_contexts.
+ def AssertGenfsFilesystemTypesHaveAttr(self, Filesystem, Attr):
+ TypesPol = self.QueryTypeAttribute(Attr, True)
+ TypesGenfs = self.__GenfsDict[Filesystem]
+ violators = TypesGenfs.difference(TypesPol)
+
+ ret = ""
+ if len(violators) > 0:
+ ret += "The following types in " + Filesystem
+ ret += " must be associated with the "
+ ret += "\"" + Attr + "\" attribute: "
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ return ret
+
# Check that path prefixes that match MatchPrefix, and do not Match
# DoNotMatchPrefix have the attribute Attr.
# For example assert that all types in /sys, and not in /sys/kernel/debugfs
@@ -337,9 +353,43 @@
lib.init_type_iter.argtypes = [c_void_p, c_char_p, c_bool]
# void destroy_type_iter(void *type_iterp);
lib.destroy_type_iter.argtypes = [c_void_p]
+ # void *init_genfs_iter(void *policydbp)
+ lib.init_genfs_iter.restype = c_void_p
+ lib.init_genfs_iter.argtypes = [c_void_p]
+ # int get_genfs(char *out, size_t max_size, void *genfs_iterp);
+ lib.get_genfs.restype = c_int
+ lib.get_genfs.argtypes = [c_char_p, c_size_t, c_void_p, c_void_p]
+ # void destroy_genfs_iter(void *genfs_iterp)
+ lib.destroy_genfs_iter.argtypes = [c_void_p]
self.__libsepolwrap = lib
+ def __GenfsDictAdd(self, Dict, buf):
+ fs, path, context = buf.split(" ")
+ Type = context.split(":")[2]
+ if not fs in Dict:
+ Dict[fs] = {Type}
+ else:
+ Dict[fs].add(Type)
+
+ def __InitGenfsCon(self):
+ self.__GenfsDict = {}
+ GenfsIterP = self.__libsepolwrap.init_genfs_iter(self.__policydbP)
+ if (GenfsIterP == None):
+ sys.exit("Failed to retreive genfs entries")
+ buf = create_string_buffer(self.__BUFSIZE)
+ while True:
+ ret = self.__libsepolwrap.get_genfs(buf, self.__BUFSIZE,
+ self.__policydbP, GenfsIterP)
+ if ret == 0:
+ self.__GenfsDictAdd(self.__GenfsDict, buf.value)
+ continue
+ if ret == 1:
+ self.__GenfsDictAdd(self.__GenfsDict, buf.value)
+ break;
+ # We should never get here.
+ sys.exit("Failed to get genfs entries")
+ self.__libsepolwrap.destroy_genfs_iter(GenfsIterP)
# load file_contexts
def __InitFC(self, FcPaths):
@@ -376,6 +426,7 @@
self.__InitLibsepolwrap(LibPath)
self.__InitFC(FcPaths)
self.__InitPolicy(PolicyPath)
+ self.__InitGenfsCon()
def __del__(self):
if self.__policydbP is not None: