commit 1b8284444c088f5310879231bf3d62104bdaf324
author Jeff Vander Stoep <jeffv@google.com> Wed Mar 21 17:27:20 2018 -0700
committer Jeff Vander Stoep <jeffv@google.com> Fri Mar 23 14:34:46 2018 -0700
tree d34703bc0698491ac41e128e04ec374fc14b2502
parent 370a52fee5f0a4d13dc72612e889c2e4ef56ae1a

Assert types labeled in genfs_contexts have correct attributes

Types in sysfs should have the sysfs_type attribute, types in
debugfs and tracefs should have the debugfs_type attribute.

TODO: Test that files in procfs have the proc_type attribute.
TODO: Assert these tests in CTS.

Bug: 74182216
Test: build - these are build-time tests.
Change-Id: Icf0ff2a26c05f94da421ba23df0b92d8eef906bf

tests/sepolicy_tests.py

diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 2cf4ae8..b09c60b 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -12,13 +12,17 @@
     return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
 
 def TestSysfsTypeViolations(pol):
-    return pol.AssertPathTypesHaveAttr(["/sys/"], ["/sys/kernel/debug/",
+    ret = pol.AssertGenfsFilesystemTypesHaveAttr("sysfs", "sysfs_type")
+    ret += pol.AssertPathTypesHaveAttr(["/sys/"], ["/sys/kernel/debug/",
                                     "/sys/kernel/tracing"], "sysfs_type")
+    return ret
 
 def TestDebugfsTypeViolations(pol):
-    # TODO: this should apply to genfs_context entries as well
-    return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
+    ret = pol.AssertGenfsFilesystemTypesHaveAttr("debugfs", "debugfs_type")
+    ret += pol.AssertGenfsFilesystemTypesHaveAttr("tracefs", "debugfs_type")
+    ret += pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
                                     "/sys/kernel/tracing"], [], "debugfs_type")
+    return ret
 
 def TestVendorTypeViolations(pol):
     return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")