Run Treble sepolicy tests at build time
Bug: 37008075
Test: build policy on Marlin
Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544
(cherry picked from commit e1ddc6df75d61dd8dc9a1ea00e1da60389f55556)
diff --git a/tests/Android.bp b/tests/Android.bp
index 87afab8..2c70f36 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -5,3 +5,17 @@
cflags: ["-Wall", "-Werror",],
export_include_dirs: ["include"],
}
+
+cc_prebuilt_binary {
+ name: "policy.py",
+ srcs: ["policy.py"],
+ host_supported: true,
+ required: ["libsepolwrap"],
+}
+
+cc_prebuilt_binary {
+ name: "treble_sepolicy_tests.py",
+ srcs: ["treble_sepolicy_tests.py"],
+ host_supported: true,
+ required: ["policy.py"],
+}
diff --git a/tests/policy.py b/tests/policy.py
index 480faa2..74a8ef7 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -1,6 +1,7 @@
from ctypes import *
import re
import os
+import sys
class TERule:
def __init__(self, rule):
@@ -28,15 +29,17 @@
# Return all attributes associated with a type if IsAttr=False or
# all types associated with an attribute if IsAttr=True
def QueryTypeAttribute(self, Type, IsAttr):
- TypeIterP = self.__libsepolwrap.init_type_iter(self.__policydbP,
- create_string_buffer(Type), c_bool(IsAttr))
+ init_type_iter = self.__libsepolwrap.init_type_iter
+ init_type_iter.restype = c_void_p
+ TypeIterP = init_type_iter(c_void_p(self.__policydbP),
+ create_string_buffer(Type), c_bool(IsAttr))
if (TypeIterP == None):
sys.exit("Failed to initialize type iterator")
buf = create_string_buffer(2048)
while True:
ret = self.__libsepolwrap.get_type(buf, c_int(2048),
- self.__policydbP, TypeIterP)
+ c_void_p(self.__policydbP), c_void_p(TypeIterP))
if ret == 0:
yield buf.value
continue
@@ -44,7 +47,7 @@
break;
# We should never get here.
sys.exit("Failed to import policy")
- self.__libsepolwrap.destroy_type_iter(TypeIterP)
+ self.__libsepolwrap.destroy_type_iter(c_void_p(TypeIterP))
# Return all TERules that match:
# (any scontext) or (any tcontext) or (any tclass) or (any perms),
@@ -79,7 +82,8 @@
buf = create_string_buffer(2048)
ret = 0
while True:
- ret = self.__libsepolwrap.get_allow_rule(buf, c_int(2048), policydbP, avtabIterP)
+ ret = self.__libsepolwrap.get_allow_rule(buf, c_int(2048),
+ c_void_p(policydbP), c_void_p(avtabIterP))
if ret == 0:
Rule = TERule(buf.value)
self.__Rules.add(Rule)
@@ -90,20 +94,29 @@
sys.exit("Failed to import policy")
def __InitTERules(self):
- avtabIterP = self.__libsepolwrap.init_avtab(self.__policydbP)
+ init_avtab = self.__libsepolwrap.init_avtab
+ init_avtab.restype = c_void_p
+ avtabIterP = init_avtab(c_void_p(self.__policydbP))
if (avtabIterP == None):
sys.exit("Failed to initialize avtab")
self.__GetTERules(self.__policydbP, avtabIterP)
- self.__libsepolwrap.destroy_avtab(avtabIterP)
- avtabIterP = self.__libsepolwrap.init_cond_avtab(self.__policydbP)
+ self.__libsepolwrap.destroy_avtab(c_void_p(avtabIterP))
+ init_cond_avtab = self.__libsepolwrap.init_cond_avtab
+ init_cond_avtab.restype = c_void_p
+ avtabIterP = init_cond_avtab(c_void_p(self.__policydbP))
if (avtabIterP == None):
sys.exit("Failed to initialize conditional avtab")
self.__GetTERules(self.__policydbP, avtabIterP)
- self.__libsepolwrap.destroy_avtab(avtabIterP)
+ self.__libsepolwrap.destroy_avtab(c_void_p(avtabIterP))
# load ctypes-ified libsepol wrapper
- def __InitLibsepolwrap(self):
- self.__libsepolwrap = CDLL("libsepolwrap.so")
+ def __InitLibsepolwrap(self, LibPath):
+ if "linux" in sys.platform:
+ self.__libsepolwrap = CDLL(LibPath + "/libsepolwrap.so")
+ elif "darwin" in sys.platform:
+ self.__libsepolwrap = CDLL(LibPath + "/libsepolwrap.dylib")
+ else:
+ sys.exit("only Linux and Mac currrently supported")
# load file_contexts
def __InitFC(self, FcPaths):
@@ -128,15 +141,17 @@
# load policy
def __InitPolicy(self, PolicyPath):
- self.__policydbP = self.__libsepolwrap.load_policy(create_string_buffer(PolicyPath))
+ load_policy = self.__libsepolwrap.load_policy
+ load_policy.restype = c_void_p
+ self.__policydbP = load_policy(create_string_buffer(PolicyPath))
if (self.__policydbP is None):
sys.exit("Failed to load policy")
- def __init__(self, PolicyPath, FcPaths):
- self.__InitLibsepolwrap()
+ def __init__(self, PolicyPath, FcPaths, LibPath):
+ self.__InitLibsepolwrap(LibPath)
self.__InitFC(FcPaths)
self.__InitPolicy(PolicyPath)
def __del__(self):
if self.__policydbP is not None:
- self.__libsepolwrap.destroy_policy(self.__policydbP)
+ self.__libsepolwrap.destroy_policy(c_void_p(self.__policydbP))
diff --git a/tests/treble.py b/tests/treble_sepolicy_tests.py
similarity index 87%
rename from tests/treble.py
rename to tests/treble_sepolicy_tests.py
index 901f702..3d6a480 100644
--- a/tests/treble.py
+++ b/tests/treble_sepolicy_tests.py
@@ -5,6 +5,8 @@
import re
import sys
+DEBUG=False
+
'''
Use file_contexts and policy to verify Treble requirements
are not violated.
@@ -47,18 +49,20 @@
self.entrypoints = []
self.entrypointpaths = []
-def PrintScontext(domain, sctx):
- print domain
- print "\tcoredomain="+str(sctx.coredomain)
- print "\tappdomain="+str(sctx.appdomain)
- print "\tfromSystem="+str(sctx.fromSystem)
- print "\tfromVendor="+str(sctx.fromVendor)
- print "\tattributes="+str(sctx.attributes)
- print "\tentrypoints="+str(sctx.entrypoints)
- print "\tentrypointpaths="
- if sctx.entrypointpaths is not None:
- for path in sctx.entrypointpaths:
- print "\t\t"+str(path)
+def PrintScontexts():
+ for d in sorted(alldomains.keys()):
+ sctx = alldomains[d]
+ print d
+ print "\tcoredomain="+str(sctx.coredomain)
+ print "\tappdomain="+str(sctx.appdomain)
+ print "\tfromSystem="+str(sctx.fromSystem)
+ print "\tfromVendor="+str(sctx.fromVendor)
+ print "\tattributes="+str(sctx.attributes)
+ print "\tentrypoints="+str(sctx.entrypoints)
+ print "\tentrypointpaths="
+ if sctx.entrypointpaths is not None:
+ for path in sctx.entrypointpaths:
+ print "\t\t"+str(path)
alldomains = {}
coredomains = set()
@@ -150,7 +154,10 @@
# so skip the lookup.
if x.tctx == "postinstall_file":
continue
- alldomains[x.sctx].entrypointpaths = pol.QueryFc(x.tctx)
+ entrypointpath = pol.QueryFc(x.tctx)
+ if not entrypointpath:
+ continue
+ alldomains[x.sctx].entrypointpaths.extend(entrypointpath)
###
# Get attributes associated with each domain
#
@@ -227,11 +234,18 @@
parser.add_option("-f", "--file_contexts", dest="file_contexts",
metavar="FILE", action="extend", type="string")
parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
+ parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
parser.add_option("-t", "--test", dest="test", action="extend",
help="Test options include "+str(Tests))
(options, args) = parser.parse_args()
+ if not options.libpath:
+ sys.exit("Must specify path to host libraries\n" + parser.usage)
+ if not os.path.exists(options.libpath):
+ sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ + parser.usage)
+
if not options.policy:
sys.exit("Must specify monolithic policy file\n" + parser.usage)
if not os.path.exists(options.policy):
@@ -245,9 +259,12 @@
sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage)
- pol = policy.Policy(options.policy, options.file_contexts)
+ pol = policy.Policy(options.policy, options.file_contexts, options.libpath)
setup(pol)
+ if DEBUG:
+ PrintScontexts()
+
results = ""
# If an individual test is not specified, run all tests.
if options.test is None or "CoredomainViolations" in options.tests: