Improve data separation test coverage
Two areas need better coverage:
1. Tests are not verifying that files in /data/vendor do not have the
core_data_file_type attribute.
2. No error is thrown if a type lives in both /data/vendor
/data/<not vendor>.
Bug: 72998741
Test: build all selinux policies on master (assert build time tests)
Test: build and boot Marlin and Taimen, verify no selinux denials and
everything works as expected.
Change-Id: I133a068123139a599b9b81ddcc254616894621eb
(cherry picked from commit 55d5e28472ad9cd87da0b451d78555d8aae43bb8)
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 2f9e994..cfa8ef9 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -71,6 +71,7 @@
coredomains = set()
appdomains = set()
vendordomains = set()
+pol = None
# compat vars
alltypes = set()
@@ -287,6 +288,12 @@
ret += TestViolatorAttribute("vendor_executes_system_violators")
return ret
+# TODO move this to sepolicy_tests
+def TestCoreDataTypeViolations():
+ global pol
+ return pol.AssertPathTypesDoNotHaveAttr(["/data/vendor/", "/data/vendor_ce/",
+ "/data/vendor_de/"], [], "core_data_file_type")
+
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
@@ -305,6 +312,7 @@
Option.take_action(self, action, dest, opt, value, values, parser)
Tests = {"CoredomainViolations": TestCoredomainViolations,
+ "CoreDatatypeViolations": TestCoreDataTypeViolations,
"TrebleCompatMapping": TestTrebleCompatMapping,
"ViolatorAttributes": TestViolatorAttributes}