Add dev_type test
Files under /dev should have dev_type attribute.
Bug: 303367345
Test: m selinux_policy
Change-Id: Iaa1e39338e2fae32086bd770c6f3ab4b33bb82aa
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 4ef161b..7a341cb 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -265,6 +265,22 @@
"\"-isolated_app_all\". Violations are shown as the following: \n") + ret
return ret
+def TestDevTypeViolations(pol):
+ exceptions = [
+ "/dev/socket",
+ ]
+ exceptionTypes = [
+ "boringssl_self_test_marker", # /dev/boringssl/selftest
+ "cgroup_rc_file", # /dev/cgroup.rc
+ "dev_cpu_variant", # /dev/cpu_variant:{arch}
+ "fscklogs", # /dev/fscklogs
+ "properties_serial", # /dev/__properties__/properties_serial
+ "property_info", # /dev/__properties__/property_info
+ "runtime_event_log_tags_file", # /dev/event-log-tags
+ ]
+ return pol.AssertPathTypesHaveAttr(["/dev"], exceptions,
+ "dev_type", exceptionTypes)
+
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
@@ -298,6 +314,7 @@
"TestCoredomainViolations",
"TestViolatorAttributes",
"TestIsolatedAttributeConsistency",
+ "TestDevTypeViolations",
]
def do_main(libpath):
@@ -366,6 +383,10 @@
if options.test is None or "TestIsolatedAttributeConsistency" in options.test:
results += TestIsolatedAttributeConsistency(test_policy)
+ # dev type test won't be run as default
+ if options.test and "TestDevTypeViolations" in options.test:
+ results += TestDevTypeViolations(pol)
+
if len(results) > 0:
sys.exit(results)