Fix apex_sepolicy_tests_test
In QueryTERule(), scontext argument works like OR-set while the test
rules should treat them as AND-set.
Bug: 285075529
Test: apex_sepolicy_tests_test
Change-Id: Ie33b8dd6bf62db67ad3762835c1500c81d975707
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 0bcc998..c8ecc60 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -83,14 +83,16 @@
"""Returns error message if scontext can't read the target"""
match rule:
case AllowRead(tclass, scontext):
- te_rules = list(pol.QueryTERule(scontext=scontext,
- tcontext={tcontext},
- tclass={tclass},
- perms={'read'}))
- if len(te_rules) > 0:
- return [] # no errors
+ # Test every source in scontext(set)
+ for s in scontext:
+ te_rules = list(pol.QueryTERule(scontext={s},
+ tcontext={tcontext},
+ tclass={tclass},
+ perms={'read'}))
+ if len(te_rules) > 0:
+ return [] # no errors
- return [f"Error: {path}: {scontext} can't read. (tcontext={tcontext})"]
+ return [f"Error: {path}: {s} can't read. (tcontext={tcontext})"]
rules = [
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 9b427a0..9c87a00 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -93,6 +93,8 @@
self.assert_ok('./etc/linker.config.pb u:object_r:linkerconfig_file:s0')
self.assert_error('./etc/linker.config.pb u:object_r:vendor_file:s0',
r'Error: .*linkerconfig.* can\'t read')
+ self.assert_error('./ u:object_r:apex_data_file:s0',
+ r'Error: .*linkerconfig.* can\'t read')
if __name__ == '__main__':
unittest.main(verbosity=2)