Fix apex_sepolicy_tests_test
In QueryTERule(), scontext argument works like OR-set while the test
rules should treat them as AND-set.
Bug: 285075529
Test: apex_sepolicy_tests_test
Change-Id: Ie33b8dd6bf62db67ad3762835c1500c81d975707
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 0bcc998..c8ecc60 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -83,14 +83,16 @@
"""Returns error message if scontext can't read the target"""
match rule:
case AllowRead(tclass, scontext):
- te_rules = list(pol.QueryTERule(scontext=scontext,
- tcontext={tcontext},
- tclass={tclass},
- perms={'read'}))
- if len(te_rules) > 0:
- return [] # no errors
+ # Test every source in scontext(set)
+ for s in scontext:
+ te_rules = list(pol.QueryTERule(scontext={s},
+ tcontext={tcontext},
+ tclass={tclass},
+ perms={'read'}))
+ if len(te_rules) > 0:
+ return [] # no errors
- return [f"Error: {path}: {scontext} can't read. (tcontext={tcontext})"]
+ return [f"Error: {path}: {s} can't read. (tcontext={tcontext})"]
rules = [