Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 68b071e4b96a67f271a4c7ae984ff38de0c9c080^! / . / tests / sepolicy_freeze_test.py
commit68b071e4b96a67f271a4c7ae984ff38de0c9c080[log] [tgz]
authorInseob Kim <inseob@google.com>Mon Apr 22 15:44:12 2024 +0900
committerInseob Kim <inseob@google.com>Tue Apr 23 02:07:11 2024 +0000
tree024bcb7b2ea691e23dbcc0fb849b7c43308c8d59
parent3458c57e5a59c119784597d56c606debcdefce26 [diff] [blame]
Reland "Check added types/attributes on freeze test too"

Without this check, a release build may accidentally include additional
public types and attributes after "freeze".

Also this adds a detailed error message for how to fix.

Bug: 296875906
Bug: 330670954
Test: m selinux_policy
Change-Id: Ib43d8e1759ee7426f523042f44e7120e97ae0dd9

diff --git a/tests/sepolicy_freeze_test.py b/tests/sepolicy_freeze_test.py
index 72c8fde..b9b935c 100644
--- a/tests/sepolicy_freeze_test.py
+++ b/tests/sepolicy_freeze_test.py

@@ -37,20 +37,44 @@
 
     current_policy = mini_parser.MiniCilParser(options.current)
     prebuilt_policy = mini_parser.MiniCilParser(options.prebuilt)
+    current_policy.typeattributes = set(filter(lambda x: "base_typeattr_" not in x,
+                                               current_policy.typeattributes))
+    prebuilt_policy.typeattributes = set(filter(lambda x: "base_typeattr_" not in x,
+                                                prebuilt_policy.typeattributes))
 
     results = ""
     removed_types = prebuilt_policy.types - current_policy.types
+    added_types = current_policy.types - prebuilt_policy.types
     removed_attributes = prebuilt_policy.typeattributes - current_policy.typeattributes
-    removed_attributes = set(filter(lambda x: "base_typeattr_" not in x, removed_attributes))
+    added_attributes = current_policy.typeattributes - prebuilt_policy.typeattributes
+
+    # TODO(b/330670954): remove this once all internal references are removed.
+    if "proc_compaction_proactiveness" in added_types:
+        added_types.remove("proc_compaction_proactiveness")
 
     if removed_types:
         results += "The following public types were removed:\n" + ", ".join(removed_types) + "\n"
 
+    if added_types:
+        results += "The following public types were added:\n" + ", ".join(added_types) + "\n"
+
     if removed_attributes:
         results += "The following public attributes were removed:\n" + ", ".join(removed_attributes) + "\n"
 
-    if len(results) > 0:
-        sys.exit(results)
+    if added_attributes:
+        results += "The following public attributes were added:\n" + ", ".join(added_attributes) + "\n"
+
+    if results:
+        sys.exit(f'''{results}
+******************************
+You have tried to change system/sepolicy/public after vendor API freeze.
+To make these errors go away, you can guard types and attributes listed above,
+so they won't be included to the release build.
+
+See an example of how to guard them:
+    https://android-review.googlesource.com/3050544
+******************************
+''')
 
 if __name__ == '__main__':
     do_main()