Start enforcing /system file labeling
system_file_type is an attribute assigned to all files on the /system
partition. Add a compile time test to ensure that the attribute is
assigned to all the relevant types.
Test: code compiles.
Change-Id: I7d69a04a4f04f6269cc408f25527b948756cc079
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 70b036f..f8dc466 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -11,8 +11,8 @@
def TestDataTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
-# def TestSystemTypeViolations(pol):
-# return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
+def TestSystemTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
def TestProcTypeViolations(pol):
return pol.AssertGenfsFilesystemTypesHaveAttr("proc", "proc_type")
@@ -58,7 +58,7 @@
"TestDataTypeViolators",
"TestProcTypeViolations",
"TestSysfsTypeViolations",
- # "TestSystemTypeViolators",
+ "TestSystemTypeViolators",
"TestDebugfsTypeViolations",
"TestVendorTypeViolations",
"TestCoreDataTypeViolations",
@@ -107,8 +107,8 @@
results += TestProcTypeViolations(pol)
if options.test is None or "TestSysfsTypeViolations" in options.test:
results += TestSysfsTypeViolations(pol)
- # if options.test is None or "TestSystemTypeViolations" in options.test:
- # results += TestSystemTypeViolations(pol)
+ if options.test is None or "TestSystemTypeViolations" in options.test:
+ results += TestSystemTypeViolations(pol)
if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test: