commit e3f4f77d3924982c23ce4c1dbc43360a1c895938
author Tri Vo <trong@google.com> Fri Sep 28 17:21:08 2018 -0700
committer Tri Vo <trong@google.com> Fri Sep 28 17:22:25 2018 -0700
tree 438336736f776dd5886644f7bcfb00474c0397be
parent da427a33c95fc0d0f3e002f04eb9e10fcc2b6442

Don't require private types in mapping file.

Private types are not visible to vendor/odm policy, so we don't need mapping
entries for them.

We build platform-only public policy .cil file and give it as input to
treble_sepolicy_tests. Using this public policy the test can now figure out if
the newly added type in public or private.

Bug: 116344577
Test: adding public type triggers mapping test failure, adding private type does
not.
Change-Id: I421f335e37274b24aa73109e260653d7b73788b5

tests/treble_sepolicy_tests.py

diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 6e9eb6a..05549a1 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -76,6 +76,7 @@
 alltypes = set()
 oldalltypes = set()
 compatMapping = None
+pubtypes = set()
 
 # Distinguish between PRODUCT_FULL_TREBLE and PRODUCT_FULL_TREBLE_OVERRIDE
 FakeTreble = False
@@ -170,11 +171,13 @@
     GetCoreDomains()
 
 # setup for the policy compatibility tests
-def compatSetup(pol, oldpol, mapping):
+def compatSetup(pol, oldpol, mapping, types):
     global compatMapping
+    global pubtypes
 
     GetAllTypes(pol, oldpol)
     compatMapping = mapping
+    pubtypes = types
 
 def DomainsWithAttribute(attr):
     global alldomains
@@ -219,24 +222,25 @@
     return ret
 
 ###
-# Make sure that any new type introduced in the new policy that was not present
-# in the old policy has been recorded in the mapping file.
+# Make sure that any new public type introduced in the new policy that was not
+# present in the old policy has been recorded in the mapping file.
 def TestNoUnmappedNewTypes():
     global alltypes
     global oldalltypes
     global compatMapping
+    global pubtypes
     newt = alltypes - oldalltypes
     ret = ""
     violators = []
 
     for n in newt:
-        if compatMapping.rTypeattributesets.get(n) is None:
+        if n in pubtypes and compatMapping.rTypeattributesets.get(n) is None:
             violators.append(n)
 
     if len(violators) > 0:
-        ret += "SELinux: The following types were found added to the policy "
-        ret += "without an entry into the compatibility mapping file(s) found "
-        ret += "in private/compat/" + compatMapping.apiLevel + "/"
+        ret += "SELinux: The following public types were found added to the "
+        ret += "policy without an entry into the compatibility mapping file(s) "
+        ret += "found in private/compat/" + compatMapping.apiLevel + "/"
         ret +=  compatMapping.apiLevel + "[.ignore].cil\n"
         ret += " ".join(str(x) for x in sorted(violators)) + "\n"
     return ret
@@ -322,6 +326,8 @@
     usage +="-m mapping file [--test test] [--help]"
     parser = OptionParser(option_class=MultipleOption, usage=usage)
     parser.add_option("-b", "--basepolicy", dest="basepolicy", metavar="FILE")
+    parser.add_option("-u", "--base-pub-policy", dest="base_pub_policy",
+                      metavar="FILE")
     parser.add_option("-f", "--file_contexts", dest="file_contexts",
             metavar="FILE", action="extend", type="string")
     parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
@@ -352,19 +358,26 @@
             sys.exit("Error: File_contexts file " + f + " does not exist\n" +
                     parser.usage)
 
-    # Mapping files are only necessary for the TrebleCompatMapping test
+    # Mapping files and public platform policy are only necessary for the
+    # TrebleCompatMapping test.
     if options.tests is None or options.tests is "TrebleCompatMapping":
         if not options.basepolicy:
-            sys.exit("Must specify the current platform-only policy file\n" + parser.usage)
+            sys.exit("Must specify the current platform-only policy file\n"
+                     + parser.usage)
         if not options.mapping:
-            sys.exit("Must specify a compatibility mapping file\n" + parser.usage)
+            sys.exit("Must specify a compatibility mapping file\n"
+                     + parser.usage)
         if not options.oldpolicy:
-            sys.exit("Must specify the previous monolithic policy file\n" + parser.usage)
+            sys.exit("Must specify the previous monolithic policy file\n"
+                     + parser.usage)
+        if not options.base_pub_policy:
+            sys.exit("Must specify the current platform-only public policy "
+                     + ".cil file\n" + parser.usage)
         basepol = policy.Policy(options.basepolicy, None, options.libpath)
         oldpol = policy.Policy(options.oldpolicy, None, options.libpath)
         mapping = mini_parser.MiniCilParser(options.mapping)
-        compatSetup(basepol, oldpol, mapping)
-
+        pubpol = mini_parser.MiniCilParser(options.base_pub_policy)
+        compatSetup(basepol, oldpol, mapping, pubpol.types)
 
     if options.faketreble:
         FakeTreble = True