commit f305ae66123f749f39fc753a3b013dab3ce99c37
author Thiébaud Weksteen <tweek@google.com> Tue Sep 24 10:12:10 2024 +1000
committer Thiébaud Weksteen <tweek@google.com> Tue Sep 24 10:34:17 2024 +1000
tree a9713fa540225675b5051d90c27ac958ac3387af
parent a60b1d55ac01512e2d32e71514682537da8bdf1d

checkfc: Fail on non-matching data entries

checkfc -t can be used to verify that file contexts resolve to their
expected values. The test will warn if an entry does not match but the
exit code is not set, which won't fail the build.

Return an error to make sure the build fails.

Bug: 299839280
Test: m checkbuild
Change-Id: Ic5fa86c7fabdfa0f86f97463201877c9216b1fb4

tools/checkfc.c

diff --git a/tools/checkfc.c b/tools/checkfc.c
index 051e24b..904f02f 100644
--- a/tools/checkfc.c
+++ b/tools/checkfc.c
@@ -304,6 +304,7 @@
     }
 
     char line[1024];
+    bool non_matching_entries = false;
     while (fgets(line, sizeof(line), test_data)) {
         char *path;
         char *expected_type;
@@ -331,6 +332,7 @@
         if (strcmp(found_type, expected_type)) {
             fprintf(stderr, "Incorrect type for %s: resolved to %s, expected %s\n",
                     path, found_type, expected_type);
+            non_matching_entries = true;
         }
 
         free(found_context);
@@ -340,6 +342,10 @@
     }
     fclose(test_data);
 
+    if (non_matching_entries) {
+        exit(1);
+    }
+
     // Prints the coverage of file_contexts on the test data. It includes
     // warnings for rules that have not been hit by any test example.
     union selinux_callback cb;