blob: 5eba5bb7abf0547a903b079e7be04dfd56653ed5 [file] [log] [blame]
#!/usr/bin/env python
src_header = """/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.cts.security;
import com.android.cts.tradefed.build.CtsBuildHelper;
import com.android.tradefed.build.IBuildInfo;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceTestCase;
import com.android.tradefed.testtype.IBuildReceiver;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.FileOutputStream;
import java.lang.String;
import java.net.URL;
import java.util.Scanner;
/**
* Neverallow Rules SELinux tests.
*/
public class SELinuxNeverallowRulesTest extends DeviceTestCase {
private File sepolicyAnalyze;
private File devicePolicyFile;
/**
* A reference to the device under test.
*/
private ITestDevice mDevice;
private File copyResourceToTempFile(String resName) throws IOException {
InputStream is = this.getClass().getResourceAsStream(resName);
File tempFile = File.createTempFile("SELinuxHostTest", ".tmp");
FileOutputStream os = new FileOutputStream(tempFile);
int rByte = 0;
while ((rByte = is.read()) != -1) {
os.write(rByte);
}
os.flush();
os.close();
tempFile.deleteOnExit();
return tempFile;
}
@Override
protected void setUp() throws Exception {
super.setUp();
mDevice = getDevice();
/* retrieve the sepolicy-analyze executable from jar */
sepolicyAnalyze = copyResourceToTempFile("/sepolicy-analyze");
sepolicyAnalyze.setExecutable(true);
/* obtain sepolicy file from running device */
devicePolicyFile = File.createTempFile("sepolicy", ".tmp");
devicePolicyFile.deleteOnExit();
mDevice.executeAdbCommand("pull", "/sys/fs/selinux/policy",
devicePolicyFile.getAbsolutePath());
}
"""
src_body = ""
src_footer = """}
"""
src_method = """
public void testNeverallowRules() throws Exception {
String neverallowRule = "$NEVERALLOW_RULE_HERE$";
/* run sepolicy-analyze neverallow check on policy file using given neverallow rules */
ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
devicePolicyFile.getAbsolutePath(), "neverallow", "-n",
neverallowRule);
pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
pb.redirectErrorStream(true);
Process p = pb.start();
p.waitFor();
BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
StringBuilder errorString = new StringBuilder();
while ((line = result.readLine()) != null) {
errorString.append(line);
errorString.append("\\n");
}
assertTrue("The following errors were encountered when validating the SELinux"
+ "neverallow rule:\\n" + neverallowRule + "\\n" + errorString,
errorString.length() == 0);
}
"""