Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / cts / 96ecf75e0e0216b76adf769065c5896089d2aed1 / . / tools / selinux / SELinuxNeverallowTestFrame.py
blob: 20e1ed4fb9f027652fb4c4e9ae8394c8bb957e66 [file] [log] [blame]
dcashman9b615752015-01-07 14:23:11 -0800[diff] [blame]1#!/usr/bin/env python
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]2
3src_header = """/*
4 * Copyright (C) 2014 The Android Open Source Project
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19package android.cts.security;
20
Changfei Chen178b43b2016-12-05 18:13:06 -0800[diff] [blame]21import android.platform.test.annotations.RestrictedBuildTest;
Aaron Holdend16ae8f2016-11-22 18:44:36 -0800[diff] [blame]22import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]23import com.android.tradefed.build.IBuildInfo;
24import com.android.tradefed.device.ITestDevice;
25import com.android.tradefed.testtype.DeviceTestCase;
26import com.android.tradefed.testtype.IBuildReceiver;
dcashman4371f002016-03-29 10:42:03 -0700[diff] [blame]27import com.android.tradefed.testtype.IDeviceTest;
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]28
29import java.io.BufferedReader;
30import java.io.File;
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]31import java.io.InputStream;
32import java.io.InputStreamReader;
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]33
34/**
35 * Neverallow Rules SELinux tests.
36 */
dcashman4371f002016-03-29 10:42:03 -0700[diff] [blame]37public class SELinuxNeverallowRulesTest extends DeviceTestCase implements IBuildReceiver, IDeviceTest {
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]38 private File sepolicyAnalyze;
39 private File devicePolicyFile;
40
dcashman9cf20df2016-04-01 11:32:35 -0700[diff] [blame]41 private IBuildInfo mBuild;
42
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]43 /**
44 * A reference to the device under test.
45 */
46 private ITestDevice mDevice;
47
dcashman4371f002016-03-29 10:42:03 -0700[diff] [blame]48 /**
49 * {@inheritDoc}
50 */
51 @Override
52 public void setBuild(IBuildInfo build) {
dcashman9cf20df2016-04-01 11:32:35 -0700[diff] [blame]53 mBuild = build;
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]54 }
55
dcashman4371f002016-03-29 10:42:03 -0700[diff] [blame]56 /**
57 * {@inheritDoc}
58 */
59 @Override
60 public void setDevice(ITestDevice device) {
61 super.setDevice(device);
62 mDevice = device;
63 }
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]64 @Override
65 protected void setUp() throws Exception {
66 super.setUp();
Aaron Holdend16ae8f2016-11-22 18:44:36 -0800[diff] [blame]67 CompatibilityBuildHelper buildHelper = new CompatibilityBuildHelper(mBuild);
68 sepolicyAnalyze = buildHelper.getTestFile("sepolicy-analyze");
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]69 sepolicyAnalyze.setExecutable(true);
70
Alex Klyubine91509c2017-04-14 11:17:19 -0700[diff] [blame]71 devicePolicyFile = android.security.cts.SELinuxHostTest.getDevicePolicyFile(mDevice);
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]72 }
Alex Klyubin9dd67db2017-04-06 20:14:43 -0700[diff] [blame]73
74 private boolean isFullTrebleDevice() throws Exception {
75 return android.security.cts.SELinuxHostTest.isFullTrebleDevice(mDevice);
76 }
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]77"""
78src_body = ""
79src_footer = """}
80"""
81
82src_method = """
Changfei Chen178b43b2016-12-05 18:13:06 -0800[diff] [blame]83 @RestrictedBuildTest
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]84 public void testNeverallowRules() throws Exception {
85 String neverallowRule = "$NEVERALLOW_RULE_HERE$";
Alex Klyubin9dd67db2017-04-06 20:14:43 -0700[diff] [blame]86 boolean fullTrebleOnly = $FULL_TREBLE_ONLY_BOOL_HERE$;
87
88 if ((fullTrebleOnly) && (!isFullTrebleDevice())) {
89 // This test applies only to Treble devices but this device isn't one
90 return;
91 }
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]92
93 /* run sepolicy-analyze neverallow check on policy file using given neverallow rules */
94 ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
Alex Klyubincb20eaf2017-04-25 13:16:00 -0700[diff] [blame]95 devicePolicyFile.getAbsolutePath(), "neverallow", "-w", "-n",
dcashmanb34ae0b2014-10-24 16:16:30 -0700[diff] [blame]96 neverallowRule);
97 pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
98 pb.redirectErrorStream(true);
99 Process p = pb.start();
100 p.waitFor();
101 BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
102 String line;
103 StringBuilder errorString = new StringBuilder();
104 while ((line = result.readLine()) != null) {
105 errorString.append(line);
106 errorString.append("\\n");
107 }
108 assertTrue("The following errors were encountered when validating the SELinux"
109 + "neverallow rule:\\n" + neverallowRule + "\\n" + errorString,
110 errorString.length() == 0);
111 }
112"""