From dab131b1f8de28a9964c805b5790c33112278c8d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 4 Oct 2018 11:24:00 -0700
Subject: [PATCH] Start enforcing /system file labeling
system_file_type is an attribute assigned to all files on the /system
partition. Add a compile time test to ensure that the attribute is
assigned to all the relevant types.
Test: code compiles.
Change-Id: I7d69a04a4f04f6269cc408f25527b948756cc079
---
tests/sepolicy_tests.py | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 70b036fab..f8dc4669f 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -11,8 +11,8 @@ import sys
def TestDataTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
-# def TestSystemTypeViolations(pol):
-# return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
+def TestSystemTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
def TestProcTypeViolations(pol):
return pol.AssertGenfsFilesystemTypesHaveAttr("proc", "proc_type")
@@ -58,7 +58,7 @@ Tests = [
"TestDataTypeViolators",
"TestProcTypeViolations",
"TestSysfsTypeViolations",
- # "TestSystemTypeViolators",
+ "TestSystemTypeViolators",
"TestDebugfsTypeViolations",
"TestVendorTypeViolations",
"TestCoreDataTypeViolations",
@@ -107,8 +107,8 @@ if __name__ == '__main__':
results += TestProcTypeViolations(pol)
if options.test is None or "TestSysfsTypeViolations" in options.test:
results += TestSysfsTypeViolations(pol)
- # if options.test is None or "TestSystemTypeViolations" in options.test:
- # results += TestSystemTypeViolations(pol)
+ if options.test is None or "TestSystemTypeViolations" in options.test:
+ results += TestSystemTypeViolations(pol)
if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test:
--
GitLab