Merge "Introduce seapp_neverallow test"
diff --git a/hostsidetests/security/Android.mk b/hostsidetests/security/Android.mk
index d9fbc65..3e35e45 100644
--- a/hostsidetests/security/Android.mk
+++ b/hostsidetests/security/Android.mk
@@ -31,13 +31,23 @@
selinux_general_seapp_contexts := $(call intermediates-dir-for,ETC,general_seapp_contexts)/general_seapp_contexts
+selinux_general_seapp_neverallows := $(call intermediates-dir-for,ETC,general_seapp_neverallows)/general_seapp_neverallows
+
selinux_general_file_contexts := $(call intermediates-dir-for,ETC,general_file_contexts)/general_file_contexts
selinux_general_property_contexts := $(call intermediates-dir-for,ETC,general_property_contexts)/general_property_contexts
selinux_general_service_contexts := $(call intermediates-dir-for,ETC,general_service_contexts)/general_service_contexts
-LOCAL_JAVA_RESOURCE_FILES := $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(HOST_OUT_EXECUTABLES)/checkseapp $(HOST_OUT_EXECUTABLES)/checkfc $(selinux_general_seapp_contexts) $(selinux_general_file_contexts) $(selinux_general_property_contexts) $(selinux_general_service_contexts)
+LOCAL_JAVA_RESOURCE_FILES := \
+ $(HOST_OUT_EXECUTABLES)/sepolicy-analyze \
+ $(HOST_OUT_EXECUTABLES)/checkseapp \
+ $(HOST_OUT_EXECUTABLES)/checkfc \
+ $(selinux_general_seapp_contexts) \
+ $(selinux_general_seapp_neverallows) \
+ $(selinux_general_file_contexts) \
+ $(selinux_general_property_contexts) \
+ $(selinux_general_service_contexts)
selinux_general_policy := $(call intermediates-dir-for,ETC,general_sepolicy.conf)/general_sepolicy.conf
diff --git a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
index fcc9fa6..da9f501 100644
--- a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
+++ b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
@@ -66,6 +66,7 @@
private File deviceFcFile;
private File devicePcFile;
private File deviceSvcFile;
+ private File seappNeverAllowFile;
/**
* A reference to the device under test.
@@ -138,6 +139,7 @@
aospFcFile = copyResourceToTempFile("/general_file_contexts");
aospPcFile = copyResourceToTempFile("/general_property_contexts");
aospSvcFile = copyResourceToTempFile("/general_service_contexts");
+ seappNeverAllowFile = copyResourceToTempFile("/general_seapp_neverallows");
}
/**
@@ -209,14 +211,12 @@
* @throws Exception
*/
public void testValidSeappContexts() throws Exception {
- File OutputFile = File.createTempFile("seapp_output", ".tmp");
- OutputFile.deleteOnExit();
/* run checkseapp on seapp_contexts */
ProcessBuilder pb = new ProcessBuilder(checkSeapp.getAbsolutePath(),
"-p", devicePolicyFile.getAbsolutePath(),
- deviceSeappFile.getAbsolutePath(),
- "-o", OutputFile.getAbsolutePath());
+ seappNeverAllowFile.getAbsolutePath(),
+ deviceSeappFile.getAbsolutePath());
pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
pb.redirectErrorStream(true);
Process p = pb.start();