Merge changes I4b34fbc6,Id3bc6980
* changes:
Exclude BackgroundDexOptimizationTest from CtsCompilationTestCases.
Revert "Remove CtsCompilationTestCases from CTS."
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/sensors/RVCVXCheckTestActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/sensors/RVCVXCheckTestActivity.java
index 4466672..89061f7 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/sensors/RVCVXCheckTestActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/sensors/RVCVXCheckTestActivity.java
@@ -246,6 +246,11 @@
clearText();
}
+ @Override
+ public boolean requiresReportLog() {
+ return true;
+ }
+
/**
Receiving the results from the RVCVRecordActivity, which is a patch where the recorded
video and sensor data is stored.
diff --git a/hostsidetests/multidevices/bluetooth/snippet/BluetoothGattMultiDevicesServer.java b/hostsidetests/multidevices/bluetooth/snippet/BluetoothGattMultiDevicesServer.java
index 2b7c065..cde23ef 100644
--- a/hostsidetests/multidevices/bluetooth/snippet/BluetoothGattMultiDevicesServer.java
+++ b/hostsidetests/multidevices/bluetooth/snippet/BluetoothGattMultiDevicesServer.java
@@ -58,12 +58,7 @@
createGattServer(uuid);
var bluetoothLeAdvertiser = mBluetoothAdapter.getBluetoothLeAdvertiser();
- var params =
- new AdvertisingSetParameters.Builder()
- .setConnectable(true)
- .setOwnAddressType(
- AdvertisingSetParameters.ADDRESS_TYPE_RANDOM_NON_RESOLVABLE)
- .build();
+ var params = new AdvertisingSetParameters.Builder().setConnectable(true).build();
var data =
new AdvertiseData.Builder()
.addServiceUuid(new ParcelUuid(UUID.fromString(uuid)))
@@ -77,7 +72,12 @@
var gattServer = createGattServer(uuid);
var bluetoothLeAdvertiser = mBluetoothAdapter.getBluetoothLeAdvertiser();
- var params = new AdvertisingSetParameters.Builder().setConnectable(true).build();
+ var params =
+ new AdvertisingSetParameters.Builder()
+ .setConnectable(true)
+ .setOwnAddressType(
+ AdvertisingSetParameters.ADDRESS_TYPE_RANDOM_NON_RESOLVABLE)
+ .build();
var data =
new AdvertiseData.Builder()
.addServiceUuid(new ParcelUuid(UUID.fromString(uuid)))
diff --git a/hostsidetests/security/Android.bp b/hostsidetests/security/Android.bp
index 4798f0c..e63427e 100644
--- a/hostsidetests/security/Android.bp
+++ b/hostsidetests/security/Android.bp
@@ -23,7 +23,6 @@
defaults: ["cts_defaults"],
srcs: [
"src/**/*.java",
- ":CtsSecurityHostTestCases_LocalGeneratedSources",
],
// tag this module as a cts test artifact
test_suites: [
@@ -46,6 +45,7 @@
"CtsSecurityHostTestCases_StaticLibs",
"diffutils-prebuilt-jar",
"CompatChangeGatingTestBase",
+ "cts-host-utils",
],
data: [
":CtsZipValidateApp",
@@ -60,19 +60,6 @@
target_required: ["CtsDeviceInfo"],
}
-genrule {
- name: "CtsSecurityHostTestCases_LocalGeneratedSources",
- tools: [
- "SELinuxNeverallowTestGen",
- "soong_zip",
- ],
- srcs: [":general_sepolicy.conf"],
- out: ["SELinuxNeverallowRulesTest.srcjar"],
- cmd: "mkdir -p $(genDir)/android/cts/security && " +
- "$(location SELinuxNeverallowTestGen) $(in) $(genDir)/android/cts/security/SELinuxNeverallowRulesTest.java && " +
- "$(location soong_zip) -jar -o $(out) -C $(genDir) -D $(genDir)",
-}
-
java_genrule_host {
name: "CtsSecurityHostTestCases_StaticLibs",
tools: [
@@ -90,6 +77,7 @@
tool_files: [
":apex_sepolicy-33.cil",
":apex_sepolicy-33.decompiled.cil",
+ ":general_sepolicy.conf",
],
out: ["CtsSecurityHostTestCases_StaticLibs.jar"],
cmd: "$(location soong_zip) -jar -o $(location CtsSecurityHostTestCases_StaticLibs.jar) -j " +
@@ -103,5 +91,6 @@
"-f $(location sepolicy_tests) " +
"-f $(location treble_sepolicy_tests) " +
"-f $(location :apex_sepolicy-33.cil) " +
- "-f $(location :apex_sepolicy-33.decompiled.cil)",
+ "-f $(location :apex_sepolicy-33.decompiled.cil) " +
+ "-f $(location :general_sepolicy.conf)",
}
diff --git a/hostsidetests/security/src/android/security/cts/SELinuxNeverallowRulesTest.java b/hostsidetests/security/src/android/security/cts/SELinuxNeverallowRulesTest.java
new file mode 100644
index 0000000..3946185
--- /dev/null
+++ b/hostsidetests/security/src/android/security/cts/SELinuxNeverallowRulesTest.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertTrue;
+
+import android.cts.host.utils.DeviceJUnit4ClassRunnerWithParameters;
+import android.cts.host.utils.DeviceJUnit4Parameterized;
+import android.platform.test.annotations.RestrictedBuildTest;
+
+import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
+import com.android.compatibility.common.util.PropertyUtil;
+import com.android.tradefed.build.IBuildInfo;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+import org.junit.runners.Parameterized.UseParametersRunnerFactory;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.InputStreamReader;
+import java.nio.file.Files;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * Neverallow Rules SELinux tests.
+ *
+ * This is a parametrised test. It extracts the neverallow rules from the
+ * platform policy which is embedded in the CTS distribution. Each rule
+ * generates its own test to ensure that it is not violated by the device
+ * policy.
+ *
+ * A set of criteria can be used in the platform policy to skip the test
+ * depending on the device (e.g., launching version). See sConditions below.
+ *
+ */
+@RunWith(DeviceJUnit4Parameterized.class)
+@UseParametersRunnerFactory(DeviceJUnit4ClassRunnerWithParameters.RunnerFactory.class)
+public class SELinuxNeverallowRulesTest extends BaseHostJUnit4Test {
+ private File sepolicyAnalyze;
+ private File devicePolicyFile;
+ private File deviceSystemPolicyFile;
+
+ private IBuildInfo mBuild;
+ private int mVendorSepolicyVersion = -1;
+ private int mSystemSepolicyVersion = -1;
+
+ /**
+ * A reference to the device under test.
+ */
+ private ITestDevice mDevice;
+
+ private static String[] sConditions = {
+ "TREBLE_ONLY",
+ "COMPATIBLE_PROPERTY_ONLY",
+ "LAUNCHING_WITH_R_ONLY",
+ "LAUNCHING_WITH_S_ONLY",
+ };
+
+ private static class NeverAllowRule {
+ public String mText;
+ public boolean fullTrebleOnly;
+ public boolean launchingWithROnly;
+ public boolean launchingWithSOnly;
+ public boolean compatiblePropertyOnly;
+
+ NeverAllowRule(String text, HashMap<String, Integer> conditions) {
+ mText = text;
+ if (conditions.getOrDefault("TREBLE_ONLY", 0) > 0) {
+ fullTrebleOnly = true;
+ }
+ if (conditions.getOrDefault("COMPATIBLE_PROPERTY_ONLY", 0) > 0) {
+ compatiblePropertyOnly = true;
+ }
+ if (conditions.getOrDefault("LAUNCHING_WITH_R_ONLY", 0) > 0) {
+ launchingWithROnly = true;
+ }
+ if (conditions.getOrDefault("LAUNCHING_WITH_S_ONLY", 0) > 0) {
+ launchingWithSOnly = true;
+ }
+ }
+
+ public String toString() {
+ return "Rule [text= " + mText
+ + ", fullTrebleOnly=" + fullTrebleOnly
+ + ", compatiblePropertyOnly=" + compatiblePropertyOnly
+ + ", launchingWithROnly=" + launchingWithROnly
+ + ", launchingWithSOnly=" + launchingWithSOnly
+ + "]";
+ }
+ }
+
+ /**
+ * Generate the test parameters based on the embedded policy (general_sepolicy.conf).
+ */
+ @Parameters
+ public static Iterable<NeverAllowRule> generateRules() throws Exception {
+ File publicPolicy = SELinuxHostTest.copyResourceToTempFile("/general_sepolicy.conf");
+ String policy = Files.readString(publicPolicy.toPath());
+
+ String patternConditions = Arrays.stream(sConditions)
+ .flatMap(condition -> Stream.of("BEGIN_" + condition, "END_" + condition))
+ .collect(Collectors.joining("|"));
+
+ /* Uncomment conditions delimiter lines. */
+ Pattern uncommentConditions = Pattern.compile("^\\s*#\\s*(" + patternConditions + ")\\s*$",
+ Pattern.MULTILINE);
+ Matcher matcher = uncommentConditions.matcher(policy);
+ policy = matcher.replaceAll("$1");
+
+ /* Remove all comments. */
+ Pattern comments = Pattern.compile("#.*?$", Pattern.MULTILINE);
+ matcher = comments.matcher(policy);
+ policy = matcher.replaceAll("");
+
+ /* Use a pattern to match all the neverallow rules or a condition. */
+ Pattern neverAllowPattern = Pattern.compile(
+ "^\\s*(neverallow\\s.+?;|" + patternConditions + ")",
+ Pattern.MULTILINE | Pattern.DOTALL);
+
+ ArrayList<NeverAllowRule> rules = new ArrayList();
+ HashMap<String, Integer> conditions = new HashMap();
+
+ matcher = neverAllowPattern.matcher(policy);
+ while (matcher.find()) {
+ String rule = matcher.group(1).replace("\n", " ");
+ if (rule.startsWith("BEGIN_")) {
+ String section = rule.substring(6);
+ conditions.put(section, conditions.getOrDefault(section, 0) + 1);
+ } else if (rule.startsWith("END_")) {
+ String section = rule.substring(4);
+ Integer v = conditions.getOrDefault(section, 0);
+ assertTrue("Condition " + rule + " found without BEGIN", v > 0);
+ conditions.put(section, v - 1);
+ } else if (rule.startsWith("neverallow")) {
+ rules.add(new NeverAllowRule(rule, conditions));
+ } else {
+ throw new Exception("Unknown rule: " + rule);
+ }
+ }
+
+ for (Map.Entry<String, Integer> condition : conditions.entrySet()) {
+ assertTrue("End of input while inside " + condition.getKey() + " section",
+ condition.getValue() == 0);
+ }
+
+ assertTrue("No test generated from the CTS-embedded policy", !rules.isEmpty());
+ return rules;
+ }
+
+ /* Parameter generated by generateRules() and available to testNeverallowRules */
+ @Parameter
+ public NeverAllowRule mRule;
+
+ @Before
+ public void setUp() throws Exception {
+ mDevice = getDevice();
+ mBuild = getBuild();
+
+ CompatibilityBuildHelper buildHelper = new CompatibilityBuildHelper(mBuild);
+ sepolicyAnalyze = SELinuxHostTest.copyResourceToTempFile("/sepolicy-analyze");
+ sepolicyAnalyze.setExecutable(true);
+
+ devicePolicyFile = SELinuxHostTest.getDevicePolicyFile(mDevice);
+
+ if (isSepolicySplit()) {
+ deviceSystemPolicyFile =
+ SELinuxHostTest.getDeviceSystemPolicyFile(mDevice);
+
+ // Caching this variable to save time.
+ if (mVendorSepolicyVersion == -1) {
+ mVendorSepolicyVersion =
+ SELinuxHostTest.getVendorSepolicyVersion(mBuild, mDevice);
+ }
+ if (mSystemSepolicyVersion == -1) {
+ mSystemSepolicyVersion =
+ SELinuxHostTest.getSystemSepolicyVersion(mBuild);
+ }
+ }
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ sepolicyAnalyze.delete();
+ }
+
+ private boolean isFullTrebleDevice() throws Exception {
+ return SELinuxHostTest.isFullTrebleDevice(mDevice);
+ }
+
+ private boolean isDeviceLaunchingWithR() throws Exception {
+ return PropertyUtil.getFirstApiLevel(mDevice) > 29;
+ }
+
+ private boolean isDeviceLaunchingWithS() throws Exception {
+ return PropertyUtil.getFirstApiLevel(mDevice) > 30;
+ }
+
+ private boolean isCompatiblePropertyEnforcedDevice() throws Exception {
+ return SELinuxHostTest.isCompatiblePropertyEnforcedDevice(mDevice);
+ }
+
+ private boolean isSepolicySplit() throws Exception {
+ return SELinuxHostTest.isSepolicySplit(mDevice);
+ }
+
+ @Test
+ @RestrictedBuildTest
+ public void testNeverallowRules() throws Exception {
+
+ if ((mRule.fullTrebleOnly) && (!isFullTrebleDevice())) {
+ // This test applies only to Treble devices but this device isn't one
+ return;
+ }
+ if ((mRule.launchingWithROnly) && (!isDeviceLaunchingWithR())) {
+ // This test applies only to devices launching with R or later but this device isn't one
+ return;
+ }
+ if ((mRule.launchingWithSOnly) && (!isDeviceLaunchingWithS())) {
+ // This test applies only to devices launching with S or later but this device isn't one
+ return;
+ }
+ if ((mRule.compatiblePropertyOnly) && (!isCompatiblePropertyEnforcedDevice())) {
+ // This test applies only to devices on which compatible property is enforced but this
+ // device isn't one
+ return;
+ }
+
+ // If sepolicy is split and vendor sepolicy version is behind platform's,
+ // only test against platform policy.
+ File policyFile =
+ (isSepolicySplit() && mVendorSepolicyVersion < mSystemSepolicyVersion)
+ ? deviceSystemPolicyFile : devicePolicyFile;
+
+ /* run sepolicy-analyze neverallow check on policy file using given neverallow rules */
+ ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
+ policyFile.getAbsolutePath(), "neverallow", "-n",
+ mRule.mText);
+ pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
+ pb.redirectErrorStream(true);
+ Process p = pb.start();
+ BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
+ String line;
+ StringBuilder errorString = new StringBuilder();
+ while ((line = result.readLine()) != null) {
+ errorString.append(line);
+ errorString.append("\n");
+ }
+ p.waitFor();
+ assertTrue("The following errors were encountered when validating the SELinux"
+ + "neverallow rule:\n" + mRule.mText + "\n" + errorString,
+ errorString.length() == 0);
+ }
+}
diff --git a/tests/JobScheduler/src/android/jobscheduler/cts/JobThrottlingTest.java b/tests/JobScheduler/src/android/jobscheduler/cts/JobThrottlingTest.java
index 6a6bf81..adeadb3 100644
--- a/tests/JobScheduler/src/android/jobscheduler/cts/JobThrottlingTest.java
+++ b/tests/JobScheduler/src/android/jobscheduler/cts/JobThrottlingTest.java
@@ -1028,6 +1028,7 @@
assumeTrue("app standby not enabled", mAppStandbyEnabled);
assumeFalse("not testable in automotive device", mAutomotiveDevice); // Test needs battery
assumeFalse("not testable in leanback device", mLeanbackOnly); // Test needs battery
+ assumeTrue(BatteryUtils.hasBattery());
// Reduce allowed time for testing.
mDeviceConfigStateHelper.set("qc_allowed_time_per_period_rare_ms", "60000");
diff --git a/tests/camera/src/android/hardware/camera2/cts/CaptureResultTest.java b/tests/camera/src/android/hardware/camera2/cts/CaptureResultTest.java
index d45b6c1..d015959 100644
--- a/tests/camera/src/android/hardware/camera2/cts/CaptureResultTest.java
+++ b/tests/camera/src/android/hardware/camera2/cts/CaptureResultTest.java
@@ -776,8 +776,7 @@
waiverKeys.add(CaptureResult.HOT_PIXEL_MODE);
}
- if (!staticInfo.isNoiseReductionModeControlSupported()
- && staticInfo.getAvailableNoiseReductionModesChecked().length == 0) {
+ if (!staticInfo.isNoiseReductionModeControlSupported()) {
waiverKeys.add(CaptureResult.NOISE_REDUCTION_MODE);
}
diff --git a/tests/camera/utils/src/android/hardware/camera2/cts/helpers/StaticMetadata.java b/tests/camera/utils/src/android/hardware/camera2/cts/helpers/StaticMetadata.java
index f0bd2c9..3ae7558 100644
--- a/tests/camera/utils/src/android/hardware/camera2/cts/helpers/StaticMetadata.java
+++ b/tests/camera/utils/src/android/hardware/camera2/cts/helpers/StaticMetadata.java
@@ -2413,16 +2413,7 @@
* @return {@code true} if noise reduction mode control is supported
*/
public boolean isNoiseReductionModeControlSupported() {
- if (!areKeysAvailable(CaptureRequest.NOISE_REDUCTION_MODE)) {
- return false;
- }
- int[] availableModes = getAvailableNoiseReductionModesChecked();
- // Let's consider noise reduction is not supported if only "OFF" is reported.
- if (availableModes.length == 1
- && availableModes[0] == CaptureRequest.NOISE_REDUCTION_MODE_OFF) {
- return false;
- }
- return true;
+ return areKeysAvailable(CaptureRequest.NOISE_REDUCTION_MODE);
}
/**
diff --git a/tests/signature/API_SIGNATURE_OWNERS b/tests/signature/API_SIGNATURE_OWNERS
new file mode 100644
index 0000000..e0fb1a2
--- /dev/null
+++ b/tests/signature/API_SIGNATURE_OWNERS
@@ -0,0 +1,2 @@
+# List of owners of API signature tests
+include platform/packages/modules/common:/OWNERS
diff --git a/tests/signature/HIDDEN_API_OWNERS b/tests/signature/HIDDEN_API_OWNERS
new file mode 100644
index 0000000..80a4479
--- /dev/null
+++ b/tests/signature/HIDDEN_API_OWNERS
@@ -0,0 +1,2 @@
+# Owners of hidden API related tests
+include platform/art:/OWNERS
diff --git a/tests/signature/OWNERS b/tests/signature/OWNERS
index bbb4e79..6662f76 100644
--- a/tests/signature/OWNERS
+++ b/tests/signature/OWNERS
@@ -1,5 +1,2 @@
-# Bug component: 24949
-paulduffin@google.com
-andreionea@google.com
-
+include API_SIGNATURE_OWNERS
include platform/art:/OWNERS
diff --git a/tests/signature/api-check/android-test-base-29-api/OWNERS b/tests/signature/api-check/android-test-base-29-api/OWNERS
index aaadab7..e6efcdc 100644
--- a/tests/signature/api-check/android-test-base-29-api/OWNERS
+++ b/tests/signature/api-check/android-test-base-29-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-include ../android-test-base-current-api/OWNERS
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/android-test-base-current-api/OWNERS b/tests/signature/api-check/android-test-base-current-api/OWNERS
index 682d0b0..e6efcdc 100644
--- a/tests/signature/api-check/android-test-base-current-api/OWNERS
+++ b/tests/signature/api-check/android-test-base-current-api/OWNERS
@@ -1,4 +1,2 @@
-# Bug component: 24949
-paulduffin@google.com
-jiyong@google.com
-tnorbye@google.com
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/android-test-base-uses-library-api/OWNERS b/tests/signature/api-check/android-test-base-uses-library-api/OWNERS
index aaadab7..e6efcdc 100644
--- a/tests/signature/api-check/android-test-base-uses-library-api/OWNERS
+++ b/tests/signature/api-check/android-test-base-uses-library-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-include ../android-test-base-current-api/OWNERS
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/android-test-mock-current-api/OWNERS b/tests/signature/api-check/android-test-mock-current-api/OWNERS
index 7841a94..e6efcdc 100644
--- a/tests/signature/api-check/android-test-mock-current-api/OWNERS
+++ b/tests/signature/api-check/android-test-mock-current-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-paulduffin@google.com
\ No newline at end of file
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/android-test-runner-current-api/OWNERS b/tests/signature/api-check/android-test-runner-current-api/OWNERS
index aaadab7..e6efcdc 100644
--- a/tests/signature/api-check/android-test-runner-current-api/OWNERS
+++ b/tests/signature/api-check/android-test-runner-current-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-include ../android-test-base-current-api/OWNERS
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/apache-http-legacy-27-api/OWNERS b/tests/signature/api-check/apache-http-legacy-27-api/OWNERS
index 7841a94..e6efcdc 100644
--- a/tests/signature/api-check/apache-http-legacy-27-api/OWNERS
+++ b/tests/signature/api-check/apache-http-legacy-27-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-paulduffin@google.com
\ No newline at end of file
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/apache-http-legacy-current-api/OWNERS b/tests/signature/api-check/apache-http-legacy-current-api/OWNERS
index aaadab7..e6efcdc 100644
--- a/tests/signature/api-check/apache-http-legacy-current-api/OWNERS
+++ b/tests/signature/api-check/apache-http-legacy-current-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-include ../android-test-base-current-api/OWNERS
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/apache-http-legacy-uses-library-api/OWNERS b/tests/signature/api-check/apache-http-legacy-uses-library-api/OWNERS
index aaadab7..e6efcdc 100644
--- a/tests/signature/api-check/apache-http-legacy-uses-library-api/OWNERS
+++ b/tests/signature/api-check/apache-http-legacy-uses-library-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-include ../android-test-base-current-api/OWNERS
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/hidden-api-blocklist-27-api/AndroidTest.xml b/tests/signature/api-check/hidden-api-blocklist-27-api/AndroidTest.xml
index 04dea91..0ee410e 100644
--- a/tests/signature/api-check/hidden-api-blocklist-27-api/AndroidTest.xml
+++ b/tests/signature/api-check/hidden-api-blocklist-27-api/AndroidTest.xml
@@ -38,10 +38,9 @@
<option name="instrumentation-arg" key="hiddenapi-test-flags" value="blocked" />
<option name="instrumentation-arg" key="hiddenapi-filter-file" value="hiddenapi-filter.csv" />
<option name="test-api-access" value="false" />
- <option name="runtime-hint" value="30s" />
+ <option name="runtime-hint" value="120s" />
<!-- disable isolated storage so tests can access dynamic config stored in /sdcard. -->
<option name="isolated-storage" value="false" />
- <!-- test-timeout unit is ms, value = 10 min -->
- <option name="test-timeout" value="900000" />
+ <option name="test-timeout" value="15m" />
</test>
</configuration>
diff --git a/tests/signature/api-check/hidden-api-blocklist-27-api/OWNERS b/tests/signature/api-check/hidden-api-blocklist-27-api/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-blocklist-27-api/OWNERS
+++ b/tests/signature/api-check/hidden-api-blocklist-27-api/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/hidden-api-blocklist-28-api/OWNERS b/tests/signature/api-check/hidden-api-blocklist-28-api/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-blocklist-28-api/OWNERS
+++ b/tests/signature/api-check/hidden-api-blocklist-28-api/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/hidden-api-blocklist-debug-class/OWNERS b/tests/signature/api-check/hidden-api-blocklist-debug-class/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-blocklist-debug-class/OWNERS
+++ b/tests/signature/api-check/hidden-api-blocklist-debug-class/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/hidden-api-killswitch-debug-class/OWNERS b/tests/signature/api-check/hidden-api-killswitch-debug-class/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-killswitch-debug-class/OWNERS
+++ b/tests/signature/api-check/hidden-api-killswitch-debug-class/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/hidden-api-killswitch-sdklist/OWNERS b/tests/signature/api-check/hidden-api-killswitch-sdklist/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-killswitch-sdklist/OWNERS
+++ b/tests/signature/api-check/hidden-api-killswitch-sdklist/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/hidden-api-killswitch-wildcard/OWNERS b/tests/signature/api-check/hidden-api-killswitch-wildcard/OWNERS
index e840a10..aa99d6a 100644
--- a/tests/signature/api-check/hidden-api-killswitch-wildcard/OWNERS
+++ b/tests/signature/api-check/hidden-api-killswitch-wildcard/OWNERS
@@ -1,2 +1,2 @@
# Bug component: 610774
-include ../hidden-api-blacklist-current-api/OWNERS
\ No newline at end of file
+include ../../HIDDEN_API_OWNERS
diff --git a/tests/signature/api-check/shared-libs-api/OWNERS b/tests/signature/api-check/shared-libs-api/OWNERS
index a5b69a9..e6efcdc 100644
--- a/tests/signature/api-check/shared-libs-api/OWNERS
+++ b/tests/signature/api-check/shared-libs-api/OWNERS
@@ -1,2 +1,2 @@
-# Bug component: 24949
-sundongahn@google.com
\ No newline at end of file
+# Bug component: 819107
+include ../../API_SIGNATURE_OWNERS
diff --git a/tests/signature/api-check/src/java/android/signature/cts/api/HiddenApiTest.java b/tests/signature/api-check/src/java/android/signature/cts/api/HiddenApiTest.java
index 1635da7..6b2a0f4 100644
--- a/tests/signature/api-check/src/java/android/signature/cts/api/HiddenApiTest.java
+++ b/tests/signature/api-check/src/java/android/signature/cts/api/HiddenApiTest.java
@@ -25,46 +25,37 @@
import android.signature.cts.FailureType;
import android.signature.cts.VirtualPath;
-import androidx.test.platform.app.InstrumentationRegistry;
-
-import com.google.common.base.Suppliers;
-
-import org.junit.Test;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
-import java.text.ParseException;
-import java.util.ArrayList;
import java.util.HashSet;
-import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
-import java.util.function.Supplier;
+import org.junit.Test;
/**
* Checks that it is not possible to access hidden APIs.
*/
public class HiddenApiTest extends AbstractApiTest {
- private static final String HIDDENAPI_FILES_ARG = "hiddenapi-files";
- private static final String HIDDENAPI_FILTER_FILE_ARG = "hiddenapi-filter-file";
- private static final String HIDDENAPI_TEST_FLAGS_ARG = "hiddenapi-test-flags";
-
- private static final Supplier<List<DexMember>> DEX_MEMBERS = getSupplierOfDexMembers();
-
+ private String[] hiddenapiFiles;
private String[] hiddenapiTestFlags;
+ private String hiddenapiFilterFile;
+ private Set<String> hiddenapiFilterSet;
@Override
protected void initializeFromArgs(Bundle instrumentationArgs) throws Exception {
- hiddenapiTestFlags =
- getCommaSeparatedListOptional(instrumentationArgs, HIDDENAPI_TEST_FLAGS_ARG);
+ hiddenapiFiles = getCommaSeparatedListRequired(instrumentationArgs, "hiddenapi-files");
+ hiddenapiTestFlags = getCommaSeparatedListOptional(instrumentationArgs, "hiddenapi-test-flags");
+ hiddenapiFilterFile = instrumentationArgs.getString("hiddenapi-filter-file");
+ hiddenapiFilterSet = new HashSet<>();
}
@Override
public void setUp() throws Exception {
super.setUp();
DexMemberChecker.init();
+ loadFilters();
}
// We have four methods to split up the load, keeping individual test runs small.
@@ -158,12 +149,24 @@
}
};
- List<DexMember> dexMembers = DEX_MEMBERS.get();
- dexMembers.parallelStream()
- .filter(memberFilter)
- .filter(m -> shouldTestMember(m))
- .forEach(
- m -> DexMemberChecker.checkSingleMember(m, reflection, jni, observer));
+ for (String apiFile : hiddenapiFiles) {
+ VirtualPath.ResourcePath resourcePath =
+ VirtualPath.get(getClass().getClassLoader(), apiFile);
+ BufferedReader reader = new BufferedReader(
+ new InputStreamReader(resourcePath.newInputStream()));
+ int lineIndex = 1;
+ String line = reader.readLine();
+ while (line != null) {
+ DexMember dexMember = DexApiDocumentParser.parseLine(line, lineIndex);
+ if (memberFilter.test(dexMember) && shouldTestMember(dexMember)
+ && !isFiltered(line)) {
+ DexMemberChecker.checkSingleMember(dexMember, reflection, jni,
+ observer);
+ }
+ line = reader.readLine();
+ lineIndex++;
+ }
+ }
});
}
@@ -192,7 +195,7 @@
* @param line is the line from the hiddenapi-flags.csv indicating which method/field to check
* @return true if the method/field is to be filtered out, false otherwise
*/
- private static boolean isFiltered(String line, Set<String> hiddenapiFilterSet) {
+ private boolean isFiltered(String line) {
if (line == null) {
return false;
}
@@ -203,71 +206,24 @@
/**
* Loads the filter file and inserts each line of the file into a Set
+ *
+ * @throws IOException if the filter file does not exist
*/
- static Set<String> loadFilters(String hiddenapiFilterFile) {
+ private void loadFilters() throws IOException {
// Avoids testing members in filter file (only a single filter file can be supplied)
- Set<String> hiddenapiFilterSet = new HashSet<>();
if (hiddenapiFilterFile != null) {
- try {
- VirtualPath.ResourcePath resourcePath =
- VirtualPath.get(HiddenApiTest.class.getClassLoader(), hiddenapiFilterFile);
- BufferedReader reader =
- new BufferedReader(new InputStreamReader(resourcePath.newInputStream()));
- String filterFileLine = reader.readLine();
- while (filterFileLine != null) {
- if (!filterFileLine.startsWith("#")) {
- hiddenapiFilterSet.add(filterFileLine);
- }
- filterFileLine = reader.readLine();
+ VirtualPath.ResourcePath resourcePath =
+ VirtualPath.get(getClass().getClassLoader(), hiddenapiFilterFile);
+ BufferedReader reader = new BufferedReader(
+ new InputStreamReader(resourcePath.newInputStream()));
+ String filterFileLine = reader.readLine();
+ while (filterFileLine != null) {
+ if (!filterFileLine.startsWith("#")) {
+ hiddenapiFilterSet.add(filterFileLine);
}
- } catch (IOException ioe) {
- throw new RuntimeException("Failed to load filters", ioe);
+ filterFileLine = reader.readLine();
}
}
- return hiddenapiFilterSet;
}
- /**
- * Reads DEX method and fields from hiddenapi files.
- *
- * <p>This method is expensive, it typically takes ~10s to run.
- *
- * @return a list of {@link DexMember} objects for the fields and methods in the hiddenapi files
- */
- private static List<DexMember> readDexMembers() {
- final Bundle arguments = InstrumentationRegistry.getArguments();
- final String hiddenapiFilterFile = arguments.getString(HIDDENAPI_FILTER_FILE_ARG);
- final String[] hiddenapiFiles =
- getCommaSeparatedListRequired(arguments, HIDDENAPI_FILES_ARG);
- final Set<String> hiddenapiFilterSet = loadFilters(hiddenapiFilterFile);
- ArrayList<DexMember> dexMembers = new ArrayList<>();
- for (String apiFile : hiddenapiFiles) {
- try {
- VirtualPath.ResourcePath resourcePath =
- VirtualPath.get(HiddenApiTest.class.getClassLoader(), apiFile);
- try (BufferedReader reader =
- new BufferedReader(
- new InputStreamReader(resourcePath.newInputStream()),
- 1024 * 1024)) {
- int lineIndex = 1;
- String line = reader.readLine();
- while (line != null) {
- DexMember dexMember = DexApiDocumentParser.parseLine(line, lineIndex);
- if (!isFiltered(line, hiddenapiFilterSet)) {
- dexMembers.add(dexMember);
- }
- line = reader.readLine();
- lineIndex++;
- }
- }
- } catch (IOException | ParseException e) {
- throw new RuntimeException("Failed to read DEX members", e);
- }
- }
- return dexMembers;
- }
-
- static Supplier<List<DexMember>> getSupplierOfDexMembers() {
- return Suppliers.memoize(() -> readDexMembers())::get;
- }
}
diff --git a/tests/tests/car/OWNERS b/tests/tests/car/OWNERS
index 7260697..fd11abe 100644
--- a/tests/tests/car/OWNERS
+++ b/tests/tests/car/OWNERS
@@ -14,6 +14,7 @@
per-file src/android/car/view/inputmethod/cts/* = kanant@google.com, ycheo@google.com
# Input related CTS files
+per-file src/android/car/cts/CarInputManagerSystemTest.java = kanant@google.com, ycheo@google.com
per-file src/android/car/cts/CarInputTest.java = kanant@google.com, ycheo@google.com
# Display related CTS files
diff --git a/tests/tests/permission3/src/android/permission3/cts/PermissionAttributionTest.kt b/tests/tests/permission3/src/android/permission3/cts/PermissionAttributionTest.kt
index 31e5449..96498b3 100644
--- a/tests/tests/permission3/src/android/permission3/cts/PermissionAttributionTest.kt
+++ b/tests/tests/permission3/src/android/permission3/cts/PermissionAttributionTest.kt
@@ -32,6 +32,7 @@
import org.junit.After
import org.junit.Assert.assertEquals
import org.junit.Assert.assertTrue
+import org.junit.Assume.assumeFalse
import org.junit.Before
import org.junit.Test
import java.util.concurrent.TimeUnit
@@ -76,6 +77,9 @@
@Test
fun testLocationProviderAttributionForMicrophone() {
+ // Currently, Wear does not support the history dashboard
+ assumeFalse(isWatch)
+
enableAppAsLocationProvider()
useMicrophone()
openMicrophoneTimeline()
diff --git a/tools/selinux/Android.bp b/tools/selinux/Android.bp
index 1339557..c3bee29 100644
--- a/tools/selinux/Android.bp
+++ b/tools/selinux/Android.bp
@@ -17,17 +17,6 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-python_library_host {
- name: "SELinuxNeverallowTestFrame",
- srcs: ["SELinuxNeverallowTestFrame.py"],
-}
-
-python_binary_host {
- name: "SELinuxNeverallowTestGen",
- srcs: ["SELinuxNeverallowTestGen.py"],
- libs: ["SELinuxNeverallowTestFrame"],
-}
-
sh_test_host {
name: "seamendc-test",
src: "seamendc-test.sh",
diff --git a/tools/selinux/SELinuxNeverallowTestFrame.py b/tools/selinux/SELinuxNeverallowTestFrame.py
deleted file mode 100644
index ad7557a..0000000
--- a/tools/selinux/SELinuxNeverallowTestFrame.py
+++ /dev/null
@@ -1,176 +0,0 @@
-#!/usr/bin/env python
-
-src_header = """/*
- * Copyright (C) 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-import android.platform.test.annotations.RestrictedBuildTest;
-import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
-import com.android.compatibility.common.util.PropertyUtil;
-import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.testtype.DeviceTestCase;
-import com.android.tradefed.testtype.IBuildReceiver;
-import com.android.tradefed.testtype.IDeviceTest;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-
-/**
- * Neverallow Rules SELinux tests.
- */
-public class SELinuxNeverallowRulesTest extends DeviceTestCase implements IBuildReceiver, IDeviceTest {
- private File sepolicyAnalyze;
- private File devicePolicyFile;
- private File deviceSystemPolicyFile;
-
- private IBuildInfo mBuild;
- private int mVendorSepolicyVersion = -1;
- private int mSystemSepolicyVersion = -1;
-
- /**
- * A reference to the device under test.
- */
- private ITestDevice mDevice;
-
- /**
- * {@inheritDoc}
- */
- @Override
- public void setBuild(IBuildInfo build) {
- mBuild = build;
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public void setDevice(ITestDevice device) {
- super.setDevice(device);
- mDevice = device;
- }
- @Override
- protected void setUp() throws Exception {
- super.setUp();
- CompatibilityBuildHelper buildHelper = new CompatibilityBuildHelper(mBuild);
- sepolicyAnalyze = android.security.cts.SELinuxHostTest.copyResourceToTempFile("/sepolicy-analyze");
- sepolicyAnalyze.setExecutable(true);
-
- devicePolicyFile = android.security.cts.SELinuxHostTest.getDevicePolicyFile(mDevice);
-
- if (isSepolicySplit()) {
- deviceSystemPolicyFile =
- android.security.cts.SELinuxHostTest.getDeviceSystemPolicyFile(mDevice);
-
- // Caching this variable to save time.
- if (mVendorSepolicyVersion == -1) {
- mVendorSepolicyVersion =
- android.security.cts.SELinuxHostTest.getVendorSepolicyVersion(mBuild, mDevice);
- }
- if (mSystemSepolicyVersion == -1) {
- mSystemSepolicyVersion =
- android.security.cts.SELinuxHostTest.getSystemSepolicyVersion(mBuild);
- }
- }
- }
-
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- sepolicyAnalyze.delete();
- }
-
- private boolean isFullTrebleDevice() throws Exception {
- return android.security.cts.SELinuxHostTest.isFullTrebleDevice(mDevice);
- }
-
- private boolean isDeviceLaunchingWithR() throws Exception {
- return PropertyUtil.getFirstApiLevel(mDevice) > 29;
- }
-
- private boolean isDeviceLaunchingWithS() throws Exception {
- return PropertyUtil.getFirstApiLevel(mDevice) > 30;
- }
-
- private boolean isCompatiblePropertyEnforcedDevice() throws Exception {
- return android.security.cts.SELinuxHostTest.isCompatiblePropertyEnforcedDevice(mDevice);
- }
-
- private boolean isSepolicySplit() throws Exception {
- return android.security.cts.SELinuxHostTest.isSepolicySplit(mDevice);
- }
-"""
-src_body = ""
-src_footer = """}
-"""
-
-src_method = """
- @RestrictedBuildTest
- public void testNeverallowRules() throws Exception {
- String neverallowRule = "$NEVERALLOW_RULE_HERE$";
- boolean fullTrebleOnly = $TREBLE_ONLY_BOOL_HERE$;
- boolean launchingWithROnly = $LAUNCHING_WITH_R_ONLY_BOOL_HERE$;
- boolean launchingWithSOnly = $LAUNCHING_WITH_S_ONLY_BOOL_HERE$;
- boolean compatiblePropertyOnly = $COMPATIBLE_PROPERTY_ONLY_BOOL_HERE$;
-
- if ((fullTrebleOnly) && (!isFullTrebleDevice())) {
- // This test applies only to Treble devices but this device isn't one
- return;
- }
- if ((launchingWithROnly) && (!isDeviceLaunchingWithR())) {
- // This test applies only to devices launching with R or later but this device isn't one
- return;
- }
- if ((launchingWithSOnly) && (!isDeviceLaunchingWithS())) {
- // This test applies only to devices launching with S or later but this device isn't one
- return;
- }
- if ((compatiblePropertyOnly) && (!isCompatiblePropertyEnforcedDevice())) {
- // This test applies only to devices on which compatible property is enforced but this
- // device isn't one
- return;
- }
-
- // If sepolicy is split and vendor sepolicy version is behind platform's,
- // only test against platform policy.
- File policyFile =
- (isSepolicySplit() && mVendorSepolicyVersion < mSystemSepolicyVersion) ?
- deviceSystemPolicyFile :
- devicePolicyFile;
-
- /* run sepolicy-analyze neverallow check on policy file using given neverallow rules */
- ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
- policyFile.getAbsolutePath(), "neverallow", "-n",
- neverallowRule);
- pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
- pb.redirectErrorStream(true);
- Process p = pb.start();
- BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
- String line;
- StringBuilder errorString = new StringBuilder();
- while ((line = result.readLine()) != null) {
- errorString.append(line);
- errorString.append("\\n");
- }
- p.waitFor();
- assertTrue("The following errors were encountered when validating the SELinux"
- + "neverallow rule:\\n" + neverallowRule + "\\n" + errorString,
- errorString.length() == 0);
- }
-"""
diff --git a/tools/selinux/SELinuxNeverallowTestGen.py b/tools/selinux/SELinuxNeverallowTestGen.py
deleted file mode 100755
index 78b0631..0000000
--- a/tools/selinux/SELinuxNeverallowTestGen.py
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/usr/bin/env python
-
-import copy
-import re
-import sys
-import SELinuxNeverallowTestFrame
-
-usage = "Usage: ./SELinuxNeverallowTestGen.py <input policy file> <output cts java source>"
-
-
-class NeverallowRule:
- statement = ''
- depths = None
-
- def __init__(self, statement, depths):
- self.statement = statement
- self.depths = copy.deepcopy(depths)
-
-# full-Treble only tests are inside sections delimited by BEGIN_{section} and
-# END_{section} comments.
-sections = [
- "TREBLE_ONLY",
- "COMPATIBLE_PROPERTY_ONLY",
- "LAUNCHING_WITH_R_ONLY",
- "LAUNCHING_WITH_S_ONLY",
-]
-
-# extract_neverallow_rules - takes an intermediate policy file and pulls out the
-# neverallow rules by taking all of the non-commented text between the 'neverallow'
-# keyword and a terminating ';'
-# returns: a list of rules
-def extract_neverallow_rules(policy_file):
- with open(policy_file, 'r') as in_file:
- policy_str = in_file.read()
-
- # uncomment section delimiter lines
- section_headers = '|'.join(['BEGIN_%s|END_%s' % (s, s) for s in sections])
- remaining = re.sub(
- r'^\s*#\s*(' + section_headers + ')',
- r'\1',
- policy_str,
- flags = re.M)
- # remove comments
- remaining = re.sub(r'#.+?$', r'', remaining, flags = re.M)
- # match neverallow rules
- lines = re.findall(
- r'^\s*(neverallow\s.+?;|' + section_headers + ')',
- remaining,
- flags = re.M |re.S)
-
- # extract neverallow rules from the remaining lines
- rules = list()
- depths = dict()
- for section in sections:
- depths[section] = 0
- for line in lines:
- is_header = False
- for section in sections:
- if line.startswith("BEGIN_%s" % section):
- depths[section] += 1
- is_header = True
- break
- elif line.startswith("END_%s" % section):
- if depths[section] < 1:
- exit("ERROR: END_%s outside of %s section" % (section, section))
- depths[section] -= 1
- is_header = True
- break
- if not is_header:
- rule = NeverallowRule(line, depths)
- rules.append(rule)
-
- for section in sections:
- if depths[section] != 0:
- exit("ERROR: end of input while inside %s section" % section)
-
- return rules
-
-# neverallow_rule_to_test - takes a neverallow statement and transforms it into
-# the output necessary to form a cts unit test in a java source file.
-# returns: a string representing a generic test method based on this rule.
-def neverallow_rule_to_test(rule, test_num):
- squashed_neverallow = rule.statement.replace("\n", " ")
- method = SELinuxNeverallowTestFrame.src_method
- method = method.replace("testNeverallowRules()",
- "testNeverallowRules" + str(test_num) + "()")
- method = method.replace("$NEVERALLOW_RULE_HERE$", squashed_neverallow)
- for section in sections:
- method = method.replace(
- "$%s_BOOL_HERE$" % section,
- "true" if rule.depths[section] else "false")
- return method
-
-if __name__ == "__main__":
- # check usage
- if len(sys.argv) != 3:
- print (usage)
- exit(1)
- input_file = sys.argv[1]
- output_file = sys.argv[2]
-
- src_header = SELinuxNeverallowTestFrame.src_header
- src_body = SELinuxNeverallowTestFrame.src_body
- src_footer = SELinuxNeverallowTestFrame.src_footer
-
- # grab the neverallow rules from the policy file and transform into tests
- neverallow_rules = extract_neverallow_rules(input_file)
- i = 0
- for rule in neverallow_rules:
- src_body += neverallow_rule_to_test(rule, i)
- i += 1
-
- with open(output_file, 'w') as out_file:
- out_file.write(src_header)
- out_file.write(src_body)
- out_file.write(src_footer)
