SELinuxHostTest: Switch to file_contexts.bin.
Update SELinuxHostTest to switch from validating
file_contexts to validating file_contexts.bin. Use
checkfc -c to compare the device file_contexts.bin
with the AOSP general_file_contexts.bin.
Depends on I2fff2f8cf87690a76219ddf4cf38939650f34782.
Change-Id: Ibc48cc5f3c3b0ed54e93f13e5c83fe190ba6a40d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/hostsidetests/security/Android.mk b/hostsidetests/security/Android.mk
index 3e35e45..ad708ca 100644
--- a/hostsidetests/security/Android.mk
+++ b/hostsidetests/security/Android.mk
@@ -33,7 +33,7 @@
selinux_general_seapp_neverallows := $(call intermediates-dir-for,ETC,general_seapp_neverallows)/general_seapp_neverallows
-selinux_general_file_contexts := $(call intermediates-dir-for,ETC,general_file_contexts)/general_file_contexts
+selinux_general_file_contexts := $(call intermediates-dir-for,ETC,general_file_contexts.bin)/general_file_contexts.bin
selinux_general_property_contexts := $(call intermediates-dir-for,ETC,general_property_contexts)/general_property_contexts
diff --git a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
index da9f501..4c8878b 100644
--- a/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
+++ b/hostsidetests/security/src/android/cts/security/SELinuxHostTest.java
@@ -116,10 +116,10 @@
mDevice.executeAdbCommand("pull", "/seapp_contexts",
deviceSeappFile.getAbsolutePath());
- /* obtain file_contexts file from running device */
- deviceFcFile = File.createTempFile("file_contexts", ".tmp");
+ /* obtain file_contexts.bin file from running device */
+ deviceFcFile = File.createTempFile("file_contexts", ".bin");
deviceFcFile.deleteOnExit();
- mDevice.executeAdbCommand("pull", "/file_contexts",
+ mDevice.executeAdbCommand("pull", "/file_contexts.bin",
deviceFcFile.getAbsolutePath());
/* obtain property_contexts file from running device */
@@ -136,7 +136,7 @@
/* retrieve the AOSP *_contexts files from jar */
aospSeappFile = copyResourceToTempFile("/general_seapp_contexts");
- aospFcFile = copyResourceToTempFile("/general_file_contexts");
+ aospFcFile = copyResourceToTempFile("/general_file_contexts.bin");
aospPcFile = copyResourceToTempFile("/general_property_contexts");
aospSvcFile = copyResourceToTempFile("/general_service_contexts");
seappNeverAllowFile = copyResourceToTempFile("/general_seapp_neverallows");
@@ -262,13 +262,25 @@
}
/**
- * Tests that the file_contexts file on the device contains
+ * Tests that the file_contexts.bin file on the device contains
* the standard AOSP entries.
*
* @throws Exception
*/
public void testAospFileContexts() throws Exception {
- assertFileStartsWith(aospFcFile, deviceFcFile);
+ /* run checkfc -c general_file_contexts.bin file_contexts.bin */
+ ProcessBuilder pb = new ProcessBuilder(checkFc.getAbsolutePath(),
+ "-c", aospFcFile.getAbsolutePath(),
+ deviceFcFile.getAbsolutePath());
+ pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
+ pb.redirectErrorStream(true);
+ Process p = pb.start();
+ p.waitFor();
+ BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
+ String line = result.readLine();
+ assertTrue("The file_contexts.bin file did not include the AOSP entries:\n"
+ + line + "\n",
+ line.equals("equal") || line.equals("subset"));
}
/**
@@ -292,13 +304,13 @@
}
/**
- * Tests that the file_contexts file on the device is valid.
+ * Tests that the file_contexts.bin file on the device is valid.
*
* @throws Exception
*/
public void testValidFileContexts() throws Exception {
- /* run checkfc on file_contexts */
+ /* run checkfc sepolicy file_contexts.bin */
ProcessBuilder pb = new ProcessBuilder(checkFc.getAbsolutePath(),
devicePolicyFile.getAbsolutePath(),
deviceFcFile.getAbsolutePath());
@@ -313,7 +325,7 @@
errorString.append(line);
errorString.append("\n");
}
- assertTrue("The file_contexts file was invalid:\n"
+ assertTrue("The file_contexts.bin file was invalid:\n"
+ errorString, errorString.length() == 0);
}
