diff options
author | Kalesh Singh <kaleshsingh@google.com> | 2021-11-03 23:45:36 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2021-11-03 23:45:36 +0000 |
commit | 5cdcabd061c46674fd12beb0900e817373955d86 (patch) | |
tree | 80cc90acae31bf7b3594c0d2b780f48baee1a4e9 | |
parent | 5f8975a1af40ccb2bce964a4c2b1d105364d3aa2 (diff) | |
parent | 0e4742c7d20a7244caab5033655cb4495d39d50c (diff) | |
download | interfaces-5cdcabd061c46674fd12beb0900e817373955d86.tar.gz |
Merge "suspend/sepolicy: Check device wakeup nodes are labeled"
-rw-r--r-- | suspend/1.0/default/Android.bp | 10 | ||||
-rwxr-xr-x | suspend/1.0/default/SuspendSepolicyTests.sh | 98 | ||||
-rw-r--r-- | suspend/1.0/default/suspend-sepolicy-tests.xml | 25 | ||||
-rw-r--r-- | suspend/TEST_MAPPING | 3 |
4 files changed, 136 insertions, 0 deletions
diff --git a/suspend/1.0/default/Android.bp b/suspend/1.0/default/Android.bp index fcb9053..06e2f1d 100644 --- a/suspend/1.0/default/Android.bp +++ b/suspend/1.0/default/Android.bp @@ -115,6 +115,16 @@ cc_test { require_root: true, } +sh_test { + name: "SuspendSepolicyTests", + src: "SuspendSepolicyTests.sh", + test_suites: [ + "device-tests", + "vts", + ], + test_config: "suspend-sepolicy-tests.xml", +} + cc_benchmark { name: "SystemSuspendBenchmark", defaults: [ diff --git a/suspend/1.0/default/SuspendSepolicyTests.sh b/suspend/1.0/default/SuspendSepolicyTests.sh new file mode 100755 index 0000000..5ef27b7 --- /dev/null +++ b/suspend/1.0/default/SuspendSepolicyTests.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# Copyright (C) 2021 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Check that sysfs wakeup nodes are correctly labeled by the +# device's sepolicy. + +wakeup_attr="u:object_r:sysfs_wakeup:s0" +wakeup_paths=() +unlabeled_paths=() + +get_wakeup_paths() { + adb shell 'paths=() + wakeup_dir=/sys/class/wakeup + cd $wakeup_dir + for file in $wakeup_dir/*; do + paths+=( $(realpath $file) ) + done + echo "${paths[@]}"' +} + +has_wakeup_attr() { #path + adb shell ls -dZ "$1" | grep -q "$wakeup_attr" + return $? +} + +check_wakeup_dup() { # wakeup_path + ret=1 + for path in "${unlabeled_paths[@]}"; do + if [ "$path" == "$1" ]; then + ret=0 + break + fi + done + return $ret +} + +get_unlabeled_wakeup_paths() { + for path in ${wakeup_paths[@]}; do + # If there exists a common wakeup parent directory, label that instead + # of each wakeupN directory + wakeup_path="$path" + dir_path="$(dirname $path)" + [ "$(basename $dir_path)" == "wakeup" ] && wakeup_path="$dir_path" + has_wakeup_attr "$wakeup_path" || check_wakeup_dup $wakeup_path \ + || unlabeled_paths+=( $wakeup_path ) + done +} + +print_missing_labels() { + nr_unlabeled="${#unlabeled_paths[@]}" + + [ "$nr_unlabeled" == "0" ] && return 1 + + echo "" + echo "Unlabeled wakeup nodes found, your device is likely missing" + echo "device/oem specific selinux genfscon rules for suspend." + echo "" + echo "Please review and add the following generated rules to the" + echo "device specific genfs_contexts:" + echo "" + + for path in ${unlabeled_paths[@]}; do + echo "genfscon sysfs ${path#/sys/} $wakeup_attr" + done + + echo "" + + return 0 +} + +fail() { #msg + echo $1 + exit 1 +} + +pass() { #msg + echo $1 + exit 0 +} + +# Test unlabeled sysfs_wakeup nodes +wakeup_paths+=( $(get_wakeup_paths) ) +get_unlabeled_wakeup_paths +print_missing_labels && fail "Missing sysfs_wakeup labels" \ + || pass "No missing sysfs_wakeup labels" diff --git a/suspend/1.0/default/suspend-sepolicy-tests.xml b/suspend/1.0/default/suspend-sepolicy-tests.xml new file mode 100644 index 0000000..b97ca0d --- /dev/null +++ b/suspend/1.0/default/suspend-sepolicy-tests.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2021 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration description="Runs SuspendSepolicyTests"> + <!-- This test requires root for reading sysfs files --> + <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer" /> + <test class="com.android.tradefed.testtype.binary.ExecutableHostTest" > + <option name="binary" value="SuspendSepolicyTests" /> + <!-- This test requires a device, so it's not annotated with a null-device --> + <option name="per-binary-timeout" value="2m" /> + </test> +</configuration> diff --git a/suspend/TEST_MAPPING b/suspend/TEST_MAPPING index a059d3b..46c8dd3 100644 --- a/suspend/TEST_MAPPING +++ b/suspend/TEST_MAPPING @@ -5,6 +5,9 @@ }, { "name": "SystemSuspendV1_0AidlTest" + }, + { + "name": "SuspendSepolicyTests" } ] } |