diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2017-04-14 16:50:27 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2017-04-14 16:50:28 +0000 |
commit | a2cd8ac5d01f6701d647e12ceae22cf3a4381c5d (patch) | |
tree | 3bf326c69dc0a05aeca760307195408225671430 | |
parent | 4563860fa56519fd5e97bdd31ac9d0ee64a6a32d (diff) | |
parent | 77dcee687d44b46fba63ed83ce20aee18a2aaf93 (diff) | |
download | kernel-a2cd8ac5d01f6701d647e12ceae22cf3a4381c5d.tar.gz |
Merge "Add tests for kernel selinux file api." into oc-dev
-rw-r--r-- | api/selinux/Android.mk | 25 | ||||
-rw-r--r-- | api/selinux/AndroidTest.xml | 26 | ||||
-rw-r--r-- | api/selinux/KernelSelinuxFileTestBase.py | 60 | ||||
-rw-r--r-- | api/selinux/SelinuxCheckReqProtTest.py | 42 | ||||
-rw-r--r-- | api/selinux/SelinuxNullTest.py | 31 | ||||
-rw-r--r-- | api/selinux/SelinuxPolicyTest.py | 27 | ||||
-rw-r--r-- | api/selinux/VtsKernelSelinuxFileApiTest.py | 81 | ||||
-rw-r--r-- | api/selinux/__init__.py | 0 |
8 files changed, 292 insertions, 0 deletions
diff --git a/api/selinux/Android.mk b/api/selinux/Android.mk new file mode 100644 index 00000000..244af93d --- /dev/null +++ b/api/selinux/Android.mk @@ -0,0 +1,25 @@ +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +LOCAL_PATH := $(call my-dir) + +include $(call all-subdir-makefiles) + +include $(CLEAR_VARS) + +LOCAL_MODULE := VtsKernelSelinuxFileApi +VTS_CONFIG_SRC_DIR := testcases/kernel/api/selinux +include test/vts/tools/build/Android.host_config.mk diff --git a/api/selinux/AndroidTest.xml b/api/selinux/AndroidTest.xml new file mode 100644 index 00000000..1e4e018c --- /dev/null +++ b/api/selinux/AndroidTest.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration description="Config for VTS KernelSelinuxFileApiTest test cases"> + <target_preparer class="com.android.compatibility.common.tradefed.targetprep.VtsFilePusher"> + <option name="push-group" value="HostDrivenTest.push" /> + </target_preparer> + <target_preparer class="com.android.tradefed.targetprep.VtsPythonVirtualenvPreparer"> + </target_preparer> + <test class="com.android.tradefed.testtype.VtsMultiDeviceTest"> + <option name="test-module-name" value="VtsKernelSelinuxFileApi" /> + <option name="test-case-path" value="vts/testcases/kernel/api/selinux/VtsKernelSelinuxFileApiTest" /> + </test> +</configuration> diff --git a/api/selinux/KernelSelinuxFileTestBase.py b/api/selinux/KernelSelinuxFileTestBase.py new file mode 100644 index 00000000..d48e0075 --- /dev/null +++ b/api/selinux/KernelSelinuxFileTestBase.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from abc import ABCMeta +from abc import abstractmethod + +from vts.utils.python.file import file_utils + +class KernelSelinuxFileTestBase(object): + """Abstract test for the formatting of a selinux file. + + Individual files can inherit from this class and define the correct path, + file content, and permissions. + """ + __metaclass__ = ABCMeta + + @abstractmethod + def get_path(self): + """Return the full path of this selinux file.""" + pass + + def result_correct(self, file_contents): + """Return True if the file contents are correct. + + Subclasses define the requirements for the selinux file and validate + that the contents of a file are correct. + + Args: + file_contents: String, the contents of an selinux file + + Returns: + True if the contents are correct, False otherwise. + """ + return True + + def get_permission_checker(self): + """Gets the function handle to use for validating file permissions. + + Return the function that will check if the permissions are correct. + By default, return the IsReadOnly function from file_utils. + + Returns: + function which takes one argument (the unix file permission bits + in octal format) and returns True if the permissions are correct, + False otherwise. + """ + return file_utils.IsReadOnly diff --git a/api/selinux/SelinuxCheckReqProtTest.py b/api/selinux/SelinuxCheckReqProtTest.py new file mode 100644 index 00000000..5d091a53 --- /dev/null +++ b/api/selinux/SelinuxCheckReqProtTest.py @@ -0,0 +1,42 @@ +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from vts.testcases.kernel.api.selinux import KernelSelinuxFileTestBase +from vts.utils.python.file import file_utils + + +class SelinuxCheckReqProt(KernelSelinuxFileTestBase.KernelSelinuxFileTestBase): + """Validate /sys/fs/selinux/checkreqprot content and permissions. + + The contents are binary 0/1 and the file should be read/write. + """ + + def get_path(self): + return "/sys/fs/selinux/checkreqprot" + + def result_correct(self, file_content): + """Return True if the file contents are simply 0/1. + + Args: + file_contents: String, the contents of the checkreqprot file + + Returns: + True if the contents are 0/1, False otherwise. + """ + return file_content == "0" or file_content == "1" + + def get_permission_checker(self): + """Gets the function handle to validate r/w file permissions.""" + return file_utils.IsReadWrite diff --git a/api/selinux/SelinuxNullTest.py b/api/selinux/SelinuxNullTest.py new file mode 100644 index 00000000..611e492f --- /dev/null +++ b/api/selinux/SelinuxNullTest.py @@ -0,0 +1,31 @@ +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from vts.testcases.kernel.api.selinux import KernelSelinuxFileTestBase +from vts.utils.python.file import file_utils + + +class SelinuxNull(KernelSelinuxFileTestBase.KernelSelinuxFileTestBase): + """Validate /sys/fs/selinux/null permissions. + + The file should be read/write; there are no tests for content format. + """ + + def get_path(self): + return "/sys/fs/selinux/null" + + def get_permission_checker(self): + """Gets the function handle to validate r/w file permissions.""" + return file_utils.IsReadWrite diff --git a/api/selinux/SelinuxPolicyTest.py b/api/selinux/SelinuxPolicyTest.py new file mode 100644 index 00000000..9c793362 --- /dev/null +++ b/api/selinux/SelinuxPolicyTest.py @@ -0,0 +1,27 @@ +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from vts.testcases.kernel.api.selinux import KernelSelinuxFileTestBase +from vts.utils.python.file import file_utils + + +class SelinuxPolicy(KernelSelinuxFileTestBase.KernelSelinuxFileTestBase): + """Validate /sys/fs/selinux/policy permissions. + + The file permission should be read-only. No content testing at this time. + """ + + def get_path(self): + return "/sys/fs/selinux/policy" diff --git a/api/selinux/VtsKernelSelinuxFileApiTest.py b/api/selinux/VtsKernelSelinuxFileApiTest.py new file mode 100644 index 00000000..d35e33b3 --- /dev/null +++ b/api/selinux/VtsKernelSelinuxFileApiTest.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python +# +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import logging + +from vts.runners.host import asserts +from vts.runners.host import base_test +from vts.runners.host import const +from vts.runners.host import test_runner +from vts.testcases.kernel.api.selinux import SelinuxCheckReqProtTest +from vts.testcases.kernel.api.selinux import SelinuxPolicyTest +from vts.testcases.kernel.api.selinux import SelinuxNullTest +from vts.utils.python.controllers import android_device +from vts.utils.python.file import file_utils + +TEST_OBJECTS = { + SelinuxCheckReqProtTest.SelinuxCheckReqProt(), + SelinuxPolicyTest.SelinuxPolicy(), + SelinuxNullTest.SelinuxNull() +} + +class VtsKernelSelinuxFileApiTest(base_test.BaseTestClass): + """Test cases which check content of selinuxfs files. + """ + + def setUpClass(self): + self.dut = self.registerController(android_device)[0] + self.dut.shell.InvokeTerminal( + "KernelSelinuxFileApiTest") # creates a remote shell instance. + self.shell = self.dut.shell.KernelSelinuxFileApiTest + + def runSelinuxFileTest(self, test_object): + """Reads the file and checks that its content and permissions are valid. + + Args: + test_object: inherits KernelSelinuxFileTestBase, contains the test functions + """ + logging.info("Testing existence of %s" % (test_object.get_path())) + + asserts.assertTrue( + file_utils.Exists(test_object.get_path(), self.shell), + "%s: File does not exist." % test_object.get_path()) + + logging.info("Testing permissions of %s" % (test_object.get_path())) + try: + permissions = file_utils.GetPermission( + test_object.get_path(), self.shell) + asserts.assertTrue(test_object.get_permission_checker()(permissions), + "%s: File has invalid permissions (%s)" % + (test_object.get_path(), permissions)) + except (ValueError, IOError) as e: + asserts.fail("Failed to assert permissions: %s" % str(e)) + + logging.info("Testing format of %s" % (test_object.get_path())) + file_content = file_utils.ReadFileContent( + test_object.get_path(), self.shell) + asserts.assertTrue( + test_object.result_correct(file_content), "Results not valid!") + + def generateProcFileTests(self): + """Run all selinux file tests.""" + self.runGeneratedTests(test_func=self.runSelinuxFileTest, + settings=TEST_OBJECTS, + name_func=lambda test_obj: "test" + test_obj.__class__.__name__) + +if __name__ == "__main__": + test_runner.main() diff --git a/api/selinux/__init__.py b/api/selinux/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/api/selinux/__init__.py |