1#!/usr/bin/env python
2
3src_header = """/*
4 * Copyright (C) 2014 The Android Open Source Project
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 *      http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19package android.cts.security;
20
21import com.android.cts.tradefed.build.CtsBuildHelper;
22import com.android.tradefed.build.IBuildInfo;
23import com.android.tradefed.device.ITestDevice;
24import com.android.tradefed.testtype.DeviceTestCase;
25import com.android.tradefed.testtype.IBuildReceiver;
26
27import java.io.BufferedReader;
28import java.io.File;
29import java.io.IOException;
30import java.io.InputStream;
31import java.io.InputStreamReader;
32import java.io.FileOutputStream;
33import java.lang.String;
34import java.net.URL;
35import java.util.Scanner;
36
37/**
38 * Neverallow Rules SELinux tests.
39 */
40public class SELinuxNeverallowRulesTest extends DeviceTestCase {
41    private File sepolicyAnalyze;
42    private File devicePolicyFile;
43
44    /**
45     * A reference to the device under test.
46     */
47    private ITestDevice mDevice;
48
49    private File copyResourceToTempFile(String resName) throws IOException {
50        InputStream is = this.getClass().getResourceAsStream(resName);
51        File tempFile = File.createTempFile("SELinuxHostTest", ".tmp");
52        FileOutputStream os = new FileOutputStream(tempFile);
53        int rByte = 0;
54        while ((rByte = is.read()) != -1) {
55            os.write(rByte);
56        }
57        os.flush();
58        os.close();
59        tempFile.deleteOnExit();
60        return tempFile;
61    }
62
63    @Override
64    protected void setUp() throws Exception {
65        super.setUp();
66        mDevice = getDevice();
67
68        /* retrieve the sepolicy-analyze executable from jar */
69        sepolicyAnalyze = copyResourceToTempFile("/sepolicy-analyze");
70        sepolicyAnalyze.setExecutable(true);
71
72        /* obtain sepolicy file from running device */
73        devicePolicyFile = File.createTempFile("sepolicy", ".tmp");
74        devicePolicyFile.deleteOnExit();
75        mDevice.pullFile("/sys/fs/selinux/policy", devicePolicyFile);
76    }
77"""
78src_body = ""
79src_footer = """}
80"""
81
82src_method = """
83    public void testNeverallowRules() throws Exception {
84        String neverallowRule = "$NEVERALLOW_RULE_HERE$";
85
86        /* run sepolicy-analyze neverallow check on policy file using given neverallow rules */
87        ProcessBuilder pb = new ProcessBuilder(sepolicyAnalyze.getAbsolutePath(),
88                devicePolicyFile.getAbsolutePath(), "neverallow", "-n",
89                neverallowRule);
90        pb.redirectOutput(ProcessBuilder.Redirect.PIPE);
91        pb.redirectErrorStream(true);
92        Process p = pb.start();
93        p.waitFor();
94        BufferedReader result = new BufferedReader(new InputStreamReader(p.getInputStream()));
95        String line;
96        StringBuilder errorString = new StringBuilder();
97        while ((line = result.readLine()) != null) {
98            errorString.append(line);
99            errorString.append("\\n");
100        }
101        assertTrue("The following errors were encountered when validating the SELinux"
102                   + "neverallow rule:\\n" + neverallowRule + "\\n" + errorString,
103                   errorString.length() == 0);
104    }
105"""
106