src/chromiumos/tast/local/bundles/cros/security/selinux_files_non_arc.go - chromiumos/platform/tast-tests - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package security

 import (
 	"context"

 	"chromiumos/tast/local/bundles/cros/security/selinux"
 	"chromiumos/tast/local/chrome"
 	"chromiumos/tast/testing"
 )

 func init() {
 	testing.AddTest(&testing.Test{
 		Func:         SELinuxFilesNonARC,
 		Desc:         "Checks SELinux labels on Chrome-specific files on devices that don't support ARC",
 		Contacts:     []string{"fqj@chromium.org", "jorgelo@chromium.org", "chromeos-security@google.com"},
 		Attr:         []string{"group:mainline", "informational"},
 		SoftwareDeps: []string{"chrome", "selinux", "no_android"},
 	})
 }

 func SELinuxFilesNonARC(ctx context.Context, s *testing.State) {
 	cr, err := chrome.New(ctx)
 	defer cr.Close(ctx)
 	if err != nil {
 		s.Fatal("Failed to start Chrome: ", err)
 	}
 	for _, testArg := range []struct {
 		path      string // absolute file path
 		context   string // expected SELinux file context
 		recursive bool
 		filter    selinux.FileLabelCheckFilter
 	}{
 		{path: "/opt/google/chrome/chrome", context: "chrome_browser_exec"},
 		{path: "/run/chrome/wayland-0", context: "wayland_socket"},
 		{path: "/run/session_manager", context: "cros_run_session_manager", recursive: true},
 		{path: "/var/log/chrome", context: "cros_var_log_chrome", recursive: true},
 	} {
 		filter := testArg.filter
 		if filter == nil {
 			filter = selinux.CheckAll
 		}
 		expected, err := selinux.FileContextRegexp(testArg.context)
 		if err != nil {
 			s.Errorf("Failed to compile expected context %q: %v", testArg.context, err)
 			continue
 		}
 		selinux.CheckContext(ctx, s, &selinux.CheckContextReq{
 			Path:         testArg.path,
 			Expected:     expected,
 			Recursive:    testArg.recursive,
 			Filter:       filter,
 			IgnoreErrors: false,
 			Log:          false,
 		})
 	}
 	selinux.CheckHomeDirectory(ctx, s)
 }
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package security

	import (
	"context"

	"chromiumos/tast/local/bundles/cros/security/selinux"
	"chromiumos/tast/local/chrome"
	"chromiumos/tast/testing"
	)

	func init() {
	testing.AddTest(&testing.Test{
	Func: SELinuxFilesNonARC,
	Desc: "Checks SELinux labels on Chrome-specific files on devices that don't support ARC",
	Contacts: []string{"fqj@chromium.org", "jorgelo@chromium.org", "chromeos-security@google.com"},
	Attr: []string{"group:mainline", "informational"},
	SoftwareDeps: []string{"chrome", "selinux", "no_android"},
	})
	}

	func SELinuxFilesNonARC(ctx context.Context, s *testing.State) {
	cr, err := chrome.New(ctx)
	defer cr.Close(ctx)
	if err != nil {
	s.Fatal("Failed to start Chrome: ", err)
	}
	for _, testArg := range []struct {
	path string // absolute file path
	context string // expected SELinux file context
	recursive bool
	filter selinux.FileLabelCheckFilter
	}{
	{path: "/opt/google/chrome/chrome", context: "chrome_browser_exec"},
	{path: "/run/chrome/wayland-0", context: "wayland_socket"},
	{path: "/run/session_manager", context: "cros_run_session_manager", recursive: true},
	{path: "/var/log/chrome", context: "cros_var_log_chrome", recursive: true},
	} {
	filter := testArg.filter
	if filter == nil {
	filter = selinux.CheckAll
	}
	expected, err := selinux.FileContextRegexp(testArg.context)
	if err != nil {
	s.Errorf("Failed to compile expected context %q: %v", testArg.context, err)
	continue
	}
	selinux.CheckContext(ctx, s, &selinux.CheckContextReq{
	Path: testArg.path,
	Expected: expected,
	Recursive: testArg.recursive,
	Filter: filter,
	IgnoreErrors: false,
	Log: false,
	})
	}
	selinux.CheckHomeDirectory(ctx, s)
	}