Allow access check to fail to deny when selinux is not being enforced (1c6f4551) · Commits · e / os / android_frameworks_native

libs/binder/ndk/tests/Android.bp

+4 −3

Original line number	Diff line number	Diff line
		@@ -33,12 +33,12 @@ cc_defaults {
		},
		cflags: [
		"-O0",
		"-g",
		"-Wall",
		"-Werror",
		"-Wextra",
		"-Wextra-semi",
		"-Werror",
		"-Winconsistent-missing-override",
		"-g",
		],
		}

		@@ -60,6 +60,7 @@ cc_defaults {
		"libbase",
		"libbinder",
		"libbinder_ndk",
		"libselinux",
		"libutils",
		],
		static_libs: [
		@@ -97,8 +98,8 @@ cc_test_host {
		},
		static_libs: [
		"libbase",
		"libbinder_ndk",
		"libbinder",
		"libbinder_ndk",
		"libcutils",
		"libfakeservicemanager",
		"libgmock",

+5 −3

Original line number	Diff line number	Diff line
		@@ -25,6 +25,7 @@
		#include <android/binder_process.h>
		#include <gtest/gtest.h>
		#include <iface/iface.h>
		#include <selinux/selinux.h>
		#include <utils/Looper.h>

		// warning: this is assuming that libbinder_ndk is using the same copy
		@@ -1098,7 +1099,8 @@ TEST(NdkBinder, CheckServiceAccessOk) {
		}

		TEST(NdkBinder, CheckServiceAccessNotOk) {
		EXPECT_FALSE(AServiceManager_checkServiceAccess(
		bool is_enforcing = security_getenforce() == 1;
		EXPECT_NE(is_enforcing, AServiceManager_checkServiceAccess(
		"u:r:some_unknown_sid:s0", 0, 0, "adb",
		AServiceManager_PermissionType::CHECK_ACCESS_PERMISSION_FIND));
		}