SELinuxNeverallowRulesTest - flymobile/CTS GitHub Wiki

##CASE01

android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules107

Fail信息

-- testNeverallowRules107 fail junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule: neverallow system_server sdcard_type:file { { getattr open read ioctl lock } { open append write } };

解决方法：

路径：baseline/device/xxxxx/common/sepolicy/system_server.te baseline/external/sepolicy/system_server.te

撤回提交记录：

git revert 。。。。。

##CASE02

android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules164

Fail信息

android.cts.security.SELinuxNeverallowRulesTest -- testNeverallowRules164 fail junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule: neverallow system_server sdcard_type:file { { getattr open read ioctl lock } { open append write } };

解决方法：

修改：baseline/device/xxxxx/common/sepolicy/system_server.te

修改记录：-allow system_server vfat:file read;

+#allow system_server vfat:file read;

+neverallow system_server sdcard_type:file rw_file_perms;