python/audit2allow: use local sepolgen-ifgen-attr-helper for tests

Introduce option --attr-helper to sepolgen-ifgen to make it possible to
override /usr/bin/sepolgen-ifgen-attr-helper and use it in the testuite
in order to test the helper which has been compiled from the project
instead of the one installed on the system.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-01-05 20:37:57 +01:00 committed by Petr Lautrbach
parent 4ac069a3ee
commit e1f2db5887
2 changed files with 9 additions and 4 deletions

View File

@ -56,6 +56,8 @@ def parse_options():
help="print debuging output")
parser.add_option("-d", "--debug", action="store_true", default=False,
help="extra debugging output")
parser.add_option("--attr-helper", default=ATTR_HELPER,
help="path to sepolgen-ifgen-attr-helper")
parser.add_option("--no_attrs", action="store_true", default=False,
help="do not retrieve attribute access from kernel policy")
options, args = parser.parse_args()
@ -77,7 +79,7 @@ def get_policy():
return None
def get_attrs(policy_path):
def get_attrs(policy_path, attr_helper):
try:
if not policy_path:
policy_path = get_policy()
@ -93,7 +95,7 @@ def get_attrs(policy_path):
return None
fd = open("/dev/null", "w")
ret = subprocess.Popen([ATTR_HELPER, policy_path, outfile.name], stdout=fd).wait()
ret = subprocess.Popen([attr_helper, policy_path, outfile.name], stdout=fd).wait()
fd.close()
if ret != 0:
sys.stderr.write("could not run attribute helper\n")
@ -127,7 +129,7 @@ def main():
# Get the attibutes from the binary
attrs = None
if not options.no_attrs:
attrs = get_attrs(options.policy_path)
attrs = get_attrs(options.policy_path, options.attr_helper)
if attrs is None:
return 1

View File

@ -28,7 +28,10 @@ class Audit2allowTests(unittest.TestCase):
"Verify sepolgen-ifgen works"
temp_directory = mkdtemp(suffix='audit2allow_test')
output_file = os.path.join(temp_directory, 'interface_info')
p = Popen([sys.executable, './sepolgen-ifgen', '-p', 'test_dummy_policy', '-o', output_file], stdout=PIPE)
p = Popen([
sys.executable, './sepolgen-ifgen', '-p', 'test_dummy_policy', '-o', output_file,
'--attr-helper', './sepolgen-ifgen-attr-helper'
], stdout=PIPE)
out, err = p.communicate()
if err:
print(out, err)