From b825faeed78dec677223b8969626b6563ee7aaca Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Mon, 2 Oct 2017 10:20:29 -0700 Subject: CtsLogdTestCases#sepolicy_rate_limiter failure Cts tests can run in appdomain, which have access to /data/backup/ which leads to zero injection of sepolicy signal to check the logd and kernel rate limiter. Switch to /data/drm/ as a better choice to inject a sepolicy denial either due to dac_override or dac_read_search because owned by the drm uid and gid, or due to create sepolicy denial to u:object_r:drm_data_file:s0 to all but select services. Test: gTest Bug: 65843095 Change-Id: I2d72b1407a930c270636a206066d2d15fdec2f77 --- logd/tests/logd_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'logd') diff --git a/logd/tests/logd_test.cpp b/logd/tests/logd_test.cpp index 8ee5ea10d..9e1541b8a 100644 --- a/logd/tests/logd_test.cpp +++ b/logd/tests/logd_test.cpp @@ -1099,7 +1099,7 @@ static pid_t sepolicy_rate(unsigned rate, unsigned num) { // and dac_read_search on every try to get past the message // de-duper. We will also rotate the file name in the directory // as another measure. - static const char file[] = "/data/backup/cannot_access_directory_%u"; + static const char file[] = "/data/drm/cannot_access_directory_%u"; static const unsigned avc_requests_per_access = 2; rate /= avc_requests_per_access; -- cgit v1.2.3