Issue 28759: access to mkfifo, mknod and hard links is controled by SELinux MAC on Android (original) (raw)

Created on 2016-11-21 08:12 by xdegaye, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
android_not_root.patch xdegaye,2016-11-21 08:12 review
without_android_not_root.patch xdegaye,2017-01-08 21:03 review
issue28759-01.patch xdegaye,2017-01-09 19:33 review
Pull Requests
URL Status Linked Edit
PR 4350 merged xdegaye,2017-11-09 16:46
PR 4380 merged xdegaye,2017-11-12 16:46
Messages (13)
msg281329 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2016-11-21 08:12
List of the tests that fail with PermissionError when run as a non-root user on an Android emulator (API 24) and fixed by this patch: test_posix test_shutil test_stat test_genericpath test_ntpath test_posixpath test_macpath test_eintr test_pathlib Android uses SELinux mandatory access control (MAC), see: https://source.android.com/security/selinux/ Android commit message that does not grant hard link capabilities by default: https://android.googlesource.com/platform/external/sepolicy/+/85ce2c7
msg283088 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-12-13 09:04
New changeset 43f9366d8883 by Xavier de Gaye in branch '3.6': Issue #28759: Fix the tests that fail with PermissionError when run as https://hg.python.org/cpython/rev/43f9366d8883 New changeset db1d20825d71 by Xavier de Gaye in branch 'default': Issue #28759: Merge 3.6. https://hg.python.org/cpython/rev/db1d20825d71
msg285005 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-08 21:03
Re-opening the issue for a more generic change that skips the tests when PermissionError is raised instead of when they are run by an Android non-root user as this is done currently after the previously pushed changes.
msg285008 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-08 21:24
I think it is worth to add special helper in test.support for using as a context manager: with helper(): os.mkfifo(filename) Then you could change its implementation without changing the testing code. For example: @contextmanager def helper(): try: yield except PermissionError as e: raise unittest.SkipTest(str(e)) or @contextmanager def helper(): if android_not_root: raise unittest.SkipTest("operation not allowed, non root user") yield
msg285040 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-09 12:52
Thanks for this interesting suggestion Serhiy. I propose to use supported_operation() as the name of the helper() generator. I will update the patches accordingly in issues #29180, #29181 and #29184, and re-open issue 28764.
msg285041 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-09 12:59
> re-open issue 28764. Oops, no issue 28764 is not relevant here.
msg285064 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-09 19:33
New patch following Serhiy's suggestion in .
msg285246 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-11 17:20
I don't know what is a good name for such helper. supported_operation() looks too general. Maybe ask on Python-Dev?
msg285303 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-12 10:58
'supported_operation': * The intent in using 'supported' was that the context manager could possibly be extended later. * 'operation' is the terminology used in the GNU libc documentation [1]. I will replace 'supported_operation' with 'permitted_operation' unless a better name is proposed. [1] https://www.gnu.org/software/libc/manual/html_node/Error-Codes.html
msg285309 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-12 11:20
The purpose of this helper is skipping the test rather than failing if some OS operation is not permitted by current configuration. May be skip_if_not_permitted()? Similar helpers that convert runtime error in skipping a test: import_module(), get_attribute(), bind_unix_socket(), system_must_validate_cert(). They are more concrete, guard some specific operation. Context manager is not the only possible syntax. The helper can call a function: helper(os.mkfifo, filename) or be a wrapper: helper(os.mkfifo)(filename) If you prefer such syntax. There are many possibilities, and I think it is worth to discuss this on Python-Dev.
msg285312 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-01-12 11:47
Please go ahead and start the discussion on Python-Dev.
msg306119 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-11-12 16:31
New changeset 92c2ca7633c881a56157f2fb8b2e1b8c7114e5fb by xdegaye in branch 'master': bpo-28759: Skip some tests on PermissionError raised by Android (GH-4350) https://github.com/python/cpython/commit/92c2ca7633c881a56157f2fb8b2e1b8c7114e5fb
msg306127 - (view) Author: Xavier de Gaye (xdegaye) * (Python triager) Date: 2017-11-12 17:18
New changeset ad004f9b5a581f577374c56d8ab27e9ef2e73452 by xdegaye in branch '3.6': [3.6] bpo-28759: Skip some tests on PermissionError raised by Android (GH-4350) (#4380) https://github.com/python/cpython/commit/ad004f9b5a581f577374c56d8ab27e9ef2e73452
History
Date User Action Args
2022-04-11 14:58:39 admin set github: 72945
2017-11-12 17:20:18 xdegaye set status: open -> closedresolution: fixedstage: patch review -> resolved
2017-11-12 17🔞39 xdegaye set messages: +
2017-11-12 16:46:36 xdegaye set pull_requests: + <pull%5Frequest4328>
2017-11-12 16:31:09 xdegaye set messages: +
2017-11-09 16:46:58 xdegaye set pull_requests: + <pull%5Frequest4307>
2017-01-12 11:47:38 xdegaye set assignee: xdegaye -> messages: +
2017-01-12 11:20:52 serhiy.storchaka set messages: +
2017-01-12 10:58:38 xdegaye set messages: +
2017-01-11 17:20:57 serhiy.storchaka set messages: +
2017-01-09 19:33:03 xdegaye set files: + issue28759-01.patchmessages: +
2017-01-09 12:59:08 xdegaye set messages: +
2017-01-09 12:52:45 xdegaye set messages: +
2017-01-08 21:24:43 serhiy.storchaka set nosy: + serhiy.storchakamessages: +
2017-01-08 21:03:59 xdegaye set status: closed -> openfiles: + without_android_not_root.patchmessages: + resolution: fixed -> (no value)stage: resolved -> patch review
2016-12-13 13:37:28 xdegaye set status: open -> closedresolution: fixedstage: commit review -> resolved
2016-12-13 09:04:11 python-dev set nosy: + python-devmessages: +
2016-12-12 15:31:00 xdegaye set stage: patch review -> commit review
2016-11-21 15:40:04 xdegaye link issue26865 dependencies
2016-11-21 08:12:55 xdegaye create