summaryrefslogtreecommitdiff
path: root/tests/fstest/README
diff options
context:
space:
mode:
Diffstat (limited to 'tests/fstest/README')
-rw-r--r--tests/fstest/README68
1 files changed, 68 insertions, 0 deletions
diff --git a/tests/fstest/README b/tests/fstest/README
new file mode 100644
index 00000000..e4f8194c
--- /dev/null
+++ b/tests/fstest/README
@@ -0,0 +1,68 @@
+All files and directories will be matched against entries taken from
+/etc/perm_checker.conf, and any file/directory which fails the ruleset
+will cause an error message along with a corresponding explicit (fully
+specified and minimal) rule for that file/directory to be printed on
+stdout. If only the message "Passed." is printed on stdout, all files are
+correctly matched by perm_checker.conf.
+
+A file or directory will always fail the ruleset unless there is AT LEAST
+one matching rule. If there is an explicit (fully specified) <spec>
+matching the file or directory name, it will fail if and only if that
+explicit <spec> rule fails (i.e., other matching <spec> rules will be
+ignored). Otherwise, it will fail if _any_ matching wildcard or recursive
+<spec> rule fails to hold.
+
+Entries in the perm_checker.conf file are of the following form:
+
+<spec> <min_mode> <max_mode> <min_uid> <max_uid> <min_gid> <max_gid>
+
+Where <spec> is one of the following:
+
+A fully specified path name, which must end in / ex: /dev/
+A fully specified filename, symlink, device node, etc. ex: /dev/tty0
+
+A recursive path specification, which ends in /... ex: /dev/...
+A wildcard file specification, which ends in * ex: /dev/tty*
+
+By convention /dev/* will include all files directly in /dev/, but not files
+that are in subdirectories of /dev/, such as /dev/input/, unlike a
+recursive path specification. The wildcard notation * will never result in
+a match to a directory name.
+
+NOTE: Symbolic links are treated specially to prevent infinite recursion
+and simplify the ruleset. Symbolic links are ignored unless an explicit
+rule with the same name as the symlink exists, in which case the permissions
+on the rule must match the permissions on the symlink itself, not the target.
+
+<min_mode> is a numeric mode mask, and a mode will match it if and only if
+(min_mode & mode) == min_mode.
+
+<max_mode> is a numeric mode mask, and a mode will match it if and only if
+(max_mode | mode) == max_mode.
+
+<min_uid> may be either a numeric user id, or a user name (which must not
+start with a number). If it is a user name, getpwnam() will be used to
+translate it to a numeric user id.
+
+<max_uid>, <min_gid>, and <max_gid> have similar syntax to <min_uid>.
+
+
+-- Tips --
+
+I recommend to use 19999 as the maximum uid/gid whenever any valid
+application uid/gid is acceptable.
+
+Once the test is installed, it can be executed via:
+
+adb shell perm_checker
+
+To get a list of all failing rules:
+
+adb shell perm_checker | grep "^# INFO #" | sort | uniq
+
+To get a fully specified set of rules for all failing files:
+
+adb shell perm_checker | grep -v "^#"
+
+NOTE: There may be failing files even if no rules have failed, since a
+file that does not match any rule is a failure.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 19:37:14 +0000