classification
Title: access to mkfifo, mknod and hard links is controled by SELinux MAC on Android
Type: behavior Stage: resolved
Components: Tests Versions: Python 3.7, Python 3.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: python-dev, serhiy.storchaka, xdegaye
Priority: normal Keywords: patch

Created on 2016-11-21 08:12 by xdegaye, last changed 2017-11-12 17:20 by xdegaye. This issue is now closed.

Files
File name Uploaded Description Edit
android_not_root.patch xdegaye, 2016-11-21 08:12 review
without_android_not_root.patch xdegaye, 2017-01-08 21:03 review
issue28759-01.patch xdegaye, 2017-01-09 19:33 review
Pull Requests
URL Status Linked Edit
PR 4350 merged xdegaye, 2017-11-09 16:46
PR 4380 merged xdegaye, 2017-11-12 16:46
Messages (13)
msg281329 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2016-11-21 08:12
List of the tests that fail with PermissionError when run as a non-root user on an Android emulator (API 24) and fixed by this patch:
    test_posix test_shutil test_stat test_genericpath test_ntpath test_posixpath test_macpath test_eintr test_pathlib
Android uses SELinux mandatory access control (MAC), see:
    https://source.android.com/security/selinux/
Android commit message that does not grant hard link capabilities by default:
    https://android.googlesource.com/platform/external/sepolicy/+/85ce2c7
msg283088 - (view) Author: Roundup Robot (python-dev) Date: 2016-12-13 09:04
New changeset 43f9366d8883 by Xavier de Gaye in branch '3.6':
Issue #28759: Fix the tests that fail with PermissionError when run as
https://hg.python.org/cpython/rev/43f9366d8883

New changeset db1d20825d71 by Xavier de Gaye in branch 'default':
Issue #28759: Merge 3.6.
https://hg.python.org/cpython/rev/db1d20825d71
msg285005 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-08 21:03
Re-opening the issue for a more generic change that skips the tests when PermissionError is raised instead of when they are run by an Android non-root user as this is done currently after the previously pushed changes.
msg285008 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-08 21:24
I think it is worth to add special helper in test.support for using as a context manager:

    with helper():
        os.mkfifo(filename)

Then you could change its implementation without changing the testing code. For example:

    @contextmanager
    def helper():
        try:
            yield
        except PermissionError as e:
            raise unittest.SkipTest(str(e))

or

    @contextmanager
    def helper():
        if android_not_root:
            raise unittest.SkipTest("operation not allowed, non root user")
        yield
msg285040 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 12:52
Thanks for this interesting suggestion Serhiy. I propose to use supported_operation() as the name of the helper() generator.

I will update the patches accordingly in issues #29180, #29181 and #29184, and re-open issue 28764.
msg285041 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 12:59
> re-open issue 28764.

Oops, no issue 28764 is not relevant here.
msg285064 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 19:33
New patch following Serhiy's suggestion in msg285008.
msg285246 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-11 17:20
I don't know what is a good name for such helper. supported_operation() looks too general. Maybe ask on Python-Dev?
msg285303 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-12 10:58
'supported_operation':
* The intent in using 'supported' was that the context manager could possibly be extended later.
* 'operation' is the terminology used in the GNU libc documentation [1].
I will replace 'supported_operation' with 'permitted_operation' unless a better name is proposed.

[1] https://www.gnu.org/software/libc/manual/html_node/Error-Codes.html
msg285309 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-12 11:20
The purpose of this helper is skipping the test rather than failing if some OS operation is not permitted by current configuration. May be skip_if_not_permitted()?

Similar helpers that convert runtime error in skipping a test: import_module(), get_attribute(), bind_unix_socket(), system_must_validate_cert(). They are more concrete, guard some specific operation.

Context manager is not the only possible syntax. The helper can call a function:

    helper(os.mkfifo, filename)

or be a wrapper:

    helper(os.mkfifo)(filename)

If you prefer such syntax.

There are many possibilities, and I think it is worth to discuss this on Python-Dev.
msg285312 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-12 11:47
Please go ahead and start the discussion on Python-Dev.
msg306119 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-11-12 16:31
New changeset 92c2ca7633c881a56157f2fb8b2e1b8c7114e5fb by xdegaye in branch 'master':
bpo-28759: Skip some tests on PermissionError raised by Android (GH-4350)
https://github.com/python/cpython/commit/92c2ca7633c881a56157f2fb8b2e1b8c7114e5fb
msg306127 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-11-12 17:18
New changeset ad004f9b5a581f577374c56d8ab27e9ef2e73452 by xdegaye in branch '3.6':
[3.6] bpo-28759: Skip some tests on PermissionError raised by Android (GH-4350) (#4380)
https://github.com/python/cpython/commit/ad004f9b5a581f577374c56d8ab27e9ef2e73452
History
Date User Action Args
2017-11-12 17:20:18xdegayesetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2017-11-12 17:18:39xdegayesetmessages: + msg306127
2017-11-12 16:46:36xdegayesetpull_requests: + pull_request4328
2017-11-12 16:31:09xdegayesetmessages: + msg306119
2017-11-09 16:46:58xdegayesetpull_requests: + pull_request4307
2017-01-12 11:47:38xdegayesetassignee: xdegaye ->
messages: + msg285312
2017-01-12 11:20:52serhiy.storchakasetmessages: + msg285309
2017-01-12 10:58:38xdegayesetmessages: + msg285303
2017-01-11 17:20:57serhiy.storchakasetmessages: + msg285246
2017-01-09 19:33:03xdegayesetfiles: + issue28759-01.patch

messages: + msg285064
2017-01-09 12:59:08xdegayesetmessages: + msg285041
2017-01-09 12:52:45xdegayesetmessages: + msg285040
2017-01-08 21:24:43serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg285008
2017-01-08 21:03:59xdegayesetstatus: closed -> open
files: + without_android_not_root.patch
messages: + msg285005

resolution: fixed -> (no value)
stage: resolved -> patch review
2016-12-13 13:37:28xdegayesetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2016-12-13 09:04:11python-devsetnosy: + python-dev
messages: + msg283088
2016-12-12 15:31:00xdegayesetstage: patch review -> commit review
2016-11-21 15:40:04xdegayelinkissue26865 dependencies
2016-11-21 08:12:55xdegayecreate