Title: access to mkfifo, mknod and hard links is controled by SELinux MAC on Android
Type: behavior Stage: patch review
Components: Tests Versions: Python 3.7, Python 3.6
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: python-dev, serhiy.storchaka, xdegaye
Priority: normal Keywords: patch

Created on 2016-11-21 08:12 by xdegaye, last changed 2017-01-12 11:47 by xdegaye.

File name Uploaded Description Edit
android_not_root.patch xdegaye, 2016-11-21 08:12 review
without_android_not_root.patch xdegaye, 2017-01-08 21:03 review
issue28759-01.patch xdegaye, 2017-01-09 19:33 review
Messages (11)
msg281329 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2016-11-21 08:12
List of the tests that fail with PermissionError when run as a non-root user on an Android emulator (API 24) and fixed by this patch:
    test_posix test_shutil test_stat test_genericpath test_ntpath test_posixpath test_macpath test_eintr test_pathlib
Android uses SELinux mandatory access control (MAC), see:
Android commit message that does not grant hard link capabilities by default:
msg283088 - (view) Author: Roundup Robot (python-dev) Date: 2016-12-13 09:04
New changeset 43f9366d8883 by Xavier de Gaye in branch '3.6':
Issue #28759: Fix the tests that fail with PermissionError when run as

New changeset db1d20825d71 by Xavier de Gaye in branch 'default':
Issue #28759: Merge 3.6.
msg285005 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-08 21:03
Re-opening the issue for a more generic change that skips the tests when PermissionError is raised instead of when they are run by an Android non-root user as this is done currently after the previously pushed changes.
msg285008 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-08 21:24
I think it is worth to add special helper in for using as a context manager:

    with helper():

Then you could change its implementation without changing the testing code. For example:

    def helper():
        except PermissionError as e:
            raise unittest.SkipTest(str(e))


    def helper():
        if android_not_root:
            raise unittest.SkipTest("operation not allowed, non root user")
msg285040 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 12:52
Thanks for this interesting suggestion Serhiy. I propose to use supported_operation() as the name of the helper() generator.

I will update the patches accordingly in issues #29180, #29181 and #29184, and re-open issue 28764.
msg285041 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 12:59
> re-open issue 28764.

Oops, no issue 28764 is not relevant here.
msg285064 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-09 19:33
New patch following Serhiy's suggestion in msg285008.
msg285246 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-11 17:20
I don't know what is a good name for such helper. supported_operation() looks too general. Maybe ask on Python-Dev?
msg285303 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-12 10:58
* The intent in using 'supported' was that the context manager could possibly be extended later.
* 'operation' is the terminology used in the GNU libc documentation [1].
I will replace 'supported_operation' with 'permitted_operation' unless a better name is proposed.

msg285309 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-01-12 11:20
The purpose of this helper is skipping the test rather than failing if some OS operation is not permitted by current configuration. May be skip_if_not_permitted()?

Similar helpers that convert runtime error in skipping a test: import_module(), get_attribute(), bind_unix_socket(), system_must_validate_cert(). They are more concrete, guard some specific operation.

Context manager is not the only possible syntax. The helper can call a function:

    helper(os.mkfifo, filename)

or be a wrapper:


If you prefer such syntax.

There are many possibilities, and I think it is worth to discuss this on Python-Dev.
msg285312 - (view) Author: Xavier de Gaye (xdegaye) * (Python committer) Date: 2017-01-12 11:47
Please go ahead and start the discussion on Python-Dev.
Date User Action Args
2017-01-12 11:47:38xdegayesetassignee: xdegaye ->
messages: + msg285312
2017-01-12 11:20:52serhiy.storchakasetmessages: + msg285309
2017-01-12 10:58:38xdegayesetmessages: + msg285303
2017-01-11 17:20:57serhiy.storchakasetmessages: + msg285246
2017-01-09 19:33:03xdegayesetfiles: + issue28759-01.patch

messages: + msg285064
2017-01-09 12:59:08xdegayesetmessages: + msg285041
2017-01-09 12:52:45xdegayesetmessages: + msg285040
2017-01-08 21:24:43serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg285008
2017-01-08 21:03:59xdegayesetstatus: closed -> open
files: + without_android_not_root.patch
messages: + msg285005

resolution: fixed ->
stage: resolved -> patch review
2016-12-13 13:37:28xdegayesetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2016-12-13 09:04:11python-devsetnosy: + python-dev
messages: + msg283088
2016-12-12 15:31:00xdegayesetstage: patch review -> commit review
2016-11-21 15:40:04xdegayelinkissue26865 dependencies
2016-11-21 08:12:55xdegayecreate