[fuchsia] Pre-submit check for correct FIDL, CMX and CML OWNERS.
Require that //fuchsia/SECURITY_OWNERS own all:
- Fuchsia IDL (aka FIDL) files defining IPC protocols with other Fuchsia
components.
- Component manifest definitions (CMX & CML), which specify the services
and component framework features that each component relies upon.
PRESUBMIT.py's _CheckSecurityOwners() function is modified to process the
results of both cross-platform and Fuchsia-specific IPC ownership checks.
Bug: 1053551
Change-Id: I3755297c1be395040e0553f22a87cf95526658ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2135614
Reviewed-by: Daniel Cheng <[email protected]>
Commit-Queue: Wez <[email protected]>
Auto-Submit: Wez <[email protected]>
Cr-Commit-Position: refs/heads/master@{#763825}
diff --git a/PRESUBMIT_test.py b/PRESUBMIT_test.py
index 07393e0..7349e4f1 100755
--- a/PRESUBMIT_test.py
+++ b/PRESUBMIT_test.py
@@ -1928,7 +1928,7 @@
'const service_manager::Manifest& GetManifest() {}',
])]
mock_output_api = MockOutputApi()
- errors = PRESUBMIT._CheckIpcOwners(
+ errors = PRESUBMIT._CheckSecurityOwners(
mock_input_api, mock_output_api)
self.assertEqual(1, len(errors))
self.assertEqual(
@@ -1943,7 +1943,66 @@
'const char kNoEnforcement[] = "not a manifest!";',
])]
mock_output_api = MockOutputApi()
- errors = PRESUBMIT._CheckIpcOwners(
+ errors = PRESUBMIT._CheckSecurityOwners(
+ mock_input_api, mock_output_api)
+ self.assertEqual([], errors)
+
+
+class FuchsiaSecurityOwnerTest(unittest.TestCase):
+ def testFidlChangeNeedsSecurityOwner(self):
+ mock_input_api = MockInputApi()
+ mock_input_api.files = [
+ MockAffectedFile('potentially/scary/ipc.fidl',
+ [
+ 'library test.fidl'
+ ])]
+ mock_output_api = MockOutputApi()
+ errors = PRESUBMIT._CheckSecurityOwners(
+ mock_input_api, mock_output_api)
+ self.assertEqual(1, len(errors))
+ self.assertEqual(
+ 'Found OWNERS files that need to be updated for IPC security review ' +
+ 'coverage.\nPlease update the OWNERS files below:', errors[0].message)
+
+ def testComponentManifestV1ChangeNeedsSecurityOwner(self):
+ mock_input_api = MockInputApi()
+ mock_input_api.files = [
+ MockAffectedFile('potentially/scary/v2_manifest.cmx',
+ [
+ '{ "that is no": "manifest!" }'
+ ])]
+ mock_output_api = MockOutputApi()
+ errors = PRESUBMIT._CheckSecurityOwners(
+ mock_input_api, mock_output_api)
+ self.assertEqual(1, len(errors))
+ self.assertEqual(
+ 'Found OWNERS files that need to be updated for IPC security review ' +
+ 'coverage.\nPlease update the OWNERS files below:', errors[0].message)
+
+ def testComponentManifestV2NeedsSecurityOwner(self):
+ mock_input_api = MockInputApi()
+ mock_input_api.files = [
+ MockAffectedFile('potentially/scary/v2_manifest.cml',
+ [
+ '{ "that is no": "manifest!" }'
+ ])]
+ mock_output_api = MockOutputApi()
+ errors = PRESUBMIT._CheckSecurityOwners(
+ mock_input_api, mock_output_api)
+ self.assertEqual(1, len(errors))
+ self.assertEqual(
+ 'Found OWNERS files that need to be updated for IPC security review ' +
+ 'coverage.\nPlease update the OWNERS files below:', errors[0].message)
+
+ def testOtherFuchsiaChangesDoNotRequireSecurityOwner(self):
+ mock_input_api = MockInputApi()
+ mock_input_api.files = [
+ MockAffectedFile('some/non/service/thing/fuchsia_fidl_cml_cmx_magic.cc',
+ [
+ 'const char kNoEnforcement[] = "Security?!? Pah!";',
+ ])]
+ mock_output_api = MockOutputApi()
+ errors = PRESUBMIT._CheckSecurityOwners(
mock_input_api, mock_output_api)
self.assertEqual([], errors)
