1 /*
2 * Author: Joshua Brindle <jbrindle@tresys.com>
3 *
4 * Copyright (C) 2006 Tresys Technology, LLC
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include "test-linker-roles.h"
22 #include "parse_util.h"
23 #include "helpers.h"
24 #include "test-common.h"
25
26 #include <sepol/policydb/policydb.h>
27 #include <sepol/policydb/link.h>
28
29 #include <CUnit/Basic.h>
30 #include <stdlib.h>
31
32 /* Tests for roles:
33 * Test for each of these for
34 * - role in appropriate symtab (global and decl)
35 * - datum in the decl symtab has correct type_set
36 * - scope datum has correct decl ids
37 * - dominates bitmap is correct
38 * Tests:
39 * - role in base, no modules
40 * - role in base optional, no modules
41 * - role a in base, b in module
42 * - role a in base and module (additive)
43 * - role a in base and 2 module
44 * - role a in base optional, b in module
45 * - role a in base, b in module optional
46 * - role a in base optional, b in module optional
47 * - role a in base optional and module
48 * - role a in base and module optional
49 * - role a in base optional and module optional
50 * - role a in base optional and 2 modules
51 * - role a and b in base, b dom a, are types correct (TODO)
52 */
53
54 /* this simply tests whether the passed in role only has its own
55 * value in its dominates ebitmap */
only_dominates_self(policydb_t * p,role_datum_t * role)56 static void only_dominates_self(policydb_t * p __attribute__ ((unused)), role_datum_t * role)
57 {
58 ebitmap_node_t *tnode;
59 unsigned int i;
60 int found = 0;
61
62 ebitmap_for_each_positive_bit(&role->dominates, tnode, i) {
63 found++;
64 CU_ASSERT(i == role->s.value - 1);
65 }
66 CU_ASSERT(found == 1);
67 }
68
base_role_tests(policydb_t * base)69 void base_role_tests(policydb_t * base)
70 {
71 avrule_decl_t *decl;
72 role_datum_t *role;
73 unsigned int decls[2];
74 const char *types[2];
75
76 /* These tests look at roles in the base only, the desire is to ensure that
77 * roles are not destroyed or otherwise removed during the link process */
78
79 /**** test for g_b_role_1 in base and decl 1 (global) ****/
80 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
81 test_sym_presence(base, "g_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
82 /* make sure it has the correct type set (g_b_type_1, no negset, no flags) */
83 types[0] = "g_b_type_1";
84 role = test_role_type_set(base, "g_b_role_1", NULL, types, 1, 0);
85 /* This role should only dominate itself */
86 only_dominates_self(base, role);
87
88 /**** test for o1_b_role_1 in optional (decl 2) ****/
89 decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
90 decls[0] = decl->decl_id;
91 test_sym_presence(base, "o1_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
92 /* make sure it has the correct type set (o1_b_type_1, no negset, no flags) */
93 types[0] = "o1_b_type_1";
94 role = test_role_type_set(base, "o1_b_role_1", decl, types, 1, 0);
95 /* and only dominates itself */
96 only_dominates_self(base, role);
97 }
98
module_role_tests(policydb_t * base)99 void module_role_tests(policydb_t * base)
100 {
101 role_datum_t *role;
102 avrule_decl_t *decl;
103 unsigned int decls[3];
104 const char *types[3];
105
106 /* These tests are run when the base is linked with 2 modules,
107 * They should test whether the roles get copied correctly from the
108 * modules into the base */
109
110 /**** test for role in module 1 (global) ****/
111 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
112 test_sym_presence(base, "g_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
113 /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
114 types[0] = "g_m1_type_1";
115 role = test_role_type_set(base, "g_m1_role_1", NULL, types, 1, 0);
116 /* and only dominates itself */
117 only_dominates_self(base, role);
118
119 /**** test for role in module 1 (optional) ****/
120 decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
121 decls[0] = decl->decl_id;
122 test_sym_presence(base, "o1_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
123 /* make sure it has the correct type set (o1_m1_type_1, no negset, no flags) */
124 types[0] = "o1_m1_type_1";
125 role = test_role_type_set(base, "o1_m1_role_1", decl, types, 1, 0);
126 /* and only dominates itself */
127 only_dominates_self(base, role);
128
129 /* These test whether the type sets are copied to the right place and
130 * correctly unioned when they should be */
131
132 /**** test for type added to base role in module 1 (global) ****/
133 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
134 test_sym_presence(base, "g_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 1);
135 /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
136 types[0] = "g_b_type_2"; /* added in base when declared */
137 types[1] = "g_m1_type_1"; /* added in module */
138 role = test_role_type_set(base, "g_b_role_2", NULL, types, 2, 0);
139 /* and only dominates itself */
140 only_dominates_self(base, role);
141
142 /**** test for type added to base role in module 1 & 2 (global) ****/
143 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
144 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
145 decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
146 test_sym_presence(base, "g_b_role_3", SYM_ROLES, SCOPE_DECL, decls, 3);
147 /* make sure it has the correct type set (g_b_type_2, g_m1_type_2, g_m2_type_2, no negset, no flags) */
148 types[0] = "g_b_type_2"; /* added in base when declared */
149 types[1] = "g_m1_type_2"; /* added in module 1 */
150 types[2] = "g_m2_type_2"; /* added in module 2 */
151 role = test_role_type_set(base, "g_b_role_3", NULL, types, 3, 0);
152 /* and only dominates itself */
153 only_dominates_self(base, role);
154
155 /**** test for role in base optional and module 1 (additive) ****/
156 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id;
157 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
158 test_sym_presence(base, "o1_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2);
159 /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
160 types[0] = "g_m1_type_1";
161 role = test_role_type_set(base, "o1_b_role_2", NULL, types, 1, 0);
162 types[0] = "o1_b_type_1";
163 role = test_role_type_set(base, "o1_b_role_2", test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"), types, 1, 0);
164 /* and only dominates itself */
165 only_dominates_self(base, role);
166
167 /**** test for role in base and module 1 optional (additive) ****/
168 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
169 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"))->decl_id;
170 test_sym_presence(base, "g_b_role_4", SYM_ROLES, SCOPE_DECL, decls, 2);
171 /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
172 types[0] = "g_b_type_2";
173 role = test_role_type_set(base, "g_b_role_4", NULL, types, 1, 0);
174 types[0] = "g_m1_type_2";
175 role = test_role_type_set(base, "g_b_role_4", test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"), types, 1, 0);
176 /* and only dominates itself */
177 only_dominates_self(base, role);
178
179 /**** test for role in base and module 1 optional (additive) ****/
180 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"))->decl_id;
181 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id;
182 test_sym_presence(base, "o3_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 2);
183 /* this one will have 2 type sets, one in the 3rd base optional and one in the 3rd module optional */
184 types[0] = "o3_b_type_1";
185 role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"), types, 1, 0);
186 types[0] = "o3_m1_type_1";
187 role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"), types, 1, 0);
188 /* and only dominates itself */
189 only_dominates_self(base, role);
190
191 /**** test for role in base and module 1 optional (additive) ****/
192 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id;
193 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
194 decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
195 test_sym_presence(base, "o4_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 3);
196 /* this one will have 2 type sets, one in the global symtab (with both module types) and one in the 4th optional of base */
197 types[0] = "g_m1_type_1";
198 role = test_role_type_set(base, "o4_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"), types, 1, 0);
199 types[0] = "g_m2_type_1";
200 types[1] = "g_m1_type_2";
201 role = test_role_type_set(base, "o4_b_role_1", NULL, types, 2, 0);
202 /* and only dominates itself */
203 only_dominates_self(base, role);
204 }
205