1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <sepol/policydb/policydb.h>
31
32 #include "CuTest.h"
33 #include "CilTest.h"
34
35 #include "../../src/cil_build_ast.h"
36 #include "../../src/cil_resolve_ast.h"
37 #include "../../src/cil_verify.h"
38 #include "../../src/cil_internal.h"
39
40 /* this all needs to be moved to a private header file */
41 int __cil_resolve_ast_node_helper(struct cil_tree_node *, uint32_t *, void *);
42 int __cil_disable_children_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *);
43
44 struct cil_args_resolve {
45 struct cil_db *db;
46 enum cil_pass pass;
47 uint32_t *changed;
48 struct cil_tree_node *callstack;
49 struct cil_tree_node *optstack;
50 struct cil_tree_node *macro;
51 };
52
gen_resolve_args(struct cil_db * db,enum cil_pass pass,uint32_t * changed,struct cil_tree_node * calls,struct cil_tree_node * opts,struct cil_tree_node * macro)53 struct cil_args_resolve *gen_resolve_args(struct cil_db *db, enum cil_pass pass, uint32_t *changed, struct cil_tree_node *calls, struct cil_tree_node *opts, struct cil_tree_node *macro)
54 {
55 struct cil_args_resolve *args = cil_malloc(sizeof(*args));
56 args->db = db;
57 args->pass = pass;
58 args->changed = changed;
59 args->callstack = calls;
60 args->optstack = opts;
61 args->macro = macro;
62
63 return args;
64 }
65
test_cil_resolve_name(CuTest * tc)66 void test_cil_resolve_name(CuTest *tc) {
67 char *line[] = { "(", "block", "foo",
68 "(", "typealias", "test", "type_t", ")",
69 "(", "type", "test", ")", ")", NULL};
70
71 struct cil_tree *test_tree;
72 gen_test_tree(&test_tree, line);
73
74 struct cil_db *test_db;
75 cil_db_init(&test_db);
76
77 uint32_t changed = CIL_FALSE;
78 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
79
80 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
81
82 struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
83 struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
84 struct cil_tree_node *type_node = NULL;
85
86 int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
87 CuAssertIntEquals(tc, SEPOL_OK, rc);
88 }
89
test_cil_resolve_name_invalid_type_neg(CuTest * tc)90 void test_cil_resolve_name_invalid_type_neg(CuTest *tc) {
91 char *line[] = { "(", "block", "foo",
92 "(", "typealias", "foo.test2", "type_t", ")",
93 "(", "type", "test", ")", ")", NULL};
94
95 struct cil_tree *test_tree;
96 gen_test_tree(&test_tree, line);
97
98 struct cil_db *test_db;
99 cil_db_init(&test_db);
100
101 uint32_t changed = CIL_FALSE;
102 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
103
104 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
105
106 struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
107 struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
108 struct cil_tree_node *type_node = NULL;
109
110 int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
111 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
112 }
113
test_cil_resolve_ast_curr_null_neg(CuTest * tc)114 void test_cil_resolve_ast_curr_null_neg(CuTest *tc) {
115 struct cil_db *test_db;
116 cil_db_init(&test_db);
117
118 test_db->ast->root = NULL;
119
120 int rc = cil_resolve_ast(test_db, test_db->ast->root);
121 CuAssertIntEquals(tc, SEPOL_ERR, rc);
122 }
123
124
125 /*
126 cil_resolve test cases
127 */
128
test_cil_resolve_roleallow(CuTest * tc)129 void test_cil_resolve_roleallow(CuTest *tc) {
130 char *line[] = {"(", "role", "foo", ")", \
131 "(", "role", "bar", ")", \
132 "(", "roleallow", "foo", "bar", ")", NULL};
133
134 struct cil_tree *test_tree;
135 gen_test_tree(&test_tree, line);
136
137 struct cil_db *test_db;
138 cil_db_init(&test_db);
139
140 uint32_t changed = CIL_FALSE;
141 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
142
143 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
144
145 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next->next, args);
146 CuAssertIntEquals(tc, SEPOL_OK, rc);
147 }
148
test_cil_resolve_roleallow_srcdecl_neg(CuTest * tc)149 void test_cil_resolve_roleallow_srcdecl_neg(CuTest *tc) {
150 char *line[] = {"(", "role", "bar", ")", \
151 "(", "roleallow", "foo", "bar", ")", NULL};
152
153 struct cil_tree *test_tree;
154 gen_test_tree(&test_tree, line);
155
156 struct cil_db *test_db;
157 cil_db_init(&test_db);
158
159 uint32_t changed = CIL_FALSE;
160 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
161
162 int rc1=cil_build_ast(test_db, test_tree->root, test_db->ast->root);
163 rc1 = rc1;
164
165 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
166 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
167 }
168
test_cil_resolve_roleallow_tgtdecl_neg(CuTest * tc)169 void test_cil_resolve_roleallow_tgtdecl_neg(CuTest *tc) {
170 char *line[] = {"(", "role", "foo", ")", \
171 "(", "roleallow", "foo", "bar", ")", NULL};
172
173 struct cil_tree *test_tree;
174 gen_test_tree(&test_tree, line);
175
176 struct cil_db *test_db;
177 cil_db_init(&test_db);
178
179 uint32_t changed = CIL_FALSE;
180 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
181
182 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
183
184 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
185 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
186 }
187
test_cil_resolve_classmapping_anon(CuTest * tc)188 void test_cil_resolve_classmapping_anon(CuTest *tc) {
189 char *line[] = {"(", "class", "file", "(", "open", ")", ")",
190 "(", "classmap", "files", "(", "read", ")", ")",
191 "(", "classmapping", "files", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
192
193 struct cil_tree *test_tree;
194 gen_test_tree(&test_tree, line);
195
196 struct cil_db *test_db;
197 cil_db_init(&test_db);
198
199 uint32_t changed = CIL_FALSE;
200 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
201
202 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
203
204 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
205 CuAssertIntEquals(tc, SEPOL_OK, rc);
206 }
207
test_cil_resolve_classmapping_anon_inmacro(CuTest * tc)208 void test_cil_resolve_classmapping_anon_inmacro(CuTest *tc) {
209 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
210 "(", "class", "file", "(", "open", ")", ")",
211 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
212 "(", "classmapping", "files", "read", "a", ")", ")",
213 "(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
214
215 struct cil_tree *test_tree;
216 gen_test_tree(&test_tree, line);
217
218 struct cil_db *test_db;
219 cil_db_init(&test_db);
220
221 uint32_t changed = CIL_FALSE;
222 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
223
224 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
225
226 args->pass = CIL_PASS_CALL1;
227
228 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
229
230 args->pass = CIL_PASS_CALL2;
231
232 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
233
234 args->pass = CIL_PASS_MISC3;
235 args->callstack = test_db->ast->root->cl_head->next->next->next;
236
237 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
238 CuAssertIntEquals(tc, SEPOL_OK, rc);
239 CuAssertIntEquals(tc, SEPOL_OK, rc2);
240 CuAssertIntEquals(tc, SEPOL_OK, rc3);
241 }
242
test_cil_resolve_classmapping_anon_inmacro_neg(CuTest * tc)243 void test_cil_resolve_classmapping_anon_inmacro_neg(CuTest *tc) {
244 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
245 "(", "class", "file", "(", "open", ")", ")",
246 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
247 "(", "classmapping", "files", "read", "a", ")", ")",
248 "(", "call", "mm", "(", "(", "DNE", "(", "open", ")", ")", ")", ")", NULL};
249
250 struct cil_tree *test_tree;
251 gen_test_tree(&test_tree, line);
252
253 struct cil_db *test_db;
254 cil_db_init(&test_db);
255
256 uint32_t changed = CIL_FALSE;
257 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
258
259 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
260
261 args->pass = CIL_PASS_CALL1;
262
263 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
264
265 args->pass = CIL_PASS_CALL2;
266
267 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
268
269 args->pass = CIL_PASS_MISC3;
270 args->callstack = test_db->ast->root->cl_head->next->next->next;
271
272 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
273 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
274 CuAssertIntEquals(tc, SEPOL_OK, rc2);
275 CuAssertIntEquals(tc, SEPOL_OK, rc3);
276 }
277
test_cil_resolve_classmapping_named(CuTest * tc)278 void test_cil_resolve_classmapping_named(CuTest *tc) {
279 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
280 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
281 "(", "classmapping", "files", "read", "char_w", ")", NULL};
282
283 struct cil_tree *test_tree;
284 gen_test_tree(&test_tree, line);
285
286 struct cil_db *test_db;
287 cil_db_init(&test_db);
288
289 uint32_t changed = CIL_FALSE;
290 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
291
292 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
293
294 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
295 CuAssertIntEquals(tc, SEPOL_OK, rc);
296 }
297
test_cil_resolve_classmapping_named_classmapname_neg(CuTest * tc)298 void test_cil_resolve_classmapping_named_classmapname_neg(CuTest *tc) {
299 char *line[] = {"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
300 "(", "classmap", "files", "(", "read", ")", ")",
301 "(", "classmapping", "files", "read", "foo", ")", NULL};
302
303 struct cil_tree *test_tree;
304 gen_test_tree(&test_tree, line);
305
306 struct cil_db *test_db;
307 cil_db_init(&test_db);
308
309 uint32_t changed = CIL_FALSE;
310 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
311
312 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
313
314 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
315 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
316 }
317
test_cil_resolve_classmapping_anon_classmapname_neg(CuTest * tc)318 void test_cil_resolve_classmapping_anon_classmapname_neg(CuTest *tc) {
319 char *line[] = {"(", "class", "file", "(", "open", ")", ")",
320 "(", "classmap", "files", "(", "read", ")", ")",
321 "(", "classmapping", "dne", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
322
323 struct cil_tree *test_tree;
324 gen_test_tree(&test_tree, line);
325
326 struct cil_db *test_db;
327 cil_db_init(&test_db);
328
329 uint32_t changed = CIL_FALSE;
330 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
331
332 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
333
334 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
335 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
336 }
337
test_cil_resolve_classmapping_anon_permset_neg(CuTest * tc)338 void test_cil_resolve_classmapping_anon_permset_neg(CuTest *tc) {
339 char *line[] = {"(", "class", "file", "(", "open", ")", ")",
340 "(", "classmap", "files", "(", "read", ")", ")",
341 "(", "classmapping", "files", "read", "(", "dne", "(", "open", ")", ")", ")", NULL};
342
343 struct cil_tree *test_tree;
344 gen_test_tree(&test_tree, line);
345
346 struct cil_db *test_db;
347 cil_db_init(&test_db);
348
349 uint32_t changed = CIL_FALSE;
350 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
351
352 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
353
354 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
355 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
356 }
357
test_cil_resolve_rolebounds(CuTest * tc)358 void test_cil_resolve_rolebounds(CuTest *tc) {
359 char *line[] = {"(", "role", "role1", ")",
360 "(", "role", "role2", ")",
361 "(", "rolebounds", "role1", "role2", ")", NULL};
362
363 struct cil_tree *test_tree;
364 gen_test_tree(&test_tree, line);
365
366 struct cil_db *test_db;
367 cil_db_init(&test_db);
368
369 uint32_t changed = CIL_FALSE;
370 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
371
372 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
373
374 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
375 CuAssertIntEquals(tc, SEPOL_OK, rc);
376 }
377
test_cil_resolve_rolebounds_exists_neg(CuTest * tc)378 void test_cil_resolve_rolebounds_exists_neg(CuTest *tc) {
379 char *line[] = {"(", "role", "role1", ")",
380 "(", "role", "role2", ")",
381 "(", "rolebounds", "role1", "role2", ")", NULL};
382
383 struct cil_tree *test_tree;
384 gen_test_tree(&test_tree, line);
385
386 struct cil_db *test_db;
387 cil_db_init(&test_db);
388
389 uint32_t changed = CIL_FALSE;
390 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
391
392 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
393
394 cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
395 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
396 CuAssertIntEquals(tc, SEPOL_ERR, rc);
397 }
398
test_cil_resolve_rolebounds_role1_neg(CuTest * tc)399 void test_cil_resolve_rolebounds_role1_neg(CuTest *tc) {
400 char *line[] = {"(", "role", "role1", ")",
401 "(", "role", "role2", ")",
402 "(", "rolebounds", "role_DNE", "role2", ")", NULL};
403
404 struct cil_tree *test_tree;
405 gen_test_tree(&test_tree, line);
406
407 struct cil_db *test_db;
408 cil_db_init(&test_db);
409
410 uint32_t changed = CIL_FALSE;
411 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
412
413 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
414
415 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
416 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
417 }
418
test_cil_resolve_rolebounds_role2_neg(CuTest * tc)419 void test_cil_resolve_rolebounds_role2_neg(CuTest *tc) {
420 char *line[] = {"(", "role", "role1", ")",
421 "(", "role", "role2", ")",
422 "(", "rolebounds", "role1", "role_DNE", ")", NULL};
423
424 struct cil_tree *test_tree;
425 gen_test_tree(&test_tree, line);
426
427 struct cil_db *test_db;
428 cil_db_init(&test_db);
429
430 uint32_t changed = CIL_FALSE;
431 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
432
433 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
434
435 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
436 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
437 }
438
test_cil_resolve_sensalias(CuTest * tc)439 void test_cil_resolve_sensalias(CuTest *tc) {
440 char *line[] = {"(", "sensitivity", "s0", ")",
441 "(", "sensitivityalias", "s0", "alias", ")", NULL};
442
443 struct cil_tree *test_tree;
444 gen_test_tree(&test_tree, line);
445
446 struct cil_db *test_db;
447 cil_db_init(&test_db);
448
449 uint32_t changed = CIL_FALSE;
450 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
451
452 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
453
454 int rc = cil_resolve_sensalias(test_db->ast->root->cl_head->next, args);
455 CuAssertIntEquals(tc, SEPOL_OK, rc);
456 }
457
test_cil_resolve_sensalias_sensdecl_neg(CuTest * tc)458 void test_cil_resolve_sensalias_sensdecl_neg(CuTest *tc) {
459 char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
460
461 struct cil_tree *test_tree;
462 gen_test_tree(&test_tree, line);
463
464 struct cil_db *test_db;
465 cil_db_init(&test_db);
466
467 uint32_t changed = CIL_FALSE;
468 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
469
470 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
471
472 int rc = cil_resolve_sensalias(test_db->ast->root->cl_head, args);
473 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
474 }
475
test_cil_resolve_catalias(CuTest * tc)476 void test_cil_resolve_catalias(CuTest *tc) {
477 char *line[] = {"(", "category", "c0", ")",
478 "(", "categoryalias", "c0", "red", ")", NULL};
479
480 struct cil_tree *test_tree;
481 gen_test_tree(&test_tree, line);
482
483 struct cil_db *test_db;
484 cil_db_init(&test_db);
485
486 uint32_t changed = CIL_FALSE;
487 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
488
489 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
490
491 int rc = cil_resolve_catalias(test_db->ast->root->cl_head->next, args);
492 CuAssertIntEquals(tc, SEPOL_OK, rc);
493 }
494
test_cil_resolve_catalias_catdecl_neg(CuTest * tc)495 void test_cil_resolve_catalias_catdecl_neg(CuTest *tc) {
496 char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
497
498 struct cil_tree *test_tree;
499 gen_test_tree(&test_tree, line);
500
501 struct cil_db *test_db;
502 cil_db_init(&test_db);
503
504 uint32_t changed = CIL_FALSE;
505 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
506
507 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
508
509 int rc = cil_resolve_catalias(test_db->ast->root->cl_head, args);
510 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
511 }
512
test_cil_resolve_catorder(CuTest * tc)513 void test_cil_resolve_catorder(CuTest *tc) {
514 char *line[] = {"(", "category", "c0", ")",
515 "(", "category", "c3", ")",
516 "(", "categoryorder", "(", "c0", "c3", ")", NULL};
517
518 struct cil_tree *test_tree;
519 gen_test_tree(&test_tree, line);
520
521 struct cil_db *test_db;
522 cil_db_init(&test_db);
523
524 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
525
526 uint32_t changed = CIL_FALSE;
527 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
528
529 int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
530 int rc2 = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
531 CuAssertIntEquals(tc, SEPOL_OK, rc);
532 CuAssertIntEquals(tc, SEPOL_OK, rc2);
533 }
534
test_cil_resolve_catorder_neg(CuTest * tc)535 void test_cil_resolve_catorder_neg(CuTest *tc) {
536 char *line[] = {"(", "category", "c0", ")",
537 "(", "category", "c3", ")",
538 "(", "categoryorder", "(", "c5", ")", ")", NULL};
539
540 struct cil_tree *test_tree;
541 gen_test_tree(&test_tree, line);
542
543 struct cil_db *test_db;
544 cil_db_init(&test_db);
545
546 uint32_t changed = CIL_FALSE;
547 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
548
549 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
550
551 int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
552 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
553 }
554
test_cil_resolve_dominance(CuTest * tc)555 void test_cil_resolve_dominance(CuTest *tc) {
556 char *line[] = {"(", "sensitivity", "s0", ")",
557 "(", "sensitivity", "s1", ")",
558 "(", "sensitivity", "s2", ")",
559 "(", "dominance", "(", "s0", "s1", ")", NULL};
560
561 struct cil_tree *test_tree;
562 gen_test_tree(&test_tree, line);
563
564 struct cil_db *test_db;
565 cil_db_init(&test_db);
566
567 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
568
569 uint32_t changed = CIL_FALSE;
570 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
571
572 int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
573 int rc2 = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
574 CuAssertIntEquals(tc, SEPOL_OK, rc);
575 CuAssertIntEquals(tc, SEPOL_OK, rc2);
576 }
577
test_cil_resolve_dominance_neg(CuTest * tc)578 void test_cil_resolve_dominance_neg(CuTest *tc) {
579 char *line[] = {"(", "sensitivity", "s0", ")",
580 "(", "sensitivity", "s1", ")",
581 "(", "sensitivity", "s2", ")",
582 "(", "dominance", "(", "s6", ")", ")", NULL};
583
584 struct cil_tree *test_tree;
585 gen_test_tree(&test_tree, line);
586
587 struct cil_db *test_db;
588 cil_db_init(&test_db);
589
590 uint32_t changed = CIL_FALSE;
591 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
592
593 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
594
595 int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
596 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
597 }
598
test_cil_resolve_cat_list(CuTest * tc)599 void test_cil_resolve_cat_list(CuTest *tc) {
600 char *line[] = {"(", "category", "c0", ")",
601 "(", "category", "c1", ")",
602 "(", "category", "c2", ")",
603 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
604
605 struct cil_tree *test_tree;
606 gen_test_tree(&test_tree, line);
607
608 struct cil_db *test_db;
609 cil_db_init(&test_db);
610
611 uint32_t changed = CIL_FALSE;
612 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
613
614 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
615
616 struct cil_list *test_cat_list;
617 cil_list_init(&test_cat_list);
618
619 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
620
621 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
622 CuAssertIntEquals(tc, SEPOL_OK, rc);
623 }
624
test_cil_resolve_cat_list_catlistnull_neg(CuTest * tc)625 void test_cil_resolve_cat_list_catlistnull_neg(CuTest *tc) {
626 char *line[] = {"(", "category", "c0", ")",
627 "(", "category", "c1", ")",
628 "(", "category", "c2", ")",
629 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
630
631 struct cil_tree *test_tree;
632 gen_test_tree(&test_tree, line);
633
634 struct cil_db *test_db;
635 cil_db_init(&test_db);
636
637 uint32_t changed = CIL_FALSE;
638 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
639
640 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
641
642 struct cil_list *test_cat_list;
643 cil_list_init(&test_cat_list);
644
645 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
646 test_catset->cat_list_str = NULL;
647
648 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
649 CuAssertIntEquals(tc, SEPOL_ERR, rc);
650 }
651
test_cil_resolve_cat_list_rescatlistnull_neg(CuTest * tc)652 void test_cil_resolve_cat_list_rescatlistnull_neg(CuTest *tc) {
653 char *line[] = {"(", "category", "c0", ")",
654 "(", "category", "c1", ")",
655 "(", "category", "c2", ")",
656 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
657
658 struct cil_tree *test_tree;
659 gen_test_tree(&test_tree, line);
660
661 struct cil_db *test_db;
662 cil_db_init(&test_db);
663
664 uint32_t changed = CIL_FALSE;
665 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
666
667 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
668
669 struct cil_list *test_cat_list = NULL;
670
671 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
672
673 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
674 CuAssertIntEquals(tc, SEPOL_ERR, rc);
675 }
676
test_cil_resolve_cat_list_catrange(CuTest * tc)677 void test_cil_resolve_cat_list_catrange(CuTest *tc) {
678 char *line[] = {"(", "category", "c0", ")",
679 "(", "category", "c1", ")",
680 "(", "category", "c2", ")",
681 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
682 "(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
683
684 struct cil_tree *test_tree;
685 gen_test_tree(&test_tree, line);
686
687 struct cil_db *test_db;
688 cil_db_init(&test_db);
689
690 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
691
692 uint32_t changed = CIL_FALSE;
693 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
694
695 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
696 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
697
698 struct cil_list *test_cat_list;
699 cil_list_init(&test_cat_list);
700
701 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
702
703 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
704 CuAssertIntEquals(tc, SEPOL_OK, rc);
705 }
706
test_cil_resolve_cat_list_catrange_neg(CuTest * tc)707 void test_cil_resolve_cat_list_catrange_neg(CuTest *tc) {
708 char *line[] = {"(", "category", "c0", ")",
709 "(", "category", "c1", ")",
710 "(", "category", "c2", ")",
711 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
712 "(", "categoryset", "somecats", "(", "c0", "(", "c2", "c1", ")", ")", ")", NULL};
713
714 struct cil_tree *test_tree;
715 gen_test_tree(&test_tree, line);
716
717 struct cil_db *test_db;
718 cil_db_init(&test_db);
719
720 uint32_t changed = CIL_FALSE;
721 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
722
723 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
724
725 struct cil_list *test_cat_list;
726 cil_list_init(&test_cat_list);
727
728 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
729
730 args->pass = CIL_PASS_MLS;
731
732 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
733
734 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
735 CuAssertIntEquals(tc, SEPOL_ERR, rc);
736 }
737
test_cil_resolve_cat_list_catname_neg(CuTest * tc)738 void test_cil_resolve_cat_list_catname_neg(CuTest *tc) {
739 char *line[] = {"(", "category", "c5", ")",
740 "(", "category", "c6", ")",
741 "(", "category", "c7", ")",
742 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
743 "(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
744
745 struct cil_tree *test_tree;
746 gen_test_tree(&test_tree, line);
747
748 struct cil_db *test_db;
749 cil_db_init(&test_db);
750
751 uint32_t changed = CIL_FALSE;
752 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
753
754 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
755
756 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
757
758 args->pass = CIL_PASS_MLS;
759 struct cil_list *test_cat_list;
760 cil_list_init(&test_cat_list);
761
762 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
763
764 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
765 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
766 }
767
test_cil_resolve_catset(CuTest * tc)768 void test_cil_resolve_catset(CuTest *tc) {
769 char *line[] = {"(", "category", "c0", ")",
770 "(", "category", "c1", ")",
771 "(", "category", "c2", ")",
772 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
773
774 struct cil_tree *test_tree;
775 gen_test_tree(&test_tree, line);
776
777 struct cil_db *test_db;
778 cil_db_init(&test_db);
779
780 uint32_t changed = CIL_FALSE;
781 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
782
783 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
784
785 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
786
787 int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
788 CuAssertIntEquals(tc, SEPOL_OK, rc);
789 }
790
test_cil_resolve_catset_catlist_neg(CuTest * tc)791 void test_cil_resolve_catset_catlist_neg(CuTest *tc) {
792 char *line[] = {"(", "category", "c0", ")",
793 "(", "category", "c1", ")",
794 "(", "category", "c2", ")",
795 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", "c4", ")", ")", NULL};
796
797 struct cil_tree *test_tree;
798 gen_test_tree(&test_tree, line);
799
800 struct cil_db *test_db;
801 cil_db_init(&test_db);
802
803 uint32_t changed = CIL_FALSE;
804 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
805
806 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
807
808 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
809
810 int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
811 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
812 }
813
test_cil_resolve_catrange(CuTest * tc)814 void test_cil_resolve_catrange(CuTest *tc) {
815 char *line[] = {"(", "category", "c0", ")",
816 "(", "category", "c255", ")",
817 "(", "categoryorder", "(", "c0", "c255", ")", ")",
818 "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
819
820 struct cil_tree *test_tree;
821 gen_test_tree(&test_tree, line);
822
823 struct cil_db *test_db;
824 cil_db_init(&test_db);
825
826 uint32_t changed = CIL_FALSE;
827 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
828
829 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
830 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
831 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
832
833 args->pass = CIL_PASS_MLS;
834
835 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
836 CuAssertIntEquals(tc, SEPOL_OK, rc);
837 }
838
test_cil_resolve_catrange_catloworder_neg(CuTest * tc)839 void test_cil_resolve_catrange_catloworder_neg(CuTest *tc) {
840 char *line[] = {"(", "category", "c0", ")",
841 "(", "category", "c255", ")",
842 "(", "categoryorder", "(", "c0", "c255", ")", ")",
843 "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
844
845 struct cil_tree *test_tree;
846 gen_test_tree(&test_tree, line);
847
848 struct cil_db *test_db;
849 cil_db_init(&test_db);
850
851 uint32_t changed = CIL_FALSE;
852 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
853
854 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
855 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
856 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
857
858 test_db->catorder->head = test_db->catorder->head->next;
859 test_db->catorder->head->next = NULL;
860
861 args->pass = CIL_PASS_MLS;
862
863 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
864 CuAssertIntEquals(tc, SEPOL_ERR, rc);
865 }
866
test_cil_resolve_catrange_cathighorder_neg(CuTest * tc)867 void test_cil_resolve_catrange_cathighorder_neg(CuTest *tc) {
868 char *line[] = {"(", "category", "c0", ")",
869 "(", "category", "c255", ")",
870 "(", "categoryorder", "(", "c0", "c255", ")", ")",
871 "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
872
873 struct cil_tree *test_tree;
874 gen_test_tree(&test_tree, line);
875
876 struct cil_db *test_db;
877 cil_db_init(&test_db);
878
879 uint32_t changed = CIL_FALSE;
880 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
881
882 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
883 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
884 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
885
886 args->pass = CIL_PASS_MLS;
887
888 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
889 CuAssertIntEquals(tc, SEPOL_ERR, rc);
890 }
891
test_cil_resolve_catrange_cat1_neg(CuTest * tc)892 void test_cil_resolve_catrange_cat1_neg(CuTest *tc) {
893 char *line[] = {"(", "category", "c0", ")",
894 "(", "category", "c255", ")",
895 "(", "categoryorder", "(", "c0", "c255", ")", ")",
896 "(", "categoryrange", "range", "(", "c12", "c255", ")", ")", NULL};
897
898 struct cil_tree *test_tree;
899 gen_test_tree(&test_tree, line);
900
901 struct cil_db *test_db;
902 cil_db_init(&test_db);
903
904 uint32_t changed = CIL_FALSE;
905 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
906
907 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
908 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
909 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
910
911 args->pass = CIL_PASS_MLS;
912
913 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
914 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
915 }
916
test_cil_resolve_catrange_cat2_neg(CuTest * tc)917 void test_cil_resolve_catrange_cat2_neg(CuTest *tc) {
918 char *line[] = {"(", "category", "c0", ")",
919 "(", "category", "c255", ")",
920 "(", "categoryorder", "(", "c0", "c255", ")", ")",
921 "(", "categoryrange", "range", "(", "c0", "c23", ")", ")", NULL};
922
923 struct cil_tree *test_tree;
924 gen_test_tree(&test_tree, line);
925
926 struct cil_db *test_db;
927 cil_db_init(&test_db);
928
929 uint32_t changed = CIL_FALSE;
930 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
931
932 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
933 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
934 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
935
936 args->pass = CIL_PASS_MLS;
937
938 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
939 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
940 }
941
test_cil_resolve_senscat(CuTest * tc)942 void test_cil_resolve_senscat(CuTest *tc) {
943 char *line[] = {"(", "sensitivity", "s0", ")",
944 "(", "sensitivity", "s1", ")",
945 "(", "dominance", "(", "s0", "s1", ")", ")",
946 "(", "category", "c0", ")",
947 "(", "category", "c255", ")",
948 "(", "categoryorder", "(", "c0", "c255", ")", ")",
949 "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
950
951 struct cil_tree *test_tree;
952 gen_test_tree(&test_tree, line);
953
954 struct cil_db *test_db;
955 cil_db_init(&test_db);
956
957 uint32_t changed = CIL_FALSE;
958 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
959
960 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
961
962 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
963 CuAssertIntEquals(tc, SEPOL_OK, rc);
964 }
965
test_cil_resolve_senscat_catrange_neg(CuTest * tc)966 void test_cil_resolve_senscat_catrange_neg(CuTest *tc) {
967 char *line[] = {"(", "sensitivity", "s0", ")",
968 "(", "sensitivity", "s1", ")",
969 "(", "dominance", "(", "s0", "s1", ")", ")",
970 "(", "category", "c0", ")",
971 "(", "category", "c255", ")",
972 "(", "category", "c500", ")",
973 "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
974 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c255", "c5", ")", ")", ")", NULL};
975
976 struct cil_tree *test_tree;
977 gen_test_tree(&test_tree, line);
978
979 struct cil_db *test_db;
980 cil_db_init(&test_db);
981
982 uint32_t changed = CIL_FALSE;
983 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
984
985 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
986
987 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
988
989 args->pass = CIL_PASS_MLS;
990
991 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
992 CuAssertIntEquals(tc, SEPOL_ERR, rc);
993 }
994
test_cil_resolve_senscat_catsetname(CuTest * tc)995 void test_cil_resolve_senscat_catsetname(CuTest *tc) {
996 char *line[] = {"(", "sensitivity", "s0", ")",
997 "(", "sensitivity", "s1", ")",
998 "(", "category", "c0", ")",
999 "(", "category", "c255", ")",
1000 "(", "category", "c500", ")",
1001 "(", "categoryset", "foo", "(", "c0", "c255", "c500", ")", ")",
1002 "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
1003 "(", "sensitivitycategory", "s1", "foo", ")", NULL};
1004
1005 struct cil_tree *test_tree;
1006 gen_test_tree(&test_tree, line);
1007
1008 struct cil_db *test_db;
1009 cil_db_init(&test_db);
1010
1011 uint32_t changed = CIL_FALSE;
1012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1013
1014 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1015
1016 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1017 cil_resolve_catset(test_db->ast->root->cl_head->next->next->next->next->next, test_catset, args);
1018
1019 args->pass = CIL_PASS_MISC2;
1020
1021 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1022 CuAssertIntEquals(tc, SEPOL_OK, rc);
1023 }
1024
test_cil_resolve_senscat_catsetname_neg(CuTest * tc)1025 void test_cil_resolve_senscat_catsetname_neg(CuTest *tc) {
1026 char *line[] = {"(", "sensitivity", "s0", ")",
1027 "(", "sensitivity", "s1", ")",
1028 "(", "category", "c0", ")",
1029 "(", "category", "c255", ")",
1030 "(", "category", "c500", ")",
1031 "(", "sensitivitycategory", "s1", "foo", ")", NULL};
1032
1033 struct cil_tree *test_tree;
1034 gen_test_tree(&test_tree, line);
1035
1036 struct cil_db *test_db;
1037 cil_db_init(&test_db);
1038
1039 uint32_t changed = CIL_FALSE;
1040 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1041
1042 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1043
1044 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
1045 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1046 }
1047
test_cil_resolve_senscat_sublist(CuTest * tc)1048 void test_cil_resolve_senscat_sublist(CuTest *tc) {
1049 char *line[] = {"(", "sensitivity", "s0", ")",
1050 "(", "sensitivity", "s1", ")",
1051 "(", "dominance", "(", "s0", "s1", ")", ")",
1052 "(", "category", "c0", ")",
1053 "(", "category", "c1", ")",
1054 "(", "category", "c255", ")",
1055 "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
1056 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
1057
1058 struct cil_tree *test_tree;
1059 gen_test_tree(&test_tree, line);
1060
1061 struct cil_db *test_db;
1062 cil_db_init(&test_db);
1063
1064 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1065
1066 uint32_t changed = CIL_FALSE;
1067 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1068
1069 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
1070 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
1071
1072 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1073 CuAssertIntEquals(tc, SEPOL_OK, rc);
1074 }
1075
test_cil_resolve_senscat_missingsens_neg(CuTest * tc)1076 void test_cil_resolve_senscat_missingsens_neg(CuTest *tc) {
1077 char *line[] = {"(", "sensitivity", "s0", ")",
1078 "(", "dominance", "(", "s0", "s1", ")", ")",
1079 "(", "category", "c0", ")",
1080 "(", "category", "c255", ")",
1081 "(", "categoryorder", "(", "c0", "c255", ")", ")",
1082 "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
1083
1084 struct cil_tree *test_tree;
1085 gen_test_tree(&test_tree, line);
1086
1087 struct cil_db *test_db;
1088 cil_db_init(&test_db);
1089
1090 uint32_t changed = CIL_FALSE;
1091 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1092
1093 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1094
1095 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
1096 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1097 }
1098
test_cil_resolve_senscat_category_neg(CuTest * tc)1099 void test_cil_resolve_senscat_category_neg(CuTest *tc) {
1100 char *line[] = {"(", "sensitivity", "s0", ")",
1101 "(", "sensitivity", "s1", ")",
1102 "(", "dominance", "(", "s0", "s1", ")", ")",
1103 "(", "category", "c0", ")",
1104 "(", "category", "c255", ")",
1105 "(", "categoryorder", "(", "c0", "c255", ")", ")",
1106 "(", "sensitivitycategory", "s1", "(", "c5", "c255", ")", ")", NULL};
1107
1108 struct cil_tree *test_tree;
1109 gen_test_tree(&test_tree, line);
1110
1111 struct cil_db *test_db;
1112 cil_db_init(&test_db);
1113
1114 uint32_t changed = CIL_FALSE;
1115 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1116
1117 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1118
1119 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1120 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1121 }
1122
test_cil_resolve_senscat_currrangecat(CuTest * tc)1123 void test_cil_resolve_senscat_currrangecat(CuTest *tc) {
1124 char *line[] = {"(", "sensitivity", "s0", ")",
1125 "(", "sensitivity", "s1", ")",
1126 "(", "dominance", "(", "s0", "s1", ")", ")",
1127 "(", "category", "c0", ")",
1128 "(", "category", "c1", ")",
1129 "(", "category", "c255", ")",
1130 "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
1131 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
1132
1133 struct cil_tree *test_tree;
1134 gen_test_tree(&test_tree, line);
1135
1136 struct cil_db *test_db;
1137 cil_db_init(&test_db);
1138
1139 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1140
1141 uint32_t changed = CIL_FALSE;
1142 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1143
1144 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
1145 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
1146 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
1147
1148 args->pass = CIL_PASS_MISC2;
1149
1150 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1151 CuAssertIntEquals(tc, SEPOL_OK, rc);
1152 }
1153
test_cil_resolve_level(CuTest * tc)1154 void test_cil_resolve_level(CuTest *tc) {
1155 char *line[] = {"(", "category", "c0", ")",
1156 "(", "categoryorder", "(", "c0", ")", ")",
1157 "(", "sensitivity", "s0", ")",
1158 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1159 "(", "type", "blah_t", ")",
1160 "(", "role", "blah_r", ")",
1161 "(", "user", "blah_u", ")",
1162 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1163 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1164 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1165
1166 struct cil_tree *test_tree;
1167 gen_test_tree(&test_tree, line);
1168
1169 struct cil_db *test_db;
1170 cil_db_init(&test_db);
1171
1172 uint32_t changed = CIL_FALSE;
1173 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1174
1175 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1176
1177 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1178
1179 args->pass = CIL_PASS_MISC3;
1180
1181 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1182 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1183 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1184 CuAssertIntEquals(tc, SEPOL_OK, rc);
1185 CuAssertIntEquals(tc, SEPOL_OK, rc2);
1186 }
1187
test_cil_resolve_level_catlist(CuTest * tc)1188 void test_cil_resolve_level_catlist(CuTest *tc) {
1189 char *line[] = {"(", "category", "c0", ")",
1190 "(", "category", "c1", ")",
1191 "(", "categoryorder", "(", "c0", "c1", ")", ")",
1192 "(", "sensitivity", "s0", ")",
1193 "(", "sensitivitycategory", "s0", "(", "c0", "c1", ")", ")",
1194 "(", "type", "blah_t", ")",
1195 "(", "role", "blah_r", ")",
1196 "(", "user", "blah_u", ")",
1197 "(", "level", "low", "(", "s0", "(", "c0", "c1", ")", ")", ")",
1198 "(", "level", "high", "(", "s0", "(", "c0", "c1", ")", ")", ")",
1199 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1200
1201 struct cil_tree *test_tree;
1202 gen_test_tree(&test_tree, line);
1203
1204 struct cil_db *test_db;
1205 cil_db_init(&test_db);
1206
1207 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1208
1209 uint32_t changed = CIL_FALSE;
1210 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1211
1212 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next, args);
1213
1214 args->pass = CIL_PASS_MISC3;
1215
1216 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1217 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1218 CuAssertIntEquals(tc, SEPOL_OK, rc);
1219 rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1220 CuAssertIntEquals(tc, SEPOL_OK, rc);
1221 }
1222
test_cil_resolve_level_catset(CuTest * tc)1223 void test_cil_resolve_level_catset(CuTest *tc) {
1224 char *line[] = {"(", "category", "c0", ")",
1225 "(", "category", "c1", ")",
1226 "(", "category", "c2", ")",
1227 "(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
1228 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
1229 "(", "sensitivity", "s0", ")",
1230 "(", "sensitivitycategory", "s0", "cats", ")",
1231 "(", "type", "blah_t", ")",
1232 "(", "role", "blah_r", ")",
1233 "(", "user", "blah_u", ")",
1234 "(", "level", "low", "(", "s0", "cats", ")", ")",
1235 "(", "level", "high", "(", "s0", "(", "cats", ")", ")", ")",
1236 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1237
1238 struct cil_tree *test_tree;
1239 gen_test_tree(&test_tree, line);
1240
1241 struct cil_db *test_db;
1242 cil_db_init(&test_db);
1243
1244 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1245
1246 uint32_t changed = CIL_FALSE;
1247 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1248
1249 struct cil_catset *cs = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
1250
1251 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next, args);
1252
1253 args->pass = CIL_PASS_MLS;
1254
1255 cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, cs, args);
1256
1257 args->pass = CIL_PASS_MISC2;
1258
1259 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1260
1261 args->pass = CIL_PASS_MISC3;
1262
1263 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
1264 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1265 CuAssertIntEquals(tc, SEPOL_OK, rc);
1266 }
1267
test_cil_resolve_level_catset_name_neg(CuTest * tc)1268 void test_cil_resolve_level_catset_name_neg(CuTest *tc) {
1269 char *line[] = {"(", "category", "c0", ")",
1270 "(", "category", "c1", ")",
1271 "(", "category", "c2", ")",
1272 "(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
1273 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
1274 "(", "sensitivity", "s0", ")",
1275 "(", "sensitivitycategory", "s0", "cats", ")",
1276 "(", "type", "blah_t", ")",
1277 "(", "role", "blah_r", ")",
1278 "(", "user", "blah_u", ")",
1279 "(", "level", "low", "(", "s0", "dne", ")", ")",
1280 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1281 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1282
1283 struct cil_tree *test_tree;
1284 gen_test_tree(&test_tree, line);
1285
1286 struct cil_db *test_db;
1287 cil_db_init(&test_db);
1288
1289 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1290
1291 uint32_t changed = CIL_FALSE;
1292 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1293
1294 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1295
1296 args->pass = CIL_PASS_MISC3;
1297
1298 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
1299 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1300 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1301 }
1302
test_cil_resolve_level_sens_neg(CuTest * tc)1303 void test_cil_resolve_level_sens_neg(CuTest *tc) {
1304 char *line[] = {"(", "category", "c0", ")",
1305 "(", "categoryorder", "(", "c0", ")", ")",
1306 "(", "sensitivity", "s0", ")",
1307 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1308 "(", "type", "blah_t", ")",
1309 "(", "role", "blah_r", ")",
1310 "(", "user", "blah_u", ")",
1311 "(", "level", "low", "(", "s1", "(", "c0", ")", ")", ")",
1312 "(", "level", "high", "(", "s1", "(", "c0", ")", ")", ")",
1313 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1314
1315 struct cil_tree *test_tree;
1316 gen_test_tree(&test_tree, line);
1317
1318 struct cil_db *test_db;
1319 cil_db_init(&test_db);
1320
1321 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1322
1323 uint32_t changed = CIL_FALSE;
1324 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1325
1326 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1327 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1328
1329 args->pass = CIL_PASS_MISC3;
1330
1331 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1332 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1333 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1334 CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
1335 }
1336
test_cil_resolve_level_cat_neg(CuTest * tc)1337 void test_cil_resolve_level_cat_neg(CuTest *tc) {
1338 char *line[] = {"(", "category", "c0", ")",
1339 "(", "categoryorder", "(", "c0", ")", ")",
1340 "(", "sensitivity", "s0", ")",
1341 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1342 "(", "type", "blah_t", ")",
1343 "(", "role", "blah_r", ")",
1344 "(", "user", "blah_u", ")",
1345 "(", "level", "low", "(", "s0", "(", "c1", ")", ")", ")",
1346 "(", "level", "high", "(", "s0", "(", "c1", ")", ")", ")",
1347 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1348
1349 struct cil_tree *test_tree;
1350 gen_test_tree(&test_tree, line);
1351
1352 struct cil_db *test_db;
1353 cil_db_init(&test_db);
1354
1355 uint32_t changed = CIL_FALSE;
1356 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1357
1358 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1359
1360 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1361 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1362
1363 args->pass = CIL_PASS_MISC3;
1364 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1365 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1366 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1367 CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
1368 }
1369
test_cil_resolve_level_senscat_neg(CuTest * tc)1370 void test_cil_resolve_level_senscat_neg(CuTest *tc) {
1371 char *line[] = {"(", "category", "c0", ")",
1372 "(", "categoryorder", "(", "c0", ")", ")",
1373 "(", "sensitivity", "s0", ")",
1374 "(", "sensitivitycategory", "s1", "(", "c0", ")", ")",
1375 "(", "type", "blah_t", ")",
1376 "(", "role", "blah_r", ")",
1377 "(", "user", "blah_u", ")",
1378 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1379 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1380 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1381
1382 struct cil_tree *test_tree;
1383 gen_test_tree(&test_tree, line);
1384
1385 struct cil_db *test_db;
1386 cil_db_init(&test_db);
1387
1388 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1389
1390 uint32_t changed = CIL_FALSE;
1391 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1392
1393 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1394 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1395
1396 args->pass = CIL_PASS_MISC3;
1397 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1398 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1399 CuAssertIntEquals(tc, SEPOL_ERR, rc);
1400 CuAssertIntEquals(tc, SEPOL_ERR, rc2);
1401 }
1402
test_cil_resolve_levelrange_namedlvl(CuTest * tc)1403 void test_cil_resolve_levelrange_namedlvl(CuTest *tc) {
1404 char *line[] = {"(", "category", "c0", ")",
1405 "(", "sensitivity", "s0", ")",
1406 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1407 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1408 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1409 "(", "levelrange", "range", "(", "low", "high", ")", ")", NULL};
1410
1411 struct cil_tree *test_tree;
1412 gen_test_tree(&test_tree, line);
1413
1414 struct cil_db *test_db;
1415 cil_db_init(&test_db);
1416
1417 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1418
1419 uint32_t changed = CIL_FALSE;
1420 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1421
1422 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1423
1424 args->pass = CIL_PASS_MISC3;
1425
1426 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1427
1428 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1429 CuAssertIntEquals(tc, SEPOL_OK, rc);
1430 }
1431
test_cil_resolve_levelrange_namedlvl_low_neg(CuTest * tc)1432 void test_cil_resolve_levelrange_namedlvl_low_neg(CuTest *tc) {
1433 char *line[] = {"(", "category", "c0", ")",
1434 "(", "sensitivity", "s0", ")",
1435 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1436 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1437 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1438 "(", "levelrange", "range", "(", "DNE", "high", ")", ")", NULL};
1439
1440 struct cil_tree *test_tree;
1441 gen_test_tree(&test_tree, line);
1442
1443 struct cil_db *test_db;
1444 cil_db_init(&test_db);
1445
1446 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1447
1448 uint32_t changed = CIL_FALSE;
1449 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1450
1451 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1452
1453 args->pass = CIL_PASS_MISC3;
1454
1455 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1456
1457 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1458 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1459 }
1460
test_cil_resolve_levelrange_namedlvl_high_neg(CuTest * tc)1461 void test_cil_resolve_levelrange_namedlvl_high_neg(CuTest *tc) {
1462 char *line[] = {"(", "category", "c0", ")",
1463 "(", "sensitivity", "s0", ")",
1464 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1465 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1466 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1467 "(", "levelrange", "range", "(", "low", "DNE", ")", ")", NULL};
1468
1469 struct cil_tree *test_tree;
1470 gen_test_tree(&test_tree, line);
1471
1472 struct cil_db *test_db;
1473 cil_db_init(&test_db);
1474
1475 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1476
1477 uint32_t changed = CIL_FALSE;
1478 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1479
1480 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1481
1482 args->pass = CIL_PASS_MISC3;
1483
1484 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1485
1486 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1487 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1488 }
1489
test_cil_resolve_levelrange_anonlvl(CuTest * tc)1490 void test_cil_resolve_levelrange_anonlvl(CuTest *tc) {
1491 char *line[] = {"(", "category", "c0", ")",
1492 "(", "sensitivity", "s0", ")",
1493 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1494 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
1495
1496 struct cil_tree *test_tree;
1497 gen_test_tree(&test_tree, line);
1498
1499 struct cil_db *test_db;
1500 cil_db_init(&test_db);
1501
1502 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1503
1504 uint32_t changed = CIL_FALSE;
1505 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1506
1507 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1508
1509 args->pass = CIL_PASS_MISC3;
1510
1511 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1512
1513 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1514 CuAssertIntEquals(tc, SEPOL_OK, rc);
1515 }
1516
test_cil_resolve_levelrange_anonlvl_low_neg(CuTest * tc)1517 void test_cil_resolve_levelrange_anonlvl_low_neg(CuTest *tc) {
1518 char *line[] = {"(", "category", "c0", ")",
1519 "(", "sensitivity", "s0", ")",
1520 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1521 "(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
1522
1523 struct cil_tree *test_tree;
1524 gen_test_tree(&test_tree, line);
1525
1526 struct cil_db *test_db;
1527 cil_db_init(&test_db);
1528
1529 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1530
1531 uint32_t changed = CIL_FALSE;
1532 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1533
1534 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1535
1536 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1537
1538 args->pass = CIL_PASS_MISC3;
1539
1540 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1541 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1542 }
1543
test_cil_resolve_levelrange_anonlvl_high_neg(CuTest * tc)1544 void test_cil_resolve_levelrange_anonlvl_high_neg(CuTest *tc) {
1545 char *line[] = {"(", "category", "c0", ")",
1546 "(", "sensitivity", "s0", ")",
1547 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1548 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "dne", "(", "c0", ")", ")", ")", ")", NULL};
1549
1550 struct cil_tree *test_tree;
1551 gen_test_tree(&test_tree, line);
1552
1553 struct cil_db *test_db;
1554 cil_db_init(&test_db);
1555
1556 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1557
1558 uint32_t changed = CIL_FALSE;
1559 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1560
1561 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1562
1563 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1564
1565 args->pass = CIL_PASS_MISC3;
1566
1567 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1568 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1569 }
1570
test_cil_resolve_constrain(CuTest * tc)1571 void test_cil_resolve_constrain(CuTest *tc) {
1572 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
1573 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
1574 "(", "sensitivity", "s0", ")",
1575 "(", "category", "c1", ")",
1576 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1577 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1578 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1579
1580 struct cil_tree *test_tree;
1581 gen_test_tree(&test_tree, line);
1582
1583 struct cil_db *test_db;
1584 cil_db_init(&test_db);
1585
1586 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1587
1588 uint32_t changed = CIL_FALSE;
1589 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1590
1591 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1592 CuAssertIntEquals(tc, SEPOL_OK, rc);
1593 }
1594
test_cil_resolve_constrain_class_neg(CuTest * tc)1595 void test_cil_resolve_constrain_class_neg(CuTest *tc) {
1596 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
1597 "(", "sensitivity", "s0", ")",
1598 "(", "category", "c1", ")",
1599 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1600 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1601 "(", "mlsconstrain", "(", "foo", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1602
1603 struct cil_tree *test_tree;
1604 gen_test_tree(&test_tree, line);
1605
1606 struct cil_db *test_db;
1607 cil_db_init(&test_db);
1608
1609 uint32_t changed = CIL_FALSE;
1610 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1611
1612 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1613
1614 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next, args);
1615 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1616 }
1617
test_cil_resolve_constrain_perm_neg(CuTest * tc)1618 void test_cil_resolve_constrain_perm_neg(CuTest *tc) {
1619 char *line[] = {"(", "class", "file", "(", "create", ")", ")",
1620 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
1621 "(", "sensitivity", "s0", ")",
1622 "(", "category", "c1", ")",
1623 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1624 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1625 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1626
1627 struct cil_tree *test_tree;
1628 gen_test_tree(&test_tree, line);
1629
1630 struct cil_db *test_db;
1631 cil_db_init(&test_db);
1632
1633 uint32_t changed = CIL_FALSE;
1634 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1635
1636 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1637
1638 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1639 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1640 }
1641
test_cil_resolve_constrain_perm_resolve_neg(CuTest * tc)1642 void test_cil_resolve_constrain_perm_resolve_neg(CuTest *tc) {
1643 char *line[] = {"(", "sensitivity", "s0", ")",
1644 "(", "category", "c1", ")",
1645 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1646 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1647 "(", "mlsconstrain", "(", "file", "(", "foo", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1648
1649 struct cil_tree *test_tree;
1650 gen_test_tree(&test_tree, line);
1651
1652 struct cil_db *test_db;
1653 cil_db_init(&test_db);
1654
1655 uint32_t changed = CIL_FALSE;
1656 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1657
1658 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1659
1660 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next, args);
1661 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1662 }
1663
test_cil_resolve_context(CuTest * tc)1664 void test_cil_resolve_context(CuTest *tc) {
1665 char *line[] = {"(", "sensitivity", "s0", ")",
1666 "(", "category", "c0", ")",
1667 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1668 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1669 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1670 "(", "user", "system_u", ")",
1671 "(", "role", "object_r", ")",
1672 "(", "type", "netif_t", ")",
1673 "(", "context", "con",
1674 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1675
1676 struct cil_tree *test_tree;
1677 gen_test_tree(&test_tree, line);
1678
1679 struct cil_db *test_db;
1680 cil_db_init(&test_db);
1681
1682 uint32_t changed = CIL_FALSE;
1683 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1684
1685 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1686
1687 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
1688
1689 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
1690 CuAssertIntEquals(tc, SEPOL_OK, rc);
1691 }
1692
test_cil_resolve_context_macro(CuTest * tc)1693 void test_cil_resolve_context_macro(CuTest *tc) {
1694 char *line[] = {"(", "sensitivity", "s0", ")",
1695 "(", "category", "c0", ")",
1696 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1697 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1698 "(", "user", "system_u", ")",
1699 "(", "role", "object_r", ")",
1700 "(", "type", "netif_t", ")",
1701 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
1702 "(", "context", "con",
1703 "(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
1704 "(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
1705
1706 struct cil_tree *test_tree;
1707 gen_test_tree(&test_tree, line);
1708
1709 struct cil_db *test_db;
1710 cil_db_init(&test_db);
1711
1712 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1713
1714 uint32_t changed = CIL_FALSE;
1715 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
1716
1717 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
1718
1719 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1720
1721 args->pass = CIL_PASS_CALL2;
1722
1723 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1724
1725 args->pass = CIL_PASS_MISC2;
1726
1727 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1728
1729 args->pass = CIL_PASS_MISC3;
1730 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1731
1732 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args);
1733 CuAssertIntEquals(tc, SEPOL_OK, rc);
1734 CuAssertIntEquals(tc, SEPOL_OK, rc2);
1735 CuAssertIntEquals(tc, SEPOL_OK, rc3);
1736 }
1737
test_cil_resolve_context_macro_neg(CuTest * tc)1738 void test_cil_resolve_context_macro_neg(CuTest *tc) {
1739 char *line[] = {"(", "sensitivity", "s0", ")",
1740 "(", "category", "c0", ")",
1741 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1742 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1743 "(", "user", "system_u", ")",
1744 "(", "role", "object_r", ")",
1745 "(", "type", "netif_t", ")",
1746 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
1747 "(", "context", "con",
1748 "(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
1749 "(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "DNE", ")", ")", ")", ")", NULL};
1750
1751 struct cil_tree *test_tree;
1752 gen_test_tree(&test_tree, line);
1753
1754 struct cil_db *test_db;
1755 cil_db_init(&test_db);
1756
1757 uint32_t changed = CIL_FALSE;
1758 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
1759
1760 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1761
1762 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
1763
1764 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1765
1766 args->pass = CIL_PASS_CALL2;
1767
1768 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1769
1770 args->pass = CIL_PASS_CALL2;
1771
1772 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1773
1774 args->pass = CIL_PASS_MISC3;
1775 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1776
1777 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args);
1778 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1779 CuAssertIntEquals(tc, SEPOL_OK, rc2);
1780 CuAssertIntEquals(tc, SEPOL_OK, rc3);
1781 }
1782
test_cil_resolve_context_namedrange(CuTest * tc)1783 void test_cil_resolve_context_namedrange(CuTest *tc) {
1784 char *line[] = {"(", "sensitivity", "s0", ")",
1785 "(", "category", "c0", ")",
1786 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1787 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1788 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1789 "(", "levelrange", "range", "(", "low", "high", ")", ")",
1790 "(", "user", "system_u", ")",
1791 "(", "role", "object_r", ")",
1792 "(", "type", "netif_t", ")",
1793 "(", "context", "con",
1794 "(", "system_u", "object_r", "netif_t", "range", ")", ")", NULL};
1795
1796 struct cil_tree *test_tree;
1797 gen_test_tree(&test_tree, line);
1798
1799 struct cil_db *test_db;
1800 cil_db_init(&test_db);
1801
1802 uint32_t changed = CIL_FALSE;
1803 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1804
1805 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1806
1807 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
1808
1809 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
1810 CuAssertIntEquals(tc, SEPOL_OK, rc);
1811 }
1812
test_cil_resolve_context_namedrange_neg(CuTest * tc)1813 void test_cil_resolve_context_namedrange_neg(CuTest *tc) {
1814 char *line[] = {"(", "sensitivity", "s0", ")",
1815 "(", "category", "c0", ")",
1816 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1817 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1818 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1819 "(", "levelrange", "range", "(", "low", "high", ")", ")",
1820 "(", "user", "system_u", ")",
1821 "(", "role", "object_r", ")",
1822 "(", "type", "netif_t", ")",
1823 "(", "context", "con",
1824 "(", "system_u", "object_r", "netif_t", "DNE", ")", ")", NULL};
1825
1826 struct cil_tree *test_tree;
1827 gen_test_tree(&test_tree, line);
1828
1829 struct cil_db *test_db;
1830 cil_db_init(&test_db);
1831
1832 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1833
1834 uint32_t changed = CIL_FALSE;
1835 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1836
1837 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
1838
1839 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
1840 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1841 }
1842
test_cil_resolve_context_user_neg(CuTest * tc)1843 void test_cil_resolve_context_user_neg(CuTest *tc) {
1844 char *line[] = {"(", "sensitivity", "s0", ")",
1845 "(", "category", "c0", ")",
1846 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1847 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1848 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1849 "(", "role", "object_r", ")",
1850 "(", "type", "netif_t", ")",
1851 "(", "context", "con",
1852 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1853
1854 struct cil_tree *test_tree;
1855 gen_test_tree(&test_tree, line);
1856
1857 struct cil_db *test_db;
1858 cil_db_init(&test_db);
1859
1860 uint32_t changed = CIL_FALSE;
1861 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1862
1863 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1864
1865 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1866
1867 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1868 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1869 }
1870
test_cil_resolve_context_role_neg(CuTest * tc)1871 void test_cil_resolve_context_role_neg(CuTest *tc) {
1872 char *line[] = {"(", "sensitivity", "s0", ")",
1873 "(", "category", "c0", ")",
1874 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1875 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1876 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1877 "(", "user", "system_u", ")",
1878 "(", "type", "netif_t", ")",
1879 "(", "context", "con",
1880 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1881
1882 struct cil_tree *test_tree;
1883 gen_test_tree(&test_tree, line);
1884
1885 struct cil_db *test_db;
1886 cil_db_init(&test_db);
1887
1888 uint32_t changed = CIL_FALSE;
1889 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1890
1891 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1892
1893 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1894
1895 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1896 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1897 }
1898
test_cil_resolve_context_type_neg(CuTest * tc)1899 void test_cil_resolve_context_type_neg(CuTest *tc) {
1900 char *line[] = {"(", "sensitivity", "s0", ")",
1901 "(", "category", "c0", ")",
1902 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1903 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1904 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1905 "(", "user", "system_u", ")",
1906 "(", "role", "object_r", ")",
1907 "(", "context", "con",
1908 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1909
1910 struct cil_tree *test_tree;
1911 gen_test_tree(&test_tree, line);
1912
1913 struct cil_db *test_db;
1914 cil_db_init(&test_db);
1915
1916 uint32_t changed = CIL_FALSE;
1917 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1918
1919 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1920
1921 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1922
1923 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1924 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1925 }
1926
test_cil_resolve_context_anon_level_neg(CuTest * tc)1927 void test_cil_resolve_context_anon_level_neg(CuTest *tc) {
1928 char *line[] = {"(", "sensitivity", "s0", ")",
1929 "(", "category", "c0", ")",
1930 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1931 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1932 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1933 "(", "user", "system_u", ")",
1934 "(", "role", "object_r", ")",
1935 "(", "type", "netif_t", ")",
1936 "(", "context", "con",
1937 "(", "system_u", "object_r", "netif_t", "(", "DNE", "high", ")", ")", ")", NULL};
1938
1939 struct cil_tree *test_tree;
1940 gen_test_tree(&test_tree, line);
1941
1942 struct cil_db *test_db;
1943 cil_db_init(&test_db);
1944
1945 uint32_t changed = CIL_FALSE;
1946 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1947
1948 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1949
1950 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1951
1952 args->pass = CIL_PASS_MISC3;
1953
1954 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
1955
1956 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
1957 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1958 }
1959
test_cil_resolve_roletransition(CuTest * tc)1960 void test_cil_resolve_roletransition(CuTest *tc) {
1961 char *line[] = {"(", "role", "foo_r", ")",
1962 "(", "type", "bar_t", ")",
1963 "(", "role", "foobar_r", ")",
1964 "(", "class", "process", "(", "transition", ")", ")",
1965 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
1966
1967 struct cil_tree *test_tree;
1968 gen_test_tree(&test_tree, line);
1969
1970 struct cil_db *test_db;
1971 cil_db_init(&test_db);
1972
1973 uint32_t changed = CIL_FALSE;
1974 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1975
1976 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1977
1978 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next->next, args);
1979 CuAssertIntEquals(tc, SEPOL_OK, rc);
1980 }
1981
test_cil_resolve_roletransition_srcdecl_neg(CuTest * tc)1982 void test_cil_resolve_roletransition_srcdecl_neg(CuTest *tc) {
1983 char *line[] = {"(", "type", "bar_t", ")",
1984 "(", "role", "foobar_r", ")",
1985 "(", "class", "process", "(", "transition", ")", ")",
1986 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
1987
1988 struct cil_tree *test_tree;
1989 gen_test_tree(&test_tree, line);
1990
1991 struct cil_db *test_db;
1992 cil_db_init(&test_db);
1993
1994 uint32_t changed = CIL_FALSE;
1995 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1996
1997 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1998
1999 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2000 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2001 }
2002
test_cil_resolve_roletransition_tgtdecl_neg(CuTest * tc)2003 void test_cil_resolve_roletransition_tgtdecl_neg(CuTest *tc) {
2004 char *line[] = {"(", "role", "foo_r", ")",
2005 "(", "role", "foobar_r", ")",
2006 "(", "class", "process", "(", "transition", ")", ")",
2007 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
2008
2009 struct cil_tree *test_tree;
2010 gen_test_tree(&test_tree, line);
2011
2012 struct cil_db *test_db;
2013 cil_db_init(&test_db);
2014
2015 uint32_t changed = CIL_FALSE;
2016 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2017
2018 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2019
2020 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2021 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2022 }
2023
test_cil_resolve_roletransition_resultdecl_neg(CuTest * tc)2024 void test_cil_resolve_roletransition_resultdecl_neg(CuTest *tc) {
2025 char *line[] = {"(", "role", "foo_r", ")",
2026 "(", "type", "bar_t", ")",
2027 "(", "class", "process", "(", "transition", ")", ")",
2028 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
2029
2030 struct cil_tree *test_tree;
2031 gen_test_tree(&test_tree, line);
2032
2033 struct cil_db *test_db;
2034 cil_db_init(&test_db);
2035
2036 uint32_t changed = CIL_FALSE;
2037 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2038
2039 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2040
2041 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2042 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2043 }
2044
test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest * tc)2045 void test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest *tc) {
2046 char *line[] = {"(", "typeattribute", "attrs", ")",
2047 "(", "typeattribute", "attrs2", ")",
2048 "(", "type", "type_t", ")",
2049 "(", "typeattributeset", "attrs2", "type_t", ")",
2050 "(", "typeattributeset", "attrs", "type_t", ")", NULL};
2051
2052 struct cil_tree *test_tree;
2053 gen_test_tree(&test_tree, line);
2054
2055 struct cil_db *test_db;
2056 cil_db_init(&test_db);
2057
2058 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2059
2060 uint32_t changed = CIL_FALSE;
2061 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2062
2063 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next, args);
2064 int rc2 = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2065 CuAssertIntEquals(tc, SEPOL_OK, rc);
2066 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2067 }
2068
test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest * tc)2069 void test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest *tc) {
2070 char *line[] = {"(", "typeattribute", "attrs", ")",
2071 "(", "typeattribute", "attrs2", ")",
2072 "(", "type", "type_t", ")",
2073 "(", "type", "type_b", ")",
2074 "(", "type", "type_a", ")",
2075 "(", "typeattributeset", "attrs", "(", "and", "type_a", "type_b", ")", ")",
2076 "(", "typeattributeset", "attrs2", "(", "not", "attrs", ")", ")", NULL};
2077
2078 struct cil_tree *test_tree;
2079 gen_test_tree(&test_tree, line);
2080
2081 struct cil_db *test_db;
2082 cil_db_init(&test_db);
2083
2084 uint32_t changed = CIL_FALSE;
2085 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2086
2087 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2088
2089 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2090 CuAssertIntEquals(tc, SEPOL_OK, rc);
2091 }
2092
test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest * tc)2093 void test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest *tc) {
2094 char *line[] = {"(", "typeattribute", "attrs", ")",
2095 "(", "type", "type_t", ")",
2096 "(", "type", "type_tt", ")",
2097 "(", "typeattributeset", "attrs", "(", "and", "type_t", "type_tt", ")", ")", NULL};
2098
2099 struct cil_tree *test_tree;
2100 gen_test_tree(&test_tree, line);
2101
2102 struct cil_db *test_db;
2103 cil_db_init(&test_db);
2104
2105 uint32_t changed = CIL_FALSE;
2106 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2107
2108 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2109
2110 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2111 CuAssertIntEquals(tc, SEPOL_OK, rc);
2112 }
2113
test_cil_resolve_typeattributeset_using_attr(CuTest * tc)2114 void test_cil_resolve_typeattributeset_using_attr(CuTest *tc) {
2115 char *line[] = {"(", "typeattribute", "attrs", ")",
2116 "(", "typeattribute", "attr_a", ")",
2117 "(", "typeattributeset", "attrs", "attr_a", ")", NULL};
2118
2119 struct cil_tree *test_tree;
2120 gen_test_tree(&test_tree, line);
2121
2122 struct cil_db *test_db;
2123 cil_db_init(&test_db);
2124
2125 uint32_t changed = CIL_FALSE;
2126 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2127
2128 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2129
2130 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
2131 CuAssertIntEquals(tc, SEPOL_OK, rc);
2132 }
2133
test_cil_resolve_typeattributeset_name_neg(CuTest * tc)2134 void test_cil_resolve_typeattributeset_name_neg(CuTest *tc) {
2135 char *line[] = {"(", "type", "type_t", ")",
2136 "(", "typeattributeset", "attrs", "type_t", ")", NULL};
2137
2138 struct cil_tree *test_tree;
2139 gen_test_tree(&test_tree, line);
2140
2141 struct cil_db *test_db;
2142 cil_db_init(&test_db);
2143
2144 uint32_t changed = CIL_FALSE;
2145 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2146
2147 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2148
2149 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
2150 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2151 }
2152
test_cil_resolve_typeattributeset_undef_type_neg(CuTest * tc)2153 void test_cil_resolve_typeattributeset_undef_type_neg(CuTest *tc) {
2154 char *line[] = {"(", "typeattribute", "attrs", ")",
2155 "(", "typeattributeset", "attrs", "type_t", ")", NULL};
2156
2157 struct cil_tree *test_tree;
2158 gen_test_tree(&test_tree, line);
2159
2160 struct cil_db *test_db;
2161 cil_db_init(&test_db);
2162
2163 uint32_t changed = CIL_FALSE;
2164 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2165
2166 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2167
2168 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
2169 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2170 }
2171
test_cil_resolve_typeattributeset_not(CuTest * tc)2172 void test_cil_resolve_typeattributeset_not(CuTest *tc) {
2173 char *line[] = {"(", "typeattribute", "attrs", ")",
2174 "(", "type", "type_t", ")",
2175 "(", "type", "t_t", ")",
2176 "(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
2177
2178 struct cil_tree *test_tree;
2179 gen_test_tree(&test_tree, line);
2180
2181 struct cil_db *test_db;
2182 cil_db_init(&test_db);
2183
2184 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2185
2186 uint32_t changed = CIL_FALSE;
2187 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2188
2189 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2190 CuAssertIntEquals(tc, SEPOL_OK, rc);
2191 }
2192
test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest * tc)2193 void test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest *tc) {
2194 char *line[] = {"(", "typeattribute", "attrs", ")",
2195 "(", "type", "type_t", ")",
2196 "(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
2197
2198 struct cil_tree *test_tree;
2199 gen_test_tree(&test_tree, line);
2200
2201 struct cil_db *test_db;
2202 cil_db_init(&test_db);
2203
2204 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2205
2206 uint32_t changed = CIL_FALSE;
2207 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2208
2209 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
2210 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2211 }
2212
test_cil_resolve_typealias(CuTest * tc)2213 void test_cil_resolve_typealias(CuTest *tc) {
2214 char *line[] = {"(", "block", "foo",
2215 "(", "typealias", ".foo.test", "type_t", ")",
2216 "(", "type", "test", ")", ")", NULL};
2217
2218 struct cil_tree *test_tree;
2219 gen_test_tree(&test_tree, line);
2220
2221 struct cil_db *test_db;
2222 cil_db_init(&test_db);
2223
2224 uint32_t changed = CIL_FALSE;
2225 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2226
2227 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2228
2229 int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
2230 CuAssertIntEquals(tc, SEPOL_OK, rc);
2231 }
2232
test_cil_resolve_typealias_neg(CuTest * tc)2233 void test_cil_resolve_typealias_neg(CuTest *tc) {
2234 char *line[] = {"(", "block", "foo",
2235 "(", "typealias", ".foo", "apache_alias", ")", ")", NULL};
2236
2237 struct cil_tree *test_tree;
2238 gen_test_tree(&test_tree, line);
2239
2240 struct cil_db *test_db;
2241 cil_db_init(&test_db);
2242
2243 uint32_t changed = CIL_FALSE;
2244 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2245
2246 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2247
2248 int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
2249 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2250 }
2251
test_cil_resolve_typebounds(CuTest * tc)2252 void test_cil_resolve_typebounds(CuTest *tc) {
2253 char *line[] = {"(", "type", "type_a", ")",
2254 "(", "type", "type_b", ")",
2255 "(", "typebounds", "type_a", "type_b", ")", NULL};
2256
2257 struct cil_tree *test_tree;
2258 gen_test_tree(&test_tree, line);
2259
2260 struct cil_db *test_db;
2261 cil_db_init(&test_db);
2262
2263 uint32_t changed = CIL_FALSE;
2264 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2265
2266 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2267
2268 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
2269 CuAssertIntEquals(tc, SEPOL_OK, rc);
2270 }
2271
test_cil_resolve_typebounds_repeatbind_neg(CuTest * tc)2272 void test_cil_resolve_typebounds_repeatbind_neg(CuTest *tc) {
2273 char *line[] = {"(", "type", "type_a", ")",
2274 "(", "type", "type_b", ")",
2275 "(", "typebounds", "type_a", "type_b", ")",
2276 "(", "typebounds", "type_a", "type_b", ")", NULL};
2277
2278 struct cil_tree *test_tree;
2279 gen_test_tree(&test_tree, line);
2280
2281 struct cil_db *test_db;
2282 cil_db_init(&test_db);
2283
2284 uint32_t changed = CIL_FALSE;
2285 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2286
2287 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2288
2289 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
2290 int rc2 = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next->next, args);
2291 CuAssertIntEquals(tc, SEPOL_OK, rc);
2292 CuAssertIntEquals(tc, SEPOL_ERR, rc2);
2293 }
2294
test_cil_resolve_typebounds_type1_neg(CuTest * tc)2295 void test_cil_resolve_typebounds_type1_neg(CuTest *tc) {
2296 char *line[] = {"(", "type", "type_b", ")",
2297 "(", "typebounds", "type_a", "type_b", ")", NULL};
2298
2299 struct cil_tree *test_tree;
2300 gen_test_tree(&test_tree, line);
2301
2302 struct cil_db *test_db;
2303 cil_db_init(&test_db);
2304
2305 uint32_t changed = CIL_FALSE;
2306 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2307
2308 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2309
2310 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
2311 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2312 }
2313
test_cil_resolve_typebounds_type2_neg(CuTest * tc)2314 void test_cil_resolve_typebounds_type2_neg(CuTest *tc) {
2315 char *line[] = {"(", "type", "type_a", ")",
2316 "(", "typebounds", "type_a", "type_b", ")", NULL};
2317
2318 struct cil_tree *test_tree;
2319 gen_test_tree(&test_tree, line);
2320
2321 struct cil_db *test_db;
2322 cil_db_init(&test_db);
2323
2324 uint32_t changed = CIL_FALSE;
2325 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2326
2327 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2328
2329 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
2330 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2331 }
2332
test_cil_resolve_typepermissive(CuTest * tc)2333 void test_cil_resolve_typepermissive(CuTest *tc) {
2334 char *line[] = {"(", "type", "type_a", ")",
2335 "(", "typepermissive", "type_a", ")", NULL};
2336
2337 struct cil_tree *test_tree;
2338 gen_test_tree(&test_tree, line);
2339
2340 struct cil_db *test_db;
2341 cil_db_init(&test_db);
2342
2343 uint32_t changed = CIL_FALSE;
2344 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
2345
2346 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2347
2348 int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
2349 CuAssertIntEquals(tc, SEPOL_OK, rc);
2350 }
2351
test_cil_resolve_typepermissive_neg(CuTest * tc)2352 void test_cil_resolve_typepermissive_neg(CuTest *tc) {
2353 char *line[] = {"(", "type", "type_a", ")",
2354 "(", "typepermissive", "type_b", ")", NULL};
2355
2356 struct cil_tree *test_tree;
2357 gen_test_tree(&test_tree, line);
2358
2359 struct cil_db *test_db;
2360 cil_db_init(&test_db);
2361
2362 uint32_t changed = CIL_FALSE;
2363 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2364
2365 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2366
2367 int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
2368 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2369 }
2370
test_cil_resolve_nametypetransition(CuTest * tc)2371 void test_cil_resolve_nametypetransition(CuTest *tc) {
2372 char *line[] = {"(", "type", "foo", ")",
2373 "(", "type", "bar", ")",
2374 "(", "class", "file", "(", "read", ")", ")",
2375 "(", "type", "foobar", ")",
2376 "(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
2377
2378 struct cil_tree *test_tree;
2379 gen_test_tree(&test_tree, line);
2380
2381 struct cil_db *test_db;
2382 cil_db_init(&test_db);
2383
2384 uint32_t changed = CIL_FALSE;
2385 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2386
2387 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2388
2389 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2390 CuAssertIntEquals(tc, SEPOL_OK, rc);
2391 }
2392
test_cil_resolve_nametypetransition_src_neg(CuTest * tc)2393 void test_cil_resolve_nametypetransition_src_neg(CuTest *tc) {
2394 char *line[] = {"(", "type", "foo", ")",
2395 "(", "type", "bar", ")",
2396 "(", "class", "file", "(", "read", ")", ")",
2397 "(", "type", "foobar", ")",
2398 "(", "nametypetransition", "str", "wrong", "bar", "file", "foobar", ")", NULL};
2399
2400 struct cil_tree *test_tree;
2401 gen_test_tree(&test_tree, line);
2402
2403 struct cil_db *test_db;
2404 cil_db_init(&test_db);
2405
2406 uint32_t changed = CIL_FALSE;
2407 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2408
2409 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2410
2411 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2412 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2413 }
2414
test_cil_resolve_nametypetransition_tgt_neg(CuTest * tc)2415 void test_cil_resolve_nametypetransition_tgt_neg(CuTest *tc) {
2416 char *line[] = {"(", "type", "foo", ")",
2417 "(", "type", "bar", ")",
2418 "(", "class", "file", "(", "read", ")", ")",
2419 "(", "type", "foobar", ")",
2420 "(", "nametypetransition", "str", "foo", "wrong", "file", "foobar", ")", NULL};
2421
2422 struct cil_tree *test_tree;
2423 gen_test_tree(&test_tree, line);
2424
2425 struct cil_db *test_db;
2426 cil_db_init(&test_db);
2427
2428 uint32_t changed = CIL_FALSE;
2429 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2430
2431 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2432
2433 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2434 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2435 }
2436
test_cil_resolve_nametypetransition_class_neg(CuTest * tc)2437 void test_cil_resolve_nametypetransition_class_neg(CuTest *tc) {
2438 char *line[] = {"(", "type", "foo", ")",
2439 "(", "type", "bar", ")",
2440 "(", "class", "file", "(", "read", ")", ")",
2441 "(", "type", "foobar", ")",
2442 "(", "nametypetransition", "str", "foo", "bar", "wrong", "foobar", ")", NULL};
2443
2444 struct cil_tree *test_tree;
2445 gen_test_tree(&test_tree, line);
2446
2447 struct cil_db *test_db;
2448 cil_db_init(&test_db);
2449
2450 uint32_t changed = CIL_FALSE;
2451 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2452
2453 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2454
2455 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2456 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2457 }
2458
test_cil_resolve_nametypetransition_dest_neg(CuTest * tc)2459 void test_cil_resolve_nametypetransition_dest_neg(CuTest *tc) {
2460 char *line[] = {"(", "type", "foo", ")",
2461 "(", "type", "bar", ")",
2462 "(", "class", "file", "(", "read", ")", ")",
2463 "(", "type", "foobar", ")",
2464 "(", "nametypetransition", "str", "foo", "bar", "file", "wrong", ")", NULL};
2465
2466 struct cil_tree *test_tree;
2467 gen_test_tree(&test_tree, line);
2468
2469 struct cil_db *test_db;
2470 cil_db_init(&test_db);
2471
2472 uint32_t changed = CIL_FALSE;
2473 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2474
2475 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2476
2477 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2478 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2479 }
2480
test_cil_resolve_rangetransition(CuTest * tc)2481 void test_cil_resolve_rangetransition(CuTest *tc) {
2482 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2483 "(", "type", "type_a", ")",
2484 "(", "type", "type_b", ")",
2485 "(", "sensitivity", "s0", ")",
2486 "(", "category", "c0", ")",
2487 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2488 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2489 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
2490
2491 struct cil_tree *test_tree;
2492 gen_test_tree(&test_tree, line);
2493
2494 struct cil_db *test_db;
2495 cil_db_init(&test_db);
2496
2497 uint32_t changed = CIL_FALSE;
2498 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2499
2500 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2501
2502 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2503 CuAssertIntEquals(tc, SEPOL_OK, rc);
2504 }
2505
test_cil_resolve_rangetransition_namedrange_anon(CuTest * tc)2506 void test_cil_resolve_rangetransition_namedrange_anon(CuTest *tc) {
2507 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2508 "(", "type", "type_a", ")",
2509 "(", "type", "type_b", ")",
2510 "(", "sensitivity", "s0", ")",
2511 "(", "category", "c0", ")",
2512 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2513 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2514 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2515 "(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
2516 "(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
2517 "(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
2518
2519 struct cil_tree *test_tree;
2520 gen_test_tree(&test_tree, line);
2521
2522 struct cil_db *test_db;
2523 cil_db_init(&test_db);
2524
2525 uint32_t changed = CIL_FALSE;
2526 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2527
2528 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2529
2530 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2531
2532 args->pass = CIL_PASS_CALL2;
2533
2534 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2535
2536 args->pass = CIL_PASS_MISC2;
2537
2538 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2539
2540 args->pass = CIL_PASS_MISC3;
2541 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
2542
2543 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args);
2544 CuAssertIntEquals(tc, SEPOL_OK, rc);
2545 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2546 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2547 }
2548
test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest * tc)2549 void test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest *tc) {
2550 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2551 "(", "type", "type_a", ")",
2552 "(", "type", "type_b", ")",
2553 "(", "sensitivity", "s0", ")",
2554 "(", "category", "c0", ")",
2555 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2556 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2557 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2558 "(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
2559 "(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
2560 "(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
2561
2562 struct cil_tree *test_tree;
2563 gen_test_tree(&test_tree, line);
2564
2565 struct cil_db *test_db;
2566 cil_db_init(&test_db);
2567
2568 uint32_t changed = CIL_FALSE;
2569 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2570
2571 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2572
2573 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2574
2575 args->pass = CIL_PASS_CALL2;
2576
2577 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2578
2579 args->pass = CIL_PASS_MISC2;
2580
2581 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2582
2583 args->pass = CIL_PASS_MISC3;
2584 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
2585
2586 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args);
2587 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2588 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2589 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2590 }
2591
test_cil_resolve_rangetransition_namedrange(CuTest * tc)2592 void test_cil_resolve_rangetransition_namedrange(CuTest *tc) {
2593 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2594 "(", "type", "type_a", ")",
2595 "(", "type", "type_b", ")",
2596 "(", "sensitivity", "s0", ")",
2597 "(", "category", "c0", ")",
2598 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2599 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2600 "(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
2601 "(", "rangetransition", "type_a", "type_b", "class_", "foo_range", ")", NULL};
2602
2603 struct cil_tree *test_tree;
2604 gen_test_tree(&test_tree, line);
2605
2606 struct cil_db *test_db;
2607 cil_db_init(&test_db);
2608
2609 uint32_t changed = CIL_FALSE;
2610 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2611
2612 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2613
2614 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2615 CuAssertIntEquals(tc, SEPOL_OK, rc);
2616 }
2617
test_cil_resolve_rangetransition_namedrange_neg(CuTest * tc)2618 void test_cil_resolve_rangetransition_namedrange_neg(CuTest *tc) {
2619 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2620 "(", "type", "type_a", ")",
2621 "(", "type", "type_b", ")",
2622 "(", "sensitivity", "s0", ")",
2623 "(", "category", "c0", ")",
2624 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2625 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2626 "(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
2627 "(", "rangetransition", "type_a", "type_b", "class_", "DNE", ")", NULL};
2628
2629 struct cil_tree *test_tree;
2630 gen_test_tree(&test_tree, line);
2631
2632 struct cil_db *test_db;
2633 cil_db_init(&test_db);
2634
2635 uint32_t changed = CIL_FALSE;
2636 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2637
2638 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2639
2640 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2641 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2642 }
2643
test_cil_resolve_rangetransition_type1_neg(CuTest * tc)2644 void test_cil_resolve_rangetransition_type1_neg(CuTest *tc) {
2645 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2646 "(", "type", "type_a", ")",
2647 "(", "type", "type_b", ")",
2648 "(", "sensitivity", "s0", ")",
2649 "(", "category", "c0", ")",
2650 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2651 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2652 "(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
2653
2654 struct cil_tree *test_tree;
2655 gen_test_tree(&test_tree, line);
2656
2657 struct cil_db *test_db;
2658 cil_db_init(&test_db);
2659
2660 uint32_t changed = CIL_FALSE;
2661 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2662
2663 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2664
2665 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2666 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2667 }
2668
test_cil_resolve_rangetransition_type2_neg(CuTest * tc)2669 void test_cil_resolve_rangetransition_type2_neg(CuTest *tc) {
2670 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2671 "(", "type", "type_a", ")",
2672 "(", "type", "type_b", ")",
2673 "(", "sensitivity", "s0", ")",
2674 "(", "category", "c0", ")",
2675 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2676 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2677 "(", "rangetransition", "type_a", "type_DNE", "class_", "(", "low", "high", ")", ")", NULL};
2678
2679 struct cil_tree *test_tree;
2680 gen_test_tree(&test_tree, line);
2681
2682 struct cil_db *test_db;
2683 cil_db_init(&test_db);
2684
2685 uint32_t changed = CIL_FALSE;
2686 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2687
2688 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2689
2690 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2691 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2692 }
2693
test_cil_resolve_rangetransition_class_neg(CuTest * tc)2694 void test_cil_resolve_rangetransition_class_neg(CuTest *tc) {
2695 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2696 "(", "type", "type_a", ")",
2697 "(", "type", "type_b", ")",
2698 "(", "sensitivity", "s0", ")",
2699 "(", "category", "c0", ")",
2700 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2701 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2702 "(", "rangetransition", "type_a", "type_b", "class_DNE", "(", "low", "high", ")", ")", NULL};
2703
2704 struct cil_tree *test_tree;
2705 gen_test_tree(&test_tree, line);
2706
2707 struct cil_db *test_db;
2708 cil_db_init(&test_db);
2709
2710 uint32_t changed = CIL_FALSE;
2711 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2712
2713 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2714
2715 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2716 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2717 }
2718
test_cil_resolve_rangetransition_call_level_l_anon(CuTest * tc)2719 void test_cil_resolve_rangetransition_call_level_l_anon(CuTest *tc) {
2720 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2721 "(", "type", "type_a", ")",
2722 "(", "type", "type_b", ")",
2723 "(", "sensitivity", "s0", ")",
2724 "(", "category", "c0", ")",
2725 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2726 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2727 "(", "macro", "mm", "(", "(", "level", "l", ")", ")",
2728 "(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
2729 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
2730
2731 struct cil_tree *test_tree;
2732 gen_test_tree(&test_tree, line);
2733
2734 struct cil_db *test_db;
2735 cil_db_init(&test_db);
2736
2737 uint32_t changed = CIL_FALSE;
2738 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2739
2740 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2741
2742 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2743
2744 args->pass = CIL_PASS_CALL2;
2745
2746 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2747
2748 args->pass = CIL_PASS_MISC2;
2749
2750 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2751
2752 args->pass = CIL_PASS_MISC3;
2753 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2754
2755 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2756 CuAssertIntEquals(tc, SEPOL_OK, rc);
2757 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2758 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2759 }
2760
test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest * tc)2761 void test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest *tc) {
2762 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2763 "(", "type", "type_a", ")",
2764 "(", "type", "type_b", ")",
2765 "(", "sensitivity", "s0", ")",
2766 "(", "category", "c0", ")",
2767 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2768 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2769 "(", "macro", "mm", "(", "(", "level", "l", ")", ")",
2770 "(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
2771 "(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
2772
2773 struct cil_tree *test_tree;
2774 gen_test_tree(&test_tree, line);
2775
2776 struct cil_db *test_db;
2777 cil_db_init(&test_db);
2778
2779 uint32_t changed = CIL_FALSE;
2780 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2781
2782 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2783
2784 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2785
2786 args->pass = CIL_PASS_CALL2;
2787
2788 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2789
2790 args->pass = CIL_PASS_MISC2;
2791
2792 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2793
2794 args->pass = CIL_PASS_MISC3;
2795 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2796
2797 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2798 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2799 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2800 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2801 }
2802
test_cil_resolve_rangetransition_call_level_h_anon(CuTest * tc)2803 void test_cil_resolve_rangetransition_call_level_h_anon(CuTest *tc) {
2804 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2805 "(", "type", "type_a", ")",
2806 "(", "type", "type_b", ")",
2807 "(", "sensitivity", "s0", ")",
2808 "(", "category", "c0", ")",
2809 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2810 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2811 "(", "macro", "mm", "(", "(", "level", "h", ")", ")",
2812 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
2813 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
2814
2815 struct cil_tree *test_tree;
2816 gen_test_tree(&test_tree, line);
2817
2818 struct cil_db *test_db;
2819 cil_db_init(&test_db);
2820
2821 uint32_t changed = CIL_FALSE;
2822 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2823
2824 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2825
2826 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2827
2828 args->pass = CIL_PASS_CALL2;
2829
2830 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2831
2832 args->pass = CIL_PASS_MISC2;
2833
2834 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2835
2836 args->pass = CIL_PASS_MISC3;
2837 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2838
2839 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2840 CuAssertIntEquals(tc, SEPOL_OK, rc);
2841 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2842 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2843 }
2844
test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest * tc)2845 void test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest *tc) {
2846 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2847 "(", "type", "type_a", ")",
2848 "(", "type", "type_b", ")",
2849 "(", "sensitivity", "s0", ")",
2850 "(", "category", "c0", ")",
2851 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2852 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2853 "(", "macro", "mm", "(", "(", "level", "h", ")", ")",
2854 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
2855 "(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
2856
2857 struct cil_tree *test_tree;
2858 gen_test_tree(&test_tree, line);
2859
2860 struct cil_db *test_db;
2861 cil_db_init(&test_db);
2862
2863 uint32_t changed = CIL_FALSE;
2864 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2865
2866 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2867
2868 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2869
2870 args->pass = CIL_PASS_CALL2;
2871
2872 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2873
2874 args->pass = CIL_PASS_MISC2;
2875
2876 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2877
2878 args->pass = CIL_PASS_MISC3;
2879 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2880
2881 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2882 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2883 CuAssertIntEquals(tc, SEPOL_OK, rc2);
2884 CuAssertIntEquals(tc, SEPOL_OK, rc3);
2885 }
2886
test_cil_resolve_rangetransition_level_l_neg(CuTest * tc)2887 void test_cil_resolve_rangetransition_level_l_neg(CuTest *tc) {
2888 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2889 "(", "type", "type_a", ")",
2890 "(", "type", "type_b", ")",
2891 "(", "sensitivity", "s0", ")",
2892 "(", "category", "c0", ")",
2893 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2894 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2895 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low_DNE", "high", ")", ")", NULL};
2896
2897 struct cil_tree *test_tree;
2898 gen_test_tree(&test_tree, line);
2899
2900 struct cil_db *test_db;
2901 cil_db_init(&test_db);
2902
2903 uint32_t changed = CIL_FALSE;
2904 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2905
2906 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2907
2908 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2909 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2910 }
2911
test_cil_resolve_rangetransition_level_h_neg(CuTest * tc)2912 void test_cil_resolve_rangetransition_level_h_neg(CuTest *tc) {
2913 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2914 "(", "type", "type_a", ")",
2915 "(", "type", "type_b", ")",
2916 "(", "sensitivity", "s0", ")",
2917 "(", "category", "c0", ")",
2918 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2919 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2920 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high_DNE", ")", ")", NULL};
2921
2922 struct cil_tree *test_tree;
2923 gen_test_tree(&test_tree, line);
2924
2925 struct cil_db *test_db;
2926 cil_db_init(&test_db);
2927
2928 uint32_t changed = CIL_FALSE;
2929 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2930
2931 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2932
2933 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2934 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2935 }
2936
test_cil_resolve_rangetransition_anon_level_l(CuTest * tc)2937 void test_cil_resolve_rangetransition_anon_level_l(CuTest *tc) {
2938 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2939 "(", "type", "type_a", ")",
2940 "(", "type", "type_b", ")",
2941 "(", "sensitivity", "s0", ")",
2942 "(", "category", "c0", ")",
2943 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2944 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2945 "(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c0", ")", ")", "high", ")", ")", NULL};
2946
2947 struct cil_tree *test_tree;
2948 gen_test_tree(&test_tree, line);
2949
2950 struct cil_db *test_db;
2951 cil_db_init(&test_db);
2952
2953 uint32_t changed = CIL_FALSE;
2954 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2955
2956 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2957
2958 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2959
2960 args->pass = CIL_PASS_MISC3;
2961
2962 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2963 CuAssertIntEquals(tc, SEPOL_OK, rc);
2964 }
2965
test_cil_resolve_rangetransition_anon_level_l_neg(CuTest * tc)2966 void test_cil_resolve_rangetransition_anon_level_l_neg(CuTest *tc) {
2967 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2968 "(", "type", "type_a", ")",
2969 "(", "type", "type_b", ")",
2970 "(", "sensitivity", "s0", ")",
2971 "(", "category", "c0", ")",
2972 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2973 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2974 "(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c_DNE", ")", ")", "high", ")", ")", NULL};
2975
2976 struct cil_tree *test_tree;
2977 gen_test_tree(&test_tree, line);
2978
2979 struct cil_db *test_db;
2980 cil_db_init(&test_db);
2981
2982 uint32_t changed = CIL_FALSE;
2983 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2984
2985 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2986
2987 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2988
2989 args->pass = CIL_PASS_MISC3;
2990
2991 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2992 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2993 }
2994
test_cil_resolve_rangetransition_anon_level_h(CuTest * tc)2995 void test_cil_resolve_rangetransition_anon_level_h(CuTest *tc) {
2996 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2997 "(", "type", "type_a", ")",
2998 "(", "type", "type_b", ")",
2999 "(", "sensitivity", "s0", ")",
3000 "(", "category", "c0", ")",
3001 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
3002 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3003 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
3004
3005 struct cil_tree *test_tree;
3006 gen_test_tree(&test_tree, line);
3007
3008 struct cil_db *test_db;
3009 cil_db_init(&test_db);
3010
3011 uint32_t changed = CIL_FALSE;
3012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3013
3014 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3015
3016 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
3017
3018 args->pass = CIL_PASS_MISC3;
3019
3020 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3021 CuAssertIntEquals(tc, SEPOL_OK, rc);
3022 }
3023
test_cil_resolve_rangetransition_anon_level_h_neg(CuTest * tc)3024 void test_cil_resolve_rangetransition_anon_level_h_neg(CuTest *tc) {
3025 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
3026 "(", "type", "type_a", ")",
3027 "(", "type", "type_b", ")",
3028 "(", "sensitivity", "s0", ")",
3029 "(", "category", "c0", ")",
3030 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
3031 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3032 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s_DNE", "(", "c0", ")", ")", ")", NULL};
3033
3034 struct cil_tree *test_tree;
3035 gen_test_tree(&test_tree, line);
3036
3037 struct cil_db *test_db;
3038 cil_db_init(&test_db);
3039
3040 uint32_t changed = CIL_FALSE;
3041 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3042
3043 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3044
3045 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
3046
3047 args->pass = CIL_PASS_MISC3;
3048
3049 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3050 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3051 }
3052
test_cil_resolve_classcommon(CuTest * tc)3053 void test_cil_resolve_classcommon(CuTest *tc) {
3054 char *line[] = {"(", "class", "file", "(", "read", ")", ")",
3055 "(", "common", "file", "(", "write", ")", ")",
3056 "(", "classcommon", "file", "file", ")", NULL};
3057
3058 struct cil_tree *test_tree;
3059 gen_test_tree(&test_tree, line);
3060
3061 struct cil_db *test_db;
3062 cil_db_init(&test_db);
3063
3064 uint32_t changed = CIL_FALSE;
3065 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3066
3067 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3068
3069 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next->next, args);
3070 CuAssertIntEquals(tc, SEPOL_OK, rc);
3071 }
3072
test_cil_resolve_classcommon_no_class_neg(CuTest * tc)3073 void test_cil_resolve_classcommon_no_class_neg(CuTest *tc) {
3074 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
3075 "(", "classcommon", "foo", "foo", ")", NULL};
3076
3077 struct cil_tree *test_tree;
3078 gen_test_tree(&test_tree, line);
3079
3080 struct cil_db *test_db;
3081 cil_db_init(&test_db);
3082
3083 uint32_t changed = CIL_FALSE;
3084 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3085
3086 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3087
3088 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
3089 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3090 }
3091
test_cil_resolve_classcommon_no_common_neg(CuTest * tc)3092 void test_cil_resolve_classcommon_no_common_neg(CuTest *tc) {
3093 char *line[] = {"(", "common", "foo", "(", "read", ")", ")",
3094 "(", "classcommon", "foo", "foo", ")", NULL};
3095
3096 struct cil_tree *test_tree;
3097 gen_test_tree(&test_tree, line);
3098
3099 struct cil_db *test_db;
3100 cil_db_init(&test_db);
3101
3102 uint32_t changed = CIL_FALSE;
3103 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3104
3105 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3106
3107 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
3108 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3109 }
3110
test_cil_resolve_classpermset_named(CuTest * tc)3111 void test_cil_resolve_classpermset_named(CuTest *tc) {
3112 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3113 "(", "class", "char", "(", "read", ")", ")",
3114 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
3115 "(", "classmapping", "files", "read", "char_w", ")", NULL};
3116
3117 struct cil_tree *test_tree;
3118 gen_test_tree(&test_tree, line);
3119
3120 struct cil_db *test_db;
3121 cil_db_init(&test_db);
3122
3123 uint32_t changed = CIL_FALSE;
3124 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3125
3126 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3127
3128 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3129
3130 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3131 CuAssertIntEquals(tc, SEPOL_OK, rc);
3132 }
3133
test_cil_resolve_classpermset_named_namedpermlist(CuTest * tc)3134 void test_cil_resolve_classpermset_named_namedpermlist(CuTest *tc) {
3135 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3136 "(", "class", "char", "(", "read", ")", ")",
3137 "(", "classpermissionset", "char_w", "(", "char", "baz", ")", ")",
3138 "(", "permissionset", "baz", "(", "read", ")", ")",
3139 "(", "classmapping", "files", "read", "char_w", ")", NULL};
3140
3141 struct cil_tree *test_tree;
3142 gen_test_tree(&test_tree, line);
3143
3144 struct cil_db *test_db;
3145 cil_db_init(&test_db);
3146
3147 uint32_t changed = CIL_FALSE;
3148 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3149
3150 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3151
3152 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3153
3154 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3155 CuAssertIntEquals(tc, SEPOL_OK, rc);
3156 }
3157
test_cil_resolve_classpermset_named_permlist_neg(CuTest * tc)3158 void test_cil_resolve_classpermset_named_permlist_neg(CuTest *tc) {
3159 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3160 "(", "class", "char", "(", "read", ")", ")",
3161 "(", "classpermissionset", "char_w", "(", "dne", "(", "read", ")", ")", ")",
3162 "(", "classmapping", "files", "read", "char_w", ")", NULL};
3163
3164 struct cil_tree *test_tree;
3165 gen_test_tree(&test_tree, line);
3166
3167 struct cil_db *test_db;
3168 cil_db_init(&test_db);
3169
3170 uint32_t changed = CIL_FALSE;
3171 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3172
3173 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3174
3175 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3176
3177 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3178 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3179 }
3180
test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest * tc)3181 void test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest *tc) {
3182 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3183 "(", "class", "char", "(", "read", ")", ")",
3184 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
3185 "(", "classmapping", "files", "read", "char_w", ")", NULL};
3186
3187 struct cil_tree *test_tree;
3188 gen_test_tree(&test_tree, line);
3189
3190 struct cil_db *test_db;
3191 cil_db_init(&test_db);
3192
3193 uint32_t changed = CIL_FALSE;
3194 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3195
3196 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3197
3198 struct cil_classpermset *cps;
3199 cil_classpermset_init(&cps);
3200
3201 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3202 CuAssertIntEquals(tc, SEPOL_ERR, rc);
3203 }
3204
test_cil_resolve_classpermset_anon(CuTest * tc)3205 void test_cil_resolve_classpermset_anon(CuTest *tc) {
3206 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3207 "(", "classmapping", "files", "read", "(", "char", "(", "read", ")", ")", ")",
3208 "(", "class", "char", "(", "read", ")", ")", NULL};
3209
3210 struct cil_tree *test_tree;
3211 gen_test_tree(&test_tree, line);
3212
3213 struct cil_db *test_db;
3214 cil_db_init(&test_db);
3215
3216 uint32_t changed = CIL_FALSE;
3217 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3218
3219 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3220
3221 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3222
3223 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3224 CuAssertIntEquals(tc, SEPOL_OK, rc);
3225 }
3226
test_cil_resolve_classpermset_anon_namedpermlist(CuTest * tc)3227 void test_cil_resolve_classpermset_anon_namedpermlist(CuTest *tc) {
3228 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3229 "(", "classmapping", "files", "read", "(", "char", "baz", ")", ")",
3230 "(", "permissionset", "baz", "(", "read", ")", ")",
3231 "(", "class", "char", "(", "read", ")", ")", NULL};
3232
3233 struct cil_tree *test_tree;
3234 gen_test_tree(&test_tree, line);
3235
3236 struct cil_db *test_db;
3237 cil_db_init(&test_db);
3238
3239 uint32_t changed = CIL_FALSE;
3240 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3241
3242 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3243
3244 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3245
3246 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3247 CuAssertIntEquals(tc, SEPOL_OK, rc);
3248 }
3249
test_cil_resolve_classpermset_anon_permlist_neg(CuTest * tc)3250 void test_cil_resolve_classpermset_anon_permlist_neg(CuTest *tc) {
3251 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3252 "(", "classmapping", "files", "read", "(", "char", "(", "dne", ")", ")", ")",
3253 "(", "class", "char", "(", "read", ")", ")", NULL};
3254
3255 struct cil_tree *test_tree;
3256 gen_test_tree(&test_tree, line);
3257
3258 struct cil_db *test_db;
3259 cil_db_init(&test_db);
3260
3261 uint32_t changed = CIL_FALSE;
3262 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3263
3264 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3265
3266 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3267
3268 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3269 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3270 }
3271
test_cil_resolve_avrule(CuTest * tc)3272 void test_cil_resolve_avrule(CuTest *tc) {
3273 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3274 "(", "type", "test", ")",
3275 "(", "type", "foo", ")",
3276 "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3277
3278 struct cil_tree *test_tree;
3279 gen_test_tree(&test_tree, line);
3280
3281 struct cil_db *test_db;
3282 cil_db_init(&test_db);
3283
3284 uint32_t changed = CIL_FALSE;
3285 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3286
3287 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3288
3289 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3290 CuAssertIntEquals(tc, SEPOL_OK, rc);
3291 }
3292
test_cil_resolve_avrule_permset(CuTest * tc)3293 void test_cil_resolve_avrule_permset(CuTest *tc) {
3294 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3295 "(", "type", "test", ")",
3296 "(", "type", "foo", ")",
3297 "(", "permissionset", "baz", "(", "open", "write", ")", ")",
3298 "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
3299
3300 struct cil_tree *test_tree;
3301 gen_test_tree(&test_tree, line);
3302
3303 struct cil_db *test_db;
3304 cil_db_init(&test_db);
3305
3306 uint32_t changed = CIL_FALSE;
3307 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3308
3309 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3310
3311 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3312 CuAssertIntEquals(tc, SEPOL_OK, rc);
3313 }
3314
test_cil_resolve_avrule_permset_neg(CuTest * tc)3315 void test_cil_resolve_avrule_permset_neg(CuTest *tc) {
3316 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3317 "(", "type", "test", ")",
3318 "(", "type", "foo", ")",
3319 "(", "permissionset", "baz", "(", "open", "close", ")", ")",
3320 "(", "allow", "test", "foo", "(", "bar", "dne", ")", ")", NULL};
3321
3322 struct cil_tree *test_tree;
3323 gen_test_tree(&test_tree, line);
3324
3325 struct cil_db *test_db;
3326 cil_db_init(&test_db);
3327
3328 uint32_t changed = CIL_FALSE;
3329 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3330
3331 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3332
3333 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3334 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3335 }
3336
test_cil_resolve_avrule_permset_permdne_neg(CuTest * tc)3337 void test_cil_resolve_avrule_permset_permdne_neg(CuTest *tc) {
3338 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3339 "(", "type", "test", ")",
3340 "(", "type", "foo", ")",
3341 "(", "permissionset", "baz", "(", "open", "dne", ")", ")",
3342 "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
3343
3344 struct cil_tree *test_tree;
3345 gen_test_tree(&test_tree, line);
3346
3347 struct cil_db *test_db;
3348 cil_db_init(&test_db);
3349
3350 uint32_t changed = CIL_FALSE;
3351 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3352
3353 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3354
3355 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3356 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3357 }
3358
test_cil_resolve_avrule_firsttype_neg(CuTest * tc)3359 void test_cil_resolve_avrule_firsttype_neg(CuTest *tc) {
3360 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3361 "(", "type", "test", ")",
3362 "(", "type", "foo", ")",
3363 "(", "allow", "fail1", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3364
3365 struct cil_tree *test_tree;
3366 gen_test_tree(&test_tree, line);
3367
3368 struct cil_db *test_db;
3369 cil_db_init(&test_db);
3370
3371 uint32_t changed = CIL_FALSE;
3372 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3373
3374 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3375
3376 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3377 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3378 }
3379
test_cil_resolve_avrule_secondtype_neg(CuTest * tc)3380 void test_cil_resolve_avrule_secondtype_neg(CuTest *tc) {
3381 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3382 "(", "type", "test", ")",
3383 "(", "type", "foo", ")",
3384 "(", "allow", "test", "fail2", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3385
3386 struct cil_tree *test_tree;
3387 gen_test_tree(&test_tree, line);
3388
3389 struct cil_db *test_db;
3390 cil_db_init(&test_db);
3391
3392 uint32_t changed = CIL_FALSE;
3393 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3394
3395 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3396
3397 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3398 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3399 }
3400
test_cil_resolve_avrule_class_neg(CuTest * tc)3401 void test_cil_resolve_avrule_class_neg(CuTest *tc) {
3402 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3403 "(", "type", "test", ")",
3404 "(", "type", "foo", ")",
3405 "(", "allow", "test", "foo", "(", "fail3", "(", "read", "write", ")", ")", ")", NULL};
3406
3407 struct cil_tree *test_tree;
3408 gen_test_tree(&test_tree, line);
3409
3410 struct cil_db *test_db;
3411 cil_db_init(&test_db);
3412
3413 uint32_t changed = CIL_FALSE;
3414 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3415
3416 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3417
3418 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3419 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3420 }
3421
test_cil_resolve_avrule_perm_neg(CuTest * tc)3422 void test_cil_resolve_avrule_perm_neg(CuTest *tc) {
3423 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3424 "(", "type", "test", ")",
3425 "(", "type", "foo", ")",
3426 "(", "allow", "test", "foo", "(", "bar", "(", "execute", ")", ")", ")", NULL};
3427
3428 struct cil_tree *test_tree;
3429 gen_test_tree(&test_tree, line);
3430
3431 struct cil_db *test_db;
3432 cil_db_init(&test_db);
3433
3434 uint32_t changed = CIL_FALSE;
3435 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3436
3437 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3438
3439 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3440 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3441 }
3442
test_cil_resolve_type_rule_transition(CuTest * tc)3443 void test_cil_resolve_type_rule_transition(CuTest *tc) {
3444 char *line[] = {"(", "type", "foo", ")",
3445 "(", "type", "bar", ")",
3446 "(", "class", "file", "(", "write", ")", ")",
3447 "(", "type", "foobar", ")",
3448 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3449
3450 struct cil_tree *test_tree;
3451 gen_test_tree(&test_tree, line);
3452
3453 struct cil_db *test_db;
3454 cil_db_init(&test_db);
3455
3456 uint32_t changed = CIL_FALSE;
3457 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3458
3459 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3460
3461 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3462 CuAssertIntEquals(tc, SEPOL_OK, rc);
3463 }
3464
test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest * tc)3465 void test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest *tc) {
3466 char *line[] = {"(", "type", "bar", ")",
3467 "(", "class", "file", "(", "write", ")", ")",
3468 "(", "type", "foobar", ")",
3469 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3470
3471 struct cil_tree *test_tree;
3472 gen_test_tree(&test_tree, line);
3473
3474 struct cil_db *test_db;
3475 cil_db_init(&test_db);
3476
3477 uint32_t changed = CIL_FALSE;
3478 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3479
3480 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3481
3482 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3483 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3484 }
3485
test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest * tc)3486 void test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest *tc) {
3487 char *line[] = {"(", "type", "foo", ")",
3488 "(", "class", "file", "(", "write", ")", ")",
3489 "(", "type", "foobar", ")",
3490 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3491
3492 struct cil_tree *test_tree;
3493 gen_test_tree(&test_tree, line);
3494
3495 struct cil_db *test_db;
3496 cil_db_init(&test_db);
3497
3498 uint32_t changed = CIL_FALSE;
3499 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3500
3501 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3502
3503 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3504 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3505 }
3506
test_cil_resolve_type_rule_transition_objdecl_neg(CuTest * tc)3507 void test_cil_resolve_type_rule_transition_objdecl_neg(CuTest *tc) {
3508 char *line[] = {"(", "type", "foo", ")",
3509 "(", "type", "bar", ")",
3510 "(", "type", "foobar", ")",
3511 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3512
3513 struct cil_tree *test_tree;
3514 gen_test_tree(&test_tree, line);
3515
3516 struct cil_db *test_db;
3517 cil_db_init(&test_db);
3518
3519 uint32_t changed = CIL_FALSE;
3520 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3521
3522 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3523
3524 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3525 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3526 }
3527
test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest * tc)3528 void test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest *tc) {
3529 char *line[] = {"(", "type", "foo", ")",
3530 "(", "type", "bar", ")",
3531 "(", "class", "file", "(", "write", ")", ")",
3532 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3533
3534 struct cil_tree *test_tree;
3535 gen_test_tree(&test_tree, line);
3536
3537 struct cil_db *test_db;
3538 cil_db_init(&test_db);
3539
3540 uint32_t changed = CIL_FALSE;
3541 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3542
3543 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3544
3545 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3546 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3547 }
3548
test_cil_resolve_type_rule_change(CuTest * tc)3549 void test_cil_resolve_type_rule_change(CuTest *tc) {
3550 char *line[] = {"(", "type", "foo", ")",
3551 "(", "type", "bar", ")",
3552 "(", "class", "file", "(", "write", ")", ")",
3553 "(", "type", "foobar", ")",
3554 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3555
3556 struct cil_tree *test_tree;
3557 gen_test_tree(&test_tree, line);
3558
3559 struct cil_db *test_db;
3560 cil_db_init(&test_db);
3561
3562 uint32_t changed = CIL_FALSE;
3563 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3564
3565 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3566
3567 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3568 CuAssertIntEquals(tc, SEPOL_OK, rc);
3569 }
3570
test_cil_resolve_type_rule_change_srcdecl_neg(CuTest * tc)3571 void test_cil_resolve_type_rule_change_srcdecl_neg(CuTest *tc) {
3572 char *line[] = {"(", "type", "bar", ")",
3573 "(", "class", "file", "(", "write", ")", ")",
3574 "(", "type", "foobar", ")",
3575 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3576
3577 struct cil_tree *test_tree;
3578 gen_test_tree(&test_tree, line);
3579
3580 struct cil_db *test_db;
3581 cil_db_init(&test_db);
3582
3583 uint32_t changed = CIL_FALSE;
3584 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3585
3586 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3587
3588 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3589 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3590 }
3591
test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest * tc)3592 void test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest *tc) {
3593 char *line[] = {"(", "type", "foo", ")",
3594 "(", "class", "file", "(", "write", ")", ")",
3595 "(", "type", "foobar", ")",
3596 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3597
3598 struct cil_tree *test_tree;
3599 gen_test_tree(&test_tree, line);
3600
3601 struct cil_db *test_db;
3602 cil_db_init(&test_db);
3603
3604 uint32_t changed = CIL_FALSE;
3605 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3606
3607 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3608
3609 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3610 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3611 }
3612
test_cil_resolve_type_rule_change_objdecl_neg(CuTest * tc)3613 void test_cil_resolve_type_rule_change_objdecl_neg(CuTest *tc) {
3614 char *line[] = {"(", "type", "foo", ")",
3615 "(", "type", "bar", ")",
3616 "(", "type", "foobar", ")",
3617 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3618
3619 struct cil_tree *test_tree;
3620 gen_test_tree(&test_tree, line);
3621
3622 struct cil_db *test_db;
3623 cil_db_init(&test_db);
3624
3625 uint32_t changed = CIL_FALSE;
3626 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3627
3628 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3629
3630 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3631 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3632 }
3633
test_cil_resolve_type_rule_change_resultdecl_neg(CuTest * tc)3634 void test_cil_resolve_type_rule_change_resultdecl_neg(CuTest *tc) {
3635 char *line[] = {"(", "type", "foo", ")",
3636 "(", "type", "bar", ")",
3637 "(", "class", "file", "(", "write", ")", ")",
3638 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3639
3640 struct cil_tree *test_tree;
3641 gen_test_tree(&test_tree, line);
3642
3643 struct cil_db *test_db;
3644 cil_db_init(&test_db);
3645
3646 uint32_t changed = CIL_FALSE;
3647 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3648
3649 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3650
3651 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3652 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3653 }
3654
test_cil_resolve_type_rule_member(CuTest * tc)3655 void test_cil_resolve_type_rule_member(CuTest *tc) {
3656 char *line[] = {"(", "type", "foo", ")",
3657 "(", "type", "bar", ")",
3658 "(", "class", "file", "(", "write", ")", ")",
3659 "(", "type", "foobar", ")",
3660 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3661
3662 struct cil_tree *test_tree;
3663 gen_test_tree(&test_tree, line);
3664
3665 struct cil_db *test_db;
3666 cil_db_init(&test_db);
3667
3668 uint32_t changed = CIL_FALSE;
3669 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3670
3671 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3672
3673 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3674 CuAssertIntEquals(tc, SEPOL_OK, rc);
3675 }
3676
test_cil_resolve_type_rule_member_srcdecl_neg(CuTest * tc)3677 void test_cil_resolve_type_rule_member_srcdecl_neg(CuTest *tc) {
3678 char *line[] = {"(", "type", "bar", ")",
3679 "(", "class", "file", "(", "write", ")", ")",
3680 "(", "type", "foobar", ")",
3681 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3682
3683 struct cil_tree *test_tree;
3684 gen_test_tree(&test_tree, line);
3685
3686 struct cil_db *test_db;
3687 cil_db_init(&test_db);
3688
3689 uint32_t changed = CIL_FALSE;
3690 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3691
3692 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3693
3694 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3695 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3696 }
3697
test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest * tc)3698 void test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest *tc) {
3699 char *line[] = {"(", "type", "foo", ")",
3700 "(", "class", "file", "(", "write", ")", ")",
3701 "(", "type", "foobar", ")",
3702 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3703
3704 struct cil_tree *test_tree;
3705 gen_test_tree(&test_tree, line);
3706
3707 struct cil_db *test_db;
3708 cil_db_init(&test_db);
3709
3710 uint32_t changed = CIL_FALSE;
3711 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3712
3713 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3714
3715 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3716 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3717 }
3718
test_cil_resolve_type_rule_member_objdecl_neg(CuTest * tc)3719 void test_cil_resolve_type_rule_member_objdecl_neg(CuTest *tc) {
3720 char *line[] = {"(", "type", "foo", ")",
3721 "(", "type", "bar", ")",
3722 "(", "type", "foobar", ")",
3723 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3724
3725 struct cil_tree *test_tree;
3726 gen_test_tree(&test_tree, line);
3727
3728 struct cil_db *test_db;
3729 cil_db_init(&test_db);
3730
3731 uint32_t changed = CIL_FALSE;
3732 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3733
3734 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3735
3736 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3737 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3738 }
3739
test_cil_resolve_type_rule_member_resultdecl_neg(CuTest * tc)3740 void test_cil_resolve_type_rule_member_resultdecl_neg(CuTest *tc) {
3741 char *line[] = {"(", "type", "foo", ")",
3742 "(", "type", "bar", ")",
3743 "(", "class", "file", "(", "write", ")", ")",
3744 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3745
3746 struct cil_tree *test_tree;
3747 gen_test_tree(&test_tree, line);
3748
3749 struct cil_db *test_db;
3750 cil_db_init(&test_db);
3751
3752 uint32_t changed = CIL_FALSE;
3753 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3754
3755 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3756
3757 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3758 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3759 }
3760
test_cil_resolve_filecon(CuTest * tc)3761 void test_cil_resolve_filecon(CuTest *tc) {
3762 char *line[] = {"(", "user", "user_u", ")",
3763 "(", "role", "role_r", ")",
3764 "(", "type", "type_t", ")",
3765 "(", "category", "c0", ")",
3766 "(", "sensitivity", "s0", ")",
3767 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3768 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3769 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3770 "(", "filecon", "root", "path", "file", "con", ")", NULL};
3771
3772 struct cil_tree *test_tree;
3773 gen_test_tree(&test_tree, line);
3774
3775 struct cil_db *test_db;
3776 cil_db_init(&test_db);
3777
3778 uint32_t changed = CIL_FALSE;
3779 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3780
3781 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3782
3783 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3784 CuAssertIntEquals(tc, SEPOL_OK, rc);
3785 }
3786
test_cil_resolve_filecon_neg(CuTest * tc)3787 void test_cil_resolve_filecon_neg(CuTest *tc) {
3788 char *line[] = {"(", "user", "user_u", ")",
3789 "(", "role", "role_r", ")",
3790 "(", "type", "type_t", ")",
3791 "(", "category", "c0", ")",
3792 "(", "sensitivity", "s0", ")",
3793 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3794 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3795 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3796 "(", "filecon", "root", "path", "file", "conn", ")", NULL};
3797
3798 struct cil_tree *test_tree;
3799 gen_test_tree(&test_tree, line);
3800
3801 struct cil_db *test_db;
3802 cil_db_init(&test_db);
3803
3804 uint32_t changed = CIL_FALSE;
3805 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3806
3807 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3808
3809 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3810 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3811 }
3812
test_cil_resolve_filecon_anon_context(CuTest * tc)3813 void test_cil_resolve_filecon_anon_context(CuTest *tc) {
3814 char *line[] = {"(", "user", "user_u", ")",
3815 "(", "role", "role_r", ")",
3816 "(", "type", "type_t", ")",
3817 "(", "category", "c0", ")",
3818 "(", "sensitivity", "s0", ")",
3819 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3820 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3821 "(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3822
3823 struct cil_tree *test_tree;
3824 gen_test_tree(&test_tree, line);
3825
3826 struct cil_db *test_db;
3827 cil_db_init(&test_db);
3828
3829 uint32_t changed = CIL_FALSE;
3830 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3831
3832 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3833
3834 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3835 CuAssertIntEquals(tc, SEPOL_OK, rc);
3836 }
3837
test_cil_resolve_filecon_anon_context_neg(CuTest * tc)3838 void test_cil_resolve_filecon_anon_context_neg(CuTest *tc) {
3839 char *line[] = {"(", "user", "system_u", ")",
3840 "(", "type", "type_t", ")",
3841 "(", "category", "c0", ")",
3842 "(", "sensitivity", "s0", ")",
3843 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3844 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3845 "(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3846
3847 struct cil_tree *test_tree;
3848 gen_test_tree(&test_tree, line);
3849
3850 struct cil_db *test_db;
3851 cil_db_init(&test_db);
3852
3853 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3854
3855 uint32_t changed = CIL_FALSE;
3856 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3857
3858 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
3859 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3860 }
3861
test_cil_resolve_portcon(CuTest * tc)3862 void test_cil_resolve_portcon(CuTest *tc) {
3863 char *line[] = {"(", "user", "user_u", ")",
3864 "(", "role", "role_r", ")",
3865 "(", "type", "type_t", ")",
3866 "(", "category", "c0", ")",
3867 "(", "sensitivity", "s0", ")",
3868 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3869 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3870 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3871 "(", "portcon", "udp", "25", "con", ")", NULL};
3872
3873 struct cil_tree *test_tree;
3874 gen_test_tree(&test_tree, line);
3875
3876 struct cil_db *test_db;
3877 cil_db_init(&test_db);
3878
3879 uint32_t changed = CIL_FALSE;
3880 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3881
3882 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3883
3884 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3885 CuAssertIntEquals(tc, SEPOL_OK, rc);
3886 }
3887
test_cil_resolve_portcon_neg(CuTest * tc)3888 void test_cil_resolve_portcon_neg(CuTest *tc) {
3889 char *line[] = {"(", "user", "user_u", ")",
3890 "(", "role", "role_r", ")",
3891 "(", "type", "type_t", ")",
3892 "(", "category", "c0", ")",
3893 "(", "sensitivity", "s0", ")",
3894 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3895 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3896 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3897 "(", "portcon", "udp", "25", "conn", ")", NULL};
3898
3899 struct cil_tree *test_tree;
3900 gen_test_tree(&test_tree, line);
3901
3902 struct cil_db *test_db;
3903 cil_db_init(&test_db);
3904
3905 uint32_t changed = CIL_FALSE;
3906 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3907
3908 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3909
3910 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3911 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3912 }
3913
test_cil_resolve_portcon_anon_context(CuTest * tc)3914 void test_cil_resolve_portcon_anon_context(CuTest *tc) {
3915 char *line[] = {"(", "user", "user_u", ")",
3916 "(", "role", "role_r", ")",
3917 "(", "type", "type_t", ")",
3918 "(", "category", "c0", ")",
3919 "(", "sensitivity", "s0", ")",
3920 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3921 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3922 "(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3923
3924 struct cil_tree *test_tree;
3925 gen_test_tree(&test_tree, line);
3926
3927 struct cil_db *test_db;
3928 cil_db_init(&test_db);
3929
3930 uint32_t changed = CIL_FALSE;
3931 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3932
3933 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3934
3935 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3936 CuAssertIntEquals(tc, SEPOL_OK, rc);
3937 }
3938
test_cil_resolve_portcon_anon_context_neg(CuTest * tc)3939 void test_cil_resolve_portcon_anon_context_neg(CuTest *tc) {
3940 char *line[] = {"(", "user", "system_u", ")",
3941 "(", "type", "type_t", ")",
3942 "(", "category", "c0", ")",
3943 "(", "sensitivity", "s0", ")",
3944 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3945 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3946 "(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3947
3948 struct cil_tree *test_tree;
3949 gen_test_tree(&test_tree, line);
3950
3951 struct cil_db *test_db;
3952 cil_db_init(&test_db);
3953
3954 uint32_t changed = CIL_FALSE;
3955 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3956
3957 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3958
3959 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
3960 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3961 }
3962
test_cil_resolve_genfscon(CuTest * tc)3963 void test_cil_resolve_genfscon(CuTest *tc) {
3964 char *line[] = {"(", "user", "user_u", ")",
3965 "(", "role", "role_r", ")",
3966 "(", "type", "type_t", ")",
3967 "(", "category", "c0", ")",
3968 "(", "sensitivity", "s0", ")",
3969 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3970 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3971 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3972 "(", "genfscon", "type", "path", "con", ")", NULL};
3973
3974 struct cil_tree *test_tree;
3975 gen_test_tree(&test_tree, line);
3976
3977 struct cil_db *test_db;
3978 cil_db_init(&test_db);
3979
3980 uint32_t changed = CIL_FALSE;
3981 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3982
3983 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3984
3985 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3986 CuAssertIntEquals(tc, SEPOL_OK, rc);
3987 }
3988
test_cil_resolve_genfscon_neg(CuTest * tc)3989 void test_cil_resolve_genfscon_neg(CuTest *tc) {
3990 char *line[] = {"(", "user", "user_u", ")",
3991 "(", "role", "role_r", ")",
3992 "(", "type", "type_t", ")",
3993 "(", "category", "c0", ")",
3994 "(", "sensitivity", "s0", ")",
3995 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3996 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3997 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3998 "(", "genfscon", "type", "path", "conn", ")", NULL};
3999
4000 struct cil_tree *test_tree;
4001 gen_test_tree(&test_tree, line);
4002
4003 struct cil_db *test_db;
4004 cil_db_init(&test_db);
4005
4006 uint32_t changed = CIL_FALSE;
4007 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4008
4009 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4010
4011 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4012 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4013 }
4014
test_cil_resolve_genfscon_anon_context(CuTest * tc)4015 void test_cil_resolve_genfscon_anon_context(CuTest *tc) {
4016 char *line[] = {"(", "user", "user_u", ")",
4017 "(", "role", "role_r", ")",
4018 "(", "type", "type_t", ")",
4019 "(", "category", "c0", ")",
4020 "(", "sensitivity", "s0", ")",
4021 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4022 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4023 "(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4024
4025 struct cil_tree *test_tree;
4026 gen_test_tree(&test_tree, line);
4027
4028 struct cil_db *test_db;
4029 cil_db_init(&test_db);
4030
4031 uint32_t changed = CIL_FALSE;
4032 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4033
4034 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4035
4036 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4037 CuAssertIntEquals(tc, SEPOL_OK, rc);
4038 }
4039
test_cil_resolve_genfscon_anon_context_neg(CuTest * tc)4040 void test_cil_resolve_genfscon_anon_context_neg(CuTest *tc) {
4041 char *line[] = {"(", "user", "system_u", ")",
4042 "(", "type", "type_t", ")",
4043 "(", "category", "c0", ")",
4044 "(", "sensitivity", "s0", ")",
4045 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4046 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4047 "(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4048
4049 struct cil_tree *test_tree;
4050 gen_test_tree(&test_tree, line);
4051
4052 struct cil_db *test_db;
4053 cil_db_init(&test_db);
4054
4055 uint32_t changed = CIL_FALSE;
4056 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4057
4058 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4059
4060 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
4061 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4062 }
4063
test_cil_resolve_nodecon_ipv4(CuTest * tc)4064 void test_cil_resolve_nodecon_ipv4(CuTest *tc) {
4065 char *line[] = {"(", "user", "user_u", ")",
4066 "(", "role", "role_r", ")",
4067 "(", "type", "type_t", ")",
4068 "(", "category", "c0", ")",
4069 "(", "sensitivity", "s0", ")",
4070 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4071 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4072 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4073 "(", "ipaddr", "ip", "192.168.1.1", ")",
4074 "(", "ipaddr", "netmask", "192.168.1.1", ")",
4075 "(", "nodecon", "ip", "netmask", "con", ")", NULL};
4076
4077 struct cil_tree *test_tree;
4078 gen_test_tree(&test_tree, line);
4079
4080 struct cil_db *test_db;
4081 cil_db_init(&test_db);
4082
4083 uint32_t changed = CIL_FALSE;
4084 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4085
4086 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4087
4088 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4089 CuAssertIntEquals(tc, SEPOL_OK, rc);
4090 }
4091
test_cil_resolve_nodecon_ipv6(CuTest * tc)4092 void test_cil_resolve_nodecon_ipv6(CuTest *tc) {
4093 char *line[] = {"(", "user", "user_u", ")",
4094 "(", "role", "role_r", ")",
4095 "(", "type", "type_t", ")",
4096 "(", "category", "c0", ")",
4097 "(", "sensitivity", "s0", ")",
4098 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4099 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4100 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4101 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4102 "(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
4103 "(", "nodecon", "ip", "netmask", "con", ")", NULL};
4104
4105 struct cil_tree *test_tree;
4106 gen_test_tree(&test_tree, line);
4107
4108 struct cil_db *test_db;
4109 cil_db_init(&test_db);
4110
4111 uint32_t changed = CIL_FALSE;
4112 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4113
4114 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4115
4116 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4117 CuAssertIntEquals(tc, SEPOL_OK, rc);
4118 }
4119
test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest * tc)4120 void test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest *tc) {
4121 char *line[] = {"(", "user", "user_u", ")",
4122 "(", "role", "role_r", ")",
4123 "(", "type", "type_t", ")",
4124 "(", "category", "c0", ")",
4125 "(", "sensitivity", "s0", ")",
4126 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4127 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4128 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4129 "(", "ipaddr", "netmask", "192.168.1.1", ")",
4130 "(", "nodecon", "(", "192.168.1.1", ")", "netmask", "con", ")", NULL};
4131
4132 struct cil_tree *test_tree;
4133 gen_test_tree(&test_tree, line);
4134
4135 struct cil_db *test_db;
4136 cil_db_init(&test_db);
4137
4138 uint32_t changed = CIL_FALSE;
4139 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4140
4141 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4142
4143 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4144 CuAssertIntEquals(tc, SEPOL_OK, rc);
4145 }
4146
test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest * tc)4147 void test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest *tc) {
4148 char *line[] = {"(", "user", "user_u", ")",
4149 "(", "role", "role_r", ")",
4150 "(", "type", "type_t", ")",
4151 "(", "category", "c0", ")",
4152 "(", "sensitivity", "s0", ")",
4153 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4154 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4155 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4156 "(", "ipaddr", "ip", "192.168.1.1", ")",
4157 "(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
4158
4159 struct cil_tree *test_tree;
4160 gen_test_tree(&test_tree, line);
4161
4162 struct cil_db *test_db;
4163 cil_db_init(&test_db);
4164
4165 uint32_t changed = CIL_FALSE;
4166 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4167
4168 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4169
4170 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4171 CuAssertIntEquals(tc, SEPOL_OK, rc);
4172 }
4173
test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest * tc)4174 void test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest *tc) {
4175 char *line[] = {"(", "user", "user_u", ")",
4176 "(", "role", "role_r", ")",
4177 "(", "type", "type_t", ")",
4178 "(", "category", "c0", ")",
4179 "(", "sensitivity", "s0", ")",
4180 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4181 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4182 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4183 "(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
4184 "(", "nodecon", "(", "2001:0DB8:AC10:FE01::", ")", "netmask", "con", ")", NULL};
4185
4186 struct cil_tree *test_tree;
4187 gen_test_tree(&test_tree, line);
4188
4189 struct cil_db *test_db;
4190 cil_db_init(&test_db);
4191
4192 uint32_t changed = CIL_FALSE;
4193 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4194
4195 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4196
4197 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4198 CuAssertIntEquals(tc, SEPOL_OK, rc);
4199 }
4200
test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest * tc)4201 void test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest *tc) {
4202 char *line[] = {"(", "user", "user_u", ")",
4203 "(", "role", "role_r", ")",
4204 "(", "type", "type_t", ")",
4205 "(", "category", "c0", ")",
4206 "(", "sensitivity", "s0", ")",
4207 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4208 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4209 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4210 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4211 "(", "nodecon", "ip", "(", "2001:0DB8:AC10:FE01::", ")", "con", ")", NULL};
4212
4213 struct cil_tree *test_tree;
4214 gen_test_tree(&test_tree, line);
4215
4216 struct cil_db *test_db;
4217 cil_db_init(&test_db);
4218
4219 uint32_t changed = CIL_FALSE;
4220 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4221
4222 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4223
4224 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4225 CuAssertIntEquals(tc, SEPOL_OK, rc);
4226 }
4227
test_cil_resolve_nodecon_diffipfam_neg(CuTest * tc)4228 void test_cil_resolve_nodecon_diffipfam_neg(CuTest *tc) {
4229 char *line[] = {"(", "user", "user_u", ")",
4230 "(", "role", "role_r", ")",
4231 "(", "type", "type_t", ")",
4232 "(", "category", "c0", ")",
4233 "(", "sensitivity", "s0", ")",
4234 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4235 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4236 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4237 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4238 "(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
4239
4240 struct cil_tree *test_tree;
4241 gen_test_tree(&test_tree, line);
4242
4243 struct cil_db *test_db;
4244 cil_db_init(&test_db);
4245
4246 uint32_t changed = CIL_FALSE;
4247 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4248
4249 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4250
4251 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4252 CuAssertIntEquals(tc, SEPOL_ERR, rc);
4253 }
4254
test_cil_resolve_nodecon_context_neg(CuTest * tc)4255 void test_cil_resolve_nodecon_context_neg(CuTest *tc) {
4256 char *line[] = {"(", "user", "user_u", ")",
4257 "(", "role", "role_r", ")",
4258 "(", "type", "type_t", ")",
4259 "(", "category", "c0", ")",
4260 "(", "sensitivity", "s0", ")",
4261 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4262 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4263 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4264 "(", "ipaddr", "ip", "192.168.1.1", ")",
4265 "(", "ipaddr", "netmask", "192.168.1.1", ")",
4266 "(", "nodecon", "n", "netmask", "con", ")", NULL};
4267
4268 struct cil_tree *test_tree;
4269 gen_test_tree(&test_tree, line);
4270
4271 struct cil_db *test_db;
4272 cil_db_init(&test_db);
4273
4274 uint32_t changed = CIL_FALSE;
4275 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4276
4277 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4278
4279 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4280 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4281 }
4282
test_cil_resolve_nodecon_ipaddr_neg(CuTest * tc)4283 void test_cil_resolve_nodecon_ipaddr_neg(CuTest *tc) {
4284 char *line[] = {"(", "user", "user_u", ")",
4285 "(", "role", "role_r", ")",
4286 "(", "type", "type_t", ")",
4287 "(", "category", "c0", ")",
4288 "(", "sensitivity", "s0", ")",
4289 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4290 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4291 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4292 "(", "ipaddr", "ip", "192.168.1.1", ")",
4293 "(", "ipaddr", "netmask", "192.168.1.1", ")",
4294 "(", "nodecon", "ip", "n", "con", ")", NULL};
4295
4296 struct cil_tree *test_tree;
4297 gen_test_tree(&test_tree, line);
4298
4299 struct cil_db *test_db;
4300 cil_db_init(&test_db);
4301
4302 uint32_t changed = CIL_FALSE;
4303 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4304
4305 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4306
4307 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4308 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4309 }
4310
test_cil_resolve_nodecon_netmask_neg(CuTest * tc)4311 void test_cil_resolve_nodecon_netmask_neg(CuTest *tc) {
4312 char *line[] = {"(", "user", "user_u", ")",
4313 "(", "role", "role_r", ")",
4314 "(", "type", "type_t", ")",
4315 "(", "category", "c0", ")",
4316 "(", "sensitivity", "s0", ")",
4317 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4318 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4319 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4320 "(", "ipaddr", "ip", "192.168.1.1", ")",
4321 "(", "nodecon", "ip", "ip", "conn", ")", NULL};
4322
4323 struct cil_tree *test_tree;
4324 gen_test_tree(&test_tree, line);
4325
4326 struct cil_db *test_db;
4327 cil_db_init(&test_db);
4328
4329 uint32_t changed = CIL_FALSE;
4330 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4331
4332 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4333
4334 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4335 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4336 }
4337
test_cil_resolve_nodecon_anon_context(CuTest * tc)4338 void test_cil_resolve_nodecon_anon_context(CuTest *tc) {
4339 char *line[] = {"(", "user", "user_u", ")",
4340 "(", "role", "role_r", ")",
4341 "(", "type", "type_t", ")",
4342 "(", "category", "c0", ")",
4343 "(", "sensitivity", "s0", ")",
4344 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4345 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4346 "(", "ipaddr", "ip", "192.168.1.1", ")",
4347 "(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4348
4349 struct cil_tree *test_tree;
4350 gen_test_tree(&test_tree, line);
4351
4352 struct cil_db *test_db;
4353 cil_db_init(&test_db);
4354
4355 uint32_t changed = CIL_FALSE;
4356 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4357
4358 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4359
4360 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4361 CuAssertIntEquals(tc, SEPOL_OK, rc);
4362 }
4363
test_cil_resolve_nodecon_anon_context_neg(CuTest * tc)4364 void test_cil_resolve_nodecon_anon_context_neg(CuTest *tc) {
4365 char *line[] = {"(", "user", "system_u", ")",
4366 "(", "type", "type_t", ")",
4367 "(", "category", "c0", ")",
4368 "(", "sensitivity", "s0", ")",
4369 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4370 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4371 "(", "ipaddr", "ip", "192.168.1.1", ")",
4372 "(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4373
4374 struct cil_tree *test_tree;
4375 gen_test_tree(&test_tree, line);
4376
4377 struct cil_db *test_db;
4378 cil_db_init(&test_db);
4379
4380 uint32_t changed = CIL_FALSE;
4381 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4382
4383 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4384
4385 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4386 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4387 }
4388
test_cil_resolve_netifcon(CuTest * tc)4389 void test_cil_resolve_netifcon(CuTest *tc) {
4390 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4391 "(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4392 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4393
4394 struct cil_tree *test_tree;
4395 gen_test_tree(&test_tree, line);
4396
4397 struct cil_db *test_db;
4398 cil_db_init(&test_db);
4399
4400 uint32_t changed = CIL_FALSE;
4401 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4402
4403 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4404
4405 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next, args);
4406 CuAssertIntEquals(tc, SEPOL_OK, rc);
4407 }
4408
test_cil_resolve_netifcon_otf_neg(CuTest * tc)4409 void test_cil_resolve_netifcon_otf_neg(CuTest *tc) {
4410 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4411 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4412
4413 struct cil_tree *test_tree;
4414 gen_test_tree(&test_tree, line);
4415
4416 struct cil_db *test_db;
4417 cil_db_init(&test_db);
4418
4419 uint32_t changed = CIL_FALSE;
4420 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4421
4422 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4423
4424 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
4425 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4426 }
4427
test_cil_resolve_netifcon_interface_neg(CuTest * tc)4428 void test_cil_resolve_netifcon_interface_neg(CuTest *tc) {
4429 char *line[] = {"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4430 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4431
4432 struct cil_tree *test_tree;
4433 gen_test_tree(&test_tree, line);
4434
4435 struct cil_db *test_db;
4436 cil_db_init(&test_db);
4437
4438 uint32_t changed = CIL_FALSE;
4439 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4440
4441 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4442
4443 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
4444 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4445 }
4446
test_cil_resolve_netifcon_unnamed(CuTest * tc)4447 void test_cil_resolve_netifcon_unnamed(CuTest *tc) {
4448 char *line[] = {"(", "sensitivity", "s0", ")",
4449 "(", "category", "c0", ")",
4450 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4451 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4452 "(", "user", "system_u", ")",
4453 "(", "role", "object_r", ")",
4454 "(", "type", "netif_t", ")",
4455 "(", "netifcon", "eth1",
4456 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4457 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4458
4459 struct cil_tree *test_tree;
4460 gen_test_tree(&test_tree, line);
4461
4462 struct cil_db *test_db;
4463 cil_db_init(&test_db);
4464
4465 uint32_t changed = CIL_FALSE;
4466 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4467
4468 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4469
4470 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4471 CuAssertIntEquals(tc, SEPOL_OK, rc);
4472 }
4473
test_cil_resolve_netifcon_unnamed_packet_neg(CuTest * tc)4474 void test_cil_resolve_netifcon_unnamed_packet_neg(CuTest *tc) {
4475 char *line[] = {"(", "sensitivity", "s0", ")",
4476 "(", "category", "c0", ")",
4477 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4478 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4479 "(", "role", "object_r", ")",
4480 "(", "type", "netif_t", ")",
4481 "(", "netifcon", "eth1",
4482 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4483 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4484
4485 struct cil_tree *test_tree;
4486 gen_test_tree(&test_tree, line);
4487
4488 struct cil_db *test_db;
4489 cil_db_init(&test_db);
4490
4491 uint32_t changed = CIL_FALSE;
4492 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4493
4494 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4495
4496 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
4497 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4498 }
4499
test_cil_resolve_netifcon_unnamed_otf_neg(CuTest * tc)4500 void test_cil_resolve_netifcon_unnamed_otf_neg(CuTest *tc) {
4501 char *line[] = {"(", "sensitivity", "s0", ")",
4502 "(", "category", "c0", ")",
4503 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4504 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4505 "(", "user", "system_u", ")",
4506 "(", "role", "object_r", ")",
4507 "(", "type", "netif_t", ")",
4508 "(", "netifcon", "eth1",
4509 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4510 "(", "system_u", "foo_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4511
4512 struct cil_tree *test_tree;
4513 gen_test_tree(&test_tree, line);
4514
4515 struct cil_db *test_db;
4516 cil_db_init(&test_db);
4517
4518 uint32_t changed = CIL_FALSE;
4519 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4520
4521 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4522
4523 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4524 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4525 }
4526
test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest * tc)4527 void test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest *tc) {
4528 char *line[] = {"(", "netifcon", "eth1",
4529 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4530
4531 struct cil_tree *test_tree;
4532 gen_test_tree(&test_tree, line);
4533
4534 struct cil_db *test_db;
4535 cil_db_init(&test_db);
4536
4537 uint32_t changed = CIL_FALSE;
4538 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4539
4540 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4541
4542 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head, args);
4543 CuAssertIntEquals(tc, SEPOL_OK, rc);
4544 }
4545
test_cil_resolve_pirqcon(CuTest * tc)4546 void test_cil_resolve_pirqcon(CuTest *tc) {
4547 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4548 "(", "pirqcon", "1", "con", ")", NULL};
4549
4550 struct cil_tree *test_tree;
4551 gen_test_tree(&test_tree, line);
4552
4553 struct cil_db *test_db;
4554 cil_db_init(&test_db);
4555
4556 uint32_t changed = CIL_FALSE;
4557 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4558
4559 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4560
4561 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
4562 CuAssertIntEquals(tc, SEPOL_OK, rc);
4563 }
4564
test_cil_resolve_pirqcon_context_neg(CuTest * tc)4565 void test_cil_resolve_pirqcon_context_neg(CuTest *tc) {
4566 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4567 "(", "pirqcon", "1", "dne", ")", NULL};
4568
4569 struct cil_tree *test_tree;
4570 gen_test_tree(&test_tree, line);
4571
4572 struct cil_db *test_db;
4573 cil_db_init(&test_db);
4574
4575 uint32_t changed = CIL_FALSE;
4576 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4577
4578 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4579
4580 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
4581 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4582 }
4583
test_cil_resolve_pirqcon_anon_context(CuTest * tc)4584 void test_cil_resolve_pirqcon_anon_context(CuTest *tc) {
4585 char *line[] = {"(", "user", "system_u", ")",
4586 "(", "role", "object_r", ")",
4587 "(", "type", "etc_t", ")",
4588 "(", "sensitivity", "s0", ")",
4589 "(", "category", "c0", ")",
4590 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4591 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4592 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4593 "(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4594
4595 struct cil_tree *test_tree;
4596 gen_test_tree(&test_tree, line);
4597
4598 struct cil_db *test_db;
4599 cil_db_init(&test_db);
4600
4601 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4602
4603 uint32_t changed = CIL_FALSE;
4604 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4605
4606 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4607
4608 args->pass = CIL_PASS_MISC3;
4609
4610 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4611 CuAssertIntEquals(tc, SEPOL_OK, rc);
4612 }
4613
test_cil_resolve_pirqcon_anon_context_neg(CuTest * tc)4614 void test_cil_resolve_pirqcon_anon_context_neg(CuTest *tc) {
4615 char *line[] = {"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4616
4617 struct cil_tree *test_tree;
4618 gen_test_tree(&test_tree, line);
4619
4620 struct cil_db *test_db;
4621 cil_db_init(&test_db);
4622
4623 uint32_t changed = CIL_FALSE;
4624 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4625
4626 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4627
4628 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head, args);
4629 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4630 }
4631
test_cil_resolve_iomemcon(CuTest * tc)4632 void test_cil_resolve_iomemcon(CuTest *tc) {
4633 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4634 "(", "iomemcon", "1", "con", ")", NULL};
4635
4636 struct cil_tree *test_tree;
4637 gen_test_tree(&test_tree, line);
4638
4639 struct cil_db *test_db;
4640 cil_db_init(&test_db);
4641
4642 uint32_t changed = CIL_FALSE;
4643 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4644
4645 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4646
4647 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
4648 CuAssertIntEquals(tc, SEPOL_OK, rc);
4649 }
4650
test_cil_resolve_iomemcon_context_neg(CuTest * tc)4651 void test_cil_resolve_iomemcon_context_neg(CuTest *tc) {
4652 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4653 "(", "iomemcon", "1", "dne", ")", NULL};
4654
4655 struct cil_tree *test_tree;
4656 gen_test_tree(&test_tree, line);
4657
4658 struct cil_db *test_db;
4659 cil_db_init(&test_db);
4660
4661 uint32_t changed = CIL_FALSE;
4662 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4663
4664 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4665
4666 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
4667 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4668 }
4669
test_cil_resolve_iomemcon_anon_context(CuTest * tc)4670 void test_cil_resolve_iomemcon_anon_context(CuTest *tc) {
4671 char *line[] = {"(", "user", "system_u", ")",
4672 "(", "role", "object_r", ")",
4673 "(", "type", "etc_t", ")",
4674 "(", "sensitivity", "s0", ")",
4675 "(", "category", "c0", ")",
4676 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4677 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4678 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4679 "(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4680
4681 struct cil_tree *test_tree;
4682 gen_test_tree(&test_tree, line);
4683
4684 struct cil_db *test_db;
4685 cil_db_init(&test_db);
4686
4687 uint32_t changed = CIL_FALSE;
4688 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4689
4690 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4691
4692 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4693
4694 args->pass = CIL_PASS_MISC3;
4695
4696 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4697 CuAssertIntEquals(tc, SEPOL_OK, rc);
4698 }
4699
test_cil_resolve_iomemcon_anon_context_neg(CuTest * tc)4700 void test_cil_resolve_iomemcon_anon_context_neg(CuTest *tc) {
4701 char *line[] = {"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4702
4703 struct cil_tree *test_tree;
4704 gen_test_tree(&test_tree, line);
4705
4706 struct cil_db *test_db;
4707 cil_db_init(&test_db);
4708
4709 uint32_t changed = CIL_FALSE;
4710 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4711
4712 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4713
4714 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head, args);
4715 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4716 }
4717
test_cil_resolve_ioportcon(CuTest * tc)4718 void test_cil_resolve_ioportcon(CuTest *tc) {
4719 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4720 "(", "ioportcon", "1", "con", ")", NULL};
4721
4722 struct cil_tree *test_tree;
4723 gen_test_tree(&test_tree, line);
4724
4725 struct cil_db *test_db;
4726 cil_db_init(&test_db);
4727
4728 uint32_t changed = CIL_FALSE;
4729 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4730
4731 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4732
4733 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
4734 CuAssertIntEquals(tc, SEPOL_OK, rc);
4735 }
4736
test_cil_resolve_ioportcon_context_neg(CuTest * tc)4737 void test_cil_resolve_ioportcon_context_neg(CuTest *tc) {
4738 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4739 "(", "ioportcon", "1", "dne", ")", NULL};
4740
4741 struct cil_tree *test_tree;
4742 gen_test_tree(&test_tree, line);
4743
4744 struct cil_db *test_db;
4745 cil_db_init(&test_db);
4746
4747 uint32_t changed = CIL_FALSE;
4748 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4749
4750 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4751
4752 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
4753 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4754 }
4755
test_cil_resolve_ioportcon_anon_context(CuTest * tc)4756 void test_cil_resolve_ioportcon_anon_context(CuTest *tc) {
4757 char *line[] = {"(", "user", "system_u", ")",
4758 "(", "role", "object_r", ")",
4759 "(", "type", "etc_t", ")",
4760 "(", "sensitivity", "s0", ")",
4761 "(", "category", "c0", ")",
4762 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4763 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4764 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4765 "(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4766
4767 struct cil_tree *test_tree;
4768 gen_test_tree(&test_tree, line);
4769
4770 struct cil_db *test_db;
4771 cil_db_init(&test_db);
4772
4773 uint32_t changed = CIL_FALSE;
4774 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4775
4776 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4777
4778 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4779
4780 args->pass = CIL_PASS_MISC3;
4781
4782 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4783 CuAssertIntEquals(tc, SEPOL_OK, rc);
4784 }
4785
test_cil_resolve_ioportcon_anon_context_neg(CuTest * tc)4786 void test_cil_resolve_ioportcon_anon_context_neg(CuTest *tc) {
4787 char *line[] = {"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4788
4789 struct cil_tree *test_tree;
4790 gen_test_tree(&test_tree, line);
4791
4792 struct cil_db *test_db;
4793 cil_db_init(&test_db);
4794
4795 uint32_t changed = CIL_FALSE;
4796 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4797
4798 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4799
4800 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head, args);
4801 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4802 }
4803
test_cil_resolve_pcidevicecon(CuTest * tc)4804 void test_cil_resolve_pcidevicecon(CuTest *tc) {
4805 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4806 "(", "pcidevicecon", "1", "con", ")", NULL};
4807
4808 struct cil_tree *test_tree;
4809 gen_test_tree(&test_tree, line);
4810
4811 struct cil_db *test_db;
4812 cil_db_init(&test_db);
4813
4814 uint32_t changed = CIL_FALSE;
4815 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4816
4817 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4818
4819 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
4820 CuAssertIntEquals(tc, SEPOL_OK, rc);
4821 }
4822
test_cil_resolve_pcidevicecon_context_neg(CuTest * tc)4823 void test_cil_resolve_pcidevicecon_context_neg(CuTest *tc) {
4824 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4825 "(", "pcidevicecon", "1", "dne", ")", NULL};
4826
4827 struct cil_tree *test_tree;
4828 gen_test_tree(&test_tree, line);
4829
4830 struct cil_db *test_db;
4831 cil_db_init(&test_db);
4832
4833 uint32_t changed = CIL_FALSE;
4834 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4835
4836 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4837
4838 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
4839 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4840 }
4841
test_cil_resolve_pcidevicecon_anon_context(CuTest * tc)4842 void test_cil_resolve_pcidevicecon_anon_context(CuTest *tc) {
4843 char *line[] = {"(", "user", "system_u", ")",
4844 "(", "role", "object_r", ")",
4845 "(", "type", "etc_t", ")",
4846 "(", "sensitivity", "s0", ")",
4847 "(", "category", "c0", ")",
4848 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4849 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4850 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4851 "(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4852
4853 struct cil_tree *test_tree;
4854 gen_test_tree(&test_tree, line);
4855
4856 struct cil_db *test_db;
4857 cil_db_init(&test_db);
4858
4859 uint32_t changed = CIL_FALSE;
4860 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4861
4862 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4863
4864 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4865
4866 args->pass = CIL_PASS_MISC3;
4867
4868 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4869 CuAssertIntEquals(tc, SEPOL_OK, rc);
4870 }
4871
test_cil_resolve_pcidevicecon_anon_context_neg(CuTest * tc)4872 void test_cil_resolve_pcidevicecon_anon_context_neg(CuTest *tc) {
4873 char *line[] = {"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4874
4875 struct cil_tree *test_tree;
4876 gen_test_tree(&test_tree, line);
4877
4878 struct cil_db *test_db;
4879 cil_db_init(&test_db);
4880
4881 uint32_t changed = CIL_FALSE;
4882 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4883
4884 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4885
4886 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head, args);
4887 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4888 }
4889
test_cil_resolve_fsuse(CuTest * tc)4890 void test_cil_resolve_fsuse(CuTest *tc) {
4891 char *line[] = {"(", "sensitivity", "s0", ")",
4892 "(", "category", "c0", ")",
4893 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4894 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4895 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4896 "(", "user", "system_u", ")",
4897 "(", "role", "object_r", ")",
4898 "(", "type", "netif_t", ")",
4899 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4900 "(", "fsuse", "xattr", "ext3", "con", ")", NULL};
4901
4902 struct cil_tree *test_tree;
4903 gen_test_tree(&test_tree, line);
4904
4905 struct cil_db *test_db;
4906 cil_db_init(&test_db);
4907
4908 uint32_t changed = CIL_FALSE;
4909 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4910
4911 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4912
4913 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4914 CuAssertIntEquals(tc, SEPOL_OK, rc);
4915 }
4916
test_cil_resolve_fsuse_nocontext_neg(CuTest * tc)4917 void test_cil_resolve_fsuse_nocontext_neg(CuTest *tc) {
4918 char *line[] = {"(", "sensitivity", "s0", ")",
4919 "(", "category", "c0", ")",
4920 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4921 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4922 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4923 "(", "user", "system_u", ")",
4924 "(", "role", "object_r", ")",
4925 "(", "type", "netif_t", ")",
4926 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4927 "(", "fsuse", "xattr", "ext3", "(", ")", ")", NULL};
4928
4929 struct cil_tree *test_tree;
4930 gen_test_tree(&test_tree, line);
4931
4932 struct cil_db *test_db;
4933 cil_db_init(&test_db);
4934
4935 uint32_t changed = CIL_FALSE;
4936 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4937
4938 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4939
4940 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4941 CuAssertIntEquals(tc, SEPOL_ERR, rc);
4942 }
4943
test_cil_resolve_fsuse_neg(CuTest * tc)4944 void test_cil_resolve_fsuse_neg(CuTest *tc) {
4945 char *line[] = {"(", "sensitivity", "s0", ")",
4946 "(", "category", "c0", ")",
4947 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4948 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4949 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4950 "(", "user", "system_u", ")",
4951 "(", "role", "object_r", ")",
4952 "(", "type", "netif_t", ")",
4953 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4954 "(", "fsuse", "xattr", "ext3", "conn", ")", NULL};
4955
4956 struct cil_tree *test_tree;
4957 gen_test_tree(&test_tree, line);
4958
4959 struct cil_db *test_db;
4960 cil_db_init(&test_db);
4961
4962 uint32_t changed = CIL_FALSE;
4963 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4964
4965 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4966
4967 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4968 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4969 }
4970
test_cil_resolve_fsuse_anon(CuTest * tc)4971 void test_cil_resolve_fsuse_anon(CuTest *tc) {
4972 char *line[] = {"(", "sensitivity", "s0", ")",
4973 "(", "category", "c0", ")",
4974 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4975 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4976 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4977 "(", "user", "system_u", ")",
4978 "(", "role", "object_r", ")",
4979 "(", "type", "netif_t", ")",
4980 "(", "fsuse", "xattr", "ext3", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4981
4982 struct cil_tree *test_tree;
4983 gen_test_tree(&test_tree, line);
4984
4985 struct cil_db *test_db;
4986 cil_db_init(&test_db);
4987
4988 uint32_t changed = CIL_FALSE;
4989 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4990
4991 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4992
4993 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4994 CuAssertIntEquals(tc, SEPOL_OK, rc);
4995 }
4996
test_cil_resolve_fsuse_anon_neg(CuTest * tc)4997 void test_cil_resolve_fsuse_anon_neg(CuTest *tc) {
4998 char *line[] = {"(", "sensitivity", "s0", ")",
4999 "(", "category", "c0", ")",
5000 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5001 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
5002 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
5003 "(", "user", "system_u", ")",
5004 "(", "role", "object_r", ")",
5005 "(", "type", "netif_t", ")",
5006 "(", "fsuse", "xattr", "ext3", "(", "system_uu", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
5007
5008 struct cil_tree *test_tree;
5009 gen_test_tree(&test_tree, line);
5010
5011 struct cil_db *test_db;
5012 cil_db_init(&test_db);
5013
5014 uint32_t changed = CIL_FALSE;
5015 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
5016
5017 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5018
5019 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5020 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5021 }
5022
test_cil_resolve_sidcontext(CuTest * tc)5023 void test_cil_resolve_sidcontext(CuTest *tc) {
5024 char *line[] = {"(", "category", "c0", ")",
5025 "(", "categoryorder", "(", "c0", ")", ")",
5026 "(", "sensitivity", "s0", ")",
5027 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5028 "(", "type", "blah_t", ")",
5029 "(", "role", "blah_r", ")",
5030 "(", "user", "blah_u", ")",
5031 "(", "sid", "test", ")",
5032 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
5033
5034 struct cil_tree *test_tree;
5035 gen_test_tree(&test_tree, line);
5036
5037 struct cil_db *test_db;
5038 cil_db_init(&test_db);
5039
5040 uint32_t changed = CIL_FALSE;
5041 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5042
5043 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5044
5045 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5046
5047 args->pass = CIL_PASS_MISC3;
5048
5049 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5050 CuAssertIntEquals(tc, SEPOL_OK, rc);
5051 }
5052
test_cil_resolve_sidcontext_named_levels(CuTest * tc)5053 void test_cil_resolve_sidcontext_named_levels(CuTest *tc) {
5054 char *line[] = {"(", "category", "c0", ")",
5055 "(", "categoryorder", "(", "c0", ")", ")",
5056 "(", "sensitivity", "s0", ")",
5057 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5058 "(", "type", "blah_t", ")",
5059 "(", "role", "blah_r", ")",
5060 "(", "user", "blah_u", ")",
5061 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
5062 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
5063 "(", "sid", "test", ")",
5064 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
5065
5066 struct cil_tree *test_tree;
5067 gen_test_tree(&test_tree, line);
5068
5069 struct cil_db *test_db;
5070 cil_db_init(&test_db);
5071
5072 uint32_t changed = CIL_FALSE;
5073 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5074
5075 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5076
5077 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5078
5079 args->pass = CIL_PASS_MISC3;
5080
5081 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5082 cil_resolve_level(level, (struct cil_level*)level->data, args);
5083 cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
5084 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5085 CuAssertIntEquals(tc, SEPOL_OK, rc);
5086 }
5087
test_cil_resolve_sidcontext_named_context(CuTest * tc)5088 void test_cil_resolve_sidcontext_named_context(CuTest *tc) {
5089 char *line[] = {"(", "category", "c0", ")",
5090 "(", "categoryorder", "(", "c0", ")", ")",
5091 "(", "sensitivity", "s0", ")",
5092 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5093 "(", "type", "blah_t", ")",
5094 "(", "role", "blah_r", ")",
5095 "(", "user", "blah_u", ")",
5096 "(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
5097 "(", "sid", "test", ")",
5098 "(", "sidcontext", "test", "con", ")", NULL};
5099
5100 struct cil_tree *test_tree;
5101 gen_test_tree(&test_tree, line);
5102
5103 struct cil_db *test_db;
5104 cil_db_init(&test_db);
5105
5106 uint32_t changed = CIL_FALSE;
5107 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5108
5109 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5110
5111 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5112
5113 args->pass = CIL_PASS_MISC3;
5114
5115 struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5116 cil_resolve_context(context, (struct cil_context*)context->data, args);
5117
5118 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
5119 CuAssertIntEquals(tc, SEPOL_OK, rc);
5120 }
5121
test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest * tc)5122 void test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest *tc) {
5123 char *line[] = {"(", "category", "c0", ")",
5124 "(", "categoryorder", "(", "c0", ")", ")",
5125 "(", "sensitivity", "s0", ")",
5126 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5127 "(", "type", "blah_t", ")",
5128 "(", "role", "blah_r", ")",
5129 "(", "user", "blah_u", ")",
5130 "(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
5131 "(", "sid", "test", ")",
5132 "(", "sidcontext", "test", "foo", ")", NULL};
5133
5134 struct cil_tree *test_tree;
5135 gen_test_tree(&test_tree, line);
5136
5137 struct cil_db *test_db;
5138 cil_db_init(&test_db);
5139
5140 uint32_t changed = CIL_FALSE;
5141 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5142
5143 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5144
5145 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5146
5147 args->pass = CIL_PASS_MISC3;
5148
5149 struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5150 cil_resolve_context(context, (struct cil_context*)context->data, args);
5151
5152 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
5153 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5154 }
5155
test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest * tc)5156 void test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest *tc) {
5157 char *line[] = {"(", "category", "c0", ")",
5158 "(", "categoryorder", "(", "c0", ")", ")",
5159 "(", "sensitivity", "s0", ")",
5160 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5161 "(", "type", "blah_t", ")",
5162 "(", "role", "blah_r", ")",
5163 "(", "user", "blah_u", ")",
5164 "(", "sid", "test", ")",
5165 "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
5166
5167 struct cil_tree *test_tree;
5168 gen_test_tree(&test_tree, line);
5169
5170 struct cil_db *test_db;
5171 cil_db_init(&test_db);
5172
5173 uint32_t changed = CIL_FALSE;
5174 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5175
5176 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5177
5178 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5179
5180 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5181 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5182 }
5183
test_cil_resolve_blockinherit(CuTest * tc)5184 void test_cil_resolve_blockinherit(CuTest *tc) {
5185 char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
5186 "(", "block", "foo", "(", "type", "a", ")",
5187 "(", "blockinherit", "baz", ")", ")", NULL};
5188
5189 struct cil_tree *test_tree;
5190 gen_test_tree(&test_tree, line);
5191
5192 struct cil_db *test_db;
5193 cil_db_init(&test_db);
5194
5195 uint32_t changed = CIL_FALSE;
5196 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5197
5198 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5199
5200 int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
5201 CuAssertIntEquals(tc, SEPOL_OK, rc);
5202 }
5203
test_cil_resolve_blockinherit_blockstrdne_neg(CuTest * tc)5204 void test_cil_resolve_blockinherit_blockstrdne_neg(CuTest *tc) {
5205 char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
5206 "(", "block", "foo", "(", "type", "a", ")",
5207 "(", "blockinherit", "dne", ")", ")", NULL};
5208
5209 struct cil_tree *test_tree;
5210 gen_test_tree(&test_tree, line);
5211
5212 struct cil_db *test_db;
5213 cil_db_init(&test_db);
5214
5215 uint32_t changed = CIL_FALSE;
5216 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5217
5218 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5219
5220 int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
5221 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5222 }
5223
test_cil_resolve_in_block(CuTest * tc)5224 void test_cil_resolve_in_block(CuTest *tc) {
5225 char *line[] = {"(", "class", "char", "(", "read", ")", ")",
5226 "(", "block", "foo", "(", "type", "a", ")", ")",
5227 "(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5228
5229 struct cil_tree *test_tree;
5230 gen_test_tree(&test_tree, line);
5231
5232 struct cil_db *test_db;
5233 cil_db_init(&test_db);
5234
5235 uint32_t changed = CIL_FALSE;
5236 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5237
5238 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5239
5240 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5241 CuAssertIntEquals(tc, SEPOL_OK, rc);
5242 }
5243
test_cil_resolve_in_blockstrdne_neg(CuTest * tc)5244 void test_cil_resolve_in_blockstrdne_neg(CuTest *tc) {
5245 char *line[] = {"(", "class", "char", "(", "read", ")", ")",
5246 "(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5247
5248 struct cil_tree *test_tree;
5249 gen_test_tree(&test_tree, line);
5250
5251 struct cil_db *test_db;
5252 cil_db_init(&test_db);
5253
5254 uint32_t changed = CIL_FALSE;
5255 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5256
5257 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5258
5259 int rc = cil_resolve_in(test_db->ast->root->cl_head->next, args);
5260 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5261 }
5262
test_cil_resolve_in_macro(CuTest * tc)5263 void test_cil_resolve_in_macro(CuTest *tc) {
5264 char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
5265 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5266 "(", "allow", "foo", "bar", "(", "file", "(", "write", ")", ")", ")", ")",
5267 "(", "in", "mm", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5268
5269 struct cil_tree *test_tree;
5270 gen_test_tree(&test_tree, line);
5271
5272 struct cil_db *test_db;
5273 cil_db_init(&test_db);
5274
5275 uint32_t changed = CIL_FALSE;
5276 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5277
5278 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5279
5280 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5281 CuAssertIntEquals(tc, SEPOL_OK, rc);
5282 }
5283
test_cil_resolve_in_optional(CuTest * tc)5284 void test_cil_resolve_in_optional(CuTest *tc) {
5285 char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
5286 "(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")",
5287 "(", "in", "opt", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5288
5289 struct cil_tree *test_tree;
5290 gen_test_tree(&test_tree, line);
5291
5292 struct cil_db *test_db;
5293 cil_db_init(&test_db);
5294
5295 uint32_t changed = CIL_FALSE;
5296 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5297
5298 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5299
5300 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5301 CuAssertIntEquals(tc, SEPOL_OK, rc);
5302 }
5303
test_cil_resolve_call1_noparam(CuTest * tc)5304 void test_cil_resolve_call1_noparam(CuTest *tc) {
5305 char *line[] = {"(", "type", "qaz", ")",
5306 "(", "class", "file", "(", "read", ")", ")",
5307 "(", "macro", "mm", "(", "(", "type", ")", ")",
5308 "(", "type", "b", ")",
5309 "(", "allow", "qaz", "b", "file", "(", "read", ")", ")", ")",
5310 "(", "call", "mm", "(", ")", ")", NULL};
5311
5312 struct cil_tree *test_tree;
5313 gen_test_tree(&test_tree, line);
5314
5315 struct cil_db *test_db;
5316 cil_db_init(&test_db);
5317
5318 uint32_t changed = CIL_FALSE;
5319 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5320
5321 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5322
5323 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5324 CuAssertIntEquals(tc, SEPOL_OK, rc);
5325 }
5326
test_cil_resolve_call1_type(CuTest * tc)5327 void test_cil_resolve_call1_type(CuTest *tc) {
5328 char *line[] = {"(", "type", "qaz", ")",
5329 "(", "class", "file", "(", "read", ")", ")",
5330 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5331 "(", "type", "b", ")",
5332 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5333 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
5334
5335 struct cil_tree *test_tree;
5336 gen_test_tree(&test_tree, line);
5337
5338 struct cil_db *test_db;
5339 cil_db_init(&test_db);
5340
5341 uint32_t changed = CIL_FALSE;
5342 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5343
5344 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5345
5346 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5347 CuAssertIntEquals(tc, SEPOL_OK, rc);
5348 }
5349
test_cil_resolve_call1_role(CuTest * tc)5350 void test_cil_resolve_call1_role(CuTest *tc) {
5351 char *line[] = {"(", "role", "role_r", ")",
5352 "(", "class", "file", "(", "read", ")", ")",
5353 "(", "macro", "mm", "(", "(", "role", "a", ")", ")",
5354 "(", "role", "b", ")",
5355 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5356 "(", "call", "mm", "(", "role_r", ")", ")", NULL};
5357
5358 struct cil_tree *test_tree;
5359 gen_test_tree(&test_tree, line);
5360
5361 struct cil_db *test_db;
5362 cil_db_init(&test_db);
5363
5364 uint32_t changed = CIL_FALSE;
5365 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5366
5367 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5368
5369 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5370 CuAssertIntEquals(tc, SEPOL_OK, rc);
5371 }
5372
test_cil_resolve_call1_user(CuTest * tc)5373 void test_cil_resolve_call1_user(CuTest *tc) {
5374 char *line[] = {"(", "user", "user_u", ")",
5375 "(", "class", "file", "(", "read", ")", ")",
5376 "(", "macro", "mm", "(", "(", "user", "a", ")", ")",
5377 "(", "user", "b", ")",
5378 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5379 "(", "call", "mm", "(", "user_u", ")", ")", NULL};
5380
5381 struct cil_tree *test_tree;
5382 gen_test_tree(&test_tree, line);
5383
5384 struct cil_db *test_db;
5385 cil_db_init(&test_db);
5386
5387 uint32_t changed = CIL_FALSE;
5388 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5389
5390 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5391
5392 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5393 CuAssertIntEquals(tc, SEPOL_OK, rc);
5394 }
5395
test_cil_resolve_call1_sens(CuTest * tc)5396 void test_cil_resolve_call1_sens(CuTest *tc) {
5397 char *line[] = {"(", "sensitivity", "sens", ")",
5398 "(", "class", "file", "(", "read", ")", ")",
5399 "(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
5400 "(", "sensitivity", "b", ")",
5401 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5402 "(", "call", "mm", "(", "sens", ")", ")", NULL};
5403
5404 struct cil_tree *test_tree;
5405 gen_test_tree(&test_tree, line);
5406
5407 struct cil_db *test_db;
5408 cil_db_init(&test_db);
5409
5410 uint32_t changed = CIL_FALSE;
5411 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5412
5413 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5414
5415 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5416 CuAssertIntEquals(tc, SEPOL_OK, rc);
5417 }
5418
test_cil_resolve_call1_cat(CuTest * tc)5419 void test_cil_resolve_call1_cat(CuTest *tc) {
5420 char *line[] = {"(", "category", "c0", ")",
5421 "(", "class", "file", "(", "read", ")", ")",
5422 "(", "macro", "mm", "(", "(", "category", "a", ")", ")",
5423 "(", "category", "b", ")",
5424 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5425 "(", "call", "mm", "(", "c0", ")", ")", NULL};
5426
5427 struct cil_tree *test_tree;
5428 gen_test_tree(&test_tree, line);
5429
5430 struct cil_db *test_db;
5431 cil_db_init(&test_db);
5432
5433 uint32_t changed = CIL_FALSE;
5434 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5435
5436 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5437
5438 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5439 CuAssertIntEquals(tc, SEPOL_OK, rc);
5440 }
5441
test_cil_resolve_call1_catset(CuTest * tc)5442 void test_cil_resolve_call1_catset(CuTest *tc) {
5443 char *line[] = {"(", "category", "c0", ")",
5444 "(", "category", "c1", ")",
5445 "(", "category", "c2", ")",
5446 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
5447 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")",
5448 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5449 "(", "call", "mm", "(", "somecats", ")", ")", NULL};
5450
5451 struct cil_tree *test_tree;
5452 gen_test_tree(&test_tree, line);
5453
5454 struct cil_db *test_db;
5455 cil_db_init(&test_db);
5456
5457 uint32_t changed = CIL_FALSE;
5458 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5459
5460 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5461
5462 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
5463 CuAssertIntEquals(tc, SEPOL_OK, rc);
5464 }
5465
test_cil_resolve_call1_catset_anon(CuTest * tc)5466 void test_cil_resolve_call1_catset_anon(CuTest *tc) {
5467 char *line[] = {"(", "category", "c0", ")",
5468 "(", "category", "c1", ")",
5469 "(", "category", "c2", ")",
5470 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")",
5471 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5472 "(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
5473
5474 struct cil_tree *test_tree;
5475 gen_test_tree(&test_tree, line);
5476
5477 struct cil_db *test_db;
5478 cil_db_init(&test_db);
5479
5480 uint32_t changed = CIL_FALSE;
5481 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5482
5483 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5484
5485 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5486 CuAssertIntEquals(tc, SEPOL_OK, rc);
5487 }
5488
test_cil_resolve_call1_catset_anon_neg(CuTest * tc)5489 void test_cil_resolve_call1_catset_anon_neg(CuTest *tc) {
5490 char *line[] = {"(", "category", "c0", ")",
5491 "(", "category", "c1", ")",
5492 "(", "category", "c2", ")",
5493 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")",
5494 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5495 "(", "call", "mm", "(", "(", "c5", "(", "c2", ")", "c4", ")", ")", ")", NULL};
5496
5497 struct cil_tree *test_tree;
5498 gen_test_tree(&test_tree, line);
5499
5500 struct cil_db *test_db;
5501 cil_db_init(&test_db);
5502
5503 uint32_t changed = CIL_FALSE;
5504 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5505
5506 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5507
5508 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5509 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5510 }
5511
test_cil_resolve_call1_level(CuTest * tc)5512 void test_cil_resolve_call1_level(CuTest *tc) {
5513 char *line[] = {"(", "category", "c0", ")",
5514 "(", "sensitivity", "s0", ")",
5515 "(", "user", "system_u", ")",
5516 "(", "role", "role_r", ")",
5517 "(", "type", "type_t", ")",
5518 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5519 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5520 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
5521 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
5522 "(", "call", "mm", "(", "l", "h", ")", ")", NULL};
5523
5524 struct cil_tree *test_tree;
5525 gen_test_tree(&test_tree, line);
5526
5527 struct cil_db *test_db;
5528 cil_db_init(&test_db);
5529
5530 uint32_t changed = CIL_FALSE;
5531 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5532
5533 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5534
5535 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5536 CuAssertIntEquals(tc, SEPOL_OK, rc);
5537 }
5538
test_cil_resolve_call1_level_anon(CuTest * tc)5539 void test_cil_resolve_call1_level_anon(CuTest *tc) {
5540 char *line[] = {"(", "category", "c0", ")",
5541 "(", "sensitivity", "s0", ")",
5542 "(", "user", "system_u", ")",
5543 "(", "role", "role_r", ")",
5544 "(", "type", "type_t", ")",
5545 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5546 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5547 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
5548 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
5549 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
5550
5551 struct cil_tree *test_tree;
5552 gen_test_tree(&test_tree, line);
5553
5554 struct cil_db *test_db;
5555 cil_db_init(&test_db);
5556
5557 uint32_t changed = CIL_FALSE;
5558 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5559
5560 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5561
5562 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5563 CuAssertIntEquals(tc, SEPOL_OK, rc);
5564 }
5565
test_cil_resolve_call1_level_anon_neg(CuTest * tc)5566 void test_cil_resolve_call1_level_anon_neg(CuTest *tc) {
5567 char *line[] = {"(", "category", "c0", ")",
5568 "(", "sensitivity", "s0", ")",
5569 "(", "user", "system_u", ")",
5570 "(", "role", "role_r", ")",
5571 "(", "type", "type_t", ")",
5572 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5573 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5574 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
5575 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
5576 "(", "call", "mm", "(", "(", "s0", "(", "c0", "(", "c5", ")", ")", ")", ")", ")", NULL};
5577
5578 struct cil_tree *test_tree;
5579 gen_test_tree(&test_tree, line);
5580
5581 struct cil_db *test_db;
5582 cil_db_init(&test_db);
5583
5584 uint32_t changed = CIL_FALSE;
5585 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5586
5587 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5588
5589 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5590 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5591 }
5592
test_cil_resolve_call1_ipaddr(CuTest * tc)5593 void test_cil_resolve_call1_ipaddr(CuTest *tc) {
5594 char *line[] = {"(", "category", "c0", ")",
5595 "(", "sensitivity", "s0", ")",
5596 "(", "user", "system_u", ")",
5597 "(", "role", "role_r", ")",
5598 "(", "type", "type_t", ")",
5599 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5600 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5601 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5602 "(", "ipaddr", "netmask", "192.168.0.1", ")",
5603 "(", "ipaddr", "ip", "192.168.0.1", ")",
5604 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5605 "(", "nodecon", "addr", "netmask", "con", ")", ")",
5606 "(", "call", "mm", "(", "ip", ")", ")", NULL};
5607
5608 struct cil_tree *test_tree;
5609 gen_test_tree(&test_tree, line);
5610
5611 struct cil_db *test_db;
5612 cil_db_init(&test_db);
5613
5614 uint32_t changed = CIL_FALSE;
5615 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5616
5617 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5618
5619 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
5620 CuAssertIntEquals(tc, SEPOL_OK, rc);
5621 }
5622
test_cil_resolve_call1_ipaddr_anon(CuTest * tc)5623 void test_cil_resolve_call1_ipaddr_anon(CuTest *tc) {
5624 char *line[] = {"(", "category", "c0", ")",
5625 "(", "sensitivity", "s0", ")",
5626 "(", "user", "system_u", ")",
5627 "(", "role", "role_r", ")",
5628 "(", "type", "type_t", ")",
5629 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5630 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5631 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5632 "(", "ipaddr", "netmask", "192.168.0.1", ")",
5633 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5634 "(", "nodecon", "addr", "netmask", "con", ")", ")",
5635 "(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
5636
5637 struct cil_tree *test_tree;
5638 gen_test_tree(&test_tree, line);
5639
5640 struct cil_db *test_db;
5641 cil_db_init(&test_db);
5642
5643 uint32_t changed = CIL_FALSE;
5644 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5645
5646 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5647
5648 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5649 CuAssertIntEquals(tc, SEPOL_OK, rc);
5650 }
5651
test_cil_resolve_call1_ipaddr_anon_neg(CuTest * tc)5652 void test_cil_resolve_call1_ipaddr_anon_neg(CuTest *tc) {
5653 char *line[] = {"(", "category", "c0", ")",
5654 "(", "sensitivity", "s0", ")",
5655 "(", "user", "system_u", ")",
5656 "(", "role", "role_r", ")",
5657 "(", "type", "type_t", ")",
5658 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5659 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5660 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5661 "(", "ipaddr", "netmask", "192.168.0.1", ")",
5662 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5663 "(", "nodecon", "addr", "netmask", "con", ")", ")",
5664 "(", "call", "mm", "(", "(", "192.1.1", ")", ")", ")", NULL};
5665
5666 struct cil_tree *test_tree;
5667 gen_test_tree(&test_tree, line);
5668
5669 struct cil_db *test_db;
5670 cil_db_init(&test_db);
5671
5672 uint32_t changed = CIL_FALSE;
5673 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5674
5675 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5676
5677 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5678 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5679 }
5680
test_cil_resolve_call1_class(CuTest * tc)5681 void test_cil_resolve_call1_class(CuTest *tc) {
5682 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5683 "(", "class", "file", "(", "read", ")", ")",
5684 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5685 "(", "class", "b", "(", "read", ")", ")",
5686 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5687 "(", "call", "mm", "(", "foo", ")", ")", NULL};
5688
5689 struct cil_tree *test_tree;
5690 gen_test_tree(&test_tree, line);
5691
5692 struct cil_db *test_db;
5693 cil_db_init(&test_db);
5694
5695 uint32_t changed = CIL_FALSE;
5696 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5697
5698 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5699
5700 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5701 CuAssertIntEquals(tc, SEPOL_OK, rc);
5702 }
5703
test_cil_resolve_call1_classmap(CuTest * tc)5704 void test_cil_resolve_call1_classmap(CuTest *tc) {
5705 char *line[] = {"(", "class", "file", "(", "open", ")", ")",
5706 "(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
5707 "(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
5708 "(", "call", "mm", "(", "(", "read", ")", ")", ")", NULL};
5709
5710 struct cil_tree *test_tree;
5711 gen_test_tree(&test_tree, line);
5712
5713 struct cil_db *test_db;
5714 cil_db_init(&test_db);
5715
5716 uint32_t changed = CIL_FALSE;
5717 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5718
5719 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5720
5721 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
5722 CuAssertIntEquals(tc, SEPOL_OK, rc);
5723 }
5724
test_cil_resolve_call1_permset(CuTest * tc)5725 void test_cil_resolve_call1_permset(CuTest *tc) {
5726 char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
5727 "(", "type", "dead", ")",
5728 "(", "type", "bar", ")",
5729 "(", "class", "baz", "(", "close", "read", "open", ")", ")",
5730 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
5731 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
5732 "(", "call", "mm", "(", "foo", ")", ")", NULL};
5733
5734 struct cil_tree *test_tree;
5735 gen_test_tree(&test_tree, line);
5736
5737 struct cil_db *test_db;
5738 cil_db_init(&test_db);
5739
5740 uint32_t changed = CIL_FALSE;
5741 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5742
5743 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5744
5745 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
5746 CuAssertIntEquals(tc, SEPOL_OK, rc);
5747 }
5748
test_cil_resolve_call1_permset_anon(CuTest * tc)5749 void test_cil_resolve_call1_permset_anon(CuTest *tc) {
5750 char *line[] = {"(", "type", "dead", ")",
5751 "(", "type", "bar", ")",
5752 "(", "class", "baz", "(", "close", "read", "open", ")", ")",
5753 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
5754 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
5755 "(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
5756
5757 struct cil_tree *test_tree;
5758 gen_test_tree(&test_tree, line);
5759
5760 struct cil_db *test_db;
5761 cil_db_init(&test_db);
5762
5763 uint32_t changed = CIL_FALSE;
5764 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5765
5766 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5767
5768 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5769 CuAssertIntEquals(tc, SEPOL_OK, rc);
5770 }
5771
test_cil_resolve_call1_classpermset_named(CuTest * tc)5772 void test_cil_resolve_call1_classpermset_named(CuTest *tc) {
5773 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5774 "(", "class", "file", "(", "open", ")", ")",
5775 "(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
5776 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5777 "(", "classmapping", "files", "read", "a", ")", ")",
5778 "(", "call", "mm", "(", "char_w", ")", ")", NULL};
5779
5780 struct cil_tree *test_tree;
5781 gen_test_tree(&test_tree, line);
5782
5783 struct cil_db *test_db;
5784 cil_db_init(&test_db);
5785
5786 uint32_t changed = CIL_FALSE;
5787 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5788
5789 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5790
5791 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5792 CuAssertIntEquals(tc, SEPOL_OK, rc);
5793 }
5794
test_cil_resolve_call1_classpermset_anon(CuTest * tc)5795 void test_cil_resolve_call1_classpermset_anon(CuTest *tc) {
5796 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5797 "(", "class", "file", "(", "open", ")", ")",
5798 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5799 "(", "classmapping", "files", "read", "a", ")", ")",
5800 "(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
5801
5802 struct cil_tree *test_tree;
5803 gen_test_tree(&test_tree, line);
5804
5805 struct cil_db *test_db;
5806 cil_db_init(&test_db);
5807
5808 uint32_t changed = CIL_FALSE;
5809 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5810
5811 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5812
5813 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5814 CuAssertIntEquals(tc, SEPOL_OK, rc);
5815 }
5816
test_cil_resolve_call1_classpermset_anon_neg(CuTest * tc)5817 void test_cil_resolve_call1_classpermset_anon_neg(CuTest *tc) {
5818 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5819 "(", "class", "file", "(", "open", ")", ")",
5820 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5821 "(", "classmapping", "files", "read", "a", ")", ")",
5822 "(", "call", "mm", "(", "(", "file", "(", ")", ")", ")", ")", NULL};
5823
5824 struct cil_tree *test_tree;
5825 gen_test_tree(&test_tree, line);
5826
5827 struct cil_db *test_db;
5828 cil_db_init(&test_db);
5829
5830 uint32_t changed = CIL_FALSE;
5831 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5832
5833 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5834
5835 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5836 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5837 }
5838
test_cil_resolve_call1_unknown_neg(CuTest * tc)5839 void test_cil_resolve_call1_unknown_neg(CuTest *tc) {
5840 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5841 "(", "class", "file", "(", "read", ")", ")",
5842 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5843 "(", "class", "b", "(", "read", ")", ")",
5844 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5845 "(", "call", "mm", "(", "foo", ")", ")", NULL};
5846
5847 struct cil_tree *test_tree;
5848 gen_test_tree(&test_tree, line);
5849
5850 struct cil_db *test_db;
5851 cil_db_init(&test_db);
5852
5853 uint32_t changed = CIL_FALSE;
5854 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5855
5856 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5857
5858 struct cil_tree_node *macro_node = NULL;
5859 cil_resolve_name(test_db->ast->root->cl_head->next->next->next, ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str, CIL_SYM_BLOCKS, args, ¯o_node);
5860 ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro = (struct cil_macro*)macro_node->data;
5861 free(((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str);
5862 ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str = NULL;
5863
5864 ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro->params->head->flavor = CIL_NETIFCON;
5865
5866 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5867 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5868 }
5869
test_cil_resolve_call1_unknowncall_neg(CuTest * tc)5870 void test_cil_resolve_call1_unknowncall_neg(CuTest *tc) {
5871 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5872 "(", "class", "file", "(", "read", ")", ")",
5873 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5874 "(", "class", "b", "(", "read", ")", ")",
5875 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5876 "(", "call", "m", "(", "foo", ")", ")", NULL};
5877
5878 struct cil_tree *test_tree;
5879 gen_test_tree(&test_tree, line);
5880
5881 struct cil_db *test_db;
5882 cil_db_init(&test_db);
5883
5884 uint32_t changed = CIL_FALSE;
5885 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5886
5887 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5888
5889 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5890 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5891 }
5892
test_cil_resolve_call1_extraargs_neg(CuTest * tc)5893 void test_cil_resolve_call1_extraargs_neg(CuTest *tc) {
5894 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5895 "(", "class", "file", "(", "read", ")", ")",
5896 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5897 "(", "class", "b", "(", "read", ")", ")",
5898 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5899 "(", "call", "mm", "(", "foo", "bar", ")", ")", NULL};
5900
5901 struct cil_tree *test_tree;
5902 gen_test_tree(&test_tree, line);
5903
5904 struct cil_db *test_db;
5905 cil_db_init(&test_db);
5906
5907 uint32_t changed = CIL_FALSE;
5908 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5909
5910 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5911
5912 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5913 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5914 }
5915
test_cil_resolve_call1_copy_dup(CuTest * tc)5916 void test_cil_resolve_call1_copy_dup(CuTest *tc) {
5917 char *line[] = {"(", "type", "qaz", ")",
5918 "(", "class", "file", "(", "read", ")", ")",
5919 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5920 "(", "type", "qaz", ")",
5921 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5922 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
5923
5924 struct cil_tree *test_tree;
5925 gen_test_tree(&test_tree, line);
5926
5927 struct cil_db *test_db;
5928 cil_db_init(&test_db);
5929
5930 uint32_t changed = CIL_FALSE;
5931 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5932
5933 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5934
5935 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5936 CuAssertIntEquals(tc, SEPOL_OK, rc);
5937 }
5938
test_cil_resolve_call1_missing_arg_neg(CuTest * tc)5939 void test_cil_resolve_call1_missing_arg_neg(CuTest *tc) {
5940 char *line[] = {"(", "category", "c0", ")",
5941 "(", "sensitivity", "s0", ")",
5942 "(", "user", "system_u", ")",
5943 "(", "role", "role_r", ")",
5944 "(", "type", "type_t", ")",
5945 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5946 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5947 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
5948 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
5949 "(", "call", "mm", "(", "l", ")", ")", NULL};
5950
5951 struct cil_tree *test_tree;
5952 gen_test_tree(&test_tree, line);
5953
5954 struct cil_db *test_db;
5955 cil_db_init(&test_db);
5956
5957 uint32_t changed = CIL_FALSE;
5958 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5959
5960 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5961
5962 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5963 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5964 }
5965
test_cil_resolve_call1_paramsflavor_neg(CuTest * tc)5966 void test_cil_resolve_call1_paramsflavor_neg(CuTest *tc) {
5967 char *line[] = {"(", "type", "qaz", ")",
5968 "(", "class", "file", "(", "read", ")", ")",
5969 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5970 "(", "type", "b", ")",
5971 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5972 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
5973
5974 struct cil_tree *test_tree;
5975 gen_test_tree(&test_tree, line);
5976
5977 struct cil_db *test_db;
5978 cil_db_init(&test_db);
5979
5980 uint32_t changed = CIL_FALSE;
5981 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5982
5983 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5984
5985 struct cil_tree_node *macro_node = NULL;
5986
5987 struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
5988 cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, ¯o_node);
5989 new_call->macro = (struct cil_macro*)macro_node->data;
5990 struct cil_list_item *item = new_call->macro->params->head;
5991 item->flavor = CIL_CONTEXT;
5992
5993 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5994 CuAssertIntEquals(tc, SEPOL_ERR, rc);
5995 }
5996
test_cil_resolve_call1_unknownflavor_neg(CuTest * tc)5997 void test_cil_resolve_call1_unknownflavor_neg(CuTest *tc) {
5998 char *line[] = {"(", "type", "qaz", ")",
5999 "(", "class", "file", "(", "read", ")", ")",
6000 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6001 "(", "type", "b", ")",
6002 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6003 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6004
6005 struct cil_tree *test_tree;
6006 gen_test_tree(&test_tree, line);
6007
6008 struct cil_db *test_db;
6009 cil_db_init(&test_db);
6010
6011 uint32_t changed = CIL_FALSE;
6012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6013
6014 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6015
6016 struct cil_tree_node *macro_node = NULL;
6017
6018 struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
6019 cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, ¯o_node);
6020 new_call->macro = (struct cil_macro*)macro_node->data;
6021 struct cil_list_item *item = new_call->macro->params->head;
6022 ((struct cil_param*)item->data)->flavor = CIL_CONTEXT;
6023
6024 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6025 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6026 }
6027
test_cil_resolve_call2_type(CuTest * tc)6028 void test_cil_resolve_call2_type(CuTest *tc) {
6029 char *line[] = {"(", "type", "qaz", ")",
6030 "(", "class", "file", "(", "read", ")", ")",
6031 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6032 "(", "type", "b", ")",
6033 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6034 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6035
6036 struct cil_tree *test_tree;
6037 gen_test_tree(&test_tree, line);
6038
6039 struct cil_db *test_db;
6040 cil_db_init(&test_db);
6041
6042 uint32_t changed = CIL_FALSE;
6043 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6044
6045 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6046
6047 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6048
6049 args->pass = CIL_PASS_CALL2;
6050
6051 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6052 CuAssertIntEquals(tc, SEPOL_OK, rc);
6053 }
6054
test_cil_resolve_call2_role(CuTest * tc)6055 void test_cil_resolve_call2_role(CuTest *tc) {
6056 char *line[] = {"(", "role", "role_r", ")",
6057 "(", "class", "file", "(", "read", ")", ")",
6058 "(", "macro", "mm", "(", "(", "role", "a", ")", ")",
6059 "(", "role", "b", ")",
6060 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6061 "(", "call", "mm", "(", "role_r", ")", ")", NULL};
6062
6063 struct cil_tree *test_tree;
6064 gen_test_tree(&test_tree, line);
6065
6066 struct cil_db *test_db;
6067 cil_db_init(&test_db);
6068
6069 uint32_t changed = CIL_FALSE;
6070 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6071
6072 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6073
6074 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6075
6076 args->pass = CIL_PASS_CALL2;
6077
6078 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6079 CuAssertIntEquals(tc, SEPOL_OK, rc);
6080 }
6081
test_cil_resolve_call2_user(CuTest * tc)6082 void test_cil_resolve_call2_user(CuTest *tc) {
6083 char *line[] = {"(", "user", "user_u", ")",
6084 "(", "class", "file", "(", "read", ")", ")",
6085 "(", "macro", "mm", "(", "(", "user", "a", ")", ")",
6086 "(", "user", "b", ")",
6087 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6088 "(", "call", "mm", "(", "user_u", ")", ")", NULL};
6089
6090 struct cil_tree *test_tree;
6091 gen_test_tree(&test_tree, line);
6092
6093 struct cil_db *test_db;
6094 cil_db_init(&test_db);
6095
6096 uint32_t changed = CIL_FALSE;
6097 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6098
6099 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6100
6101 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6102
6103 args->pass = CIL_PASS_CALL2;
6104
6105 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6106 CuAssertIntEquals(tc, SEPOL_OK, rc);
6107 }
6108
test_cil_resolve_call2_sens(CuTest * tc)6109 void test_cil_resolve_call2_sens(CuTest *tc) {
6110 char *line[] = {"(", "sensitivity", "sens", ")",
6111 "(", "class", "file", "(", "read", ")", ")",
6112 "(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
6113 "(", "sensitivity", "b", ")",
6114 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6115 "(", "call", "mm", "(", "sens", ")", ")", NULL};
6116
6117 struct cil_tree *test_tree;
6118 gen_test_tree(&test_tree, line);
6119
6120 struct cil_db *test_db;
6121 cil_db_init(&test_db);
6122
6123 uint32_t changed = CIL_FALSE;
6124 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6125
6126 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6127
6128 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6129
6130 args->pass = CIL_PASS_CALL2;
6131
6132 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6133 CuAssertIntEquals(tc, SEPOL_OK, rc);
6134 }
6135
test_cil_resolve_call2_cat(CuTest * tc)6136 void test_cil_resolve_call2_cat(CuTest *tc) {
6137 char *line[] = {"(", "category", "c0", ")",
6138 "(", "class", "file", "(", "read", ")", ")",
6139 "(", "macro", "mm", "(", "(", "category", "a", ")", ")",
6140 "(", "category", "b", ")",
6141 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6142 "(", "call", "mm", "(", "c0", ")", ")", NULL};
6143
6144 struct cil_tree *test_tree;
6145 gen_test_tree(&test_tree, line);
6146
6147 struct cil_db *test_db;
6148 cil_db_init(&test_db);
6149
6150 uint32_t changed = CIL_FALSE;
6151 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6152
6153 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6154
6155 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6156
6157 args->pass = CIL_PASS_CALL2;
6158
6159 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6160 CuAssertIntEquals(tc, SEPOL_OK, rc);
6161 }
6162
test_cil_resolve_call2_catset(CuTest * tc)6163 void test_cil_resolve_call2_catset(CuTest *tc) {
6164 char *line[] = {"(", "category", "c0", ")",
6165 "(", "category", "c1", ")",
6166 "(", "category", "c2", ")",
6167 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
6168 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")",
6169 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
6170 "(", "call", "mm", "(", "somecats", ")", ")", NULL};
6171
6172 struct cil_tree *test_tree;
6173 gen_test_tree(&test_tree, line);
6174
6175 struct cil_db *test_db;
6176 cil_db_init(&test_db);
6177
6178 uint32_t changed = CIL_FALSE;
6179 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6180
6181 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6182
6183 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
6184
6185 args->pass = CIL_PASS_CALL2;
6186
6187 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
6188 CuAssertIntEquals(tc, SEPOL_OK, rc);
6189 }
6190
test_cil_resolve_call2_catset_anon(CuTest * tc)6191 void test_cil_resolve_call2_catset_anon(CuTest *tc) {
6192 char *line[] = {"(", "category", "c0", ")",
6193 "(", "category", "c1", ")",
6194 "(", "category", "c2", ")",
6195 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")",
6196 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
6197 "(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
6198
6199 struct cil_tree *test_tree;
6200 gen_test_tree(&test_tree, line);
6201
6202 struct cil_db *test_db;
6203 cil_db_init(&test_db);
6204
6205 uint32_t changed = CIL_FALSE;
6206 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6207
6208 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6209
6210 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6211
6212 args->pass = CIL_PASS_CALL2;
6213
6214 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6215 CuAssertIntEquals(tc, SEPOL_OK, rc);
6216 }
6217
test_cil_resolve_call2_permset(CuTest * tc)6218 void test_cil_resolve_call2_permset(CuTest *tc) {
6219 char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
6220 "(", "class", "dead", "(", "close", ")", ")",
6221 "(", "class", "bar", "(", "close", ")", ")",
6222 "(", "class", "baz", "(", "close", ")", ")",
6223 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
6224 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
6225 "(", "call", "mm", "(", "foo", ")", ")", NULL};
6226
6227 struct cil_tree *test_tree;
6228 gen_test_tree(&test_tree, line);
6229
6230 struct cil_db *test_db;
6231 cil_db_init(&test_db);
6232
6233 uint32_t changed = CIL_FALSE;
6234 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6235
6236 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6237
6238 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
6239
6240 args->pass = CIL_PASS_CALL2;
6241
6242 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
6243 CuAssertIntEquals(tc, SEPOL_OK, rc);
6244 }
6245
test_cil_resolve_call2_permset_anon(CuTest * tc)6246 void test_cil_resolve_call2_permset_anon(CuTest *tc) {
6247 char *line[] = {"(", "class", "dead", "(", "close", ")", ")",
6248 "(", "class", "bar", "(", "close", ")", ")",
6249 "(", "class", "baz", "(", "close", ")", ")",
6250 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
6251 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
6252 "(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
6253
6254 struct cil_tree *test_tree;
6255 gen_test_tree(&test_tree, line);
6256
6257 struct cil_db *test_db;
6258 cil_db_init(&test_db);
6259
6260 uint32_t changed = CIL_FALSE;
6261 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6262
6263 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6264
6265 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6266
6267 args->pass = CIL_PASS_CALL2;
6268
6269 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6270 CuAssertIntEquals(tc, SEPOL_OK, rc);
6271 }
6272
test_cil_resolve_call2_classpermset_named(CuTest * tc)6273 void test_cil_resolve_call2_classpermset_named(CuTest *tc) {
6274 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
6275 "(", "class", "file", "(", "open", ")", ")",
6276 "(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
6277 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
6278 "(", "classmapping", "files", "read", "a", ")", ")",
6279 "(", "call", "mm", "(", "char_w", ")", ")", NULL};
6280
6281 struct cil_tree *test_tree;
6282 gen_test_tree(&test_tree, line);
6283
6284 struct cil_db *test_db;
6285 cil_db_init(&test_db);
6286
6287 uint32_t changed = CIL_FALSE;
6288 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6289
6290 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6291
6292 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6293
6294 args->pass = CIL_PASS_CALL2;
6295
6296 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6297 CuAssertIntEquals(tc, SEPOL_OK, rc);
6298 }
6299
test_cil_resolve_call2_classpermset_anon(CuTest * tc)6300 void test_cil_resolve_call2_classpermset_anon(CuTest *tc) {
6301 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
6302 "(", "class", "file", "(", "open", ")", ")",
6303 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
6304 "(", "classmapping", "files", "read", "a", ")", ")",
6305 "(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
6306
6307 struct cil_tree *test_tree;
6308 gen_test_tree(&test_tree, line);
6309
6310 struct cil_db *test_db;
6311 cil_db_init(&test_db);
6312
6313 uint32_t changed = CIL_FALSE;
6314 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6315
6316 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6317
6318 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6319
6320 args->pass = CIL_PASS_CALL2;
6321
6322 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6323 CuAssertIntEquals(tc, SEPOL_OK, rc);
6324 }
6325
test_cil_resolve_call2_class(CuTest * tc)6326 void test_cil_resolve_call2_class(CuTest *tc) {
6327 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
6328 "(", "class", "file", "(", "read", ")", ")",
6329 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
6330 "(", "class", "b", "(", "read", ")", ")",
6331 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6332 "(", "call", "mm", "(", "foo", ")", ")", NULL};
6333
6334 struct cil_tree *test_tree;
6335 gen_test_tree(&test_tree, line);
6336
6337 struct cil_db *test_db;
6338 cil_db_init(&test_db);
6339
6340 uint32_t changed = CIL_FALSE;
6341 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6342
6343 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6344
6345 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6346
6347 args->pass = CIL_PASS_CALL2;
6348
6349 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6350 CuAssertIntEquals(tc, SEPOL_OK, rc);
6351 }
6352
test_cil_resolve_call2_classmap(CuTest * tc)6353 void test_cil_resolve_call2_classmap(CuTest *tc) {
6354 char *line[] = {"(", "class", "file", "(", "open", ")", ")",
6355 "(", "classmap", "files", "(", "read", ")", ")",
6356 "(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
6357 "(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
6358 "(", "call", "mm", "(", "files", ")", ")", NULL};
6359
6360 struct cil_tree *test_tree;
6361 gen_test_tree(&test_tree, line);
6362
6363 struct cil_db *test_db;
6364 cil_db_init(&test_db);
6365
6366 uint32_t changed = CIL_FALSE;
6367 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6368
6369 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6370
6371 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6372
6373 args->pass = CIL_PASS_CALL2;
6374
6375 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6376 CuAssertIntEquals(tc, SEPOL_OK, rc);
6377 CuAssertIntEquals(tc, SEPOL_OK, rc2);
6378 }
6379
test_cil_resolve_call2_level(CuTest * tc)6380 void test_cil_resolve_call2_level(CuTest *tc) {
6381 char *line[] = {"(", "category", "c0", ")",
6382 "(", "sensitivity", "s0", ")",
6383 "(", "user", "system_u", ")",
6384 "(", "role", "role_r", ")",
6385 "(", "type", "type_t", ")",
6386 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6387 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6388 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6389 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6390 "(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6391
6392 struct cil_tree *test_tree;
6393 gen_test_tree(&test_tree, line);
6394
6395 struct cil_db *test_db;
6396 cil_db_init(&test_db);
6397
6398 uint32_t changed = CIL_FALSE;
6399 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6400
6401 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6402
6403 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6404
6405 args->pass = CIL_PASS_CALL2;
6406
6407 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6408 CuAssertIntEquals(tc, SEPOL_OK, rc);
6409 }
6410
test_cil_resolve_call2_level_anon(CuTest * tc)6411 void test_cil_resolve_call2_level_anon(CuTest *tc) {
6412 char *line[] = {"(", "category", "c0", ")",
6413 "(", "sensitivity", "s0", ")",
6414 "(", "user", "system_u", ")",
6415 "(", "role", "role_r", ")",
6416 "(", "type", "type_t", ")",
6417 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6418 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6419 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
6420 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
6421 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
6422
6423 struct cil_tree *test_tree;
6424 gen_test_tree(&test_tree, line);
6425
6426 struct cil_db *test_db;
6427 cil_db_init(&test_db);
6428
6429 uint32_t changed = CIL_FALSE;
6430 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6431
6432 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6433
6434 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6435
6436 args->pass = CIL_PASS_CALL2;
6437
6438 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6439 CuAssertIntEquals(tc, SEPOL_OK, rc);
6440 }
6441
test_cil_resolve_call2_ipaddr(CuTest * tc)6442 void test_cil_resolve_call2_ipaddr(CuTest *tc) {
6443 char *line[] = {"(", "category", "c0", ")",
6444 "(", "sensitivity", "s0", ")",
6445 "(", "user", "system_u", ")",
6446 "(", "role", "role_r", ")",
6447 "(", "type", "type_t", ")",
6448 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
6449 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
6450 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
6451 "(", "ipaddr", "netmask", "192.168.0.1", ")",
6452 "(", "ipaddr", "ip", "192.168.0.1", ")",
6453 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
6454 "(", "nodecon", "addr", "netmask", "con", ")", ")",
6455 "(", "call", "mm", "(", "ip", ")", ")", NULL};
6456
6457 struct cil_tree *test_tree;
6458 gen_test_tree(&test_tree, line);
6459
6460 struct cil_db *test_db;
6461 cil_db_init(&test_db);
6462
6463 uint32_t changed = CIL_FALSE;
6464 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6465
6466 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6467
6468 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
6469
6470 args->pass = CIL_PASS_CALL2;
6471
6472 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
6473 CuAssertIntEquals(tc, SEPOL_OK, rc);
6474 }
6475
test_cil_resolve_call2_ipaddr_anon(CuTest * tc)6476 void test_cil_resolve_call2_ipaddr_anon(CuTest *tc) {
6477 char *line[] = {"(", "category", "c0", ")",
6478 "(", "sensitivity", "s0", ")",
6479 "(", "user", "system_u", ")",
6480 "(", "role", "role_r", ")",
6481 "(", "type", "type_t", ")",
6482 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
6483 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
6484 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
6485 "(", "ipaddr", "netmask", "192.168.0.1", ")",
6486 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
6487 "(", "nodecon", "addr", "netmask", "con", ")", ")",
6488 "(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
6489
6490 struct cil_tree *test_tree;
6491 gen_test_tree(&test_tree, line);
6492
6493 struct cil_db *test_db;
6494 cil_db_init(&test_db);
6495
6496 uint32_t changed = CIL_FALSE;
6497 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6498
6499 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6500
6501 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
6502
6503 args->pass = CIL_PASS_CALL2;
6504
6505 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
6506 CuAssertIntEquals(tc, SEPOL_OK, rc);
6507 }
6508
test_cil_resolve_call2_unknown_neg(CuTest * tc)6509 void test_cil_resolve_call2_unknown_neg(CuTest *tc) {
6510 char *line[] = {"(", "category", "c0", ")",
6511 "(", "sensitivity", "s0", ")",
6512 "(", "user", "system_u", ")",
6513 "(", "role", "role_r", ")",
6514 "(", "type", "type_t", ")",
6515 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6516 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6517 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6518 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6519 "(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6520
6521 struct cil_tree *test_tree;
6522 gen_test_tree(&test_tree, line);
6523
6524 struct cil_db *test_db;
6525 cil_db_init(&test_db);
6526
6527 uint32_t changed = CIL_FALSE;
6528 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6529
6530 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6531
6532 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6533 ((struct cil_args*)((struct cil_list_item *)((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data)->args->head)->data)->flavor = CIL_SYM_UNKNOWN;
6534
6535 args->pass = CIL_PASS_CALL2;
6536
6537 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6538 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6539 }
6540
test_cil_resolve_call2_name_neg(CuTest * tc)6541 void test_cil_resolve_call2_name_neg(CuTest *tc) {
6542 char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
6543 "(", "class", "file", "(", "read", ")", ")",
6544 "(", "macro", "mm", "(", "(", "class", "a", ")", ")",
6545 "(", "class", "b", "(", "read", ")", ")",
6546 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6547 "(", "call", "mm", ")", NULL};
6548
6549 struct cil_tree *test_tree;
6550 gen_test_tree(&test_tree, line);
6551
6552 struct cil_db *test_db;
6553 cil_db_init(&test_db);
6554
6555 uint32_t changed = CIL_FALSE;
6556 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6557
6558 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6559
6560 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6561
6562 args->pass = CIL_PASS_CALL2;
6563
6564 int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6565 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6566 }
6567
test_cil_resolve_name_call_args(CuTest * tc)6568 void test_cil_resolve_name_call_args(CuTest *tc) {
6569 char *line[] = {"(", "type", "qaz", ")",
6570 "(", "class", "file", "(", "read", ")", ")",
6571 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6572 "(", "type", "b", ")",
6573 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6574 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6575
6576 struct cil_tree *test_tree;
6577 gen_test_tree(&test_tree, line);
6578
6579 struct cil_db *test_db;
6580 cil_db_init(&test_db);
6581
6582 uint32_t changed = CIL_FALSE;
6583 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6584
6585 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6586
6587 struct cil_tree_node *test_node;
6588 cil_tree_node_init(&test_node);
6589
6590 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6591
6592 args->pass = CIL_PASS_CALL2;
6593
6594 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6595 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "a", CIL_SYM_TYPES, &test_node);
6596 CuAssertIntEquals(tc, SEPOL_OK, rc);
6597 }
6598
test_cil_resolve_name_call_args_multipleparams(CuTest * tc)6599 void test_cil_resolve_name_call_args_multipleparams(CuTest *tc) {
6600 char *line[] = {"(", "category", "c0", ")",
6601 "(", "sensitivity", "s0", ")",
6602 "(", "user", "system_u", ")",
6603 "(", "role", "role_r", ")",
6604 "(", "type", "type_t", ")",
6605 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6606 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6607 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6608 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6609 "(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6610
6611 struct cil_tree *test_tree;
6612 gen_test_tree(&test_tree, line);
6613
6614 struct cil_db *test_db;
6615 cil_db_init(&test_db);
6616
6617 uint32_t changed = CIL_FALSE;
6618 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6619
6620 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6621
6622 struct cil_tree_node *test_node;
6623 cil_tree_node_init(&test_node);
6624
6625 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6626
6627 args->pass = CIL_PASS_CALL2;
6628
6629 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6630 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data, "lvl_h", CIL_SYM_LEVELS, &test_node);
6631 CuAssertIntEquals(tc, SEPOL_OK, rc);
6632 }
6633
test_cil_resolve_name_call_args_diffflavor(CuTest * tc)6634 void test_cil_resolve_name_call_args_diffflavor(CuTest *tc) {
6635 char *line[] = {"(", "type", "qaz", ")",
6636 "(", "class", "file", "(", "read", ")", ")",
6637 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6638 "(", "type", "b", ")",
6639 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6640 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6641
6642 struct cil_tree *test_tree;
6643 gen_test_tree(&test_tree, line);
6644
6645 struct cil_db *test_db;
6646 cil_db_init(&test_db);
6647
6648 uint32_t changed = CIL_FALSE;
6649 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6650 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6651
6652 struct cil_tree_node *test_node;
6653 cil_tree_node_init(&test_node);
6654
6655 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6656
6657 args->pass = CIL_PASS_CALL2;
6658
6659 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6660 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qaz", CIL_LEVEL, &test_node);
6661 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6662 }
6663
test_cil_resolve_name_call_args_callnull_neg(CuTest * tc)6664 void test_cil_resolve_name_call_args_callnull_neg(CuTest *tc) {
6665 char *line[] = {"(", "type", "qaz", ")",
6666 "(", "class", "file", "(", "read", ")", ")",
6667 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6668 "(", "type", "b", ")",
6669 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6670 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6671
6672 struct cil_tree *test_tree;
6673 gen_test_tree(&test_tree, line);
6674
6675 struct cil_db *test_db;
6676 cil_db_init(&test_db);
6677
6678 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6679
6680 uint32_t changed = CIL_FALSE;
6681 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6682
6683 struct cil_tree_node *test_node;
6684 cil_tree_node_init(&test_node);
6685
6686 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6687
6688 args->pass = CIL_PASS_CALL2;
6689
6690 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6691 int rc = cil_resolve_name_call_args(NULL, "qaz", CIL_LEVEL, &test_node);
6692 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6693 }
6694
test_cil_resolve_name_call_args_namenull_neg(CuTest * tc)6695 void test_cil_resolve_name_call_args_namenull_neg(CuTest *tc) {
6696 char *line[] = {"(", "type", "qaz", ")",
6697 "(", "class", "file", "(", "read", ")", ")",
6698 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6699 "(", "type", "b", ")",
6700 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6701 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
6702
6703 struct cil_tree *test_tree;
6704 gen_test_tree(&test_tree, line);
6705
6706 struct cil_db *test_db;
6707 cil_db_init(&test_db);
6708
6709 uint32_t changed = CIL_FALSE;
6710 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6711
6712 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6713
6714 struct cil_tree_node *test_node;
6715 cil_tree_node_init(&test_node);
6716
6717 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6718
6719 args->pass = CIL_PASS_CALL2;
6720
6721 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6722 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, NULL, CIL_LEVEL, &test_node);
6723 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6724 }
6725
test_cil_resolve_name_call_args_callargsnull_neg(CuTest * tc)6726 void test_cil_resolve_name_call_args_callargsnull_neg(CuTest *tc) {
6727 char *line[] = {"(", "type", "qaz", ")",
6728 "(", "class", "file", "(", "read", ")", ")",
6729 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6730 "(", "type", "b", ")",
6731 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6732 "(", "call", "mm", ")", NULL};
6733
6734 struct cil_tree *test_tree;
6735 gen_test_tree(&test_tree, line);
6736
6737 struct cil_db *test_db;
6738 cil_db_init(&test_db);
6739
6740 uint32_t changed = CIL_FALSE;
6741 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6742
6743 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6744
6745 struct cil_tree_node *test_node;
6746 cil_tree_node_init(&test_node);
6747
6748 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6749
6750 args->pass = CIL_PASS_CALL2;
6751
6752 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6753 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_LEVEL, &test_node);
6754 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6755 }
6756
test_cil_resolve_name_call_args_name_neg(CuTest * tc)6757 void test_cil_resolve_name_call_args_name_neg(CuTest *tc) {
6758 char *line[] = {"(", "type", "qaz", ")",
6759 "(", "class", "file", "(", "read", ")", ")",
6760 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6761 "(", "type", "b", ")",
6762 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6763 "(", "call", "mm", "(", "baz", ")", ")", NULL};
6764
6765 struct cil_tree *test_tree;
6766 gen_test_tree(&test_tree, line);
6767
6768 struct cil_db *test_db;
6769 cil_db_init(&test_db);
6770
6771 uint32_t changed = CIL_FALSE;
6772 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6773
6774 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6775
6776 struct cil_tree_node *test_node = NULL;
6777 //cil_tree_node_init(&test_node);
6778
6779 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6780
6781 args->pass = CIL_PASS_CALL2;
6782
6783 cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6784 int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_TYPE, &test_node);
6785 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6786 }
6787
test_cil_resolve_expr_stack_bools(CuTest * tc)6788 void test_cil_resolve_expr_stack_bools(CuTest *tc) {
6789 char *line[] = {"(", "boolean", "foo", "true", ")",
6790 "(", "boolean", "bar", "false", ")",
6791 "(", "class", "baz", "(", "read", ")", ")",
6792 "(", "booleanif", "(", "and", "foo", "bar", ")",
6793 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
6794
6795 struct cil_tree *test_tree;
6796 gen_test_tree(&test_tree, line);
6797
6798 struct cil_db *test_db;
6799 cil_db_init(&test_db);
6800
6801 uint32_t changed = CIL_FALSE;
6802 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6803
6804 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6805
6806 struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6807
6808 int rc = cil_resolve_expr_stack(bif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
6809 CuAssertIntEquals(tc, SEPOL_OK, rc);
6810 }
6811
test_cil_resolve_expr_stack_tunables(CuTest * tc)6812 void test_cil_resolve_expr_stack_tunables(CuTest *tc) {
6813 char *line[] = {"(", "tunable", "foo", "true", ")",
6814 "(", "tunable", "bar", "false", ")",
6815 "(", "class", "baz", "(", "read", ")", ")",
6816 "(", "tunableif", "(", "and", "foo", "bar", ")",
6817 "(", "true",
6818 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6819
6820 struct cil_tree *test_tree;
6821 gen_test_tree(&test_tree, line);
6822
6823 struct cil_db *test_db;
6824 cil_db_init(&test_db);
6825
6826 uint32_t changed = CIL_FALSE;
6827 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
6828
6829 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6830
6831 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
6832
6833 int rc = cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
6834 CuAssertIntEquals(tc, SEPOL_OK, rc);
6835 }
6836
test_cil_resolve_expr_stack_type(CuTest * tc)6837 void test_cil_resolve_expr_stack_type(CuTest *tc) {
6838 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6839 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
6840 "(", "type", "t1", ")",
6841 "(", "type", "type_t", ")",
6842 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "t1", "type_t", ")", ")", NULL};
6843
6844 struct cil_tree *test_tree;
6845 gen_test_tree(&test_tree, line);
6846
6847 struct cil_db *test_db;
6848 cil_db_init(&test_db);
6849
6850 uint32_t changed = CIL_FALSE;
6851 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6852
6853 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6854
6855 struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6856
6857 int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6858 CuAssertIntEquals(tc, SEPOL_OK, rc);
6859 }
6860
test_cil_resolve_expr_stack_role(CuTest * tc)6861 void test_cil_resolve_expr_stack_role(CuTest *tc) {
6862 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6863 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
6864 "(", "role", "r1", ")",
6865 "(", "role", "role_r", ")",
6866 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "role_r", ")", ")", NULL};
6867
6868 struct cil_tree *test_tree;
6869 gen_test_tree(&test_tree, line);
6870
6871 struct cil_db *test_db;
6872 cil_db_init(&test_db);
6873
6874 uint32_t changed = CIL_FALSE;
6875 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6876
6877 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6878
6879 struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6880
6881 int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6882 CuAssertIntEquals(tc, SEPOL_OK, rc);
6883 }
6884
test_cil_resolve_expr_stack_user(CuTest * tc)6885 void test_cil_resolve_expr_stack_user(CuTest *tc) {
6886 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6887 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
6888 "(", "user", "u1", ")",
6889 "(", "user", "user_u", ")",
6890 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "u1", "user_u", ")", ")", NULL};
6891
6892 struct cil_tree *test_tree;
6893 gen_test_tree(&test_tree, line);
6894
6895 struct cil_db *test_db;
6896 cil_db_init(&test_db);
6897
6898 uint32_t changed = CIL_FALSE;
6899 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6900
6901 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6902
6903 struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6904
6905 int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6906 CuAssertIntEquals(tc, SEPOL_OK, rc);
6907 }
6908
test_cil_resolve_expr_stack_neg(CuTest * tc)6909 void test_cil_resolve_expr_stack_neg(CuTest *tc) {
6910 char *line[] = {"(", "boolean", "foo", "true", ")",
6911 "(", "boolean", "bar", "false", ")",
6912 "(", "class", "baz", "(", "read", ")", ")",
6913 "(", "booleanif", "(", "and", "beef", "baf", ")",
6914 "(", "true",
6915 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6916
6917 struct cil_tree *test_tree;
6918 gen_test_tree(&test_tree, line);
6919
6920 struct cil_db *test_db;
6921 cil_db_init(&test_db);
6922
6923 uint32_t changed = CIL_FALSE;
6924 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6925
6926 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6927
6928 struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6929
6930 int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
6931 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
6932 }
6933
test_cil_resolve_expr_stack_emptystr_neg(CuTest * tc)6934 void test_cil_resolve_expr_stack_emptystr_neg(CuTest *tc) {
6935 char *line[] = {"(", "boolean", "foo", "true", ")",
6936 "(", "boolean", "bar", "false", ")",
6937 "(", "class", "baz", "(", "read", ")", ")",
6938 "(", "booleanif", "(", "and", "foo", "bar", ")",
6939 "(", "true",
6940 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6941
6942 struct cil_tree *test_tree;
6943 gen_test_tree(&test_tree, line);
6944
6945 struct cil_db *test_db;
6946 cil_db_init(&test_db);
6947
6948 uint32_t changed = CIL_FALSE;
6949 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6950
6951 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6952
6953 struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6954 ((struct cil_conditional*)bif->expr_stack->head->data)->str = NULL;
6955
6956 int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
6957 CuAssertIntEquals(tc, SEPOL_ERR, rc);
6958 }
6959
test_cil_resolve_boolif(CuTest * tc)6960 void test_cil_resolve_boolif(CuTest *tc) {
6961 char *line[] = {"(", "boolean", "foo", "true", ")",
6962 "(", "boolean", "bar", "false", ")",
6963 "(", "class", "baz", "(", "read", ")", ")",
6964 "(", "booleanif", "(", "and", "foo", "bar", ")",
6965 "(", "true",
6966 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6967
6968 struct cil_tree *test_tree;
6969 gen_test_tree(&test_tree, line);
6970
6971 struct cil_db *test_db;
6972 cil_db_init(&test_db);
6973
6974 uint32_t changed = CIL_FALSE;
6975 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6976
6977 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6978
6979 int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
6980 CuAssertIntEquals(tc, SEPOL_OK, rc);
6981 }
6982
test_cil_resolve_boolif_neg(CuTest * tc)6983 void test_cil_resolve_boolif_neg(CuTest *tc) {
6984 char *line[] = {"(", "boolean", "foo", "true", ")",
6985 "(", "boolean", "bar", "false", ")",
6986 "(", "class", "baz", "(", "read", ")", ")",
6987 "(", "booleanif", "(", "and", "dne", "N/A", ")",
6988 "(", "true",
6989 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6990
6991 struct cil_tree *test_tree;
6992 gen_test_tree(&test_tree, line);
6993
6994 struct cil_db *test_db;
6995 cil_db_init(&test_db);
6996
6997 uint32_t changed = CIL_FALSE;
6998 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6999
7000 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7001
7002 int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
7003 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7004 }
7005
test_cil_evaluate_expr_stack_and(CuTest * tc)7006 void test_cil_evaluate_expr_stack_and(CuTest *tc) {
7007 char *line[] = {"(", "tunable", "foo", "true", ")",
7008 "(", "tunable", "bar", "false", ")",
7009 "(", "class", "baz", "(", "read", ")", ")",
7010 "(", "tunableif", "(", "and", "foo", "bar", ")",
7011 "(", "true",
7012 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7013
7014 struct cil_tree *test_tree;
7015 gen_test_tree(&test_tree, line);
7016
7017 struct cil_db *test_db;
7018 cil_db_init(&test_db);
7019
7020 uint16_t result = CIL_FALSE;
7021 uint32_t changed = CIL_FALSE;
7022 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7023
7024 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7025
7026 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7027
7028 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7029 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7030 CuAssertIntEquals(tc, SEPOL_OK, rc);
7031 }
7032
test_cil_evaluate_expr_stack_not(CuTest * tc)7033 void test_cil_evaluate_expr_stack_not(CuTest *tc) {
7034 char *line[] = {"(", "tunable", "foo", "true", ")",
7035 "(", "tunable", "bar", "false", ")",
7036 "(", "class", "baz", "(", "read", ")", ")",
7037 "(", "tunableif", "(", "not", "bar", ")",
7038 "(", "true",
7039 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7040
7041 struct cil_tree *test_tree;
7042 gen_test_tree(&test_tree, line);
7043
7044 struct cil_db *test_db;
7045 cil_db_init(&test_db);
7046
7047 uint16_t result = CIL_FALSE;
7048 uint32_t changed = CIL_FALSE;
7049 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7050
7051 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7052
7053 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7054
7055 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7056 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7057 CuAssertIntEquals(tc, SEPOL_OK, rc);
7058 }
7059
test_cil_evaluate_expr_stack_or(CuTest * tc)7060 void test_cil_evaluate_expr_stack_or(CuTest *tc) {
7061 char *line[] = {"(", "tunable", "foo", "true", ")",
7062 "(", "tunable", "bar", "false", ")",
7063 "(", "class", "baz", "(", "read", ")", ")",
7064 "(", "tunableif", "(", "or", "foo", "bar", ")",
7065 "(", "true",
7066 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7067
7068 struct cil_tree *test_tree;
7069 gen_test_tree(&test_tree, line);
7070
7071 struct cil_db *test_db;
7072 cil_db_init(&test_db);
7073
7074 uint16_t result = CIL_FALSE;
7075 uint32_t changed = CIL_FALSE;
7076 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7077
7078 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7079
7080 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7081
7082 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7083 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7084 CuAssertIntEquals(tc, SEPOL_OK, rc);
7085 }
7086
test_cil_evaluate_expr_stack_xor(CuTest * tc)7087 void test_cil_evaluate_expr_stack_xor(CuTest *tc) {
7088 char *line[] = {"(", "tunable", "foo", "true", ")",
7089 "(", "tunable", "bar", "false", ")",
7090 "(", "class", "baz", "(", "read", ")", ")",
7091 "(", "tunableif", "(", "xor", "foo", "bar", ")",
7092 "(", "true",
7093 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7094
7095 struct cil_tree *test_tree;
7096 gen_test_tree(&test_tree, line);
7097
7098 struct cil_db *test_db;
7099 cil_db_init(&test_db);
7100
7101 uint16_t result = CIL_FALSE;
7102 uint32_t changed = CIL_FALSE;
7103 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7104
7105 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7106
7107 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7108
7109 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7110 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7111 CuAssertIntEquals(tc, SEPOL_OK, rc);
7112 }
7113
test_cil_evaluate_expr_stack_eq(CuTest * tc)7114 void test_cil_evaluate_expr_stack_eq(CuTest *tc) {
7115 char *line[] = {"(", "tunable", "foo", "true", ")",
7116 "(", "tunable", "bar", "false", ")",
7117 "(", "class", "baz", "(", "read", ")", ")",
7118 "(", "tunableif", "(", "eq", "foo", "bar", ")",
7119 "(", "true",
7120 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7121
7122 struct cil_tree *test_tree;
7123 gen_test_tree(&test_tree, line);
7124
7125 struct cil_db *test_db;
7126 cil_db_init(&test_db);
7127
7128 uint16_t result = CIL_FALSE;
7129 uint32_t changed = CIL_FALSE;
7130 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7131
7132 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7133
7134 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7135
7136 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7137 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7138 CuAssertIntEquals(tc, SEPOL_OK, rc);
7139 }
7140
test_cil_evaluate_expr_stack_neq(CuTest * tc)7141 void test_cil_evaluate_expr_stack_neq(CuTest *tc) {
7142 char *line[] = {"(", "tunable", "foo", "true", ")",
7143 "(", "tunable", "bar", "false", ")",
7144 "(", "class", "baz", "(", "read", ")", ")",
7145 "(", "tunableif", "(", "neq", "foo", "bar", ")",
7146 "(", "true",
7147 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7148
7149 struct cil_tree *test_tree;
7150 gen_test_tree(&test_tree, line);
7151
7152 struct cil_db *test_db;
7153 cil_db_init(&test_db);
7154
7155 uint16_t result = CIL_FALSE;
7156 uint32_t changed = CIL_FALSE;
7157 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7158
7159 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7160
7161 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7162
7163 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7164 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7165 CuAssertIntEquals(tc, SEPOL_OK, rc);
7166 }
7167
test_cil_evaluate_expr_stack_oper1(CuTest * tc)7168 void test_cil_evaluate_expr_stack_oper1(CuTest *tc) {
7169 char *line[] = {"(", "tunable", "foo", "true", ")",
7170 "(", "tunable", "bar", "false", ")",
7171 "(", "tunable", "baz", "false", ")",
7172 "(", "class", "baz", "(", "read", ")", ")",
7173 "(", "tunableif", "(", "and", "(", "or", "foo", "bar", ")", "baz", ")",
7174 "(", "true",
7175 "(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
7176
7177 struct cil_tree *test_tree;
7178 gen_test_tree(&test_tree, line);
7179
7180 struct cil_db *test_db;
7181 cil_db_init(&test_db);
7182
7183 uint16_t result = CIL_FALSE;
7184 uint32_t changed = CIL_FALSE;
7185 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7186
7187 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7188
7189 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
7190
7191 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
7192 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7193 CuAssertIntEquals(tc, SEPOL_OK, rc);
7194 }
7195
test_cil_evaluate_expr_stack_oper2(CuTest * tc)7196 void test_cil_evaluate_expr_stack_oper2(CuTest *tc) {
7197 char *line[] = {"(", "tunable", "foo", "true", ")",
7198 "(", "tunable", "bar", "false", ")",
7199 "(", "tunable", "baz", "false", ")",
7200 "(", "class", "baz", "(", "read", ")", ")",
7201 "(", "tunableif", "(", "and", "baz", "(", "or", "foo", "bar", ")", ")",
7202 "(", "true",
7203 "(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
7204
7205 struct cil_tree *test_tree;
7206 gen_test_tree(&test_tree, line);
7207
7208 struct cil_db *test_db;
7209 cil_db_init(&test_db);
7210
7211 uint16_t result = CIL_FALSE;
7212 uint32_t changed = CIL_FALSE;
7213 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7214
7215 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7216
7217 struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
7218
7219 cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
7220 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7221 CuAssertIntEquals(tc, SEPOL_OK, rc);
7222 }
7223 /*
7224 void test_cil_evaluate_expr_stack_neg(CuTest *tc) {
7225 char *line[] = {"(", "tunable", "foo", "true", ")",
7226 "(", "tunable", "bar", "false", ")",
7227 "(", "class", "baz", "(", "read", ")", ")",
7228 "(", "tunableif", "(", "neq", "foo", "bar", ")",
7229 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
7230
7231 struct cil_tree *test_tree;
7232 gen_test_tree(&test_tree, line);
7233
7234 struct cil_db *test_db;
7235 cil_db_init(&test_db);
7236
7237 uint16_t result = CIL_FALSE;
7238
7239 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7240
7241 struct cil_tree_node *test_node;
7242 cil_tree_node_init(&test_node);
7243
7244 struct cil_conditional *new_cond;
7245 cil_conditional_init(&new_cond);
7246 new_cond->flavor = CIL_COND;
7247 char *baz = "baz";
7248 new_cond->str = baz;
7249 new_cond->flavor = CIL_TUNABLE;
7250
7251 struct cil_tunableif *tif = test_db->ast->root->cl_head->next->next->next->next->data;
7252
7253 test_node->data = new_cond;
7254 test_node->cl_head = tif->expr_stack;
7255 tif->expr_stack->parent = test_node;
7256
7257 cil_resolve_expr_stack(test_db, tif->expr_stack, test_db->ast->root->cl_head->next->next->next, NULL);
7258 int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7259 CuAssertIntEquals(tc, SEPOL_ERR, rc);
7260 }
7261 */
test_cil_resolve_tunif_false(CuTest * tc)7262 void test_cil_resolve_tunif_false(CuTest *tc) {
7263 char *line[] = {"(", "tunable", "foo", "true", ")",
7264 "(", "tunable", "bar", "false", ")",
7265 "(", "class", "baz", "(", "read", ")", ")",
7266 "(", "tunableif", "(", "and", "foo", "bar", ")",
7267 "(", "false",
7268 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7269
7270 struct cil_tree *test_tree;
7271 gen_test_tree(&test_tree, line);
7272
7273 struct cil_db *test_db;
7274 cil_db_init(&test_db);
7275
7276 uint32_t changed = CIL_FALSE;
7277 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7278
7279 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7280
7281 int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7282 CuAssertIntEquals(tc, SEPOL_OK, rc);
7283 }
7284
test_cil_resolve_tunif_true(CuTest * tc)7285 void test_cil_resolve_tunif_true(CuTest *tc) {
7286 char *line[] = {"(", "tunable", "foo", "true", ")",
7287 "(", "tunable", "bar", "true", ")",
7288 "(", "class", "baz", "(", "read", ")", ")",
7289 "(", "tunableif", "(", "and", "foo", "bar", ")",
7290 "(", "true",
7291 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7292
7293 struct cil_tree *test_tree;
7294 gen_test_tree(&test_tree, line);
7295
7296 struct cil_db *test_db;
7297 cil_db_init(&test_db);
7298
7299 uint32_t changed = CIL_FALSE;
7300 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7301
7302 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7303
7304 int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7305 CuAssertIntEquals(tc, SEPOL_OK, rc);
7306 }
7307
test_cil_resolve_tunif_resolveexpr_neg(CuTest * tc)7308 void test_cil_resolve_tunif_resolveexpr_neg(CuTest *tc) {
7309 char *line[] = {"(", "tunable", "foo", "true", ")",
7310 "(", "tunable", "bar", "false", ")",
7311 "(", "class", "baz", "(", "read", ")", ")",
7312 "(", "tunableif", "(", "and", "dne", "N/A", ")",
7313 "(", "true",
7314 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7315
7316 struct cil_tree *test_tree;
7317 gen_test_tree(&test_tree, line);
7318
7319 struct cil_db *test_db;
7320 cil_db_init(&test_db);
7321
7322 uint32_t changed = CIL_FALSE;
7323 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7324
7325 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7326
7327 int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7328 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7329 }
7330 /*
7331 void test_cil_resolve_tunif_evaluateexpr_neg(CuTest *tc) {
7332 char *line[] = {"(", "tunable", "foo", "true", ")",
7333 "(", "tunable", "bar", "false", ")",
7334 "(", "class", "baz", "(", "read", ")", ")",
7335 "(", "tunableif", "(", "and", "foo", "bar", ")",
7336 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
7337
7338 struct cil_tree *test_tree;
7339 gen_test_tree(&test_tree, line);
7340
7341 struct cil_db *test_db;
7342 cil_db_init(&test_db);
7343
7344 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7345
7346 struct cil_tree_node *test_node;
7347 cil_tree_node_init(&test_node);
7348
7349 struct cil_conditional *new_cond;
7350 cil_conditional_init(&new_cond);
7351 new_cond->flavor = CIL_COND;
7352 char *baz = "baz";
7353 new_cond->str = baz;
7354 new_cond->flavor = CIL_TUNABLE;
7355
7356 struct tunableif *tif = test_db->ast->root->cl_head->next->next->next->data;
7357
7358 test_node->data = new_cond;
7359 test_node->cl_head = tif->expr_stack;
7360 tif->expr_stack->parent = test_node;
7361
7362 int rc = cil_resolve_tunif(test_db, test_db->ast->root->cl_head->next->next->next, NULL);
7363 CuAssertIntEquals(tc, SEPOL_ERR, rc);
7364 }
7365 */
test_cil_resolve_userbounds(CuTest * tc)7366 void test_cil_resolve_userbounds(CuTest *tc) {
7367 char *line[] = {"(", "user", "user1", ")",
7368 "(", "user", "user2", ")",
7369 "(", "userbounds", "user1", "user2", ")", NULL};
7370
7371 struct cil_tree *test_tree;
7372 gen_test_tree(&test_tree, line);
7373
7374 struct cil_db *test_db;
7375 cil_db_init(&test_db);
7376
7377 uint32_t changed = CIL_FALSE;
7378 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7379
7380 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7381
7382 int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7383 CuAssertIntEquals(tc, SEPOL_OK, rc);
7384 }
7385
test_cil_resolve_userbounds_exists_neg(CuTest * tc)7386 void test_cil_resolve_userbounds_exists_neg(CuTest *tc) {
7387 char *line[] = {"(", "user", "user1", ")",
7388 "(", "user", "user2", ")",
7389 "(", "userbounds", "user1", "user2", ")", NULL};
7390
7391 struct cil_tree *test_tree;
7392 gen_test_tree(&test_tree, line);
7393
7394 struct cil_db *test_db;
7395 cil_db_init(&test_db);
7396
7397 uint32_t changed = CIL_FALSE;
7398 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7399
7400 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7401
7402 cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7403 int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7404 CuAssertIntEquals(tc, SEPOL_ERR, rc);
7405 }
7406
test_cil_resolve_userbounds_user1_neg(CuTest * tc)7407 void test_cil_resolve_userbounds_user1_neg(CuTest *tc) {
7408 char *line[] = {"(", "user", "user1", ")",
7409 "(", "user", "user2", ")",
7410 "(", "userbounds", "user_DNE", "user2", ")", NULL};
7411
7412 struct cil_tree *test_tree;
7413 gen_test_tree(&test_tree, line);
7414
7415 struct cil_db *test_db;
7416 cil_db_init(&test_db);
7417
7418 uint32_t changed = CIL_FALSE;
7419 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7420
7421 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7422
7423 int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7424 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7425 }
7426
test_cil_resolve_userbounds_user2_neg(CuTest * tc)7427 void test_cil_resolve_userbounds_user2_neg(CuTest *tc) {
7428 char *line[] = {"(", "user", "user1", ")",
7429 "(", "user", "user2", ")",
7430 "(", "userbounds", "user1", "user_DNE", ")", NULL};
7431
7432 struct cil_tree *test_tree;
7433 gen_test_tree(&test_tree, line);
7434
7435 struct cil_db *test_db;
7436 cil_db_init(&test_db);
7437
7438 uint32_t changed = CIL_FALSE;
7439 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7440
7441 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7442
7443 int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7444 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7445 }
7446
test_cil_resolve_roletype(CuTest * tc)7447 void test_cil_resolve_roletype(CuTest *tc) {
7448 char *line[] = {"(", "role", "admin_r", ")",
7449 "(", "type", "admin_t", ")",
7450 "(", "roletype", "admin_r", "admin_t", ")", NULL};
7451
7452 struct cil_tree *test_tree;
7453 gen_test_tree(&test_tree, line);
7454
7455 struct cil_db *test_db;
7456 cil_db_init(&test_db);
7457
7458 uint32_t changed = CIL_FALSE;
7459 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7460
7461 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7462
7463 int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next->next, args);
7464 CuAssertIntEquals(tc, SEPOL_OK, rc);
7465 }
7466
test_cil_resolve_roletype_type_neg(CuTest * tc)7467 void test_cil_resolve_roletype_type_neg(CuTest *tc) {
7468 char *line[] = {"(", "role", "admin_r", ")",
7469 "(", "roletype", "admin_r", "admin_t", ")", NULL};
7470
7471 struct cil_tree *test_tree;
7472 gen_test_tree(&test_tree, line);
7473
7474 struct cil_db *test_db;
7475 cil_db_init(&test_db);
7476
7477 uint32_t changed = CIL_FALSE;
7478 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7479
7480 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7481
7482 int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
7483 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7484 }
7485
test_cil_resolve_roletype_role_neg(CuTest * tc)7486 void test_cil_resolve_roletype_role_neg(CuTest *tc) {
7487 char *line[] = {"(", "type", "admin_t", ")",
7488 "(", "roletype", "admin_r", "admin_t", ")", NULL};
7489
7490 struct cil_tree *test_tree;
7491 gen_test_tree(&test_tree, line);
7492
7493 struct cil_db *test_db;
7494 cil_db_init(&test_db);
7495
7496 uint32_t changed = CIL_FALSE;
7497 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7498
7499 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7500
7501 int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
7502 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7503 }
7504
test_cil_resolve_userrole(CuTest * tc)7505 void test_cil_resolve_userrole(CuTest *tc) {
7506 char *line[] = {"(", "role", "staff_r", ")",
7507 "(", "user", "staff_u", ")",
7508 "(", "userrole", "staff_u", "staff_r", ")", NULL};
7509
7510 struct cil_tree *test_tree;
7511 gen_test_tree(&test_tree, line);
7512
7513 struct cil_db *test_db;
7514 cil_db_init(&test_db);
7515
7516 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7517
7518 uint32_t changed = CIL_FALSE;
7519 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7520
7521 int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next->next, args);
7522 CuAssertIntEquals(tc, SEPOL_OK, rc);
7523 }
7524
test_cil_resolve_userrole_user_neg(CuTest * tc)7525 void test_cil_resolve_userrole_user_neg(CuTest *tc) {
7526 char *line[] = {"(", "role", "staff_r", ")",
7527 "(", "userrole", "staff_u", "staff_r", ")", NULL};
7528
7529 struct cil_tree *test_tree;
7530 gen_test_tree(&test_tree, line);
7531
7532 struct cil_db *test_db;
7533 cil_db_init(&test_db);
7534
7535 uint32_t changed = CIL_FALSE;
7536 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7537
7538 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7539
7540 int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
7541 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7542 }
7543
test_cil_resolve_userrole_role_neg(CuTest * tc)7544 void test_cil_resolve_userrole_role_neg(CuTest *tc) {
7545 char *line[] = {"(", "user", "staff_u", ")",
7546 "(", "userrole", "staff_u", "staff_r", ")", NULL};
7547
7548 struct cil_tree *test_tree;
7549 gen_test_tree(&test_tree, line);
7550
7551 struct cil_db *test_db;
7552 cil_db_init(&test_db);
7553
7554 uint32_t changed = CIL_FALSE;
7555 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7556
7557 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7558
7559 int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
7560 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7561 }
7562
test_cil_resolve_userlevel(CuTest * tc)7563 void test_cil_resolve_userlevel(CuTest *tc) {
7564 char *line[] = {"(", "user", "foo_u", ")",
7565 "(", "category", "c0", ")",
7566 "(", "sensitivity", "s0", ")",
7567 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7568 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7569 "(", "userlevel", "foo_u", "low", ")", NULL};
7570
7571 struct cil_tree *test_tree;
7572 gen_test_tree(&test_tree, line);
7573
7574 struct cil_db *test_db;
7575 cil_db_init(&test_db);
7576
7577 uint32_t changed = CIL_FALSE;
7578 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7579
7580 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7581
7582 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7583
7584 args->pass = CIL_PASS_MISC3;
7585
7586 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7587 CuAssertIntEquals(tc, SEPOL_OK, rc);
7588 }
7589
test_cil_resolve_userlevel_macro(CuTest * tc)7590 void test_cil_resolve_userlevel_macro(CuTest *tc) {
7591 char *line[] = {"(", "user", "foo_u", ")",
7592 "(", "category", "c0", ")",
7593 "(", "sensitivity", "s0", ")",
7594 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7595 "(", "macro", "mm", "(", "(", "level", "l", ")", ")",
7596 "(", "userlevel", "foo_u", "l", ")", ")",
7597 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
7598
7599 struct cil_tree *test_tree;
7600 gen_test_tree(&test_tree, line);
7601
7602 struct cil_db *test_db;
7603 cil_db_init(&test_db);
7604
7605 uint32_t changed = CIL_FALSE;
7606 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7607
7608 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7609
7610
7611 args->pass = CIL_PASS_CALL1;
7612
7613 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
7614
7615 args->pass = CIL_PASS_CALL2;
7616
7617 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
7618
7619 args->pass = CIL_PASS_MISC2;
7620
7621 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7622
7623 args->pass = CIL_PASS_MISC3;
7624 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
7625
7626 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
7627 CuAssertIntEquals(tc, SEPOL_OK, rc);
7628 CuAssertIntEquals(tc, SEPOL_OK, rc2);
7629 CuAssertIntEquals(tc, SEPOL_OK, rc3);
7630 }
7631
test_cil_resolve_userlevel_macro_neg(CuTest * tc)7632 void test_cil_resolve_userlevel_macro_neg(CuTest *tc) {
7633 char *line[] = {"(", "user", "foo_u", ")",
7634 "(", "category", "c0", ")",
7635 "(", "sensitivity", "s0", ")",
7636 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7637 "(", "macro", "mm", "(", "(", "level", "l", ")", ")",
7638 "(", "userlevel", "foo_u", "l", ")", ")",
7639 "(", "call", "mm", "(", "(", "DNE", "(", "c0", ")", ")", ")", ")", NULL};
7640
7641 struct cil_tree *test_tree;
7642 gen_test_tree(&test_tree, line);
7643
7644 struct cil_db *test_db;
7645 cil_db_init(&test_db);
7646
7647 uint32_t changed = CIL_FALSE;
7648 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7649
7650 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7651
7652 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
7653
7654 args->pass = CIL_PASS_CALL2;
7655
7656 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
7657
7658 args->pass = CIL_PASS_MISC2;
7659
7660 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7661
7662 args->pass = CIL_PASS_MISC3;
7663 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
7664
7665 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
7666 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7667 CuAssertIntEquals(tc, SEPOL_OK, rc2);
7668 CuAssertIntEquals(tc, SEPOL_OK, rc3);
7669 }
7670
test_cil_resolve_userlevel_level_anon(CuTest * tc)7671 void test_cil_resolve_userlevel_level_anon(CuTest *tc) {
7672 char *line[] = {"(", "user", "foo_u", ")",
7673 "(", "category", "c0", ")",
7674 "(", "sensitivity", "s0", ")",
7675 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7676 "(", "userlevel", "foo_u", "(", "s0", "(", "c0", ")", ")", ")", NULL};
7677
7678 struct cil_tree *test_tree;
7679 gen_test_tree(&test_tree, line);
7680
7681 struct cil_db *test_db;
7682 cil_db_init(&test_db);
7683
7684 uint32_t changed = CIL_FALSE;
7685 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7686
7687 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7688
7689 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7690
7691 args->pass = CIL_PASS_MISC3;
7692
7693 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
7694 CuAssertIntEquals(tc, SEPOL_OK, rc);
7695 }
7696
test_cil_resolve_userlevel_level_anon_neg(CuTest * tc)7697 void test_cil_resolve_userlevel_level_anon_neg(CuTest *tc) {
7698 char *line[] = {"(", "user", "foo_u", ")",
7699 "(", "category", "c0", ")",
7700 "(", "sensitivity", "s0", ")",
7701 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7702 "(", "userlevel", "foo_u", "(", "s0", "(", "DNE", ")", ")", ")", NULL};
7703
7704 struct cil_tree *test_tree;
7705 gen_test_tree(&test_tree, line);
7706
7707 struct cil_db *test_db;
7708 cil_db_init(&test_db);
7709
7710 uint32_t changed = CIL_FALSE;
7711 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7712
7713 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7714
7715 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7716
7717 args->pass = CIL_PASS_MISC3;
7718
7719 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
7720 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7721 }
7722
test_cil_resolve_userlevel_user_neg(CuTest * tc)7723 void test_cil_resolve_userlevel_user_neg(CuTest *tc) {
7724 char *line[] = {"(", "user", "foo_u", ")",
7725 "(", "category", "c0", ")",
7726 "(", "sensitivity", "s0", ")",
7727 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7728 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7729 "(", "userlevel", "DNE", "low", ")", NULL};
7730
7731 struct cil_tree *test_tree;
7732 gen_test_tree(&test_tree, line);
7733
7734 struct cil_db *test_db;
7735 cil_db_init(&test_db);
7736
7737 uint32_t changed = CIL_FALSE;
7738 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7739
7740 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7741
7742 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7743
7744 args->pass = CIL_PASS_MISC3;
7745
7746 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7747 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7748 }
7749
test_cil_resolve_userlevel_level_neg(CuTest * tc)7750 void test_cil_resolve_userlevel_level_neg(CuTest *tc) {
7751 char *line[] = {"(", "user", "foo_u", ")",
7752 "(", "category", "c0", ")",
7753 "(", "sensitivity", "s0", ")",
7754 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7755 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7756 "(", "userlevel", "foo_u", "DNE", ")", NULL};
7757
7758 struct cil_tree *test_tree;
7759 gen_test_tree(&test_tree, line);
7760
7761 struct cil_db *test_db;
7762 cil_db_init(&test_db);
7763
7764 uint32_t changed = CIL_FALSE;
7765 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7766
7767 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7768
7769 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7770
7771 args->pass = CIL_PASS_MISC3;
7772
7773 int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7774 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7775 }
7776
test_cil_resolve_userrange(CuTest * tc)7777 void test_cil_resolve_userrange(CuTest *tc) {
7778 char *line[] = {"(", "user", "foo_u", ")",
7779 "(", "category", "c0", ")",
7780 "(", "sensitivity", "s0", ")",
7781 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7782 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7783 "(", "userrange", "foo_u", "range", ")", NULL};
7784
7785 struct cil_tree *test_tree;
7786 gen_test_tree(&test_tree, line);
7787
7788 struct cil_db *test_db;
7789 cil_db_init(&test_db);
7790
7791 uint32_t changed = CIL_FALSE;
7792 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7793
7794 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7795
7796 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7797 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7798 CuAssertIntEquals(tc, SEPOL_OK, rc);
7799 }
7800
test_cil_resolve_userrange_macro(CuTest * tc)7801 void test_cil_resolve_userrange_macro(CuTest *tc) {
7802 char *line[] = {"(", "user", "foo_u", ")",
7803 "(", "category", "c0", ")",
7804 "(", "sensitivity", "s0", ")",
7805 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7806 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7807 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7808 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
7809 "(", "userrange", "foo_u", "range", ")", ")",
7810 "(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
7811
7812 struct cil_tree *test_tree;
7813 gen_test_tree(&test_tree, line);
7814
7815 struct cil_db *test_db;
7816 cil_db_init(&test_db);
7817
7818 uint32_t changed = CIL_FALSE;
7819 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7820
7821 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7822
7823 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7824
7825 args->pass = CIL_PASS_CALL2;
7826
7827 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7828
7829 args->pass = CIL_PASS_MISC2;
7830
7831 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7832
7833 args->pass = CIL_PASS_MISC3;
7834 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
7835
7836 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
7837 CuAssertIntEquals(tc, SEPOL_OK, rc);
7838 CuAssertIntEquals(tc, SEPOL_OK, rc2);
7839 CuAssertIntEquals(tc, SEPOL_OK, rc3);
7840 }
7841
test_cil_resolve_userrange_macro_neg(CuTest * tc)7842 void test_cil_resolve_userrange_macro_neg(CuTest *tc) {
7843 char *line[] = {"(", "user", "foo_u", ")",
7844 "(", "category", "c0", ")",
7845 "(", "sensitivity", "s0", ")",
7846 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7847 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7848 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7849 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
7850 "(", "userrange", "foo_u", "range", ")", ")",
7851 "(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
7852
7853 struct cil_tree *test_tree;
7854 gen_test_tree(&test_tree, line);
7855
7856 struct cil_db *test_db;
7857 cil_db_init(&test_db);
7858
7859 uint32_t changed = CIL_FALSE;
7860 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7861
7862 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7863
7864 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7865
7866 args->pass = CIL_PASS_CALL2;
7867
7868 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7869
7870 args->pass = CIL_PASS_MISC2;
7871
7872 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7873
7874 args->pass = CIL_PASS_MISC3;
7875 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
7876
7877 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
7878 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7879 CuAssertIntEquals(tc, SEPOL_OK, rc2);
7880 CuAssertIntEquals(tc, SEPOL_OK, rc3);
7881 }
7882
test_cil_resolve_userrange_range_anon(CuTest * tc)7883 void test_cil_resolve_userrange_range_anon(CuTest *tc) {
7884 char *line[] = {"(", "user", "foo_u", ")",
7885 "(", "category", "c0", ")",
7886 "(", "sensitivity", "s0", ")",
7887 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7888 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7889 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7890 "(", "userrange", "foo_u", "(", "low", "high", ")", ")", NULL};
7891
7892 struct cil_tree *test_tree;
7893 gen_test_tree(&test_tree, line);
7894
7895 struct cil_db *test_db;
7896 cil_db_init(&test_db);
7897
7898 uint32_t changed = CIL_FALSE;
7899 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7900
7901 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7902
7903 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7904
7905 args->pass = CIL_PASS_MISC3;
7906
7907 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
7908 CuAssertIntEquals(tc, SEPOL_OK, rc);
7909 }
7910
test_cil_resolve_userrange_range_anon_neg(CuTest * tc)7911 void test_cil_resolve_userrange_range_anon_neg(CuTest *tc) {
7912 char *line[] = {"(", "user", "foo_u", ")",
7913 "(", "category", "c0", ")",
7914 "(", "sensitivity", "s0", ")",
7915 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7916 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7917 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7918 "(", "userrange", "foo_u", "(", "DNE", "high", ")", ")", NULL};
7919
7920 struct cil_tree *test_tree;
7921 gen_test_tree(&test_tree, line);
7922
7923 struct cil_db *test_db;
7924 cil_db_init(&test_db);
7925
7926 uint32_t changed = CIL_FALSE;
7927 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7928
7929 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7930
7931 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7932
7933 args->pass = CIL_PASS_MISC3;
7934
7935 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
7936 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7937 }
7938
test_cil_resolve_userrange_user_neg(CuTest * tc)7939 void test_cil_resolve_userrange_user_neg(CuTest *tc) {
7940 char *line[] = {"(", "user", "foo_u", ")",
7941 "(", "category", "c0", ")",
7942 "(", "sensitivity", "s0", ")",
7943 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7944 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7945 "(", "userrange", "DNE", "range", ")", NULL};
7946
7947 struct cil_tree *test_tree;
7948 gen_test_tree(&test_tree, line);
7949
7950 struct cil_db *test_db;
7951 cil_db_init(&test_db);
7952
7953 uint32_t changed = CIL_FALSE;
7954 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7955
7956 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7957
7958 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7959
7960 args->pass = CIL_PASS_MISC3;
7961
7962 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7963 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7964 }
7965
test_cil_resolve_userrange_range_neg(CuTest * tc)7966 void test_cil_resolve_userrange_range_neg(CuTest *tc) {
7967 char *line[] = {"(", "user", "foo_u", ")",
7968 "(", "category", "c0", ")",
7969 "(", "sensitivity", "s0", ")",
7970 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7971 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7972 "(", "userrange", "foo_u", "DNE", ")", NULL};
7973
7974 struct cil_tree *test_tree;
7975 gen_test_tree(&test_tree, line);
7976
7977 struct cil_db *test_db;
7978 cil_db_init(&test_db);
7979
7980 uint32_t changed = CIL_FALSE;
7981 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7982
7983 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7984
7985 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7986
7987 args->pass = CIL_PASS_MISC3;
7988
7989 int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7990 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7991 }
7992
test_cil_disable_children_helper_optional_enabled(CuTest * tc)7993 void test_cil_disable_children_helper_optional_enabled(CuTest *tc) {
7994 char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
7995
7996 struct cil_tree *test_tree;
7997 gen_test_tree(&test_tree, line);
7998
7999 struct cil_db *test_db;
8000 cil_db_init(&test_db);
8001
8002 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8003
8004 uint32_t finished = 0;
8005
8006 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8007 CuAssertIntEquals(tc, SEPOL_OK, rc);
8008 }
8009
test_cil_disable_children_helper_optional_disabled(CuTest * tc)8010 void test_cil_disable_children_helper_optional_disabled(CuTest *tc) {
8011 char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
8012
8013 struct cil_tree *test_tree;
8014 gen_test_tree(&test_tree, line);
8015
8016 struct cil_db *test_db;
8017 cil_db_init(&test_db);
8018
8019 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8020
8021 uint32_t finished = 0;
8022
8023 ((struct cil_optional *)test_db->ast->root->cl_head->data)->datum.state = CIL_STATE_DISABLED;
8024
8025 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8026 CuAssertIntEquals(tc, SEPOL_OK, rc);
8027 }
8028
test_cil_disable_children_helper_block(CuTest * tc)8029 void test_cil_disable_children_helper_block(CuTest *tc) {
8030 char *line[] = {"(", "block", "a", "(", "type", "log", ")", ")", NULL};
8031
8032 struct cil_tree *test_tree;
8033 gen_test_tree(&test_tree, line);
8034
8035 struct cil_db *test_db;
8036 cil_db_init(&test_db);
8037
8038 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8039
8040 uint32_t finished = 0;
8041
8042 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8043 CuAssertIntEquals(tc, SEPOL_OK, rc);
8044 }
8045
test_cil_disable_children_helper_user(CuTest * tc)8046 void test_cil_disable_children_helper_user(CuTest *tc) {
8047 char *line[] = {"(", "user", "staff_u", NULL};
8048
8049 struct cil_tree *test_tree;
8050 gen_test_tree(&test_tree, line);
8051
8052 struct cil_db *test_db;
8053 cil_db_init(&test_db);
8054
8055 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8056
8057 uint32_t finished = 0;
8058
8059 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8060 CuAssertIntEquals(tc, SEPOL_OK, rc);
8061 }
8062
test_cil_disable_children_helper_role(CuTest * tc)8063 void test_cil_disable_children_helper_role(CuTest *tc) {
8064 char *line[] = {"(", "role", "role_r", NULL};
8065
8066 struct cil_tree *test_tree;
8067 gen_test_tree(&test_tree, line);
8068
8069 struct cil_db *test_db;
8070 cil_db_init(&test_db);
8071
8072 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8073
8074 uint32_t finished = 0;
8075
8076 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8077 CuAssertIntEquals(tc, SEPOL_OK, rc);
8078 }
8079
test_cil_disable_children_helper_type(CuTest * tc)8080 void test_cil_disable_children_helper_type(CuTest *tc) {
8081 char *line[] = {"(", "type", "type_t", NULL};
8082
8083 struct cil_tree *test_tree;
8084 gen_test_tree(&test_tree, line);
8085
8086 struct cil_db *test_db;
8087 cil_db_init(&test_db);
8088
8089 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8090
8091 uint32_t finished = 0;
8092
8093 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8094 CuAssertIntEquals(tc, SEPOL_OK, rc);
8095 }
8096
test_cil_disable_children_helper_typealias(CuTest * tc)8097 void test_cil_disable_children_helper_typealias(CuTest *tc) {
8098 char *line[] = {"(", "typealias", ".test.type", "type_t", ")", "(", "type", "test", ")", NULL};
8099
8100 struct cil_tree *test_tree;
8101 gen_test_tree(&test_tree, line);
8102
8103 struct cil_db *test_db;
8104 cil_db_init(&test_db);
8105
8106 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8107
8108 uint32_t finished = 0;
8109
8110 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8111 CuAssertIntEquals(tc, SEPOL_OK, rc);
8112 }
8113
test_cil_disable_children_helper_common(CuTest * tc)8114 void test_cil_disable_children_helper_common(CuTest *tc) {
8115 char *line[] = {"(", "common", "foo", "(", "read", ")", ")", NULL};
8116
8117 struct cil_tree *test_tree;
8118 gen_test_tree(&test_tree, line);
8119
8120 struct cil_db *test_db;
8121 cil_db_init(&test_db);
8122
8123 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8124
8125 uint32_t finished = 0;
8126
8127 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8128 CuAssertIntEquals(tc, SEPOL_OK, rc);
8129 }
8130
test_cil_disable_children_helper_class(CuTest * tc)8131 void test_cil_disable_children_helper_class(CuTest *tc) {
8132 char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
8133
8134 struct cil_tree *test_tree;
8135 gen_test_tree(&test_tree, line);
8136
8137 struct cil_db *test_db;
8138 cil_db_init(&test_db);
8139
8140 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8141
8142 uint32_t finished = 0;
8143
8144 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8145 CuAssertIntEquals(tc, SEPOL_OK, rc);
8146 }
8147
test_cil_disable_children_helper_bool(CuTest * tc)8148 void test_cil_disable_children_helper_bool(CuTest *tc) {
8149 char *line[] = {"(", "boolean", "foo", "true", ")", NULL};
8150
8151 struct cil_tree *test_tree;
8152 gen_test_tree(&test_tree, line);
8153
8154 struct cil_db *test_db;
8155 cil_db_init(&test_db);
8156
8157 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8158
8159 uint32_t finished = 0;
8160
8161 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8162 CuAssertIntEquals(tc, SEPOL_OK, rc);
8163 }
8164
test_cil_disable_children_helper_sens(CuTest * tc)8165 void test_cil_disable_children_helper_sens(CuTest *tc) {
8166 char *line[] = {"(", "sensitivity", "s0", ")", NULL};
8167
8168 struct cil_tree *test_tree;
8169 gen_test_tree(&test_tree, line);
8170
8171 struct cil_db *test_db;
8172 cil_db_init(&test_db);
8173
8174 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8175
8176 uint32_t finished = 0;
8177
8178 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8179 CuAssertIntEquals(tc, SEPOL_OK, rc);
8180 }
8181
test_cil_disable_children_helper_cat(CuTest * tc)8182 void test_cil_disable_children_helper_cat(CuTest *tc) {
8183 char *line[] = {"(", "category", "c0", ")", NULL};
8184
8185 struct cil_tree *test_tree;
8186 gen_test_tree(&test_tree, line);
8187
8188 struct cil_db *test_db;
8189 cil_db_init(&test_db);
8190
8191 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8192
8193 uint32_t finished = 0;
8194
8195 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8196 CuAssertIntEquals(tc, SEPOL_OK, rc);
8197 }
8198
test_cil_disable_children_helper_catset(CuTest * tc)8199 void test_cil_disable_children_helper_catset(CuTest *tc) {
8200 char *line[] = {"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8201
8202 struct cil_tree *test_tree;
8203 gen_test_tree(&test_tree, line);
8204
8205 struct cil_db *test_db;
8206 cil_db_init(&test_db);
8207
8208 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8209
8210 uint32_t finished = 0;
8211
8212 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8213 CuAssertIntEquals(tc, SEPOL_OK, rc);
8214 }
8215
test_cil_disable_children_helper_sid(CuTest * tc)8216 void test_cil_disable_children_helper_sid(CuTest *tc) {
8217 char *line[] = {"(", "sid", "foo", ")", NULL};
8218
8219 struct cil_tree *test_tree;
8220 gen_test_tree(&test_tree, line);
8221
8222 struct cil_db *test_db;
8223 cil_db_init(&test_db);
8224
8225 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8226
8227 uint32_t finished = 0;
8228
8229 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8230 CuAssertIntEquals(tc, SEPOL_OK, rc);
8231 }
8232
test_cil_disable_children_helper_macro(CuTest * tc)8233 void test_cil_disable_children_helper_macro(CuTest *tc) {
8234 char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8235 "(", "type", "b", ")",
8236 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
8237
8238 struct cil_tree *test_tree;
8239 gen_test_tree(&test_tree, line);
8240
8241 struct cil_db *test_db;
8242 cil_db_init(&test_db);
8243
8244 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8245
8246 uint32_t finished = 0;
8247
8248 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8249 CuAssertIntEquals(tc, SEPOL_OK, rc);
8250 }
8251
test_cil_disable_children_helper_context(CuTest * tc)8252 void test_cil_disable_children_helper_context(CuTest *tc) {
8253 char *line[] = {"(", "context", "con",
8254 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
8255
8256 struct cil_tree *test_tree;
8257 gen_test_tree(&test_tree, line);
8258
8259 struct cil_db *test_db;
8260 cil_db_init(&test_db);
8261
8262 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8263
8264 uint32_t finished = 0;
8265
8266 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8267 CuAssertIntEquals(tc, SEPOL_OK, rc);
8268 }
8269
test_cil_disable_children_helper_level(CuTest * tc)8270 void test_cil_disable_children_helper_level(CuTest *tc) {
8271 char *line[] = {"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", NULL};
8272
8273 struct cil_tree *test_tree;
8274 gen_test_tree(&test_tree, line);
8275
8276 struct cil_db *test_db;
8277 cil_db_init(&test_db);
8278
8279 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8280
8281 uint32_t finished = 0;
8282
8283 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8284 CuAssertIntEquals(tc, SEPOL_OK, rc);
8285 }
8286
test_cil_disable_children_helper_policycap(CuTest * tc)8287 void test_cil_disable_children_helper_policycap(CuTest *tc) {
8288 char *line[] = {"(", "policycap", "foo", NULL};
8289
8290 struct cil_tree *test_tree;
8291 gen_test_tree(&test_tree, line);
8292
8293 struct cil_db *test_db;
8294 cil_db_init(&test_db);
8295
8296 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8297
8298 uint32_t finished = 0;
8299
8300 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8301 CuAssertIntEquals(tc, SEPOL_OK, rc);
8302 }
8303
test_cil_disable_children_helper_perm(CuTest * tc)8304 void test_cil_disable_children_helper_perm(CuTest *tc) {
8305 char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
8306
8307 struct cil_tree *test_tree;
8308 gen_test_tree(&test_tree, line);
8309
8310 struct cil_db *test_db;
8311 cil_db_init(&test_db);
8312
8313 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8314
8315 uint32_t finished = 0;
8316
8317 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head->cl_head, &finished, NULL);
8318 CuAssertIntEquals(tc, SEPOL_OK, rc);
8319 }
8320
test_cil_disable_children_helper_catalias(CuTest * tc)8321 void test_cil_disable_children_helper_catalias(CuTest *tc) {
8322 char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
8323
8324 struct cil_tree *test_tree;
8325 gen_test_tree(&test_tree, line);
8326
8327 struct cil_db *test_db;
8328 cil_db_init(&test_db);
8329
8330 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8331
8332 uint32_t finished = 0;
8333
8334 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8335 CuAssertIntEquals(tc, SEPOL_OK, rc);
8336 }
8337
test_cil_disable_children_helper_sensalias(CuTest * tc)8338 void test_cil_disable_children_helper_sensalias(CuTest *tc) {
8339 char *line[] = {"(", "sensitivityalias", "s0", "red", ")", NULL};
8340
8341 struct cil_tree *test_tree;
8342 gen_test_tree(&test_tree, line);
8343
8344 struct cil_db *test_db;
8345 cil_db_init(&test_db);
8346
8347 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8348
8349 uint32_t finished = 0;
8350
8351 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8352 CuAssertIntEquals(tc, SEPOL_OK, rc);
8353 }
8354
test_cil_disable_children_helper_tunable(CuTest * tc)8355 void test_cil_disable_children_helper_tunable(CuTest *tc) {
8356 char *line[] = {"(", "tunable", "foo", "false", ")", NULL};
8357
8358 struct cil_tree *test_tree;
8359 gen_test_tree(&test_tree, line);
8360
8361 struct cil_db *test_db;
8362 cil_db_init(&test_db);
8363
8364 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8365
8366 uint32_t finished = 0;
8367
8368 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8369 CuAssertIntEquals(tc, SEPOL_OK, rc);
8370 }
8371
test_cil_disable_children_helper_unknown(CuTest * tc)8372 void test_cil_disable_children_helper_unknown(CuTest *tc) {
8373 char *line[] = {"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
8374
8375 struct cil_tree *test_tree;
8376 gen_test_tree(&test_tree, line);
8377
8378 struct cil_db *test_db;
8379 cil_db_init(&test_db);
8380
8381 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8382
8383 uint32_t finished = 0;
8384
8385 int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8386 CuAssertIntEquals(tc, SEPOL_OK, rc);
8387 }
8388
8389
8390 /*
8391 __cil_resolve_ast_node_helper test cases
8392 */
8393
test_cil_resolve_ast_node_helper_call1(CuTest * tc)8394 void test_cil_resolve_ast_node_helper_call1(CuTest *tc) {
8395 char *line[] = {"(", "type", "qaz", ")",
8396 "(", "class", "file", "(", "read", ")", ")",
8397 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8398 "(", "type", "b", ")",
8399 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8400 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
8401
8402 struct cil_tree *test_tree;
8403 gen_test_tree(&test_tree, line);
8404
8405 struct cil_db *test_db;
8406 cil_db_init(&test_db);
8407
8408 uint32_t changed = CIL_FALSE;
8409 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8410
8411 uint32_t finished = 0;
8412
8413 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8414
8415 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8416 CuAssertIntEquals(tc, SEPOL_OK, rc);
8417 CuAssertIntEquals(tc, 0, finished);
8418 }
8419
test_cil_resolve_ast_node_helper_call1_neg(CuTest * tc)8420 void test_cil_resolve_ast_node_helper_call1_neg(CuTest *tc) {
8421 char *line[] = {"(", "type", "qaz", ")",
8422 "(", "class", "file", "(", "read", ")", ")",
8423 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8424 "(", "type", "b", ")",
8425 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8426 "(", "call", "m", "(", "qaz", ")", ")", NULL};
8427
8428 struct cil_tree *test_tree;
8429 gen_test_tree(&test_tree, line);
8430
8431 struct cil_db *test_db;
8432 cil_db_init(&test_db);
8433
8434 uint32_t changed = CIL_FALSE;
8435 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8436
8437 uint32_t finished = 0;
8438
8439 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8440
8441 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8442 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8443 CuAssertIntEquals(tc, 0, finished);
8444 }
8445
test_cil_resolve_ast_node_helper_call2(CuTest * tc)8446 void test_cil_resolve_ast_node_helper_call2(CuTest *tc) {
8447 char *line[] = {"(", "type", "qaz", ")",
8448 "(", "class", "file", "(", "read", ")", ")",
8449 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8450 "(", "type", "b", ")",
8451 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8452 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
8453
8454 struct cil_tree *test_tree;
8455 gen_test_tree(&test_tree, line);
8456
8457 struct cil_db *test_db;
8458 cil_db_init(&test_db);
8459
8460 uint32_t changed = CIL_FALSE;
8461 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8462
8463 uint32_t finished = 0;
8464
8465 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8466
8467 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
8468
8469 args->pass = CIL_PASS_CALL2;
8470
8471 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8472 CuAssertIntEquals(tc, SEPOL_OK, rc);
8473 CuAssertIntEquals(tc, 0, finished);
8474 }
8475
test_cil_resolve_ast_node_helper_call2_neg(CuTest * tc)8476 void test_cil_resolve_ast_node_helper_call2_neg(CuTest *tc) {
8477 char *line[] = {"(", "type", "qaz", ")",
8478 "(", "class", "file", "(", "read", ")", ")",
8479 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8480 "(", "type", "b", ")",
8481 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8482 "(", "call", "mm", "(", "foo", "extra", ")", ")", NULL};
8483
8484 struct cil_tree *test_tree;
8485 gen_test_tree(&test_tree, line);
8486
8487 struct cil_db *test_db;
8488 cil_db_init(&test_db);
8489
8490 uint32_t changed = CIL_FALSE;
8491 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8492 uint32_t finished = 0;
8493
8494 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8495
8496 cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
8497
8498 args->pass = CIL_PASS_CALL2;
8499
8500 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8501 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8502 }
8503
test_cil_resolve_ast_node_helper_boolif(CuTest * tc)8504 void test_cil_resolve_ast_node_helper_boolif(CuTest *tc) {
8505 char *line[] = {"(", "boolean", "foo", "true", ")",
8506 "(", "boolean", "bar", "false", ")",
8507 "(", "class", "baz", "(", "read", ")", ")",
8508 "(", "booleanif", "(", "and", "foo", "bar", ")",
8509 "(", "true",
8510 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8511
8512 struct cil_tree *test_tree;
8513 gen_test_tree(&test_tree, line);
8514
8515 struct cil_db *test_db;
8516 cil_db_init(&test_db);
8517
8518 uint32_t changed = CIL_FALSE;
8519 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8520 uint32_t finished = 0;
8521
8522 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8523
8524 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8525 CuAssertIntEquals(tc, SEPOL_OK, rc);
8526 CuAssertIntEquals(tc, 0, finished);
8527 }
8528
test_cil_resolve_ast_node_helper_boolif_neg(CuTest * tc)8529 void test_cil_resolve_ast_node_helper_boolif_neg(CuTest *tc) {
8530 char *line[] = {"(", "boolean", "foo", "true", ")",
8531 "(", "boolean", "bar", "false", ")",
8532 "(", "class", "baz", "(", "read", ")", ")",
8533 "(", "booleanif", "(", "and", "dne", "N/A", ")",
8534 "(", "true",
8535 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8536
8537 struct cil_tree *test_tree;
8538 gen_test_tree(&test_tree, line);
8539
8540 struct cil_db *test_db;
8541 cil_db_init(&test_db);
8542
8543 uint32_t changed = CIL_FALSE;
8544 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8545 uint32_t finished = 0;
8546
8547 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8548
8549 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8550 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8551 CuAssertIntEquals(tc, 0, finished);
8552 }
8553
test_cil_resolve_ast_node_helper_tunif(CuTest * tc)8554 void test_cil_resolve_ast_node_helper_tunif(CuTest *tc) {
8555 char *line[] = {"(", "tunable", "foo", "true", ")",
8556 "(", "tunable", "bar", "false", ")",
8557 "(", "class", "baz", "(", "read", ")", ")",
8558 "(", "tunableif", "(", "and", "foo", "bar", ")",
8559 "(", "false",
8560 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8561
8562 struct cil_tree *test_tree;
8563 gen_test_tree(&test_tree, line);
8564
8565 struct cil_db *test_db;
8566 cil_db_init(&test_db);
8567
8568 uint32_t changed = CIL_FALSE;
8569 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
8570 uint32_t finished = 0;
8571
8572 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8573
8574 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8575 CuAssertIntEquals(tc, SEPOL_OK, rc);
8576 CuAssertIntEquals(tc, 0, finished);
8577 }
8578
test_cil_resolve_ast_node_helper_tunif_neg(CuTest * tc)8579 void test_cil_resolve_ast_node_helper_tunif_neg(CuTest *tc) {
8580 char *line[] = {"(", "tunable", "foo", "true", ")",
8581 "(", "tunable", "bar", "false", ")",
8582 "(", "class", "baz", "(", "read", ")", ")",
8583 "(", "tunableif", "(", "and", "dne", "N/A", ")",
8584 "(", "true",
8585 "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8586
8587 struct cil_tree *test_tree;
8588 gen_test_tree(&test_tree, line);
8589
8590 struct cil_db *test_db;
8591 cil_db_init(&test_db);
8592
8593 uint32_t changed = CIL_FALSE;
8594 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
8595
8596 uint32_t finished = 0;
8597
8598 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8599
8600 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8601 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8602 CuAssertIntEquals(tc, 0, finished);
8603 }
8604
test_cil_resolve_ast_node_helper_catorder(CuTest * tc)8605 void test_cil_resolve_ast_node_helper_catorder(CuTest *tc) {
8606 char *line[] = {"(", "category", "c0", ")",
8607 "(", "category", "c1", ")",
8608 "(", "category", "c2", ")",
8609 "(", "categoryorder", "(", "c0", "c1", ")", ")", NULL};
8610
8611 struct cil_tree *test_tree;
8612 gen_test_tree(&test_tree, line);
8613
8614 struct cil_db *test_db;
8615 cil_db_init(&test_db);
8616
8617 uint32_t changed = CIL_FALSE;
8618 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8619 uint32_t finished = 0;
8620
8621 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8622
8623 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8624 CuAssertIntEquals(tc, SEPOL_OK, rc);
8625 CuAssertIntEquals(tc, 0, finished);
8626 }
8627
test_cil_resolve_ast_node_helper_catorder_neg(CuTest * tc)8628 void test_cil_resolve_ast_node_helper_catorder_neg(CuTest *tc) {
8629 char *line[] = {"(", "category", "c0", ")",
8630 "(", "category", "c1", ")",
8631 "(", "category", "c2", ")",
8632 "(", "categoryorder", "(", "c8", ")", ")", NULL};
8633
8634 struct cil_tree *test_tree;
8635 gen_test_tree(&test_tree, line);
8636
8637 struct cil_db *test_db;
8638 cil_db_init(&test_db);
8639
8640 uint32_t changed = CIL_FALSE;
8641 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8642 uint32_t finished = 0;
8643
8644 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8645
8646 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8647 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8648 CuAssertIntEquals(tc, 0, finished);
8649 }
8650
test_cil_resolve_ast_node_helper_dominance(CuTest * tc)8651 void test_cil_resolve_ast_node_helper_dominance(CuTest *tc) {
8652 char *line[] = {"(", "sensitivity", "s0", ")",
8653 "(", "sensitivity", "s1", ")",
8654 "(", "sensitivity", "s2", ")",
8655 "(", "dominance", "(", "s0", "s1", ")", ")", NULL};
8656
8657 struct cil_tree *test_tree;
8658 gen_test_tree(&test_tree, line);
8659
8660 struct cil_db *test_db;
8661 cil_db_init(&test_db);
8662
8663 uint32_t changed = CIL_FALSE;
8664 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8665 uint32_t finished = 0;
8666
8667 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8668
8669 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8670 CuAssertIntEquals(tc, SEPOL_OK, rc);
8671 CuAssertIntEquals(tc, 0, finished);
8672 }
8673
test_cil_resolve_ast_node_helper_dominance_neg(CuTest * tc)8674 void test_cil_resolve_ast_node_helper_dominance_neg(CuTest *tc) {
8675 char *line[] = {"(", "sensitivity", "s0", ")",
8676 "(", "sensitivity", "s1", ")",
8677 "(", "sensitivity", "s2", ")",
8678 "(", "dominance", "(", "s0", "s6", ")", ")", NULL};
8679
8680 struct cil_tree *test_tree;
8681 gen_test_tree(&test_tree, line);
8682
8683 struct cil_db *test_db;
8684 cil_db_init(&test_db);
8685
8686 uint32_t changed = CIL_FALSE;
8687 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8688 uint32_t finished = 0;
8689
8690 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8691
8692 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8693 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8694 CuAssertIntEquals(tc, 0, finished);
8695 }
8696
test_cil_resolve_ast_node_helper_roleallow(CuTest * tc)8697 void test_cil_resolve_ast_node_helper_roleallow(CuTest *tc) {
8698 char *line[] = {"(", "role", "foo", ")", \
8699 "(", "role", "bar", ")", \
8700 "(", "roleallow", "foo", "bar", ")", NULL};
8701
8702 struct cil_tree *test_tree;
8703 gen_test_tree(&test_tree, line);
8704
8705 struct cil_db *test_db;
8706 cil_db_init(&test_db);
8707
8708 uint32_t changed = CIL_FALSE;
8709 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8710
8711 uint32_t finished = 0;
8712
8713 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8714
8715 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
8716 CuAssertIntEquals(tc, SEPOL_OK, rc);
8717 CuAssertIntEquals(tc, 0, finished);
8718 }
8719
test_cil_resolve_ast_node_helper_roleallow_neg(CuTest * tc)8720 void test_cil_resolve_ast_node_helper_roleallow_neg(CuTest *tc) {
8721 char *line[] = {"(", "role", "foo", ")", \
8722 "(", "roleallow", "foo", "bar", ")", NULL};
8723
8724 struct cil_tree *test_tree;
8725 gen_test_tree(&test_tree, line);
8726
8727 struct cil_db *test_db;
8728 cil_db_init(&test_db);
8729
8730 uint32_t changed = CIL_FALSE;
8731 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8732
8733 uint32_t finished = 0;
8734
8735 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8736
8737 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8738 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8739 CuAssertIntEquals(tc, 0, finished);
8740 }
8741
test_cil_resolve_ast_node_helper_sensalias(CuTest * tc)8742 void test_cil_resolve_ast_node_helper_sensalias(CuTest *tc) {
8743 char *line[] = {"(", "sensitivity", "s0", ")",
8744 "(", "sensitivityalias", "s0", "alias", ")", NULL};
8745
8746 struct cil_tree *test_tree;
8747 gen_test_tree(&test_tree, line);
8748
8749 struct cil_db *test_db;
8750 cil_db_init(&test_db);
8751
8752 uint32_t changed = CIL_FALSE;
8753 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8754
8755 uint32_t finished = 0;
8756
8757 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8758
8759 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8760 CuAssertIntEquals(tc, SEPOL_OK, rc);
8761 CuAssertIntEquals(tc, 0, finished);
8762 }
8763
test_cil_resolve_ast_node_helper_sensalias_neg(CuTest * tc)8764 void test_cil_resolve_ast_node_helper_sensalias_neg(CuTest *tc) {
8765 char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
8766
8767 struct cil_tree *test_tree;
8768 gen_test_tree(&test_tree, line);
8769
8770 struct cil_db *test_db;
8771 cil_db_init(&test_db);
8772
8773 uint32_t changed = CIL_FALSE;
8774 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8775
8776 uint32_t finished = 0;
8777
8778 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8779
8780 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
8781 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8782 CuAssertIntEquals(tc, 0, finished);
8783 }
8784
test_cil_resolve_ast_node_helper_catalias(CuTest * tc)8785 void test_cil_resolve_ast_node_helper_catalias(CuTest *tc) {
8786 char *line[] = {"(", "category", "c0", ")",
8787 "(", "categoryalias", "c0", "red", ")", NULL};
8788
8789 struct cil_tree *test_tree;
8790 gen_test_tree(&test_tree, line);
8791
8792 struct cil_db *test_db;
8793 cil_db_init(&test_db);
8794
8795 uint32_t changed = CIL_FALSE;
8796 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8797
8798 uint32_t finished = 0;
8799
8800 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8801
8802 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8803 CuAssertIntEquals(tc, SEPOL_OK, rc);
8804 CuAssertIntEquals(tc, 0, finished);
8805 }
8806
test_cil_resolve_ast_node_helper_catalias_neg(CuTest * tc)8807 void test_cil_resolve_ast_node_helper_catalias_neg(CuTest *tc) {
8808 char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
8809
8810 struct cil_tree *test_tree;
8811 gen_test_tree(&test_tree, line);
8812
8813 struct cil_db *test_db;
8814 cil_db_init(&test_db);
8815
8816 uint32_t changed = CIL_FALSE;
8817 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8818 uint32_t finished = 0;
8819
8820 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8821
8822 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
8823 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8824 CuAssertIntEquals(tc, 0, finished);
8825 }
8826
test_cil_resolve_ast_node_helper_catset(CuTest * tc)8827 void test_cil_resolve_ast_node_helper_catset(CuTest *tc) {
8828 char *line[] = {"(", "category", "c0", ")",
8829 "(", "category", "c1", ")",
8830 "(", "category", "c2", ")",
8831 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8832
8833 struct cil_tree *test_tree;
8834 gen_test_tree(&test_tree, line);
8835
8836 struct cil_db *test_db;
8837 cil_db_init(&test_db);
8838
8839 uint32_t changed = CIL_FALSE;
8840 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8841
8842 uint32_t finished = 0;
8843
8844 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8845
8846 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8847 CuAssertIntEquals(tc, SEPOL_OK, rc);
8848 CuAssertIntEquals(tc, 0, finished);
8849 }
8850
test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest * tc)8851 void test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest *tc) {
8852 char *line[] = {"(", "category", "c0", ")",
8853 "(", "category", "c1", ")",
8854 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8855
8856 struct cil_tree *test_tree;
8857 gen_test_tree(&test_tree, line);
8858
8859 struct cil_db *test_db;
8860 cil_db_init(&test_db);
8861
8862 uint32_t changed = CIL_FALSE;
8863 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8864
8865 uint32_t finished = 0;
8866
8867 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8868
8869 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
8870 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8871 CuAssertIntEquals(tc, 0, finished);
8872 }
8873
test_cil_resolve_ast_node_helper_catrange(CuTest * tc)8874 void test_cil_resolve_ast_node_helper_catrange(CuTest *tc) {
8875 char *line[] = {"(", "category", "c0", ")",
8876 "(", "category", "c255", ")",
8877 "(", "categoryorder", "(", "c0", "c255", ")", ")",
8878 "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
8879
8880
8881 struct cil_tree *test_tree;
8882 gen_test_tree(&test_tree, line);
8883
8884 struct cil_db *test_db;
8885 cil_db_init(&test_db);
8886
8887 uint32_t changed = CIL_FALSE;
8888 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8889
8890 uint32_t finished = 0;
8891
8892 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8893 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
8894 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8895
8896 args->pass = CIL_PASS_MLS;
8897
8898 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8899 CuAssertIntEquals(tc, SEPOL_OK, rc);
8900 CuAssertIntEquals(tc, 0, finished);
8901 }
8902
test_cil_resolve_ast_node_helper_catrange_neg(CuTest * tc)8903 void test_cil_resolve_ast_node_helper_catrange_neg(CuTest *tc) {
8904 char *line[] = {"(", "category", "c0", ")",
8905 "(", "category", "c255", ")",
8906 "(", "categoryorder", "(", "c0", "c255", ")", ")",
8907 "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
8908
8909 struct cil_tree *test_tree;
8910 gen_test_tree(&test_tree, line);
8911
8912 struct cil_db *test_db;
8913 cil_db_init(&test_db);
8914
8915 uint32_t changed = CIL_FALSE;
8916 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8917
8918 uint32_t finished = 0;
8919
8920 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8921
8922 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8923 CuAssertIntEquals(tc, SEPOL_ERR, rc);
8924 CuAssertIntEquals(tc, 0, finished);
8925 }
8926
test_cil_resolve_ast_node_helper_level(CuTest * tc)8927 void test_cil_resolve_ast_node_helper_level(CuTest *tc) {
8928 char *line[] = {"(", "sensitivity", "s0", ")",
8929 "(", "category", "c1", ")",
8930 "(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
8931 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")", NULL};
8932
8933 struct cil_tree *test_tree;
8934 gen_test_tree(&test_tree, line);
8935
8936 struct cil_db *test_db;
8937 cil_db_init(&test_db);
8938
8939 uint32_t changed = CIL_FALSE;
8940 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8941
8942 uint32_t finished = 0;
8943
8944 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8945
8946 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8947 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8948
8949 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
8950
8951 args->pass = CIL_PASS_MLS;
8952 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8953
8954 args->pass = CIL_PASS_MISC2;
8955 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8956
8957 args->pass = CIL_PASS_MISC3;
8958 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8959 CuAssertIntEquals(tc, SEPOL_OK, rc);
8960 CuAssertIntEquals(tc, finished, 0);
8961 }
8962
test_cil_resolve_ast_node_helper_level_neg(CuTest * tc)8963 void test_cil_resolve_ast_node_helper_level_neg(CuTest *tc) {
8964 char *line[] = {"(", "sensitivity", "s0", ")",
8965 "(", "category", "c1", ")",
8966 "(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
8967 "(", "level", "l2", "(", "s8", "(", "c1", ")", ")", ")", NULL};
8968
8969 struct cil_tree *test_tree;
8970 gen_test_tree(&test_tree, line);
8971
8972 struct cil_db *test_db;
8973 cil_db_init(&test_db);
8974
8975 uint32_t changed = CIL_FALSE;
8976 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8977
8978 uint32_t finished = 0;
8979
8980 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8981
8982 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8983 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8984
8985 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
8986
8987 args->pass = CIL_PASS_MLS;
8988 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8989
8990 args->pass = CIL_PASS_MISC3;
8991
8992 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8993 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8994 CuAssertIntEquals(tc, finished, 0);
8995 }
8996
test_cil_resolve_ast_node_helper_levelrange(CuTest * tc)8997 void test_cil_resolve_ast_node_helper_levelrange(CuTest *tc) {
8998 char *line[] = {"(", "sensitivity", "s0", ")",
8999 "(", "category", "c0", ")",
9000 "(", "categoryorder", "(", "c0", ")", ")",
9001 "(", "dominance", "(", "s0", ")", ")",
9002 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9003 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
9004
9005 struct cil_tree *test_tree;
9006 gen_test_tree(&test_tree, line);
9007
9008 struct cil_db *test_db;
9009 cil_db_init(&test_db);
9010
9011 uint32_t changed = CIL_FALSE;
9012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9013
9014 uint32_t finished = 0;
9015
9016 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9017
9018 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9019
9020 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9021
9022 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9023
9024 args->pass = CIL_PASS_MLS;
9025 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9026
9027 args->pass = CIL_PASS_MISC2;
9028 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9029
9030 args->pass = CIL_PASS_MISC3;
9031 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
9032 CuAssertIntEquals(tc, SEPOL_OK, rc);
9033 CuAssertIntEquals(tc, finished, 0);
9034 }
9035
test_cil_resolve_ast_node_helper_levelrange_neg(CuTest * tc)9036 void test_cil_resolve_ast_node_helper_levelrange_neg(CuTest *tc) {
9037 char *line[] = {"(", "sensitivity", "s0", ")",
9038 "(", "category", "c0", ")",
9039 "(", "categoryorder", "(", "c0", ")", ")",
9040 "(", "dominance", "(", "s0", ")", ")",
9041 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9042 "(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
9043
9044 struct cil_tree *test_tree;
9045 gen_test_tree(&test_tree, line);
9046
9047 struct cil_db *test_db;
9048 cil_db_init(&test_db);
9049
9050 uint32_t changed = CIL_FALSE;
9051 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9052
9053 uint32_t finished = 0;
9054
9055 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9056
9057 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9058 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9059
9060 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9061
9062 args->pass = CIL_PASS_MLS;
9063 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9064
9065 args->pass = CIL_PASS_MISC3;
9066
9067 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
9068 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9069 CuAssertIntEquals(tc, finished, 0);
9070 }
9071
test_cil_resolve_ast_node_helper_constrain(CuTest * tc)9072 void test_cil_resolve_ast_node_helper_constrain(CuTest *tc) {
9073 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
9074 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
9075 "(", "sensitivity", "s0", ")",
9076 "(", "category", "c1", ")",
9077 "(", "role", "r1", ")",
9078 "(", "role", "r2", ")",
9079 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
9080
9081 struct cil_tree *test_tree;
9082 gen_test_tree(&test_tree, line);
9083
9084 struct cil_db *test_db;
9085 cil_db_init(&test_db);
9086
9087 uint32_t changed = CIL_FALSE;
9088 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9089
9090 uint32_t finished = 0;
9091
9092 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9093
9094 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9095 CuAssertIntEquals(tc, SEPOL_OK, rc);
9096 CuAssertIntEquals(tc, 0, finished);
9097 }
9098
test_cil_resolve_ast_node_helper_constrain_neg(CuTest * tc)9099 void test_cil_resolve_ast_node_helper_constrain_neg(CuTest *tc) {
9100 char *line[] = {"(", "class", "file", "(", "create", ")", ")",
9101 "(", "class", "dir", "(", "create", ")", ")",
9102 "(", "sensitivity", "s0", ")",
9103 "(", "category", "c1", ")",
9104 "(", "role", "r1", ")",
9105 "(", "role", "r2", ")",
9106 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
9107
9108 struct cil_tree *test_tree;
9109 gen_test_tree(&test_tree, line);
9110
9111 struct cil_db *test_db;
9112 cil_db_init(&test_db);
9113
9114 uint32_t changed = CIL_FALSE;
9115 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9116
9117 uint32_t finished = 0;
9118
9119 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9120
9121 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9122 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9123 CuAssertIntEquals(tc, 0, finished);
9124 }
9125
test_cil_resolve_ast_node_helper_mlsconstrain(CuTest * tc)9126 void test_cil_resolve_ast_node_helper_mlsconstrain(CuTest *tc) {
9127 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
9128 "(", "class", "dir", "(", "create", "relabelto", ")", ")",
9129 "(", "sensitivity", "s0", ")",
9130 "(", "category", "c1", ")",
9131 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
9132 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
9133 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
9134
9135 struct cil_tree *test_tree;
9136 gen_test_tree(&test_tree, line);
9137
9138 struct cil_db *test_db;
9139 cil_db_init(&test_db);
9140
9141 uint32_t changed = CIL_FALSE;
9142 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9143
9144 uint32_t finished = 0;
9145
9146 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9147
9148 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9149 CuAssertIntEquals(tc, SEPOL_OK, rc);
9150 CuAssertIntEquals(tc, 0, finished);
9151 }
9152
test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest * tc)9153 void test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest *tc) {
9154 char *line[] = {"(", "class", "file", "(", "read", ")", ")",
9155 "(", "class", "dir", "(", "read", ")", ")",
9156 "(", "sensitivity", "s0", ")",
9157 "(", "category", "c1", ")",
9158 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
9159 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
9160 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
9161
9162 struct cil_tree *test_tree;
9163 gen_test_tree(&test_tree, line);
9164
9165 struct cil_db *test_db;
9166 cil_db_init(&test_db);
9167
9168 uint32_t changed = CIL_FALSE;
9169 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9170
9171 uint32_t finished = 0;
9172
9173 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9174
9175 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9176 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9177 CuAssertIntEquals(tc, 0, finished);
9178 }
9179
test_cil_resolve_ast_node_helper_context(CuTest * tc)9180 void test_cil_resolve_ast_node_helper_context(CuTest *tc) {
9181 char *line[] = {"(", "sensitivity", "s0", ")",
9182 "(", "category", "c0", ")",
9183 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9184 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9185 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9186 "(", "user", "system_u", ")",
9187 "(", "role", "object_r", ")",
9188 "(", "type", "netif_t", ")",
9189 "(", "context", "con",
9190 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", NULL};
9191
9192 struct cil_tree *test_tree;
9193 gen_test_tree(&test_tree, line);
9194
9195 struct cil_db *test_db;
9196 cil_db_init(&test_db);
9197
9198 uint32_t changed = CIL_FALSE;
9199 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9200
9201 uint32_t finished = 0;
9202
9203 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9204
9205 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9206 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9207
9208 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9209
9210 args->pass = CIL_PASS_MLS;
9211 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9212
9213 args->pass = CIL_PASS_MISC3;
9214
9215 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
9216 CuAssertIntEquals(tc, SEPOL_OK, rc);
9217 CuAssertIntEquals(tc, finished, 0);
9218 }
9219
test_cil_resolve_ast_node_helper_context_neg(CuTest * tc)9220 void test_cil_resolve_ast_node_helper_context_neg(CuTest *tc) {
9221 char *line[] = {"(", "sensitivity", "s0", ")",
9222 "(", "category", "c0", ")",
9223 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9224 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9225 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9226 "(", "user", "system_u", ")",
9227 "(", "role", "object_r", ")",
9228 "(", "type", "netif_t", ")",
9229 "(", "context", "con",
9230 "(", "system_u", "object_r", "netif_t", "DNE", "high", NULL};
9231
9232 struct cil_tree *test_tree;
9233 gen_test_tree(&test_tree, line);
9234
9235 struct cil_db *test_db;
9236 cil_db_init(&test_db);
9237
9238 uint32_t changed = CIL_FALSE;
9239 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9240
9241 uint32_t finished = 0;
9242
9243 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9244
9245 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9246 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9247
9248 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9249
9250 args->pass = CIL_PASS_MLS;
9251 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9252
9253 args->pass = CIL_PASS_MISC3;
9254
9255 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
9256 CuAssertIntEquals(tc, SEPOL_ERR, rc);
9257 CuAssertIntEquals(tc, finished, 0);
9258 }
9259
test_cil_resolve_ast_node_helper_senscat(CuTest * tc)9260 void test_cil_resolve_ast_node_helper_senscat(CuTest *tc) {
9261 char *line[] = {"(", "sensitivity", "s0", ")",
9262 "(", "sensitivity", "s1", ")",
9263 "(", "dominance", "(", "s0", "s1", ")", ")",
9264 "(", "category", "c0", ")",
9265 "(", "category", "c255", ")",
9266 "(", "categoryorder", "(", "c0", "c255", ")", ")",
9267 "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
9268
9269 struct cil_tree *test_tree;
9270 gen_test_tree(&test_tree, line);
9271
9272 struct cil_db *test_db;
9273 cil_db_init(&test_db);
9274
9275 uint32_t changed = CIL_FALSE;
9276 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9277
9278 uint32_t finished = 0;
9279
9280 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9281
9282 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9283 CuAssertIntEquals(tc, SEPOL_OK, rc);
9284 CuAssertIntEquals(tc, 0, finished);
9285 }
9286
test_cil_resolve_ast_node_helper_senscat_neg(CuTest * tc)9287 void test_cil_resolve_ast_node_helper_senscat_neg(CuTest *tc) {
9288 char *line[] = {"(", "sensitivity", "s0", ")",
9289 "(", "sensitivity", "s1", ")",
9290 "(", "dominance", "(", "s0", "s1", ")", ")",
9291 "(", "category", "c0", ")",
9292 "(", "category", "c255", ")",
9293 "(", "categoryorder", "(", "c0", "c255", ")", ")",
9294 "(", "sensitivitycategory", "s5", "foo", ")", NULL};
9295
9296 struct cil_tree *test_tree;
9297 gen_test_tree(&test_tree, line);
9298
9299 struct cil_db *test_db;
9300 cil_db_init(&test_db);
9301
9302 uint32_t changed = CIL_FALSE;
9303 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9304
9305 uint32_t finished = 0;
9306
9307 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9308
9309 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9310 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9311 CuAssertIntEquals(tc, 0, finished);
9312 }
9313
test_cil_resolve_ast_node_helper_roletransition(CuTest * tc)9314 void test_cil_resolve_ast_node_helper_roletransition(CuTest *tc) {
9315 char *line[] = {"(", "role", "foo_r", ")",
9316 "(", "type", "bar_t", ")",
9317 "(", "role", "foobar_r", ")",
9318 "(", "class", "process", "(", "transition", ")", ")",
9319 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9320
9321 struct cil_tree *test_tree;
9322 gen_test_tree(&test_tree, line);
9323
9324 struct cil_db *test_db;
9325 cil_db_init(&test_db);
9326
9327 uint32_t changed = CIL_FALSE;
9328 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9329
9330 uint32_t finished = 0;
9331
9332 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9333
9334 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9335 CuAssertIntEquals(tc, SEPOL_OK, rc);
9336 CuAssertIntEquals(tc, 0, finished);
9337 }
9338
test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest * tc)9339 void test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest *tc) {
9340 char *line[] = {"(", "type", "bar_t", ")",
9341 "(", "role", "foobar_r", ")",
9342 "(", "class", "process", "(", "transition", ")", ")",
9343 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9344
9345 struct cil_tree *test_tree;
9346 gen_test_tree(&test_tree, line);
9347
9348 struct cil_db *test_db;
9349 cil_db_init(&test_db);
9350
9351 uint32_t changed = CIL_FALSE;
9352 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9353
9354 uint32_t finished = 0;
9355
9356 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9357
9358 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9359 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9360 CuAssertIntEquals(tc, 0, finished);
9361 }
9362
test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest * tc)9363 void test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest *tc) {
9364 char *line[] = {"(", "role", "foo_r", ")",
9365 "(", "role", "foobar_r", ")",
9366 "(", "class", "process", "(", "transition", ")", ")",
9367 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9368
9369 struct cil_tree *test_tree;
9370 gen_test_tree(&test_tree, line);
9371
9372 struct cil_db *test_db;
9373 cil_db_init(&test_db);
9374
9375 uint32_t changed = CIL_FALSE;
9376 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9377
9378 uint32_t finished = 0;
9379
9380 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9381
9382 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9383 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9384 CuAssertIntEquals(tc, 0, finished);
9385 }
9386
test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest * tc)9387 void test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest *tc) {
9388 char *line[] = {"(", "role", "foo_r", ")",
9389 "(", "type", "bar_t", ")",
9390 "(", "class", "process", "(", "transition", ")", ")",
9391 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9392
9393 struct cil_tree *test_tree;
9394 gen_test_tree(&test_tree, line);
9395
9396 struct cil_db *test_db;
9397 cil_db_init(&test_db);
9398
9399 uint32_t changed = CIL_FALSE;
9400 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9401
9402 uint32_t finished = 0;
9403
9404 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9405
9406 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9407 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9408 CuAssertIntEquals(tc, 0, finished);
9409 }
9410
test_cil_resolve_ast_node_helper_typeattributeset(CuTest * tc)9411 void test_cil_resolve_ast_node_helper_typeattributeset(CuTest *tc) {
9412 char *line[] = {"(", "typeattribute", "attrs", ")",
9413 "(", "type", "type_t", ")",
9414 "(", "type", "type_tt", ")",
9415 "(", "typeattributeset", "attrs", "(", "type_t", "type_tt", ")", ")", NULL};
9416
9417 struct cil_tree *test_tree;
9418 gen_test_tree(&test_tree, line);
9419
9420 struct cil_db *test_db;
9421 cil_db_init(&test_db);
9422
9423 uint32_t changed = CIL_FALSE;
9424 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9425
9426 uint32_t finished = 0;
9427
9428 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9429
9430 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9431 CuAssertIntEquals(tc, SEPOL_OK, rc);
9432 CuAssertIntEquals(tc, 0, finished);
9433 }
9434
test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest * tc)9435 void test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest *tc) {
9436 char *line[] = {"(", "typeattribute", "attrs", ")",
9437 "(", "type", "type_t", ")",
9438 "(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
9439
9440 struct cil_tree *test_tree;
9441 gen_test_tree(&test_tree, line);
9442
9443 struct cil_db *test_db;
9444 cil_db_init(&test_db);
9445
9446 uint32_t changed = CIL_FALSE;
9447 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9448
9449 uint32_t finished = 0;
9450
9451 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9452
9453 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9454 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9455 CuAssertIntEquals(tc, 0, finished);
9456 }
9457
test_cil_resolve_ast_node_helper_typealias(CuTest * tc)9458 void test_cil_resolve_ast_node_helper_typealias(CuTest *tc) {
9459 char *line[] = {"(", "block", "foo",
9460 "(", "typealias", ".foo.test", "type_t", ")",
9461 "(", "type", "test", ")", ")", NULL};
9462
9463 struct cil_tree *test_tree;
9464 gen_test_tree(&test_tree, line);
9465
9466 struct cil_db *test_db;
9467 cil_db_init(&test_db);
9468
9469 uint32_t changed = CIL_FALSE;
9470 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9471
9472 uint32_t finished = 0;
9473
9474 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9475
9476 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
9477 CuAssertIntEquals(tc, SEPOL_OK, rc);
9478 CuAssertIntEquals(tc, 0, finished);
9479 }
9480
test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest * tc)9481 void test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest *tc) {
9482 char *line[] = {"(", "block", "bar",
9483 "(", "typealias", ".bar.test", "type_t", ")", NULL};
9484
9485 struct cil_tree *test_tree;
9486 gen_test_tree(&test_tree, line);
9487
9488 struct cil_db *test_db;
9489 cil_db_init(&test_db);
9490
9491 uint32_t changed = CIL_FALSE;
9492 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9493
9494 uint32_t finished = 0;
9495
9496 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9497
9498 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
9499 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9500 CuAssertIntEquals(tc, 0, finished);
9501 }
9502
test_cil_resolve_ast_node_helper_typebounds(CuTest * tc)9503 void test_cil_resolve_ast_node_helper_typebounds(CuTest *tc) {
9504 char *line[] = {"(", "type", "type_a", ")",
9505 "(", "type", "type_b", ")",
9506 "(", "typebounds", "type_a", "type_b", ")", NULL};
9507
9508 struct cil_tree *test_tree;
9509 gen_test_tree(&test_tree, line);
9510
9511 struct cil_db *test_db;
9512 cil_db_init(&test_db);
9513
9514 uint32_t changed = CIL_FALSE;
9515 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9516
9517 uint32_t finished = 0;
9518
9519 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9520
9521 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9522 CuAssertIntEquals(tc, SEPOL_OK, rc);
9523 CuAssertIntEquals(tc, 0, finished);
9524 }
9525
test_cil_resolve_ast_node_helper_typebounds_neg(CuTest * tc)9526 void test_cil_resolve_ast_node_helper_typebounds_neg(CuTest *tc) {
9527 char *line[] = {"(", "type", "type_b", ")",
9528 "(", "typebounds", "type_a", "type_b", ")", NULL};
9529
9530 struct cil_tree *test_tree;
9531 gen_test_tree(&test_tree, line);
9532
9533 struct cil_db *test_db;
9534 cil_db_init(&test_db);
9535
9536 uint32_t changed = CIL_FALSE;
9537 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9538
9539 uint32_t finished = 0;
9540
9541 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9542
9543 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9544 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9545 CuAssertIntEquals(tc, 0, finished);
9546 }
9547
test_cil_resolve_ast_node_helper_typepermissive(CuTest * tc)9548 void test_cil_resolve_ast_node_helper_typepermissive(CuTest *tc) {
9549 char *line[] = {"(", "type", "type_a", ")",
9550 "(", "typepermissive", "type_a", ")", NULL};
9551
9552 struct cil_tree *test_tree;
9553 gen_test_tree(&test_tree, line);
9554
9555 struct cil_db *test_db;
9556 cil_db_init(&test_db);
9557
9558 uint32_t changed = CIL_FALSE;
9559 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9560 uint32_t finished = 0;
9561
9562 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9563
9564 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9565 CuAssertIntEquals(tc, SEPOL_OK, rc);
9566 CuAssertIntEquals(tc, 0, finished);
9567 }
9568
test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest * tc)9569 void test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest *tc) {
9570 char *line[] = {"(", "type", "type_b", ")",
9571 "(", "typepermissive", "type_a", ")", NULL};
9572
9573 struct cil_tree *test_tree;
9574 gen_test_tree(&test_tree, line);
9575
9576 struct cil_db *test_db;
9577 cil_db_init(&test_db);
9578
9579 uint32_t changed = CIL_FALSE;
9580 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9581
9582 uint32_t finished = 0;
9583
9584 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9585
9586 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9587 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9588 CuAssertIntEquals(tc, 0, finished);
9589 }
9590
test_cil_resolve_ast_node_helper_rangetransition(CuTest * tc)9591 void test_cil_resolve_ast_node_helper_rangetransition(CuTest *tc) {
9592 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
9593 "(", "type", "type_a", ")",
9594 "(", "type", "type_b", ")",
9595 "(", "sensitivity", "s0", ")",
9596 "(", "category", "c0", ")",
9597 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9598 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9599 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
9600
9601 struct cil_tree *test_tree;
9602 gen_test_tree(&test_tree, line);
9603
9604 struct cil_db *test_db;
9605 cil_db_init(&test_db);
9606
9607 uint32_t changed = CIL_FALSE;
9608 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9609
9610 uint32_t finished = 0;
9611
9612 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9613
9614 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
9615 CuAssertIntEquals(tc, SEPOL_OK, rc);
9616 CuAssertIntEquals(tc, 0, finished);
9617 }
9618
test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest * tc)9619 void test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest *tc) {
9620 char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
9621 "(", "type", "type_a", ")",
9622 "(", "type", "type_b", ")",
9623 "(", "sensitivity", "s0", ")",
9624 "(", "category", "c0", ")",
9625 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9626 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9627 "(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
9628
9629 struct cil_tree *test_tree;
9630 gen_test_tree(&test_tree, line);
9631
9632 struct cil_db *test_db;
9633 cil_db_init(&test_db);
9634
9635 uint32_t changed = CIL_FALSE;
9636 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9637
9638 uint32_t finished = 0;
9639
9640 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9641
9642 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
9643 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9644 CuAssertIntEquals(tc, 0, finished);
9645 }
9646
test_cil_resolve_ast_node_helper_nametypetransition(CuTest * tc)9647 void test_cil_resolve_ast_node_helper_nametypetransition(CuTest *tc) {
9648 char *line[] = {"(", "type", "foo", ")",
9649 "(", "type", "bar", ")",
9650 "(", "class", "file", "(", "read", ")", ")",
9651 "(", "type", "foobar", ")",
9652 "(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
9653
9654 struct cil_tree *test_tree;
9655 gen_test_tree(&test_tree, line);
9656
9657 struct cil_db *test_db;
9658 cil_db_init(&test_db);
9659
9660 uint32_t changed = CIL_FALSE;
9661 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9662
9663 uint32_t finished = 0;
9664
9665 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9666
9667 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9668 CuAssertIntEquals(tc, SEPOL_OK, rc);
9669 CuAssertIntEquals(tc, 0, finished);
9670 }
9671
test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest * tc)9672 void test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest *tc) {
9673 char *line[] = {"(", "type", "foo", ")",
9674 "(", "type", "bar", ")",
9675 "(", "class", "file", "(", "read", ")", ")",
9676 "(", "type", "foobar", ")",
9677 "(", "nametypetransition", "str", "foo", "bar", "file", "foobarrr", ")", NULL};
9678
9679 struct cil_tree *test_tree;
9680 gen_test_tree(&test_tree, line);
9681
9682 struct cil_db *test_db;
9683 cil_db_init(&test_db);
9684
9685 uint32_t changed = CIL_FALSE;
9686 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9687
9688 uint32_t finished = 0;
9689
9690 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9691
9692 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9693 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9694 CuAssertIntEquals(tc, 0, finished);
9695 }
9696
test_cil_resolve_ast_node_helper_avrule(CuTest * tc)9697 void test_cil_resolve_ast_node_helper_avrule(CuTest *tc) {
9698 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
9699 "(", "type", "test", ")",
9700 "(", "type", "foo", ")",
9701 "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9702
9703 struct cil_tree *test_tree;
9704 gen_test_tree(&test_tree, line);
9705
9706 struct cil_db *test_db;
9707 cil_db_init(&test_db);
9708
9709 uint32_t changed = CIL_FALSE;
9710 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9711
9712 uint32_t finished = 0;
9713
9714 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9715
9716 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9717 CuAssertIntEquals(tc, SEPOL_OK, rc);
9718 CuAssertIntEquals(tc, 0, finished);
9719 }
9720
test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest * tc)9721 void test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest *tc) {
9722 char *line[] = {"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9723
9724 struct cil_tree *test_tree;
9725 gen_test_tree(&test_tree, line);
9726
9727 struct cil_db *test_db;
9728 cil_db_init(&test_db);
9729
9730 uint32_t changed = CIL_FALSE;
9731 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9732
9733 uint32_t finished = 0;
9734
9735 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9736
9737 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
9738 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9739 CuAssertIntEquals(tc, 0, finished);
9740 }
9741
test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest * tc)9742 void test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest *tc) {
9743 char *line[] = {"(", "type", "test", ")",
9744 "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9745
9746 struct cil_tree *test_tree;
9747 gen_test_tree(&test_tree, line);
9748
9749 struct cil_db *test_db;
9750 cil_db_init(&test_db);
9751
9752 uint32_t changed = CIL_FALSE;
9753 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9754
9755 uint32_t finished = 0;
9756
9757 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9758
9759 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9760 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9761 CuAssertIntEquals(tc, 0, finished);
9762 }
9763
test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest * tc)9764 void test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest *tc) {
9765 char *line[] = {"(", "type", "test", ")",
9766 "(", "type", "foo", ")",
9767 "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9768
9769 struct cil_tree *test_tree;
9770 gen_test_tree(&test_tree, line);
9771
9772 struct cil_db *test_db;
9773 cil_db_init(&test_db);
9774
9775 uint32_t changed = CIL_FALSE;
9776 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9777
9778 uint32_t finished = 0;
9779
9780 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9781
9782 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9783 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9784 CuAssertIntEquals(tc, 0, finished);
9785 }
9786
test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest * tc)9787 void test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest *tc) {
9788 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
9789 "(", "type", "test", ")", "(", "type", "foo", ")",
9790 "(", "allow", "test", "foo", "(", "bar", "(","fake", ")", ")", ")", NULL};
9791
9792 struct cil_tree *test_tree;
9793 gen_test_tree(&test_tree, line);
9794
9795 struct cil_db *test_db;
9796 cil_db_init(&test_db);
9797
9798 uint32_t changed = CIL_FALSE;
9799 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9800
9801 uint32_t finished = 0;
9802
9803 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9804
9805 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9806 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9807 CuAssertIntEquals(tc, 0, finished);
9808 }
9809
test_cil_resolve_ast_node_helper_type_rule_transition(CuTest * tc)9810 void test_cil_resolve_ast_node_helper_type_rule_transition(CuTest *tc) {
9811 char *line[] = {"(", "type", "foo", ")",
9812 "(", "type", "bar", ")",
9813 "(", "class", "file", "(", "write", ")", ")",
9814 "(", "type", "foobar", ")",
9815 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
9816
9817 struct cil_tree *test_tree;
9818 gen_test_tree(&test_tree, line);
9819
9820 struct cil_db *test_db;
9821 cil_db_init(&test_db);
9822
9823 uint32_t changed = CIL_FALSE;
9824 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9825
9826 uint32_t finished = 0;
9827
9828 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9829
9830 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9831 CuAssertIntEquals(tc, SEPOL_OK, rc);
9832 CuAssertIntEquals(tc, 0, finished);
9833 }
9834
test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest * tc)9835 void test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest *tc) {
9836 char *line[] = {"(", "type", "foo", ")",
9837 "(", "class", "file", "(", "write", ")", ")",
9838 "(", "type", "foobar", ")",
9839 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
9840
9841 struct cil_tree *test_tree;
9842 gen_test_tree(&test_tree, line);
9843
9844 struct cil_db *test_db;
9845 cil_db_init(&test_db);
9846
9847 uint32_t changed = CIL_FALSE;
9848 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9849
9850 uint32_t finished = 0;
9851
9852 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9853
9854 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9855 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9856 CuAssertIntEquals(tc, 0, finished);
9857 }
9858
test_cil_resolve_ast_node_helper_type_rule_change(CuTest * tc)9859 void test_cil_resolve_ast_node_helper_type_rule_change(CuTest *tc) {
9860 char *line[] = {"(", "type", "foo", ")",
9861 "(", "type", "bar", ")",
9862 "(", "class", "file", "(", "write", ")", ")",
9863 "(", "type", "foobar", ")",
9864 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
9865
9866 struct cil_tree *test_tree;
9867 gen_test_tree(&test_tree, line);
9868
9869 struct cil_db *test_db;
9870 cil_db_init(&test_db);
9871
9872 uint32_t changed = CIL_FALSE;
9873 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9874
9875 uint32_t finished = 0;
9876
9877 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9878
9879 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9880 CuAssertIntEquals(tc, SEPOL_OK, rc);
9881 CuAssertIntEquals(tc, 0, finished);
9882 }
9883
test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest * tc)9884 void test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest *tc) {
9885 char *line[] = {"(", "type", "foo", ")",
9886 "(", "class", "file", "(", "write", ")", ")",
9887 "(", "type", "foobar", ")",
9888 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
9889
9890 struct cil_tree *test_tree;
9891 gen_test_tree(&test_tree, line);
9892
9893 struct cil_db *test_db;
9894 cil_db_init(&test_db);
9895
9896 uint32_t changed = CIL_FALSE;
9897 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9898
9899 uint32_t finished = 0;
9900
9901 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9902
9903 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9904 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9905 CuAssertIntEquals(tc, 0, finished);
9906 }
9907
test_cil_resolve_ast_node_helper_type_rule_member(CuTest * tc)9908 void test_cil_resolve_ast_node_helper_type_rule_member(CuTest *tc) {
9909 char *line[] = {"(", "type", "foo", ")",
9910 "(", "type", "bar", ")",
9911 "(", "class", "file", "(", "write", ")", ")",
9912 "(", "type", "foobar", ")",
9913 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
9914
9915 struct cil_tree *test_tree;
9916 gen_test_tree(&test_tree, line);
9917
9918 struct cil_db *test_db;
9919 cil_db_init(&test_db);
9920
9921 uint32_t changed = CIL_FALSE;
9922 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9923
9924 uint32_t finished = 0;
9925
9926 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9927
9928 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9929 CuAssertIntEquals(tc, SEPOL_OK, rc);
9930 CuAssertIntEquals(tc, 0, finished);
9931 }
9932
test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest * tc)9933 void test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest *tc) {
9934 char *line[] = {"(", "type", "foo", ")",
9935 "(", "class", "file", "(", "write", ")", ")",
9936 "(", "type", "foobar", ")",
9937 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
9938
9939 struct cil_tree *test_tree;
9940 gen_test_tree(&test_tree, line);
9941
9942 struct cil_db *test_db;
9943 cil_db_init(&test_db);
9944
9945 uint32_t changed = CIL_FALSE;
9946 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9947
9948 uint32_t finished = 0;
9949
9950 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9951
9952 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9953 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9954 CuAssertIntEquals(tc, 0, finished);
9955 }
9956
test_cil_resolve_ast_node_helper_userbounds(CuTest * tc)9957 void test_cil_resolve_ast_node_helper_userbounds(CuTest *tc) {
9958 char *line[] = {"(", "user", "user1", ")",
9959 "(", "user", "user2", ")",
9960 "(", "userbounds", "user1", "user2", ")", NULL};
9961
9962 struct cil_tree *test_tree;
9963 gen_test_tree(&test_tree, line);
9964
9965 struct cil_db *test_db;
9966 cil_db_init(&test_db);
9967
9968 struct cil_tree_node *test_ast_node;
9969 cil_tree_node_init(&test_ast_node);
9970
9971 uint32_t finished = 0;
9972
9973 uint32_t changed = CIL_FALSE;
9974 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9975
9976 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9977
9978 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9979 CuAssertIntEquals(tc, 0, finished);
9980 CuAssertIntEquals(tc, SEPOL_OK, rc);
9981 }
9982
test_cil_resolve_ast_node_helper_userbounds_neg(CuTest * tc)9983 void test_cil_resolve_ast_node_helper_userbounds_neg(CuTest *tc) {
9984 char *line[] = {"(", "user", "user1", ")",
9985 "(", "userbounds", "user1", "user2", ")", NULL};
9986
9987 struct cil_tree *test_tree;
9988 gen_test_tree(&test_tree, line);
9989
9990 struct cil_db *test_db;
9991 cil_db_init(&test_db);
9992
9993 struct cil_tree_node *test_ast_node;
9994 cil_tree_node_init(&test_ast_node);
9995
9996 uint32_t finished = 0;
9997
9998 uint32_t changed = CIL_FALSE;
9999 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10000
10001 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10002
10003 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10004 CuAssertIntEquals(tc, 0, finished);
10005 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10006 }
10007
test_cil_resolve_ast_node_helper_roletype(CuTest * tc)10008 void test_cil_resolve_ast_node_helper_roletype(CuTest *tc) {
10009 char *line[] = {"(", "role", "admin_r", ")",
10010 "(", "type", "admin_t", ")",
10011 "(", "roletype", "admin_r", "admin_t", ")", NULL};
10012
10013 struct cil_tree *test_tree;
10014 gen_test_tree(&test_tree, line);
10015
10016 struct cil_db *test_db;
10017 cil_db_init(&test_db);
10018
10019 struct cil_tree_node *test_ast_node;
10020 cil_tree_node_init(&test_ast_node);
10021
10022 uint32_t finished = 0;
10023
10024 uint32_t changed = CIL_FALSE;
10025 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10026
10027 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10028
10029 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10030 CuAssertIntEquals(tc, 0, finished);
10031 CuAssertIntEquals(tc, SEPOL_OK, rc);
10032 }
10033
test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest * tc)10034 void test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest *tc) {
10035 char *line[] = {"(", "type", "admin_t", ")",
10036 "(", "roletype", "admin_r", "admin_t", ")", NULL};
10037
10038 struct cil_tree *test_tree;
10039 gen_test_tree(&test_tree, line);
10040
10041 struct cil_db *test_db;
10042 cil_db_init(&test_db);
10043
10044 struct cil_tree_node *test_ast_node;
10045 cil_tree_node_init(&test_ast_node);
10046
10047 uint32_t finished = 0;
10048
10049 uint32_t changed = CIL_FALSE;
10050 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10051
10052 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10053
10054 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10055 CuAssertIntEquals(tc, 0, finished);
10056 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10057 }
10058
test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest * tc)10059 void test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest *tc) {
10060 char *line[] = {"(", "role", "admin_r", ")",
10061 "(", "roletype", "admin_r", "admin_t", ")", NULL};
10062
10063 struct cil_tree *test_tree;
10064 gen_test_tree(&test_tree, line);
10065
10066 struct cil_db *test_db;
10067 cil_db_init(&test_db);
10068
10069 struct cil_tree_node *test_ast_node;
10070 cil_tree_node_init(&test_ast_node);
10071
10072 uint32_t finished = 0;
10073
10074 uint32_t changed = CIL_FALSE;
10075 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10076
10077 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10078
10079 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10080 CuAssertIntEquals(tc, 0, finished);
10081 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10082 }
10083
test_cil_resolve_ast_node_helper_userrole(CuTest * tc)10084 void test_cil_resolve_ast_node_helper_userrole(CuTest *tc) {
10085 char *line[] = {"(", "role", "staff_r", ")",
10086 "(", "user", "staff_u", ")",
10087 "(", "userrole", "staff_u", "staff_r", ")", NULL};
10088
10089 struct cil_tree *test_tree;
10090 gen_test_tree(&test_tree, line);
10091
10092 struct cil_db *test_db;
10093 cil_db_init(&test_db);
10094
10095 struct cil_tree_node *test_ast_node;
10096 cil_tree_node_init(&test_ast_node);
10097
10098 uint32_t finished = 0;
10099
10100 uint32_t changed = CIL_FALSE;
10101 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10102
10103 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10104
10105 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10106 CuAssertIntEquals(tc, 0, finished);
10107 CuAssertIntEquals(tc, SEPOL_OK, rc);
10108 }
10109
test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest * tc)10110 void test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest *tc) {
10111 char *line[] = {"(", "role", "staff_r", ")",
10112 "(", "userrole", "staff_u", "staff_r", ")", NULL};
10113
10114 struct cil_tree *test_tree;
10115 gen_test_tree(&test_tree, line);
10116
10117 struct cil_db *test_db;
10118 cil_db_init(&test_db);
10119
10120 struct cil_tree_node *test_ast_node;
10121 cil_tree_node_init(&test_ast_node);
10122
10123 uint32_t finished = 0;
10124
10125 uint32_t changed = CIL_FALSE;
10126 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10127
10128 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10129
10130 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10131 CuAssertIntEquals(tc, 0, finished);
10132 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10133 }
10134
test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest * tc)10135 void test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest *tc) {
10136 char *line[] = {"(", "user", "staff_u", ")",
10137 "(", "userrole", "staff_u", "staff_r", ")", NULL};
10138
10139 struct cil_tree *test_tree;
10140 gen_test_tree(&test_tree, line);
10141
10142 struct cil_db *test_db;
10143 cil_db_init(&test_db);
10144
10145 struct cil_tree_node *test_ast_node;
10146 cil_tree_node_init(&test_ast_node);
10147
10148 uint32_t finished = 0;
10149
10150 uint32_t changed = CIL_FALSE;
10151 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10152
10153 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10154
10155 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10156 CuAssertIntEquals(tc, 0, finished);
10157 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10158 }
10159
test_cil_resolve_ast_node_helper_userlevel(CuTest * tc)10160 void test_cil_resolve_ast_node_helper_userlevel(CuTest *tc) {
10161 char *line[] = {"(", "user", "foo_u", ")",
10162 "(", "category", "c0", ")",
10163 "(", "sensitivity", "s0", ")",
10164 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10165 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10166 "(", "userlevel", "foo_u", "low", ")", NULL};
10167
10168 struct cil_tree *test_tree;
10169 gen_test_tree(&test_tree, line);
10170
10171 struct cil_db *test_db;
10172 cil_db_init(&test_db);
10173
10174 struct cil_tree_node *test_ast_node;
10175 cil_tree_node_init(&test_ast_node);
10176
10177 uint32_t finished = 0;
10178
10179 uint32_t changed = CIL_FALSE;
10180 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10181
10182 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10183
10184 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10185 CuAssertIntEquals(tc, 0, finished);
10186 CuAssertIntEquals(tc, SEPOL_OK, rc);
10187 }
10188
test_cil_resolve_ast_node_helper_userlevel_neg(CuTest * tc)10189 void test_cil_resolve_ast_node_helper_userlevel_neg(CuTest *tc) {
10190 char *line[] = {"(", "user", "foo_u", ")",
10191 "(", "category", "c0", ")",
10192 "(", "sensitivity", "s0", ")",
10193 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10194 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10195 "(", "userlevel", "DNE", "low", ")", NULL};
10196
10197 struct cil_tree *test_tree;
10198 gen_test_tree(&test_tree, line);
10199
10200 struct cil_db *test_db;
10201 cil_db_init(&test_db);
10202
10203 struct cil_tree_node *test_ast_node;
10204 cil_tree_node_init(&test_ast_node);
10205
10206 uint32_t finished = 0;
10207
10208 uint32_t changed = CIL_FALSE;
10209 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10210
10211 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10212
10213 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10214 CuAssertIntEquals(tc, 0, finished);
10215 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10216 }
10217
test_cil_resolve_ast_node_helper_userrange(CuTest * tc)10218 void test_cil_resolve_ast_node_helper_userrange(CuTest *tc) {
10219 char *line[] = {"(", "user", "foo_u", ")",
10220 "(", "category", "c0", ")",
10221 "(", "sensitivity", "s0", ")",
10222 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10223 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
10224 "(", "userrange", "foo_u", "range", ")", NULL};
10225
10226 struct cil_tree *test_tree;
10227 gen_test_tree(&test_tree, line);
10228
10229 struct cil_db *test_db;
10230 cil_db_init(&test_db);
10231
10232 struct cil_tree_node *test_ast_node;
10233 cil_tree_node_init(&test_ast_node);
10234
10235 uint32_t finished = 0;
10236
10237 uint32_t changed = CIL_FALSE;
10238 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10239
10240 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10241
10242 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10243 CuAssertIntEquals(tc, 0, finished);
10244 CuAssertIntEquals(tc, SEPOL_OK, rc);
10245 }
10246
test_cil_resolve_ast_node_helper_userrange_neg(CuTest * tc)10247 void test_cil_resolve_ast_node_helper_userrange_neg(CuTest *tc) {
10248 char *line[] = {"(", "user", "foo_u", ")",
10249 "(", "category", "c0", ")",
10250 "(", "sensitivity", "s0", ")",
10251 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10252 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
10253 "(", "userrange", "DNE", "range", ")", NULL};
10254
10255 struct cil_tree *test_tree;
10256 gen_test_tree(&test_tree, line);
10257
10258 struct cil_db *test_db;
10259 cil_db_init(&test_db);
10260
10261 struct cil_tree_node *test_ast_node;
10262 cil_tree_node_init(&test_ast_node);
10263
10264 uint32_t finished = 0;
10265
10266 uint32_t changed = CIL_FALSE;
10267 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10268
10269 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10270
10271 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10272 CuAssertIntEquals(tc, 0, finished);
10273 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10274 }
10275
test_cil_resolve_ast_node_helper_filecon(CuTest * tc)10276 void test_cil_resolve_ast_node_helper_filecon(CuTest *tc) {
10277 char *line[] = {"(", "user", "user_u", ")",
10278 "(", "role", "role_r", ")",
10279 "(", "type", "type_t", ")",
10280 "(", "category", "c0", ")",
10281 "(", "sensitivity", "s0", ")",
10282 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10283 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10284 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10285 "(", "filecon", "root", "path", "file", "con", ")", NULL};
10286
10287 struct cil_tree *test_tree;
10288 gen_test_tree(&test_tree, line);
10289
10290 struct cil_db *test_db;
10291 cil_db_init(&test_db);
10292
10293 uint32_t changed = CIL_FALSE;
10294 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10295
10296 uint32_t finished = 0;
10297
10298 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10299
10300 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10301 CuAssertIntEquals(tc, SEPOL_OK, rc);
10302 CuAssertIntEquals(tc, 0, finished);
10303 }
10304
test_cil_resolve_ast_node_helper_filecon_neg(CuTest * tc)10305 void test_cil_resolve_ast_node_helper_filecon_neg(CuTest *tc) {
10306 char *line[] = {"(", "user", "user_u", ")",
10307 "(", "role", "role_r", ")",
10308 "(", "type", "type_t", ")",
10309 "(", "category", "c0", ")",
10310 "(", "sensitivity", "s0", ")",
10311 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10312 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10313 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10314 "(", "filecon", "root", "path", "file", "foo", ")", NULL};
10315
10316 struct cil_tree *test_tree;
10317 gen_test_tree(&test_tree, line);
10318
10319 struct cil_db *test_db;
10320 cil_db_init(&test_db);
10321
10322 uint32_t changed = CIL_FALSE;
10323 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10324
10325 uint32_t finished = 0;
10326
10327 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10328
10329 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10330 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10331 CuAssertIntEquals(tc, 0, finished);
10332 }
10333
test_cil_resolve_ast_node_helper_portcon(CuTest * tc)10334 void test_cil_resolve_ast_node_helper_portcon(CuTest *tc) {
10335 char *line[] = {"(", "user", "user_u", ")",
10336 "(", "role", "role_r", ")",
10337 "(", "type", "type_t", ")",
10338 "(", "category", "c0", ")",
10339 "(", "sensitivity", "s0", ")",
10340 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10341 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10342 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10343 "(", "portcon", "udp", "25", "con", ")", NULL};
10344
10345 struct cil_tree *test_tree;
10346 gen_test_tree(&test_tree, line);
10347
10348 struct cil_db *test_db;
10349 cil_db_init(&test_db);
10350
10351 uint32_t changed = CIL_FALSE;
10352 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10353
10354 uint32_t finished = 0;
10355
10356 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10357
10358 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10359 CuAssertIntEquals(tc, SEPOL_OK, rc);
10360 CuAssertIntEquals(tc, 0, finished);
10361 }
10362
test_cil_resolve_ast_node_helper_portcon_neg(CuTest * tc)10363 void test_cil_resolve_ast_node_helper_portcon_neg(CuTest *tc) {
10364 char *line[] = {"(", "user", "user_u", ")",
10365 "(", "role", "role_r", ")",
10366 "(", "type", "type_t", ")",
10367 "(", "category", "c0", ")",
10368 "(", "sensitivity", "s0", ")",
10369 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10370 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10371 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10372 "(", "portcon", "udp", "25", "foo", ")", NULL};
10373
10374 struct cil_tree *test_tree;
10375 gen_test_tree(&test_tree, line);
10376
10377 struct cil_db *test_db;
10378 cil_db_init(&test_db);
10379
10380 uint32_t changed = CIL_FALSE;
10381 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10382
10383 uint32_t finished = 0;
10384
10385 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10386
10387 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10388 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10389 CuAssertIntEquals(tc, 0, finished);
10390 }
10391
test_cil_resolve_ast_node_helper_genfscon(CuTest * tc)10392 void test_cil_resolve_ast_node_helper_genfscon(CuTest *tc) {
10393 char *line[] = {"(", "user", "user_u", ")",
10394 "(", "role", "role_r", ")",
10395 "(", "type", "type_t", ")",
10396 "(", "category", "c0", ")",
10397 "(", "sensitivity", "s0", ")",
10398 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10399 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10400 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10401 "(", "genfscon", "type", "path", "con", ")", NULL};
10402
10403 struct cil_tree *test_tree;
10404 gen_test_tree(&test_tree, line);
10405
10406 struct cil_db *test_db;
10407 cil_db_init(&test_db);
10408
10409 uint32_t changed = CIL_FALSE;
10410 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10411
10412 uint32_t finished = 0;
10413
10414 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10415
10416 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10417 CuAssertIntEquals(tc, SEPOL_OK, rc);
10418 CuAssertIntEquals(tc, 0, finished);
10419 }
10420
test_cil_resolve_ast_node_helper_genfscon_neg(CuTest * tc)10421 void test_cil_resolve_ast_node_helper_genfscon_neg(CuTest *tc) {
10422 char *line[] = {"(", "user", "user_u", ")",
10423 "(", "role", "role_r", ")",
10424 "(", "type", "type_t", ")",
10425 "(", "category", "c0", ")",
10426 "(", "sensitivity", "s0", ")",
10427 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10428 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10429 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10430 "(", "genfscon", "type", "path", "foo", ")", NULL};
10431
10432 struct cil_tree *test_tree;
10433 gen_test_tree(&test_tree, line);
10434
10435 struct cil_db *test_db;
10436 cil_db_init(&test_db);
10437
10438 uint32_t changed = CIL_FALSE;
10439 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10440
10441 uint32_t finished = 0;
10442
10443 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10444
10445 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10446 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10447 CuAssertIntEquals(tc, 0, finished);
10448 }
10449
test_cil_resolve_ast_node_helper_nodecon(CuTest * tc)10450 void test_cil_resolve_ast_node_helper_nodecon(CuTest *tc) {
10451 char *line[] = {"(", "user", "user_u", ")",
10452 "(", "role", "role_r", ")",
10453 "(", "type", "type_t", ")",
10454 "(", "category", "c0", ")",
10455 "(", "sensitivity", "s0", ")",
10456 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10457 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10458 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10459 "(", "ipaddr", "ip", "192.168.1.1", ")",
10460 "(", "nodecon", "ip", "ip", "con", ")", NULL};
10461
10462 struct cil_tree *test_tree;
10463 gen_test_tree(&test_tree, line);
10464
10465 struct cil_db *test_db;
10466 cil_db_init(&test_db);
10467
10468 uint32_t changed = CIL_FALSE;
10469 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10470
10471 uint32_t finished = 0;
10472
10473 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10474
10475 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10476 CuAssertIntEquals(tc, SEPOL_OK, rc);
10477 CuAssertIntEquals(tc, 0, finished);
10478 }
10479
test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest * tc)10480 void test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest *tc) {
10481 char *line[] = {"(", "user", "user_u", ")",
10482 "(", "role", "role_r", ")",
10483 "(", "type", "type_t", ")",
10484 "(", "category", "c0", ")",
10485 "(", "sensitivity", "s0", ")",
10486 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10487 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10488 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10489 "(", "ipaddr", "ip", "192.168.1.1", ")",
10490 "(", "ipaddr", "netmask", "192.168.1.1", ")",
10491 "(", "nodecon", "ipp", "netmask", "foo", ")", NULL};
10492
10493 struct cil_tree *test_tree;
10494 gen_test_tree(&test_tree, line);
10495
10496 struct cil_db *test_db;
10497 cil_db_init(&test_db);
10498
10499 uint32_t changed = CIL_FALSE;
10500 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10501
10502 uint32_t finished = 0;
10503
10504 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10505
10506 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
10507 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10508 CuAssertIntEquals(tc, 0, finished);
10509 }
10510
test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest * tc)10511 void test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest *tc) {
10512 char *line[] = {"(", "user", "user_u", ")",
10513 "(", "role", "role_r", ")",
10514 "(", "type", "type_t", ")",
10515 "(", "category", "c0", ")",
10516 "(", "sensitivity", "s0", ")",
10517 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10518 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10519 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10520 "(", "ipaddr", "ip", "192.168.1.1", ")",
10521 "(", "ipaddr", "netmask", "192.168.1.1", ")",
10522 "(", "nodecon", "ip", "nnetmask", "foo", ")", NULL};
10523
10524 struct cil_tree *test_tree;
10525 gen_test_tree(&test_tree, line);
10526
10527 struct cil_db *test_db;
10528 cil_db_init(&test_db);
10529
10530 uint32_t changed = CIL_FALSE;
10531 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10532
10533 uint32_t finished = 0;
10534
10535 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10536
10537 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
10538 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10539 CuAssertIntEquals(tc, 0, finished);
10540 }
10541
test_cil_resolve_ast_node_helper_netifcon(CuTest * tc)10542 void test_cil_resolve_ast_node_helper_netifcon(CuTest *tc) {
10543 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10544 "(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10545 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10546
10547 struct cil_tree *test_tree;
10548 gen_test_tree(&test_tree, line);
10549
10550 struct cil_db *test_db;
10551 cil_db_init(&test_db);
10552
10553 uint32_t changed = CIL_FALSE;
10554 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10555
10556 uint32_t finished = 0;
10557
10558 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10559
10560 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10561 CuAssertIntEquals(tc, SEPOL_OK, rc);
10562 CuAssertIntEquals(tc, 0, finished);
10563 }
10564
test_cil_resolve_ast_node_helper_netifcon_neg(CuTest * tc)10565 void test_cil_resolve_ast_node_helper_netifcon_neg(CuTest *tc) {
10566 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10567 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10568
10569 struct cil_tree *test_tree;
10570 gen_test_tree(&test_tree, line);
10571
10572 struct cil_db *test_db;
10573 cil_db_init(&test_db);
10574
10575 uint32_t changed = CIL_FALSE;
10576 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10577
10578 uint32_t finished = 0;
10579
10580 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10581
10582 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10583 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10584 CuAssertIntEquals(tc, 0, finished);
10585 }
10586
test_cil_resolve_ast_node_helper_pirqcon(CuTest * tc)10587 void test_cil_resolve_ast_node_helper_pirqcon(CuTest *tc) {
10588 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10589 "(", "pirqcon", "1", "con", ")", NULL};
10590
10591 struct cil_tree *test_tree;
10592 gen_test_tree(&test_tree, line);
10593
10594 struct cil_db *test_db;
10595 cil_db_init(&test_db);
10596
10597 uint32_t changed = CIL_FALSE;
10598 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10599
10600 uint32_t finished = 0;
10601
10602 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10603
10604 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10605 CuAssertIntEquals(tc, SEPOL_OK, rc);
10606 CuAssertIntEquals(tc, 0, finished);
10607 }
10608
test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest * tc)10609 void test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest *tc) {
10610 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10611 "(", "pirqcon", "1", "dne", ")", NULL};
10612
10613 struct cil_tree *test_tree;
10614 gen_test_tree(&test_tree, line);
10615
10616 struct cil_db *test_db;
10617 cil_db_init(&test_db);
10618
10619 uint32_t changed = CIL_FALSE;
10620 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10621
10622 uint32_t finished = 0;
10623
10624 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10625
10626 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10627 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10628 CuAssertIntEquals(tc, 0, finished);
10629 }
10630
test_cil_resolve_ast_node_helper_iomemcon(CuTest * tc)10631 void test_cil_resolve_ast_node_helper_iomemcon(CuTest *tc) {
10632 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10633 "(", "iomemcon", "1", "con", ")", NULL};
10634
10635 struct cil_tree *test_tree;
10636 gen_test_tree(&test_tree, line);
10637
10638 struct cil_db *test_db;
10639 cil_db_init(&test_db);
10640
10641 uint32_t changed = CIL_FALSE;
10642 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10643
10644 uint32_t finished = 0;
10645
10646 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10647
10648 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10649 CuAssertIntEquals(tc, SEPOL_OK, rc);
10650 CuAssertIntEquals(tc, 0, finished);
10651 }
10652
test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest * tc)10653 void test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest *tc) {
10654 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10655 "(", "iomemcon", "1", "dne", ")", NULL};
10656
10657 struct cil_tree *test_tree;
10658 gen_test_tree(&test_tree, line);
10659
10660 struct cil_db *test_db;
10661 cil_db_init(&test_db);
10662
10663 uint32_t changed = CIL_FALSE;
10664 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10665
10666 uint32_t finished = 0;
10667
10668 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10669
10670 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10671 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10672 CuAssertIntEquals(tc, 0, finished);
10673 }
10674
test_cil_resolve_ast_node_helper_ioportcon(CuTest * tc)10675 void test_cil_resolve_ast_node_helper_ioportcon(CuTest *tc) {
10676 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10677 "(", "ioportcon", "1", "con", ")", NULL};
10678
10679 struct cil_tree *test_tree;
10680 gen_test_tree(&test_tree, line);
10681
10682 struct cil_db *test_db;
10683 cil_db_init(&test_db);
10684
10685 uint32_t changed = CIL_FALSE;
10686 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10687
10688 uint32_t finished = 0;
10689
10690 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10691
10692 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10693 CuAssertIntEquals(tc, SEPOL_OK, rc);
10694 CuAssertIntEquals(tc, 0, finished);
10695 }
10696
test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest * tc)10697 void test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest *tc) {
10698 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10699 "(", "ioportcon", "1", "dne", ")", NULL};
10700
10701 struct cil_tree *test_tree;
10702 gen_test_tree(&test_tree, line);
10703
10704 struct cil_db *test_db;
10705 cil_db_init(&test_db);
10706
10707 uint32_t changed = CIL_FALSE;
10708 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10709
10710 uint32_t finished = 0;
10711
10712 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10713
10714 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10715 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10716 CuAssertIntEquals(tc, 0, finished);
10717 }
10718
test_cil_resolve_ast_node_helper_pcidevicecon(CuTest * tc)10719 void test_cil_resolve_ast_node_helper_pcidevicecon(CuTest *tc) {
10720 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10721 "(", "pcidevicecon", "1", "con", ")", NULL};
10722
10723 struct cil_tree *test_tree;
10724 gen_test_tree(&test_tree, line);
10725
10726 struct cil_db *test_db;
10727 cil_db_init(&test_db);
10728
10729 uint32_t changed = CIL_FALSE;
10730 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10731
10732 uint32_t finished = 0;
10733
10734 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10735
10736 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10737 CuAssertIntEquals(tc, SEPOL_OK, rc);
10738 CuAssertIntEquals(tc, 0, finished);
10739 }
10740
test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest * tc)10741 void test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest *tc) {
10742 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10743 "(", "pcidevicecon", "1", "dne", ")", NULL};
10744
10745 struct cil_tree *test_tree;
10746 gen_test_tree(&test_tree, line);
10747
10748 struct cil_db *test_db;
10749 cil_db_init(&test_db);
10750
10751 uint32_t changed = CIL_FALSE;
10752 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10753
10754 uint32_t finished = 0;
10755
10756 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10757
10758 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10759 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10760 CuAssertIntEquals(tc, 0, finished);
10761 }
10762
test_cil_resolve_ast_node_helper_fsuse(CuTest * tc)10763 void test_cil_resolve_ast_node_helper_fsuse(CuTest *tc) {
10764 char *line[] = {"(", "sensitivity", "s0", ")",
10765 "(", "category", "c0", ")",
10766 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10767 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10768 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10769 "(", "user", "system_u", ")",
10770 "(", "role", "object_r", ")",
10771 "(", "type", "netif_t", ")",
10772 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
10773 "(", "fsuse", "xattr", "ext3", "con", ")", NULL};
10774
10775 struct cil_tree *test_tree;
10776 gen_test_tree(&test_tree, line);
10777
10778 struct cil_db *test_db;
10779 cil_db_init(&test_db);
10780
10781 uint32_t changed = CIL_FALSE;
10782 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10783
10784 uint32_t finished = 0;
10785
10786 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10787
10788 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10789 CuAssertIntEquals(tc, SEPOL_OK, rc);
10790 CuAssertIntEquals(tc, 0, finished);
10791 }
10792
test_cil_resolve_ast_node_helper_fsuse_neg(CuTest * tc)10793 void test_cil_resolve_ast_node_helper_fsuse_neg(CuTest *tc) {
10794 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10795 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10796
10797 struct cil_tree *test_tree;
10798 gen_test_tree(&test_tree, line);
10799
10800 struct cil_db *test_db;
10801 cil_db_init(&test_db);
10802
10803 uint32_t changed = CIL_FALSE;
10804 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10805
10806 uint32_t finished = 0;
10807
10808 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10809
10810 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10811 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10812 CuAssertIntEquals(tc, 0, finished);
10813 }
10814
test_cil_resolve_ast_node_helper_sidcontext(CuTest * tc)10815 void test_cil_resolve_ast_node_helper_sidcontext(CuTest *tc) {
10816 char *line[] = {"(", "category", "c0", ")",
10817 "(", "categoryorder", "(", "c0", ")", ")",
10818 "(", "sensitivity", "s0", ")",
10819 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10820 "(", "type", "blah_t", ")",
10821 "(", "role", "blah_r", ")",
10822 "(", "user", "blah_u", ")",
10823 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10824 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10825 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
10826
10827 struct cil_tree *test_tree;
10828 gen_test_tree(&test_tree, line);
10829
10830 struct cil_db *test_db;
10831 cil_db_init(&test_db);
10832
10833 uint32_t changed = CIL_FALSE;
10834 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10835
10836 uint32_t finished = 0;
10837
10838 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10839
10840 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10841 CuAssertIntEquals(tc, SEPOL_OK, rc);
10842 CuAssertIntEquals(tc, 0, finished);
10843 }
10844
test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest * tc)10845 void test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest *tc) {
10846 char *line[] = {"(", "category", "c0", ")",
10847 "(", "categoryorder", "(", "c0", ")", ")",
10848 "(", "sensitivity", "s0", ")",
10849 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10850 "(", "type", "blah_t", ")",
10851 "(", "role", "blah_r", ")",
10852 "(", "user", "blah_u", ")",
10853 "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
10854
10855 struct cil_tree *test_tree;
10856 gen_test_tree(&test_tree, line);
10857
10858 struct cil_db *test_db;
10859 cil_db_init(&test_db);
10860
10861 uint32_t changed = CIL_FALSE;
10862 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10863
10864 uint32_t finished = 0;
10865
10866 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10867
10868 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
10869 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10870 CuAssertIntEquals(tc, 0, finished);
10871 }
10872
test_cil_resolve_ast_node_helper_blockinherit(CuTest * tc)10873 void test_cil_resolve_ast_node_helper_blockinherit(CuTest *tc) {
10874 char *line[] = {"(", "block", "baz", "(", "type", "foo", ")", ")",
10875 "(", "block", "bar", "(", "type", "a", ")",
10876 "(", "blockinherit", "baz", ")", ")", NULL};
10877
10878 struct cil_tree *test_tree;
10879 gen_test_tree(&test_tree, line);
10880
10881 struct cil_db *test_db;
10882 cil_db_init(&test_db);
10883
10884 uint32_t changed = CIL_FALSE;
10885 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_BLKIN, &changed, NULL, NULL, NULL);
10886
10887 uint32_t finished = 0;
10888
10889 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10890
10891 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->cl_head->next, &finished, args);
10892 CuAssertIntEquals(tc, SEPOL_OK, rc);
10893 CuAssertIntEquals(tc, 0, finished);
10894 }
10895
test_cil_resolve_ast_node_helper_classcommon(CuTest * tc)10896 void test_cil_resolve_ast_node_helper_classcommon(CuTest *tc) {
10897 char *line[] = {"(", "class", "file", "(", "read", ")", ")",
10898 "(", "common", "file", "(", "write", ")", ")",
10899 "(", "classcommon", "file", "file", ")", NULL};
10900
10901 struct cil_tree *test_tree;
10902 gen_test_tree(&test_tree, line);
10903
10904 struct cil_db *test_db;
10905 cil_db_init(&test_db);
10906
10907 uint32_t changed = CIL_FALSE;
10908 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
10909
10910 uint32_t finished = 0;
10911
10912 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10913
10914 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10915 CuAssertIntEquals(tc, SEPOL_OK, rc);
10916 CuAssertIntEquals(tc, 0, finished);
10917 }
10918
test_cil_resolve_ast_node_helper_classcommon_neg(CuTest * tc)10919 void test_cil_resolve_ast_node_helper_classcommon_neg(CuTest *tc) {
10920 char *line[] = {"(", "class", "file", "(", "read", ")", ")",
10921 "(", "classcommon", "file", "file", ")", NULL};
10922
10923 struct cil_tree *test_tree;
10924 gen_test_tree(&test_tree, line);
10925
10926 struct cil_db *test_db;
10927 cil_db_init(&test_db);
10928
10929 uint32_t changed = CIL_FALSE;
10930 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
10931
10932 uint32_t finished = 0;
10933
10934 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10935
10936 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10937 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10938 CuAssertIntEquals(tc, 0, finished);
10939 }
10940
test_cil_resolve_ast_node_helper_rolebounds(CuTest * tc)10941 void test_cil_resolve_ast_node_helper_rolebounds(CuTest *tc) {
10942 char *line[] = {"(", "role", "role1", ")",
10943 "(", "role", "role2", ")",
10944 "(", "rolebounds", "role1", "role2", ")", NULL};
10945
10946 struct cil_tree *test_tree;
10947 gen_test_tree(&test_tree, line);
10948
10949 struct cil_db *test_db;
10950 cil_db_init(&test_db);
10951
10952 struct cil_tree_node *test_ast_node;
10953 cil_tree_node_init(&test_ast_node);
10954
10955 uint32_t finished = 0;
10956
10957 uint32_t changed = CIL_FALSE;
10958 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10959
10960 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10961
10962 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10963 CuAssertIntEquals(tc, 0, finished);
10964 CuAssertIntEquals(tc, SEPOL_OK, rc);
10965 }
10966
test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest * tc)10967 void test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest *tc) {
10968 char *line[] = {"(", "role", "role1", ")",
10969 "(", "rolebounds", "role1", "role2", ")", NULL};
10970
10971 struct cil_tree *test_tree;
10972 gen_test_tree(&test_tree, line);
10973
10974 struct cil_db *test_db;
10975 cil_db_init(&test_db);
10976
10977 struct cil_tree_node *test_ast_node;
10978 cil_tree_node_init(&test_ast_node);
10979
10980 uint32_t finished = 0;
10981
10982 uint32_t changed = CIL_FALSE;
10983 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10984
10985 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10986
10987 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10988 CuAssertIntEquals(tc, 0, finished);
10989 CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10990 }
10991
10992
test_cil_resolve_ast_node_helper_callstack(CuTest * tc)10993 void test_cil_resolve_ast_node_helper_callstack(CuTest *tc) {
10994 char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
10995
10996 struct cil_tree *test_tree;
10997 gen_test_tree(&test_tree, line);
10998
10999 struct cil_db *test_db;
11000 cil_db_init(&test_db);
11001
11002 struct cil_tree_node *test_ast_node;
11003 cil_tree_node_init(&test_ast_node);
11004
11005 struct cil_tree_node *test_ast_node_call;
11006 cil_tree_node_init(&test_ast_node_call);
11007 test_ast_node_call->flavor = CIL_CALL;
11008
11009 uint32_t finished = 0;
11010
11011 uint32_t changed = CIL_FALSE;
11012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11013
11014 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11015
11016 __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11017 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11018 CuAssertIntEquals(tc, SEPOL_OK, rc);
11019 }
11020
test_cil_resolve_ast_node_helper_call(CuTest * tc)11021 void test_cil_resolve_ast_node_helper_call(CuTest *tc) {
11022 char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
11023
11024 struct cil_tree *test_tree;
11025 gen_test_tree(&test_tree, line);
11026
11027 struct cil_db *test_db;
11028 cil_db_init(&test_db);
11029
11030 struct cil_tree_node *test_ast_node;
11031 cil_tree_node_init(&test_ast_node);
11032
11033 struct cil_tree_node *test_ast_node_call;
11034 cil_tree_node_init(&test_ast_node_call);
11035 test_ast_node_call->flavor = CIL_CALL;
11036
11037 uint32_t finished = 0;
11038
11039 uint32_t changed = CIL_FALSE;
11040 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11041
11042 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11043
11044 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11045 CuAssertIntEquals(tc, SEPOL_OK, rc);
11046 }
11047
test_cil_resolve_ast_node_helper_optional(CuTest * tc)11048 void test_cil_resolve_ast_node_helper_optional(CuTest *tc) {
11049 char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
11050
11051 struct cil_tree *test_tree;
11052 gen_test_tree(&test_tree, line);
11053
11054 struct cil_db *test_db;
11055 cil_db_init(&test_db);
11056
11057 struct cil_tree_node *test_ast_node;
11058 cil_tree_node_init(&test_ast_node);
11059
11060 struct cil_tree_node *test_ast_node_opt;
11061 cil_tree_node_init(&test_ast_node_opt);
11062 test_ast_node_opt->flavor = CIL_OPTIONAL;
11063
11064 uint32_t finished = 0;
11065
11066 uint32_t changed = CIL_FALSE;
11067 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11068
11069 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11070
11071 // set optional to disabled
11072 ((struct cil_symtab_datum *)test_db->ast->root->cl_head->data)->state = CIL_STATE_DISABLED;
11073
11074 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11075 CuAssertIntEquals(tc, SEPOL_OK, rc);
11076 }
11077
test_cil_resolve_ast_node_helper_macro(CuTest * tc)11078 void test_cil_resolve_ast_node_helper_macro(CuTest *tc) {
11079 char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
11080 "(", "type", "b", ")",
11081 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
11082
11083 struct cil_tree *test_tree;
11084 gen_test_tree(&test_tree, line);
11085
11086 struct cil_db *test_db;
11087 cil_db_init(&test_db);
11088
11089 struct cil_tree_node *test_ast_node;
11090 cil_tree_node_init(&test_ast_node);
11091
11092 uint32_t finished = 0;
11093
11094 uint32_t changed = CIL_FALSE;
11095 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11096
11097 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11098
11099 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11100 CuAssertIntEquals(tc, SEPOL_OK, rc);
11101 }
11102
test_cil_resolve_ast_node_helper_optstack(CuTest * tc)11103 void test_cil_resolve_ast_node_helper_optstack(CuTest *tc) {
11104 char *line[] = {"(", "class", "baz", "(", "read", ")", ")",
11105 "(", "type", "foo", ")",
11106 "(", "type", "bar", ")",
11107 "(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
11108
11109 struct cil_tree *test_tree;
11110 gen_test_tree(&test_tree, line);
11111
11112 struct cil_db *test_db;
11113 cil_db_init(&test_db);
11114
11115 struct cil_tree_node *test_ast_node;
11116 cil_tree_node_init(&test_ast_node);
11117
11118 struct cil_tree_node *test_ast_node_opt;
11119 cil_tree_node_init(&test_ast_node_opt);
11120 test_ast_node_opt->flavor = CIL_OPTIONAL;
11121
11122 uint32_t finished = 0;
11123
11124 uint32_t changed = CIL_FALSE;
11125 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11126
11127 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11128
11129 __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
11130 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
11131 CuAssertIntEquals(tc, SEPOL_OK, rc);
11132 }
11133
test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest * tc)11134 void test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest *tc) {
11135 char *line[] = {"(", "tunable", "foo", "true", ")", NULL};
11136
11137 struct cil_tree *test_tree;
11138 gen_test_tree(&test_tree, line);
11139
11140 struct cil_db *test_db;
11141 cil_db_init(&test_db);
11142
11143 struct cil_tree_node *test_ast_node_opt;
11144 cil_tree_node_init(&test_ast_node_opt);
11145 test_ast_node_opt->flavor = CIL_OPTIONAL;
11146
11147 uint32_t changed = CIL_FALSE;
11148 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, test_ast_node_opt, NULL);
11149
11150 uint32_t finished = 0;
11151
11152 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11153
11154 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11155 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11156 }
11157
test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest * tc)11158 void test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest *tc) {
11159 char *line[] = {"(", "type", "qaz", ")",
11160 "(", "class", "file", "(", "read", ")", ")",
11161 "(", "macro", "mm", "(", "(", "type", "a", ")", ")",
11162 "(", "type", "b", ")",
11163 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
11164 "(", "call", "mm", "(", "qaz", ")", ")", NULL};
11165
11166 struct cil_tree *test_tree;
11167 gen_test_tree(&test_tree, line);
11168
11169 struct cil_db *test_db;
11170 cil_db_init(&test_db);
11171
11172 struct cil_tree_node *test_ast_node_opt;
11173 cil_tree_node_init(&test_ast_node_opt);
11174 test_ast_node_opt->flavor = CIL_OPTIONAL;
11175
11176 uint32_t changed = CIL_FALSE;
11177 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, test_ast_node_opt, NULL);
11178
11179 uint32_t finished = 0;
11180
11181 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11182
11183 cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
11184
11185 args->pass = CIL_PASS_CALL2;
11186
11187 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11188 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11189 CuAssertIntEquals(tc, 0, finished);
11190 }
11191
test_cil_resolve_ast_node_helper_nodenull_neg(CuTest * tc)11192 void test_cil_resolve_ast_node_helper_nodenull_neg(CuTest *tc) {
11193 char *line[] = {"(", "role", "staff_r", ")",
11194 "(", "user", "staff_u", ")",
11195 "(", "userrole", "staff_u", "staff_r", ")", NULL};
11196
11197 struct cil_tree *test_tree;
11198 gen_test_tree(&test_tree, line);
11199
11200 struct cil_db *test_db;
11201 cil_db_init(&test_db);
11202
11203 struct cil_tree_node *test_ast_node;
11204 cil_tree_node_init(&test_ast_node);
11205
11206 uint32_t changed = CIL_FALSE;
11207 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
11208
11209 uint32_t finished = 0;
11210
11211 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11212
11213 int rc = __cil_resolve_ast_node_helper(NULL, &finished, args);
11214 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11215 }
11216
test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest * tc)11217 void test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest *tc) {
11218 char *line[] = {"(", "role", "staff_r", ")",
11219 "(", "user", "staff_u", ")",
11220 "(", "userrole", "staff_u", "staff_r", ")", NULL};
11221
11222 struct cil_tree *test_tree;
11223 gen_test_tree(&test_tree, line);
11224
11225 struct cil_db *test_db;
11226 cil_db_init(&test_db);
11227
11228 struct cil_tree_node *test_ast_node;
11229 cil_tree_node_init(&test_ast_node);
11230
11231 uint32_t finished = 0;
11232
11233 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11234
11235 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, NULL);
11236 CuAssertIntEquals(tc, 0, finished);
11237 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11238 }
11239
test_cil_resolve_ast_node_helper_dbflavor_neg(CuTest * tc)11240 void test_cil_resolve_ast_node_helper_dbflavor_neg(CuTest *tc) {
11241 char *line[] = {"(", "role", "staff_r", ")",
11242 "(", "user", "staff_u", ")",
11243 "(", "userrole", "staff_u", "staff_r", ")", NULL};
11244
11245 struct cil_tree *test_tree;
11246 gen_test_tree(&test_tree, line);
11247
11248 struct cil_db *test_db;
11249 cil_db_init(&test_db);
11250
11251 struct cil_tree_node *test_ast_node;
11252 cil_tree_node_init(&test_ast_node);
11253
11254 uint32_t finished = 0;
11255
11256 uint32_t changed = CIL_FALSE;
11257 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11258
11259 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11260
11261 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11262 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11263 }
11264
test_cil_resolve_ast_node_helper_pass_neg(CuTest * tc)11265 void test_cil_resolve_ast_node_helper_pass_neg(CuTest *tc) {
11266 char *line[] = {"(", "role", "staff_r", ")",
11267 "(", "user", "staff_u", ")",
11268 "(", "userrole", "staff_u", "staff_r", ")", NULL};
11269
11270 struct cil_tree *test_tree;
11271 gen_test_tree(&test_tree, line);
11272
11273 struct cil_db *test_db;
11274 cil_db_init(&test_db);
11275
11276 struct cil_tree_node *test_ast_node;
11277 cil_tree_node_init(&test_ast_node);
11278
11279 uint32_t finished = 0;
11280
11281 uint32_t changed = CIL_FALSE;
11282 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11283
11284 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11285
11286 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11287 CuAssertIntEquals(tc, SEPOL_ERR, rc);
11288 }
11289
test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest * tc)11290 void test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest *tc) {
11291 char *line[] = {"(", "class", "file", "(", "read", ")", ")",
11292 "(", "classcommon", "file", "file", ")", NULL};
11293
11294 struct cil_tree *test_tree;
11295 gen_test_tree(&test_tree, line);
11296
11297 struct cil_db *test_db;
11298 cil_db_init(&test_db);
11299
11300 struct cil_optional *opt;
11301 cil_optional_init(&opt);
11302
11303 struct cil_tree_node *test_ast_node_opt;
11304 cil_tree_node_init(&test_ast_node_opt);
11305 test_ast_node_opt->flavor = CIL_OPTIONAL;
11306 test_ast_node_opt->data = opt;
11307
11308 uint32_t changed = CIL_FALSE;
11309 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, test_ast_node_opt, NULL);
11310
11311 uint32_t finished = 0;
11312
11313 cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11314
11315 int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
11316 CuAssertIntEquals(tc, SEPOL_OK, rc);
11317 CuAssertIntEquals(tc, 0, finished);
11318 }
11319
11320