1 /*
2 * Authors: Chad Sellers <csellers@tresys.com>
3 * Joshua Brindle <jbrindle@tresys.com>
4 *
5 * Copyright (C) 2006 Tresys Technology, LLC
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 /* This is where the expander tests should go, including:
23 * - check role, type, bool, user mapping
24 * - add symbols declared in enabled optionals
25 * - do not add symbols declared in disabled optionals
26 * - add rules from enabled optionals
27 * - do not add rules from disabled optionals
28 * - verify attribute mapping
29
30 * - check conditional expressions for correct mapping
31 */
32
33 #include "test-expander.h"
34 #include "parse_util.h"
35 #include "helpers.h"
36 #include "test-common.h"
37 #include "test-expander-users.h"
38 #include "test-expander-roles.h"
39 #include "test-expander-attr-map.h"
40
41 #include <sepol/policydb/policydb.h>
42 #include <sepol/policydb/expand.h>
43 #include <sepol/policydb/link.h>
44 #include <sepol/policydb/conditional.h>
45 #include <limits.h>
46 #include <stdlib.h>
47
48 policydb_t role_expanded;
49 policydb_t user_expanded;
50 policydb_t base_expanded2;
51 static policydb_t basemod;
52 static policydb_t basemod2;
53 static policydb_t mod2;
54 static policydb_t base_expanded;
55 static policydb_t base_only_mod;
56 static policydb_t base_only_expanded;
57 static policydb_t role_basemod;
58 static policydb_t role_mod;
59 static policydb_t user_basemod;
60 static policydb_t user_mod;
61 static policydb_t alias_basemod;
62 static policydb_t alias_mod;
63 static policydb_t alias_expanded;
64 static uint32_t *typemap;
65 extern int mls;
66
67 /* Takes base, some number of modules, links them, and expands them
68 reads source from myfiles array, which has the base string followed by
69 each module string */
expander_policy_init(policydb_t * mybase,int num_modules,policydb_t ** mymodules,policydb_t * myexpanded,const char * const * myfiles)70 int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, const char *const *myfiles)
71 {
72 char *filename[num_modules + 1];
73 int i;
74
75 for (i = 0; i < num_modules + 1; i++) {
76 filename[i] = calloc(PATH_MAX, sizeof(char));
77 if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
78 return -1;
79 }
80
81 if (policydb_init(mybase)) {
82 fprintf(stderr, "out of memory!\n");
83 return -1;
84 }
85
86 for (i = 0; i < num_modules; i++) {
87 if (policydb_init(mymodules[i])) {
88 fprintf(stderr, "out of memory!\n");
89 return -1;
90 }
91 }
92
93 if (policydb_init(myexpanded)) {
94 fprintf(stderr, "out of memory!\n");
95 return -1;
96 }
97
98 mybase->policy_type = POLICY_BASE;
99 mybase->mls = mls;
100
101 if (read_source_policy(mybase, filename[0], myfiles[0])) {
102 fprintf(stderr, "read source policy failed %s\n", filename[0]);
103 return -1;
104 }
105
106 for (i = 1; i < num_modules + 1; i++) {
107 mymodules[i - 1]->policy_type = POLICY_MOD;
108 mymodules[i - 1]->mls = mls;
109 if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
110 fprintf(stderr, "read source policy failed %s\n", filename[i]);
111 return -1;
112 }
113 }
114
115 if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
116 fprintf(stderr, "link modules failed\n");
117 return -1;
118 }
119
120 if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
121 fprintf(stderr, "expand modules failed\n");
122 return -1;
123 }
124
125 for (i = 0; i < num_modules + 1; i++) {
126 free(filename[i]);
127 }
128 return 0;
129 }
130
expander_test_init(void)131 int expander_test_init(void)
132 {
133 const char *small_base_file = "small-base.conf";
134 const char *base_only_file = "base-base-only.conf";
135 int rc;
136 policydb_t *mymod2;
137 const char *files2[] = { "small-base.conf", "module.conf" };
138 const char *role_files[] = { "role-base.conf", "role-module.conf" };
139 const char *user_files[] = { "user-base.conf", "user-module.conf" };
140 const char *alias_files[] = { "alias-base.conf", "alias-module.conf" };
141
142 rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file);
143 if (rc != 0)
144 return rc;
145
146 mymod2 = &mod2;
147 rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2);
148 if (rc != 0)
149 return rc;
150
151 rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file);
152 if (rc != 0)
153 return rc;
154
155 mymod2 = &role_mod;
156 rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files);
157 if (rc != 0)
158 return rc;
159
160 /* Just init the base for now, until we figure out how to separate out
161 mls and non-mls tests since users can't be used in mls module */
162 mymod2 = &user_mod;
163 rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files);
164 if (rc != 0)
165 return rc;
166
167 mymod2 = &alias_mod;
168 rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files);
169 if (rc != 0)
170 return rc;
171
172 return 0;
173 }
174
expander_test_cleanup(void)175 int expander_test_cleanup(void)
176 {
177 policydb_destroy(&basemod);
178 policydb_destroy(&base_expanded);
179 policydb_destroy(&basemod2);
180 policydb_destroy(&base_expanded2);
181 policydb_destroy(&mod2);
182 policydb_destroy(&base_only_mod);
183 policydb_destroy(&base_only_expanded);
184 policydb_destroy(&role_basemod);
185 policydb_destroy(&role_expanded);
186 policydb_destroy(&role_mod);
187 policydb_destroy(&user_basemod);
188 policydb_destroy(&user_expanded);
189 policydb_destroy(&user_mod);
190 policydb_destroy(&alias_basemod);
191 policydb_destroy(&alias_expanded);
192 policydb_destroy(&alias_mod);
193 free(typemap);
194
195 return 0;
196 }
197
test_expander_indexes(void)198 static void test_expander_indexes(void)
199 {
200 test_policydb_indexes(&base_expanded);
201 }
202
test_expander_alias(void)203 static void test_expander_alias(void)
204 {
205 test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0);
206 test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0);
207 test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0);
208 }
209
expander_add_tests(CU_pSuite suite)210 int expander_add_tests(CU_pSuite suite)
211 {
212 if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) {
213 CU_cleanup_registry();
214 return CU_get_error();
215 }
216
217 if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) {
218 CU_cleanup_registry();
219 return CU_get_error();
220 }
221
222 if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) {
223 CU_cleanup_registry();
224 return CU_get_error();
225 }
226 if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) {
227 CU_cleanup_registry();
228 return CU_get_error();
229 }
230 if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) {
231 CU_cleanup_registry();
232 return CU_get_error();
233 }
234 return 0;
235 }
236