1 /*
2 * Author: Joshua Brindle <jbrindle@tresys.com>
3 *
4 * Copyright (C) 2006 Tresys Technology, LLC
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include "parse_util.h"
22 #include "helpers.h"
23 #include "test-common.h"
24
25 #include <sepol/policydb/policydb.h>
26 #include <sepol/policydb/link.h>
27 #include <sepol/policydb/conditional.h>
28
29 #include <CUnit/Basic.h>
30 #include <stdlib.h>
31
32 /* Tests for conditionals
33 * Test each cond/bool for these
34 * - boolean copied correctly (state is correct)
35 * - conditional expression is correct
36 * Tests:
37 * - single boolean in base
38 * - single boolean in module
39 * - single boolean in base optional
40 * - single boolean in module optional
41 * - 2 booleans in base
42 * - 2 booleans in module
43 * - 2 booleans in base optional
44 * - 2 booleans in module optional
45 * - 2 booleans, base and module
46 * - 2 booleans, base optional and module
47 * - 2 booleans, base optional and module optional
48 * - 3 booleans, base, base optional, module
49 * - 4 boolean, base, base optional, module, module optional
50 */
51
52 typedef struct test_cond_expr {
53 const char *bool;
54 uint32_t expr_type;
55 } test_cond_expr_t;
56
test_cond_expr_mapping(policydb_t * p,avrule_decl_t * d,test_cond_expr_t * bools,int len)57 void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_expr_t * bools, int len)
58 {
59 int i;
60 cond_expr_t *expr;
61
62 CU_ASSERT_FATAL(d->cond_list != NULL);
63 CU_ASSERT_FATAL(d->cond_list->expr != NULL);
64
65 expr = d->cond_list->expr;
66
67 for (i = 0; i < len; i++) {
68 CU_ASSERT_FATAL(expr != NULL);
69
70 CU_ASSERT(expr->expr_type == bools[i].expr_type);
71 if (bools[i].bool) {
72 CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
73 }
74 expr = expr->next;
75 }
76 }
77
test_bool_state(policydb_t * p,const char * bool,int state)78 void test_bool_state(policydb_t * p, const char *bool, int state)
79 {
80 cond_bool_datum_t *b;
81
82 b = hashtab_search(p->p_bools.table, bool);
83 CU_ASSERT_FATAL(b != NULL);
84 CU_ASSERT(b->state == state);
85 }
86
base_cond_tests(policydb_t * base)87 void base_cond_tests(policydb_t * base)
88 {
89 avrule_decl_t *d;
90 unsigned int decls[1];
91 test_cond_expr_t bools[2];
92
93 /* these tests look at booleans and conditionals in the base only
94 * to ensure that they aren't altered or removed during the link process */
95
96 /* bool existence and state, global scope */
97 d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b");
98 decls[0] = d->decl_id;
99 test_sym_presence(base, "g_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
100 test_bool_state(base, "g_b_bool_1", 0);
101 /* conditional expression mapped correctly */
102 bools[0].bool = "g_b_bool_1";
103 bools[0].expr_type = COND_BOOL;
104 test_cond_expr_mapping(base, d, bools, 1);
105
106 /* bool existence and state, optional scope */
107 d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
108 decls[0] = d->decl_id;
109 test_sym_presence(base, "o1_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
110 test_bool_state(base, "o1_b_bool_1", 1);
111 /* conditional expression mapped correctly */
112 bools[0].bool = "o1_b_bool_1";
113 bools[0].expr_type = COND_BOOL;
114 test_cond_expr_mapping(base, d, bools, 1);
115
116 }
117
module_cond_tests(policydb_t * base)118 void module_cond_tests(policydb_t * base)
119 {
120 avrule_decl_t *d;
121 unsigned int decls[1];
122 test_cond_expr_t bools[3];
123
124 /* bool existence and state, module 1 global scope */
125 d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1");
126 decls[0] = d->decl_id;
127 test_sym_presence(base, "g_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
128 test_bool_state(base, "g_m1_bool_1", 1);
129 /* conditional expression mapped correctly */
130 bools[0].bool = "g_m1_bool_1";
131 bools[0].expr_type = COND_BOOL;
132 test_cond_expr_mapping(base, d, bools, 1);
133
134 /* bool existence and state, module 1 optional scope */
135 d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
136 decls[0] = d->decl_id;
137 test_sym_presence(base, "o1_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
138 test_bool_state(base, "o1_m1_bool_1", 0);
139 /* conditional expression mapped correctly */
140 bools[0].bool = "o1_m1_bool_1";
141 bools[0].expr_type = COND_BOOL;
142 test_cond_expr_mapping(base, d, bools, 1);
143
144 /* bool existence and state, module 2 global scope */
145 d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2");
146 decls[0] = d->decl_id;
147 test_sym_presence(base, "g_m2_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
148 test_sym_presence(base, "g_m2_bool_2", SYM_BOOLS, SCOPE_DECL, decls, 1);
149 test_bool_state(base, "g_m2_bool_1", 1);
150 test_bool_state(base, "g_m2_bool_2", 0);
151 /* conditional expression mapped correctly */
152 bools[0].bool = "g_m2_bool_1";
153 bools[0].expr_type = COND_BOOL;
154 bools[1].bool = "g_m2_bool_2";
155 bools[1].expr_type = COND_BOOL;
156 bools[2].bool = NULL;
157 bools[2].expr_type = COND_AND;
158 test_cond_expr_mapping(base, d, bools, 3);
159 }
160