• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
2#
3# Copyright (C) 2006 Red Hat
4# see file 'COPYING' for use and warranty information
5#
6# This program is free software; you can redistribute it and/or
7# modify it under the terms of the GNU General Public License as
8# published by the Free Software Foundation; version 2 only
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program; if not, write to the Free Software
17# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18#
19
20import unittest
21import sepolgen.refparser as refparser
22import sepolgen.refpolicy as refpolicy
23
24interface_example = """########################################
25## <summary>
26##	Search the content of /etc.
27## </summary>
28## <param name="domain">
29##	<summary>
30##	Domain allowed access.
31##	</summary>
32## </param>
33#
34interface(`files_search_usr',`
35	gen_require(`
36		type usr_t;
37	')
38
39	allow $1 usr_t:dir search;
40        allow { domain $1 } { usr_t usr_home_t }:{ file dir } { read write getattr };
41        typeattribute $1 file_type;
42
43        if (foo) {
44           allow $1 foo:bar baz;
45        }
46
47        if (bar) {
48           allow $1 foo:bar baz;
49        } else {
50           allow $1 foo:bar baz;
51        }
52')
53
54########################################
55## <summary>
56##	List the contents of generic
57##	directories in /usr.
58## </summary>
59## <param name="domain">
60##	<summary>
61##	Domain allowed access.
62##	</summary>
63## </param>
64#
65interface(`files_list_usr',`
66	gen_require(`
67		type usr_t;
68	')
69
70	allow $1 usr_t:dir { read getattr };
71
72        optional_policy(`
73            search_usr($1)
74        ')
75
76        tunable_policy(`foo',`
77            whatever($1)
78        ')
79
80')
81
82########################################
83## <summary>
84##	Execute generic programs in /usr in the caller domain.
85## </summary>
86## <param name="domain">
87##	<summary>
88##	Domain allowed access.
89##	</summary>
90## </param>
91#
92interface(`files_exec_usr_files',`
93	gen_require(`
94		type usr_t;
95	')
96
97	allow $1 usr_t:dir read;
98	allow $1 usr_t:lnk_file { read getattr };
99	can_exec($1,usr_t)
100        can_foo($1)
101
102')
103"""
104
105class TestParser(unittest.TestCase):
106    def test_interface_parsing(self):
107        h = refparser.parse(interface_example)
108        #print ""
109        #refpolicy.print_tree(h)
110        #self.assertEqual(len(h.interfaces), 3)
111
112        name = "files_search_usr"
113        #i = h.interfaces[name]
114        #self.assertEqual(i.name, name)
115        #self.assertEqual(len(i.rules), 1)
116        #rule = i.rules[0]
117        #self.assertTrue(isinstance(rule, refpolicy.AVRule))
118
119
120
121