1# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 2# 3# Copyright (C) 2006 Red Hat 4# see file 'COPYING' for use and warranty information 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; version 2 only 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program; if not, write to the Free Software 17# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18# 19 20import unittest 21import sepolgen.refpolicy as refpolicy 22import selinux 23 24class TestIdSet(unittest.TestCase): 25 def test_set_to_str(self): 26 s = refpolicy.IdSet(["read", "write", "getattr"]) 27 self.assertEquals(s.to_space_str(), "{ read write getattr }") 28 s = refpolicy.IdSet() 29 s.add("read") 30 self.assertEquals(s.to_space_str(), "read") 31 32class TestSecurityContext(unittest.TestCase): 33 def test_init(self): 34 sc = refpolicy.SecurityContext() 35 sc = refpolicy.SecurityContext("user_u:object_r:foo_t") 36 37 def test_from_string(self): 38 context = "user_u:object_r:foo_t" 39 sc = refpolicy.SecurityContext() 40 sc.from_string(context) 41 self.assertEquals(sc.user, "user_u") 42 self.assertEquals(sc.role, "object_r") 43 self.assertEquals(sc.type, "foo_t") 44 self.assertEquals(sc.level, None) 45 if selinux.is_selinux_mls_enabled(): 46 self.assertEquals(str(sc), context + ":s0") 47 else: 48 self.assertEquals(str(sc), context) 49 self.assertEquals(sc.to_string(default_level="s1"), context + ":s1") 50 51 context = "user_u:object_r:foo_t:s0-s0:c0-c255" 52 sc = refpolicy.SecurityContext() 53 sc.from_string(context) 54 self.assertEquals(sc.user, "user_u") 55 self.assertEquals(sc.role, "object_r") 56 self.assertEquals(sc.type, "foo_t") 57 self.assertEquals(sc.level, "s0-s0:c0-c255") 58 self.assertEquals(str(sc), context) 59 self.assertEquals(sc.to_string(), context) 60 61 sc = refpolicy.SecurityContext() 62 self.assertRaises(ValueError, sc.from_string, "abc") 63 64 def test_equal(self): 65 sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t") 66 sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t") 67 sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0") 68 sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t") 69 70 self.assertEquals(sc1, sc2) 71 self.assertNotEquals(sc1, sc3) 72 self.assertNotEquals(sc1, sc4) 73 74class TestObjecClass(unittest.TestCase): 75 def test_init(self): 76 o = refpolicy.ObjectClass(name="file") 77 self.assertEquals(o.name, "file") 78 self.assertTrue(isinstance(o.perms, set)) 79 80class TestAVRule(unittest.TestCase): 81 def test_init(self): 82 a = refpolicy.AVRule() 83 self.assertEquals(a.rule_type, a.ALLOW) 84 self.assertTrue(isinstance(a.src_types, set)) 85 self.assertTrue(isinstance(a.tgt_types, set)) 86 self.assertTrue(isinstance(a.obj_classes, set)) 87 self.assertTrue(isinstance(a.perms, set)) 88 89 def test_to_string(self): 90 a = refpolicy.AVRule() 91 a.src_types.add("foo_t") 92 a.tgt_types.add("bar_t") 93 a.obj_classes.add("file") 94 a.perms.add("read") 95 self.assertEquals(a.to_string(), "allow foo_t bar_t:file read;") 96 97 a.rule_type = a.DONTAUDIT 98 a.src_types.add("user_t") 99 a.tgt_types.add("user_home_t") 100 a.obj_classes.add("lnk_file") 101 a.perms.add("write") 102 # This test might need to go because set ordering is not guaranteed 103 self.assertEquals(a.to_string(), 104 "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };") 105 106class TestTypeRule(unittest.TestCase): 107 def test_init(self): 108 a = refpolicy.TypeRule() 109 self.assertEquals(a.rule_type, a.TYPE_TRANSITION) 110 self.assertTrue(isinstance(a.src_types, set)) 111 self.assertTrue(isinstance(a.tgt_types, set)) 112 self.assertTrue(isinstance(a.obj_classes, set)) 113 self.assertEquals(a.dest_type, "") 114 115 def test_to_string(self): 116 a = refpolicy.TypeRule() 117 a.src_types.add("foo_t") 118 a.tgt_types.add("bar_exec_t") 119 a.obj_classes.add("process") 120 a.dest_type = "bar_t" 121 self.assertEquals(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;") 122 123 124class TestParseNode(unittest.TestCase): 125 def test_walktree(self): 126 # Construct a small tree 127 h = refpolicy.Headers() 128 a = refpolicy.AVRule() 129 a.src_types.add("foo_t") 130 a.tgt_types.add("bar_t") 131 a.obj_classes.add("file") 132 a.perms.add("read") 133 134 ifcall = refpolicy.InterfaceCall(ifname="allow_foobar") 135 ifcall.args.append("foo_t") 136 ifcall.args.append("{ file dir }") 137 138 i = refpolicy.Interface(name="foo") 139 i.children.append(a) 140 i.children.append(ifcall) 141 h.children.append(i) 142 143 a = refpolicy.AVRule() 144 a.rule_type = a.DONTAUDIT 145 a.src_types.add("user_t") 146 a.tgt_types.add("user_home_t") 147 a.obj_classes.add("lnk_file") 148 a.perms.add("write") 149 i = refpolicy.Interface(name="bar") 150 i.children.append(a) 151 h.children.append(i) 152 153class TestHeaders(unittest.TestCase): 154 def test_iter(self): 155 h = refpolicy.Headers() 156 h.children.append(refpolicy.Interface(name="foo")) 157 h.children.append(refpolicy.Interface(name="bar")) 158 h.children.append(refpolicy.ClassMap("file", "read write")) 159 i = 0 160 for node in h: 161 i += 1 162 self.assertEqual(i, 3) 163 164 i = 0 165 for node in h.interfaces(): 166 i += 1 167 self.assertEqual(i, 2) 168 169