• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Authors: Chad Sellers <csellers@tresys.com>
3  *          Joshua Brindle <jbrindle@tresys.com>
4  *
5  * Copyright (C) 2006 Tresys Technology, LLC
6  *
7  *  This library is free software; you can redistribute it and/or
8  *  modify it under the terms of the GNU Lesser General Public
9  *  License as published by the Free Software Foundation; either
10  *  version 2.1 of the License, or (at your option) any later version.
11  *
12  *  This library is distributed in the hope that it will be useful,
13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  *  Lesser General Public License for more details.
16  *
17  *  You should have received a copy of the GNU Lesser General Public
18  *  License along with this library; if not, write to the Free Software
19  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
20  */
21 
22 /* This is where the expander tests should go, including:
23  * - check role, type, bool, user mapping
24  * - add symbols declared in enabled optionals
25  * - do not add symbols declared in disabled optionals
26  * - add rules from enabled optionals
27  * - do not add rules from disabled optionals
28  * - verify attribute mapping
29 
30  * - check conditional expressions for correct mapping
31  */
32 
33 #include "test-expander.h"
34 #include "parse_util.h"
35 #include "helpers.h"
36 #include "test-common.h"
37 #include "test-expander-users.h"
38 #include "test-expander-roles.h"
39 #include "test-expander-attr-map.h"
40 
41 #include <sepol/policydb/policydb.h>
42 #include <sepol/policydb/expand.h>
43 #include <sepol/policydb/link.h>
44 #include <sepol/policydb/conditional.h>
45 #include <limits.h>
46 #include <stdlib.h>
47 
48 policydb_t role_expanded;
49 policydb_t user_expanded;
50 policydb_t base_expanded2;
51 static policydb_t basemod;
52 static policydb_t basemod2;
53 static policydb_t mod2;
54 static policydb_t base_expanded;
55 static policydb_t base_only_mod;
56 static policydb_t base_only_expanded;
57 static policydb_t role_basemod;
58 static policydb_t role_mod;
59 static policydb_t user_basemod;
60 static policydb_t user_mod;
61 static policydb_t alias_basemod;
62 static policydb_t alias_mod;
63 static policydb_t alias_expanded;
64 static uint32_t *typemap;
65 extern int mls;
66 
67 /* Takes base, some number of modules, links them, and expands them
68    reads source from myfiles array, which has the base string followed by
69    each module string */
expander_policy_init(policydb_t * mybase,int num_modules,policydb_t ** mymodules,policydb_t * myexpanded,const char * const * myfiles)70 int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, const char *const *myfiles)
71 {
72 	char *filename[num_modules + 1];
73 	int i;
74 
75 	for (i = 0; i < num_modules + 1; i++) {
76 		filename[i] = calloc(PATH_MAX, sizeof(char));
77 		if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
78 			return -1;
79 	}
80 
81 	if (policydb_init(mybase)) {
82 		fprintf(stderr, "out of memory!\n");
83 		return -1;
84 	}
85 
86 	for (i = 0; i < num_modules; i++) {
87 		if (policydb_init(mymodules[i])) {
88 			fprintf(stderr, "out of memory!\n");
89 			return -1;
90 		}
91 	}
92 
93 	if (policydb_init(myexpanded)) {
94 		fprintf(stderr, "out of memory!\n");
95 		return -1;
96 	}
97 
98 	mybase->policy_type = POLICY_BASE;
99 	mybase->mls = mls;
100 
101 	if (read_source_policy(mybase, filename[0], myfiles[0])) {
102 		fprintf(stderr, "read source policy failed %s\n", filename[0]);
103 		return -1;
104 	}
105 
106 	for (i = 1; i < num_modules + 1; i++) {
107 		mymodules[i - 1]->policy_type = POLICY_MOD;
108 		mymodules[i - 1]->mls = mls;
109 		if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
110 			fprintf(stderr, "read source policy failed %s\n", filename[i]);
111 			return -1;
112 		}
113 	}
114 
115 	if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
116 		fprintf(stderr, "link modules failed\n");
117 		return -1;
118 	}
119 
120 	if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
121 		fprintf(stderr, "expand modules failed\n");
122 		return -1;
123 	}
124 
125 	for (i = 0; i < num_modules + 1; i++) {
126 		free(filename[i]);
127 	}
128 	return 0;
129 }
130 
expander_test_init(void)131 int expander_test_init(void)
132 {
133 	const char *small_base_file = "small-base.conf";
134 	const char *base_only_file = "base-base-only.conf";
135 	int rc;
136 	policydb_t *mymod2;
137 	const char *files2[] = { "small-base.conf", "module.conf" };
138 	const char *role_files[] = { "role-base.conf", "role-module.conf" };
139 	const char *user_files[] = { "user-base.conf", "user-module.conf" };
140 	const char *alias_files[] = { "alias-base.conf", "alias-module.conf" };
141 
142 	rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file);
143 	if (rc != 0)
144 		return rc;
145 
146 	mymod2 = &mod2;
147 	rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2);
148 	if (rc != 0)
149 		return rc;
150 
151 	rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file);
152 	if (rc != 0)
153 		return rc;
154 
155 	mymod2 = &role_mod;
156 	rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files);
157 	if (rc != 0)
158 		return rc;
159 
160 	/* Just init the base for now, until we figure out how to separate out
161 	   mls and non-mls tests since users can't be used in mls module */
162 	mymod2 = &user_mod;
163 	rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files);
164 	if (rc != 0)
165 		return rc;
166 
167 	mymod2 = &alias_mod;
168 	rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files);
169 	if (rc != 0)
170 		return rc;
171 
172 	return 0;
173 }
174 
expander_test_cleanup(void)175 int expander_test_cleanup(void)
176 {
177 	policydb_destroy(&basemod);
178 	policydb_destroy(&base_expanded);
179 	policydb_destroy(&basemod2);
180 	policydb_destroy(&base_expanded2);
181 	policydb_destroy(&mod2);
182 	policydb_destroy(&base_only_mod);
183 	policydb_destroy(&base_only_expanded);
184 	policydb_destroy(&role_basemod);
185 	policydb_destroy(&role_expanded);
186 	policydb_destroy(&role_mod);
187 	policydb_destroy(&user_basemod);
188 	policydb_destroy(&user_expanded);
189 	policydb_destroy(&user_mod);
190 	policydb_destroy(&alias_basemod);
191 	policydb_destroy(&alias_expanded);
192 	policydb_destroy(&alias_mod);
193 	free(typemap);
194 
195 	return 0;
196 }
197 
test_expander_indexes(void)198 static void test_expander_indexes(void)
199 {
200 	test_policydb_indexes(&base_expanded);
201 }
202 
test_expander_alias(void)203 static void test_expander_alias(void)
204 {
205 	test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0);
206 	test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0);
207 	test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0);
208 }
209 
expander_add_tests(CU_pSuite suite)210 int expander_add_tests(CU_pSuite suite)
211 {
212 	if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) {
213 		CU_cleanup_registry();
214 		return CU_get_error();
215 	}
216 
217 	if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) {
218 		CU_cleanup_registry();
219 		return CU_get_error();
220 	}
221 
222 	if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) {
223 		CU_cleanup_registry();
224 		return CU_get_error();
225 	}
226 	if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) {
227 		CU_cleanup_registry();
228 		return CU_get_error();
229 	}
230 	if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) {
231 		CU_cleanup_registry();
232 		return CU_get_error();
233 	}
234 	return 0;
235 }
236