• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
2#
3# Copyright (C) 2006 Red Hat
4# see file 'COPYING' for use and warranty information
5#
6# This program is free software; you can redistribute it and/or
7# modify it under the terms of the GNU General Public License as
8# published by the Free Software Foundation; version 2 only
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program; if not, write to the Free Software
17# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18#
19
20import unittest
21import sepolgen.matching as matching
22import sepolgen.refparser as refparser
23import sepolgen.interfaces as interfaces
24import sepolgen.access as access
25
26class TestMatch(unittest.TestCase):
27    def test(self):
28        a = matching.Match()
29        a.dist = 100
30        a.info_dir_change = True
31
32        b = matching.Match()
33        b.dist = 100
34        b.info_dir_change = True
35
36        self.assertEqual(a, b)
37        b.info_dir_change = False
38        self.assertTrue((a > b))
39        self.assertTrue((b < a))
40
41        b.dist = 200
42
43        self.assertTrue((a < b))
44        self.assertTrue((b > a))
45
46class TestMatchList(unittest.TestCase):
47    def test_append(self):
48        ml = matching.MatchList()
49        ml.threshold = 100
50
51        a = matching.Match()
52        a.dist = 100
53        ml.append(a)
54        self.assertEqual(len(ml), 1)
55
56        a = matching.Match()
57        a.dist = 200
58        ml.append(a)
59        self.assertEqual(len(ml), 2)
60        self.assertEqual(len(ml.bastards), 1)
61
62        ml.allow_info_dir_change = False
63        a = matching.Match()
64        a.dist = 0
65        a.info_dir_change = True
66        ml.append(a)
67        self.assertEqual(len(ml), 3)
68        self.assertEqual(len(ml.bastards), 2)
69
70    def test_sort(self):
71        ml = matching.MatchList()
72        ml.threshold = 100
73
74        a = matching.Match()
75        a.dist = 100
76        ml.append(a)
77
78        b = matching.Match()
79        b.dist = 5
80        ml.append(b)
81
82        c = matching.Match()
83        c.dist = 0
84        ml.append(c)
85
86        l = [c, b, a]
87
88        ml.sort()
89
90        for x, y in zip(l, ml):
91            self.assertEqual(x, y)
92
93        self.assertEqual(ml.best(), c)
94
95
96test_expansion = """
97interface(`foo',`
98   gen_require(`
99       type usr_t;
100   ')
101   allow $1 usr_t:dir { create add_name };
102   allow $1 usr_t:file { read write };
103')
104
105interface(`map', `
106   gen_require(`
107       type bar_t;
108   ')
109   allow $1 bar_t:file read;
110   allow $2 bar_t:file write;
111
112   foo($2)
113')
114
115interface(`hard_map', `
116   gen_require(`
117      type baz_t;
118   ')
119   allow $1 baz_t:file getattr;
120   allow $2 baz_t:file read;
121   allow $3 baz_t:file write;
122
123   map($1, $2)
124   map($2, $3)
125
126   # This should have no effect
127   foo($2)
128')
129"""
130
131class AccessMatcher(unittest.TestCase):
132    def test_search(self):
133        h = refparser.parse(test_expansion)
134        i = interfaces.InterfaceSet()
135        i.add_headers(h)
136
137        a = access.AccessVector(["foo_t", "usr_t", "dir", "create"])
138        m = matching.AccessMatcher()
139        ml = matching.MatchList()
140
141        ans = m.search_ifs(i, a, ml)
142
143
144        pass
145