1255e72915d4cbddceb435e13d81601755714e9fSE Android/* 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Authors: Chad Sellers <csellers@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * Joshua Brindle <jbrindle@tresys.com> 4255e72915d4cbddceb435e13d81601755714e9fSE Android * 5255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2006 Tresys Technology, LLC 6255e72915d4cbddceb435e13d81601755714e9fSE Android * 7255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 8255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 9255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 10255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 11255e72915d4cbddceb435e13d81601755714e9fSE Android * 12255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 13255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 14255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 16255e72915d4cbddceb435e13d81601755714e9fSE Android * 17255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 18255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 19255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 20255e72915d4cbddceb435e13d81601755714e9fSE Android */ 21255e72915d4cbddceb435e13d81601755714e9fSE Android 22255e72915d4cbddceb435e13d81601755714e9fSE Android/* This is where the expander tests should go, including: 23255e72915d4cbddceb435e13d81601755714e9fSE Android * - check role, type, bool, user mapping 24255e72915d4cbddceb435e13d81601755714e9fSE Android * - add symbols declared in enabled optionals 25255e72915d4cbddceb435e13d81601755714e9fSE Android * - do not add symbols declared in disabled optionals 26255e72915d4cbddceb435e13d81601755714e9fSE Android * - add rules from enabled optionals 27255e72915d4cbddceb435e13d81601755714e9fSE Android * - do not add rules from disabled optionals 28255e72915d4cbddceb435e13d81601755714e9fSE Android * - verify attribute mapping 29255e72915d4cbddceb435e13d81601755714e9fSE Android 30255e72915d4cbddceb435e13d81601755714e9fSE Android * - check conditional expressions for correct mapping 31255e72915d4cbddceb435e13d81601755714e9fSE Android */ 32255e72915d4cbddceb435e13d81601755714e9fSE Android 33255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-expander.h" 34255e72915d4cbddceb435e13d81601755714e9fSE Android#include "parse_util.h" 35255e72915d4cbddceb435e13d81601755714e9fSE Android#include "helpers.h" 36255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-common.h" 37255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-expander-users.h" 38255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-expander-roles.h" 39255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-expander-attr-map.h" 40255e72915d4cbddceb435e13d81601755714e9fSE Android 41255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/policydb.h> 42255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/expand.h> 43255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/link.h> 44255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/conditional.h> 45255e72915d4cbddceb435e13d81601755714e9fSE Android#include <limits.h> 46255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stdlib.h> 47255e72915d4cbddceb435e13d81601755714e9fSE Android 48255e72915d4cbddceb435e13d81601755714e9fSE Androidpolicydb_t role_expanded; 49255e72915d4cbddceb435e13d81601755714e9fSE Androidpolicydb_t user_expanded; 50255e72915d4cbddceb435e13d81601755714e9fSE Androidpolicydb_t base_expanded2; 51255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t basemod; 52255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t basemod2; 53255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t mod2; 54255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t base_expanded; 55255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t base_only_mod; 56255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t base_only_expanded; 57255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t role_basemod; 58255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t role_mod; 59255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t user_basemod; 60255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t user_mod; 61255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t alias_basemod; 62255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t alias_mod; 63255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t alias_expanded; 64255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic uint32_t *typemap; 65255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int mls; 66255e72915d4cbddceb435e13d81601755714e9fSE Android 67255e72915d4cbddceb435e13d81601755714e9fSE Android/* Takes base, some number of modules, links them, and expands them 68255e72915d4cbddceb435e13d81601755714e9fSE Android reads source from myfiles array, which has the base string followed by 69255e72915d4cbddceb435e13d81601755714e9fSE Android each module string */ 70255e72915d4cbddceb435e13d81601755714e9fSE Androidint expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, char **myfiles) 71255e72915d4cbddceb435e13d81601755714e9fSE Android{ 72255e72915d4cbddceb435e13d81601755714e9fSE Android char *filename[num_modules + 1]; 73255e72915d4cbddceb435e13d81601755714e9fSE Android int i; 74255e72915d4cbddceb435e13d81601755714e9fSE Android 75255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < num_modules + 1; i++) { 76255e72915d4cbddceb435e13d81601755714e9fSE Android filename[i] = calloc(PATH_MAX, sizeof(char)); 77255e72915d4cbddceb435e13d81601755714e9fSE Android if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0) 78255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 79255e72915d4cbddceb435e13d81601755714e9fSE Android } 80255e72915d4cbddceb435e13d81601755714e9fSE Android 81255e72915d4cbddceb435e13d81601755714e9fSE Android if (policydb_init(mybase)) { 82255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "out of memory!\n"); 83255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 84255e72915d4cbddceb435e13d81601755714e9fSE Android } 85255e72915d4cbddceb435e13d81601755714e9fSE Android 86255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < num_modules; i++) { 87255e72915d4cbddceb435e13d81601755714e9fSE Android if (policydb_init(mymodules[i])) { 88255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "out of memory!\n"); 89255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 90255e72915d4cbddceb435e13d81601755714e9fSE Android } 91255e72915d4cbddceb435e13d81601755714e9fSE Android } 92255e72915d4cbddceb435e13d81601755714e9fSE Android 93255e72915d4cbddceb435e13d81601755714e9fSE Android if (policydb_init(myexpanded)) { 94255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "out of memory!\n"); 95255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 96255e72915d4cbddceb435e13d81601755714e9fSE Android } 97255e72915d4cbddceb435e13d81601755714e9fSE Android 98255e72915d4cbddceb435e13d81601755714e9fSE Android mybase->policy_type = POLICY_BASE; 99255e72915d4cbddceb435e13d81601755714e9fSE Android mybase->mls = mls; 100255e72915d4cbddceb435e13d81601755714e9fSE Android 101255e72915d4cbddceb435e13d81601755714e9fSE Android if (read_source_policy(mybase, filename[0], myfiles[0])) { 102255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "read source policy failed %s\n", filename[0]); 103255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 104255e72915d4cbddceb435e13d81601755714e9fSE Android } 105255e72915d4cbddceb435e13d81601755714e9fSE Android 106255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 1; i < num_modules + 1; i++) { 107255e72915d4cbddceb435e13d81601755714e9fSE Android mymodules[i - 1]->policy_type = POLICY_MOD; 108255e72915d4cbddceb435e13d81601755714e9fSE Android mymodules[i - 1]->mls = mls; 109255e72915d4cbddceb435e13d81601755714e9fSE Android if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) { 110255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "read source policy failed %s\n", filename[i]); 111255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 112255e72915d4cbddceb435e13d81601755714e9fSE Android } 113255e72915d4cbddceb435e13d81601755714e9fSE Android } 114255e72915d4cbddceb435e13d81601755714e9fSE Android 115255e72915d4cbddceb435e13d81601755714e9fSE Android if (link_modules(NULL, mybase, mymodules, num_modules, 0)) { 116255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "link modules failed\n"); 117255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 118255e72915d4cbddceb435e13d81601755714e9fSE Android } 119255e72915d4cbddceb435e13d81601755714e9fSE Android 120255e72915d4cbddceb435e13d81601755714e9fSE Android if (expand_module(NULL, mybase, myexpanded, 0, 0)) { 121255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "expand modules failed\n"); 122255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 123255e72915d4cbddceb435e13d81601755714e9fSE Android } 124255e72915d4cbddceb435e13d81601755714e9fSE Android 125255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 126255e72915d4cbddceb435e13d81601755714e9fSE Android} 127255e72915d4cbddceb435e13d81601755714e9fSE Android 128255e72915d4cbddceb435e13d81601755714e9fSE Androidint expander_test_init(void) 129255e72915d4cbddceb435e13d81601755714e9fSE Android{ 130255e72915d4cbddceb435e13d81601755714e9fSE Android char *small_base_file = "small-base.conf"; 131255e72915d4cbddceb435e13d81601755714e9fSE Android char *base_only_file = "base-base-only.conf"; 132255e72915d4cbddceb435e13d81601755714e9fSE Android int rc; 133255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *mymod2; 134255e72915d4cbddceb435e13d81601755714e9fSE Android char *files2[] = { "small-base.conf", "module.conf" }; 135255e72915d4cbddceb435e13d81601755714e9fSE Android char *role_files[] = { "role-base.conf", "role-module.conf" }; 136255e72915d4cbddceb435e13d81601755714e9fSE Android char *user_files[] = { "user-base.conf", "user-module.conf" }; 137255e72915d4cbddceb435e13d81601755714e9fSE Android char *alias_files[] = { "alias-base.conf", "alias-module.conf" }; 138255e72915d4cbddceb435e13d81601755714e9fSE Android 139255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file); 140255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 141255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 142255e72915d4cbddceb435e13d81601755714e9fSE Android 143255e72915d4cbddceb435e13d81601755714e9fSE Android mymod2 = &mod2; 144255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2); 145255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 146255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 147255e72915d4cbddceb435e13d81601755714e9fSE Android 148255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file); 149255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 150255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 151255e72915d4cbddceb435e13d81601755714e9fSE Android 152255e72915d4cbddceb435e13d81601755714e9fSE Android mymod2 = &role_mod; 153255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files); 154255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 155255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 156255e72915d4cbddceb435e13d81601755714e9fSE Android 157255e72915d4cbddceb435e13d81601755714e9fSE Android /* Just init the base for now, until we figure out how to separate out 158255e72915d4cbddceb435e13d81601755714e9fSE Android mls and non-mls tests since users can't be used in mls module */ 159255e72915d4cbddceb435e13d81601755714e9fSE Android mymod2 = &user_mod; 160255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files); 161255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 162255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 163255e72915d4cbddceb435e13d81601755714e9fSE Android 164255e72915d4cbddceb435e13d81601755714e9fSE Android mymod2 = &alias_mod; 165255e72915d4cbddceb435e13d81601755714e9fSE Android rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files); 166255e72915d4cbddceb435e13d81601755714e9fSE Android if (rc != 0) 167255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 168255e72915d4cbddceb435e13d81601755714e9fSE Android 169255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 170255e72915d4cbddceb435e13d81601755714e9fSE Android} 171255e72915d4cbddceb435e13d81601755714e9fSE Android 172255e72915d4cbddceb435e13d81601755714e9fSE Androidint expander_test_cleanup(void) 173255e72915d4cbddceb435e13d81601755714e9fSE Android{ 174255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&basemod); 175255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&base_expanded); 176255e72915d4cbddceb435e13d81601755714e9fSE Android free(typemap); 177255e72915d4cbddceb435e13d81601755714e9fSE Android 178255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 179255e72915d4cbddceb435e13d81601755714e9fSE Android} 180255e72915d4cbddceb435e13d81601755714e9fSE Android 181255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void test_expander_indexes(void) 182255e72915d4cbddceb435e13d81601755714e9fSE Android{ 183255e72915d4cbddceb435e13d81601755714e9fSE Android test_policydb_indexes(&base_expanded); 184255e72915d4cbddceb435e13d81601755714e9fSE Android} 185255e72915d4cbddceb435e13d81601755714e9fSE Android 186255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void test_expander_alias(void) 187255e72915d4cbddceb435e13d81601755714e9fSE Android{ 188255e72915d4cbddceb435e13d81601755714e9fSE Android test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0); 189255e72915d4cbddceb435e13d81601755714e9fSE Android test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0); 190255e72915d4cbddceb435e13d81601755714e9fSE Android test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0); 191255e72915d4cbddceb435e13d81601755714e9fSE Android} 192255e72915d4cbddceb435e13d81601755714e9fSE Android 193255e72915d4cbddceb435e13d81601755714e9fSE Androidint expander_add_tests(CU_pSuite suite) 194255e72915d4cbddceb435e13d81601755714e9fSE Android{ 195255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) { 196255e72915d4cbddceb435e13d81601755714e9fSE Android CU_cleanup_registry(); 197255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 198255e72915d4cbddceb435e13d81601755714e9fSE Android } 199255e72915d4cbddceb435e13d81601755714e9fSE Android 200255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) { 201255e72915d4cbddceb435e13d81601755714e9fSE Android CU_cleanup_registry(); 202255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 203255e72915d4cbddceb435e13d81601755714e9fSE Android } 204255e72915d4cbddceb435e13d81601755714e9fSE Android 205255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) { 206255e72915d4cbddceb435e13d81601755714e9fSE Android CU_cleanup_registry(); 207255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 208255e72915d4cbddceb435e13d81601755714e9fSE Android } 209255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) { 210255e72915d4cbddceb435e13d81601755714e9fSE Android CU_cleanup_registry(); 211255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 212255e72915d4cbddceb435e13d81601755714e9fSE Android } 213255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) { 214255e72915d4cbddceb435e13d81601755714e9fSE Android CU_cleanup_registry(); 215255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 216255e72915d4cbddceb435e13d81601755714e9fSE Android } 217255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 218255e72915d4cbddceb435e13d81601755714e9fSE Android} 219