1/* 2 * Author: Joshua Brindle <jbrindle@tresys.com> 3 * 4 * Copyright (C) 2006 Tresys Technology, LLC 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21#include "parse_util.h" 22#include "helpers.h" 23#include "test-common.h" 24 25#include <sepol/policydb/policydb.h> 26#include <sepol/policydb/link.h> 27 28#include <CUnit/Basic.h> 29#include <stdlib.h> 30 31/* Tests for roles: 32 * Test for each of these for 33 * - role in appropriate symtab (global and decl) 34 * - datum in the decl symtab has correct type_set 35 * - scope datum has correct decl ids 36 * - dominates bitmap is correct 37 * Tests: 38 * - role in base, no modules 39 * - role in base optional, no modules 40 * - role a in base, b in module 41 * - role a in base and module (additive) 42 * - role a in base and 2 module 43 * - role a in base optional, b in module 44 * - role a in base, b in module optional 45 * - role a in base optional, b in module optional 46 * - role a in base optional and module 47 * - role a in base and module optional 48 * - role a in base optional and module optional 49 * - role a in base optional and 2 modules 50 * - role a and b in base, b dom a, are types correct (TODO) 51 */ 52 53/* this simply tests whether the passed in role only has its own 54 * value in its dominates ebitmap */ 55static void only_dominates_self(policydb_t * p, role_datum_t * role) 56{ 57 ebitmap_node_t *tnode; 58 unsigned int i; 59 int found = 0; 60 61 ebitmap_for_each_bit(&role->dominates, tnode, i) { 62 if (ebitmap_node_get_bit(tnode, i)) { 63 found++; 64 CU_ASSERT(i == role->s.value - 1); 65 } 66 } 67 CU_ASSERT(found == 1); 68} 69 70void base_role_tests(policydb_t * base) 71{ 72 avrule_decl_t *decl; 73 role_datum_t *role; 74 unsigned int decls[2]; 75 char *types[2]; 76 77 /* These tests look at roles in the base only, the desire is to ensure that 78 * roles are not destroyed or otherwise removed during the link process */ 79 80 /**** test for g_b_role_1 in base and decl 1 (global) ****/ 81 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 82 test_sym_presence(base, "g_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 83 /* make sure it has the correct type set (g_b_type_1, no negset, no flags) */ 84 types[0] = "g_b_type_1"; 85 role = test_role_type_set(base, "g_b_role_1", NULL, types, 1, 0); 86 /* This role should only dominate itself */ 87 only_dominates_self(base, role); 88 89 /**** test for o1_b_role_1 in optional (decl 2) ****/ 90 decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"); 91 decls[0] = decl->decl_id; 92 test_sym_presence(base, "o1_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 93 /* make sure it has the correct type set (o1_b_type_1, no negset, no flags) */ 94 types[0] = "o1_b_type_1"; 95 role = test_role_type_set(base, "o1_b_role_1", decl, types, 1, 0); 96 /* and only dominates itself */ 97 only_dominates_self(base, role); 98} 99 100void module_role_tests(policydb_t * base) 101{ 102 role_datum_t *role; 103 avrule_decl_t *decl; 104 unsigned int decls[2]; 105 char *types[3]; 106 107 /* These tests are run when the base is linked with 2 modules, 108 * They should test whether the roles get copied correctly from the 109 * modules into the base */ 110 111 /**** test for role in module 1 (global) ****/ 112 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 113 test_sym_presence(base, "g_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 114 /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */ 115 types[0] = "g_m1_type_1"; 116 role = test_role_type_set(base, "g_m1_role_1", NULL, types, 1, 0); 117 /* and only dominates itself */ 118 only_dominates_self(base, role); 119 120 /**** test for role in module 1 (optional) ****/ 121 decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1"); 122 decls[0] = decl->decl_id; 123 test_sym_presence(base, "o1_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 124 /* make sure it has the correct type set (o1_m1_type_1, no negset, no flags) */ 125 types[0] = "o1_m1_type_1"; 126 role = test_role_type_set(base, "o1_m1_role_1", decl, types, 1, 0); 127 /* and only dominates itself */ 128 only_dominates_self(base, role); 129 130 /* These test whether the type sets are copied to the right place and 131 * correctly unioned when they should be */ 132 133 /**** test for type added to base role in module 1 (global) ****/ 134 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 135 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 136 test_sym_presence(base, "g_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2); 137 /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */ 138 types[0] = "g_b_type_2"; /* added in base when declared */ 139 types[1] = "g_m1_type_1"; /* added in module */ 140 role = test_role_type_set(base, "g_b_role_2", NULL, types, 2, 0); 141 /* and only dominates itself */ 142 only_dominates_self(base, role); 143 144 /**** test for type added to base role in module 1 & 2 (global) ****/ 145 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 146 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 147 decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id; 148 test_sym_presence(base, "g_b_role_3", SYM_ROLES, SCOPE_DECL, decls, 3); 149 /* make sure it has the correct type set (g_b_type_2, g_m1_type_2, g_m2_type_2, no negset, no flags) */ 150 types[0] = "g_b_type_2"; /* added in base when declared */ 151 types[1] = "g_m1_type_2"; /* added in module 1 */ 152 types[2] = "g_m2_type_2"; /* added in module 2 */ 153 role = test_role_type_set(base, "g_b_role_3", NULL, types, 3, 0); 154 /* and only dominates itself */ 155 only_dominates_self(base, role); 156 157 /**** test for role in base optional and module 1 (additive) ****/ 158 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id; 159 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 160 test_sym_presence(base, "o1_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2); 161 /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */ 162 types[0] = "g_m1_type_1"; 163 role = test_role_type_set(base, "o1_b_role_2", NULL, types, 1, 0); 164 types[0] = "o1_b_type_1"; 165 role = test_role_type_set(base, "o1_b_role_2", test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"), types, 1, 0); 166 /* and only dominates itself */ 167 only_dominates_self(base, role); 168 169 /**** test for role in base and module 1 optional (additive) ****/ 170 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 171 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"))->decl_id; 172 test_sym_presence(base, "g_b_role_4", SYM_ROLES, SCOPE_DECL, decls, 2); 173 /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */ 174 types[0] = "g_b_type_2"; 175 role = test_role_type_set(base, "g_b_role_4", NULL, types, 1, 0); 176 types[0] = "g_m1_type_2"; 177 role = test_role_type_set(base, "g_b_role_4", test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"), types, 1, 0); 178 /* and only dominates itself */ 179 only_dominates_self(base, role); 180 181 /**** test for role in base and module 1 optional (additive) ****/ 182 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"))->decl_id; 183 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id; 184 test_sym_presence(base, "o3_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 2); 185 /* this one will have 2 type sets, one in the 3rd base optional and one in the 3rd module optional */ 186 types[0] = "o3_b_type_1"; 187 role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"), types, 1, 0); 188 types[0] = "o3_m1_type_1"; 189 role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"), types, 1, 0); 190 /* and only dominates itself */ 191 only_dominates_self(base, role); 192 193 /**** test for role in base and module 1 optional (additive) ****/ 194 decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id; 195 decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 196 decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id; 197 test_sym_presence(base, "o4_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 3); 198 /* this one will have 2 type sets, one in the global symtab (with both module types) and one in the 4th optional of base */ 199 types[0] = "g_m1_type_1"; 200 role = test_role_type_set(base, "o4_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"), types, 1, 0); 201 types[0] = "g_m2_type_1"; 202 types[1] = "g_m1_type_2"; 203 role = test_role_type_set(base, "o4_b_role_1", NULL, types, 2, 0); 204 /* and only dominates itself */ 205 only_dominates_self(base, role); 206} 207