1255e72915d4cbddceb435e13d81601755714e9fSE Android/* 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Author: Karl MacMillan <kmacmillan@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * 4255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2006 Tresys Technology, LLC 5255e72915d4cbddceb435e13d81601755714e9fSE Android * 6255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 7255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 8255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 9255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 10255e72915d4cbddceb435e13d81601755714e9fSE Android * 11255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 12255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 13255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 15255e72915d4cbddceb435e13d81601755714e9fSE Android * 16255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 17255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 18255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19255e72915d4cbddceb435e13d81601755714e9fSE Android */ 20255e72915d4cbddceb435e13d81601755714e9fSE Android 21255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-deps.h" 22255e72915d4cbddceb435e13d81601755714e9fSE Android#include "parse_util.h" 23255e72915d4cbddceb435e13d81601755714e9fSE Android#include "helpers.h" 24255e72915d4cbddceb435e13d81601755714e9fSE Android 25255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/policydb.h> 26255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/link.h> 27255e72915d4cbddceb435e13d81601755714e9fSE Android 28255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stdlib.h> 29255e72915d4cbddceb435e13d81601755714e9fSE Android 30255e72915d4cbddceb435e13d81601755714e9fSE Android/* Tests for dependency checking / handling, specifically: 31255e72915d4cbddceb435e13d81601755714e9fSE Android * 32255e72915d4cbddceb435e13d81601755714e9fSE Android * 1 type in module global. 33255e72915d4cbddceb435e13d81601755714e9fSE Android * 2 attribute in module global. 34255e72915d4cbddceb435e13d81601755714e9fSE Android * 3 object class / perm in module global. 35255e72915d4cbddceb435e13d81601755714e9fSE Android * 4 boolean in module global. 36255e72915d4cbddceb435e13d81601755714e9fSE Android * 5 role in module global. 37255e72915d4cbddceb435e13d81601755714e9fSE Android * 38255e72915d4cbddceb435e13d81601755714e9fSE Android * 6 type in module optional. 39255e72915d4cbddceb435e13d81601755714e9fSE Android * 7 attribute in module optional. 40255e72915d4cbddceb435e13d81601755714e9fSE Android * 8 object class / perm in module optional. 41255e72915d4cbddceb435e13d81601755714e9fSE Android * 9 boolean in module optional. 42255e72915d4cbddceb435e13d81601755714e9fSE Android * 10 role in module optional. 43255e72915d4cbddceb435e13d81601755714e9fSE Android * 44255e72915d4cbddceb435e13d81601755714e9fSE Android * 11 type in base optional. 45255e72915d4cbddceb435e13d81601755714e9fSE Android * 12 attribute in base optional. 46255e72915d4cbddceb435e13d81601755714e9fSE Android * 13 object class / perm in base optional. 47255e72915d4cbddceb435e13d81601755714e9fSE Android * 14 boolean in base optional. 48255e72915d4cbddceb435e13d81601755714e9fSE Android * 15 role in base optional. 49255e72915d4cbddceb435e13d81601755714e9fSE Android * 50255e72915d4cbddceb435e13d81601755714e9fSE Android * Each of these tests are done with the dependency met and not 51255e72915d4cbddceb435e13d81601755714e9fSE Android * met. Additionally, each of the required symbols is used in the 52255e72915d4cbddceb435e13d81601755714e9fSE Android * scope it is required. 53255e72915d4cbddceb435e13d81601755714e9fSE Android * 54255e72915d4cbddceb435e13d81601755714e9fSE Android * In addition to the simple tests, we have test with more complex 55255e72915d4cbddceb435e13d81601755714e9fSE Android * modules that test: 56255e72915d4cbddceb435e13d81601755714e9fSE Android * 57255e72915d4cbddceb435e13d81601755714e9fSE Android * 17 mutual dependencies between two modules. 58255e72915d4cbddceb435e13d81601755714e9fSE Android * 18 circular dependency between three modules. 59255e72915d4cbddceb435e13d81601755714e9fSE Android * 19 large number of dependencies in a module with a more complex base. 60255e72915d4cbddceb435e13d81601755714e9fSE Android * 20 nested optionals with requires. 61255e72915d4cbddceb435e13d81601755714e9fSE Android * 62255e72915d4cbddceb435e13d81601755714e9fSE Android * Again, each of these tests is done with the requirements met and not 63255e72915d4cbddceb435e13d81601755714e9fSE Android * met. 64255e72915d4cbddceb435e13d81601755714e9fSE Android */ 65255e72915d4cbddceb435e13d81601755714e9fSE Android 66255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/debug.h> 67255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/handle.h> 68255e72915d4cbddceb435e13d81601755714e9fSE Android 69255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_TYPE_GLOBAL 0 70255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_ATTR_GLOBAL 1 71255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_OBJ_GLOBAL 2 72255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_BOOL_GLOBAL 3 73255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_ROLE_GLOBAL 4 74255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_PERM_GLOBAL 5 75255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_TYPE_OPT 6 76255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_ATTR_OPT 7 77255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_OBJ_OPT 8 78255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_BOOL_OPT 9 79255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_ROLE_OPT 10 80255e72915d4cbddceb435e13d81601755714e9fSE Android#define BASE_MODREQ_PERM_OPT 11 81255e72915d4cbddceb435e13d81601755714e9fSE Android#define NUM_BASES 12 82255e72915d4cbddceb435e13d81601755714e9fSE Android 83255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t bases_met[NUM_BASES]; 84255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t bases_notmet[NUM_BASES]; 85255e72915d4cbddceb435e13d81601755714e9fSE Android 86255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int mls; 87255e72915d4cbddceb435e13d81601755714e9fSE Android 88255e72915d4cbddceb435e13d81601755714e9fSE Androidint deps_test_init(void) 89255e72915d4cbddceb435e13d81601755714e9fSE Android{ 90255e72915d4cbddceb435e13d81601755714e9fSE Android int i; 91255e72915d4cbddceb435e13d81601755714e9fSE Android 92255e72915d4cbddceb435e13d81601755714e9fSE Android /* To test linking we need 1 base per link test and in 93255e72915d4cbddceb435e13d81601755714e9fSE Android * order to load them in the init function we have 94255e72915d4cbddceb435e13d81601755714e9fSE Android * to keep them all around. Not ideal, but it shouldn't 95255e72915d4cbddceb435e13d81601755714e9fSE Android * matter too much. 96255e72915d4cbddceb435e13d81601755714e9fSE Android */ 97255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < NUM_BASES; i++) { 98255e72915d4cbddceb435e13d81601755714e9fSE Android if (test_load_policy(&bases_met[i], POLICY_BASE, mls, "test-deps", "base-metreq.conf")) 99255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 100255e72915d4cbddceb435e13d81601755714e9fSE Android } 101255e72915d4cbddceb435e13d81601755714e9fSE Android 102255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < NUM_BASES; i++) { 103255e72915d4cbddceb435e13d81601755714e9fSE Android if (test_load_policy(&bases_notmet[i], POLICY_BASE, mls, "test-deps", "base-notmetreq.conf")) 104255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 105255e72915d4cbddceb435e13d81601755714e9fSE Android } 106255e72915d4cbddceb435e13d81601755714e9fSE Android 107255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 108255e72915d4cbddceb435e13d81601755714e9fSE Android} 109255e72915d4cbddceb435e13d81601755714e9fSE Android 110255e72915d4cbddceb435e13d81601755714e9fSE Androidint deps_test_cleanup(void) 111255e72915d4cbddceb435e13d81601755714e9fSE Android{ 112255e72915d4cbddceb435e13d81601755714e9fSE Android int i; 113255e72915d4cbddceb435e13d81601755714e9fSE Android 114255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < NUM_BASES; i++) { 115255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&bases_met[i]); 116255e72915d4cbddceb435e13d81601755714e9fSE Android } 117255e72915d4cbddceb435e13d81601755714e9fSE Android 118255e72915d4cbddceb435e13d81601755714e9fSE Android for (i = 0; i < NUM_BASES; i++) { 119255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&bases_notmet[i]); 120255e72915d4cbddceb435e13d81601755714e9fSE Android } 121255e72915d4cbddceb435e13d81601755714e9fSE Android 122255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 123255e72915d4cbddceb435e13d81601755714e9fSE Android} 124255e72915d4cbddceb435e13d81601755714e9fSE Android 125255e72915d4cbddceb435e13d81601755714e9fSE Android/* This function performs testing of the dependency handles for module global 126255e72915d4cbddceb435e13d81601755714e9fSE Android * symbols. It is capable of testing 2 scenarios - the dependencies are met 127255e72915d4cbddceb435e13d81601755714e9fSE Android * and the dependencies are not met. 128255e72915d4cbddceb435e13d81601755714e9fSE Android * 129255e72915d4cbddceb435e13d81601755714e9fSE Android * Paramaters: 130255e72915d4cbddceb435e13d81601755714e9fSE Android * req_met boolean indicating whether the base policy meets the 131255e72915d4cbddceb435e13d81601755714e9fSE Android * requirements for the modules global block. 132255e72915d4cbddceb435e13d81601755714e9fSE Android * b index of the base policy in the global bases_met array. 133255e72915d4cbddceb435e13d81601755714e9fSE Android * 134255e72915d4cbddceb435e13d81601755714e9fSE Android * policy name of the policy module to load for this test. 135255e72915d4cbddceb435e13d81601755714e9fSE Android * decl_type name of the unique type found in the module's global 136255e72915d4cbddceb435e13d81601755714e9fSE Android * section is to find that avrule_decl. 137255e72915d4cbddceb435e13d81601755714e9fSE Android */ 138255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void do_deps_modreq_global(int req_met, int b, char *policy, char *decl_type) 139255e72915d4cbddceb435e13d81601755714e9fSE Android{ 140255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *base; 141255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t mod; 142255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *mods[] = { &mod }; 143255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_decl_t *decl; 144255e72915d4cbddceb435e13d81601755714e9fSE Android int ret, link_ret; 145255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_t *h; 146255e72915d4cbddceb435e13d81601755714e9fSE Android 147255e72915d4cbddceb435e13d81601755714e9fSE Android /* suppress error reporting - this is because we know that we 148255e72915d4cbddceb435e13d81601755714e9fSE Android * are going to get errors and don't want libsepol complaining 149255e72915d4cbddceb435e13d81601755714e9fSE Android * about it constantly. */ 150255e72915d4cbddceb435e13d81601755714e9fSE Android h = sepol_handle_create(); 151255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(h != NULL); 152255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_msg_set_callback(h, NULL, NULL); 153255e72915d4cbddceb435e13d81601755714e9fSE Android 154255e72915d4cbddceb435e13d81601755714e9fSE Android if (req_met) { 155255e72915d4cbddceb435e13d81601755714e9fSE Android base = &bases_met[b]; 156255e72915d4cbddceb435e13d81601755714e9fSE Android link_ret = 0; 157255e72915d4cbddceb435e13d81601755714e9fSE Android } else { 158255e72915d4cbddceb435e13d81601755714e9fSE Android base = &bases_notmet[b]; 159255e72915d4cbddceb435e13d81601755714e9fSE Android link_ret = -3; 160255e72915d4cbddceb435e13d81601755714e9fSE Android } 161255e72915d4cbddceb435e13d81601755714e9fSE Android 162255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(test_load_policy(&mod, POLICY_MOD, mls, "test-deps", policy) == 0); 163255e72915d4cbddceb435e13d81601755714e9fSE Android 164255e72915d4cbddceb435e13d81601755714e9fSE Android /* link the modules and check for the correct return value. 165255e72915d4cbddceb435e13d81601755714e9fSE Android */ 166255e72915d4cbddceb435e13d81601755714e9fSE Android ret = link_modules(h, base, mods, 1, 0); 167255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(ret == link_ret); 168255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&mod); 169255e72915d4cbddceb435e13d81601755714e9fSE Android 170255e72915d4cbddceb435e13d81601755714e9fSE Android if (!req_met) 171255e72915d4cbddceb435e13d81601755714e9fSE Android return; 172255e72915d4cbddceb435e13d81601755714e9fSE Android 173255e72915d4cbddceb435e13d81601755714e9fSE Android decl = test_find_decl_by_sym(base, SYM_TYPES, decl_type); 174255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(decl != NULL); 175255e72915d4cbddceb435e13d81601755714e9fSE Android 176255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT(decl->enabled == 1); 177255e72915d4cbddceb435e13d81601755714e9fSE Android} 178255e72915d4cbddceb435e13d81601755714e9fSE Android 179255e72915d4cbddceb435e13d81601755714e9fSE Android/* Test that symbol require statements in the global scope of a module 180255e72915d4cbddceb435e13d81601755714e9fSE Android * work correctly. This will cover tests 1 - 5 (described above). 181255e72915d4cbddceb435e13d81601755714e9fSE Android * 182255e72915d4cbddceb435e13d81601755714e9fSE Android * Each of these policies will require as few symbols as possible to 183255e72915d4cbddceb435e13d81601755714e9fSE Android * use the required symbol in addition requiring (for example, the type 184255e72915d4cbddceb435e13d81601755714e9fSE Android * test also requires an object class for an allow rule). 185255e72915d4cbddceb435e13d81601755714e9fSE Android */ 186255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void deps_modreq_global(void) 187255e72915d4cbddceb435e13d81601755714e9fSE Android{ 188255e72915d4cbddceb435e13d81601755714e9fSE Android /* object classes */ 189255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_OBJ_GLOBAL, "modreq-obj-global.conf", "mod_global_t"); 190255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_OBJ_GLOBAL, "modreq-obj-global.conf", "mod_global_t"); 191255e72915d4cbddceb435e13d81601755714e9fSE Android /* types */ 192255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_TYPE_GLOBAL, "modreq-type-global.conf", "mod_global_t"); 193255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_TYPE_GLOBAL, "modreq-type-global.conf", "mod_global_t"); 194255e72915d4cbddceb435e13d81601755714e9fSE Android /* attributes */ 195255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_ATTR_GLOBAL, "modreq-attr-global.conf", "mod_global_t"); 196255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_ATTR_GLOBAL, "modreq-attr-global.conf", "mod_global_t"); 197255e72915d4cbddceb435e13d81601755714e9fSE Android /* booleans */ 198255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_BOOL_GLOBAL, "modreq-bool-global.conf", "mod_global_t"); 199255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_BOOL_GLOBAL, "modreq-bool-global.conf", "mod_global_t"); 200255e72915d4cbddceb435e13d81601755714e9fSE Android /* roles */ 201255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_ROLE_GLOBAL, "modreq-role-global.conf", "mod_global_t"); 202255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_ROLE_GLOBAL, "modreq-role-global.conf", "mod_global_t"); 203255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(1, BASE_MODREQ_PERM_GLOBAL, "modreq-perm-global.conf", "mod_global_t"); 204255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_global(0, BASE_MODREQ_PERM_GLOBAL, "modreq-perm-global.conf", "mod_global_t"); 205255e72915d4cbddceb435e13d81601755714e9fSE Android} 206255e72915d4cbddceb435e13d81601755714e9fSE Android 207255e72915d4cbddceb435e13d81601755714e9fSE Android/* This function performs testing of the dependency handles for module optional 208255e72915d4cbddceb435e13d81601755714e9fSE Android * symbols. It is capable of testing 2 scenarios - the dependencies are met 209255e72915d4cbddceb435e13d81601755714e9fSE Android * and the dependencies are not met. 210255e72915d4cbddceb435e13d81601755714e9fSE Android * 211255e72915d4cbddceb435e13d81601755714e9fSE Android * Paramaters: 212255e72915d4cbddceb435e13d81601755714e9fSE Android * req_met boolean indicating whether the base policy meets the 213255e72915d4cbddceb435e13d81601755714e9fSE Android * requirements for the modules global block. 214255e72915d4cbddceb435e13d81601755714e9fSE Android * b index of the base policy in the global bases_met array. 215255e72915d4cbddceb435e13d81601755714e9fSE Android * 216255e72915d4cbddceb435e13d81601755714e9fSE Android * policy name of the policy module to load for this test. 217255e72915d4cbddceb435e13d81601755714e9fSE Android * decl_type name of the unique type found in the module's global 218255e72915d4cbddceb435e13d81601755714e9fSE Android * section is to find that avrule_decl. 219255e72915d4cbddceb435e13d81601755714e9fSE Android */ 220255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void do_deps_modreq_opt(int req_met, int ret_val, int b, char *policy, char *decl_type) 221255e72915d4cbddceb435e13d81601755714e9fSE Android{ 222255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *base; 223255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t mod; 224255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *mods[] = { &mod }; 225255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_decl_t *decl; 226255e72915d4cbddceb435e13d81601755714e9fSE Android int ret; 227255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_t *h; 228255e72915d4cbddceb435e13d81601755714e9fSE Android 229255e72915d4cbddceb435e13d81601755714e9fSE Android /* suppress error reporting - this is because we know that we 230255e72915d4cbddceb435e13d81601755714e9fSE Android * are going to get errors and don't want libsepol complaining 231255e72915d4cbddceb435e13d81601755714e9fSE Android * about it constantly. */ 232255e72915d4cbddceb435e13d81601755714e9fSE Android h = sepol_handle_create(); 233255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(h != NULL); 234255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_msg_set_callback(h, NULL, NULL); 235255e72915d4cbddceb435e13d81601755714e9fSE Android 236255e72915d4cbddceb435e13d81601755714e9fSE Android if (req_met) { 237255e72915d4cbddceb435e13d81601755714e9fSE Android base = &bases_met[b]; 238255e72915d4cbddceb435e13d81601755714e9fSE Android } else { 239255e72915d4cbddceb435e13d81601755714e9fSE Android base = &bases_notmet[b]; 240255e72915d4cbddceb435e13d81601755714e9fSE Android } 241255e72915d4cbddceb435e13d81601755714e9fSE Android 242255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(test_load_policy(&mod, POLICY_MOD, mls, "test-deps", policy) == 0); 243255e72915d4cbddceb435e13d81601755714e9fSE Android 244255e72915d4cbddceb435e13d81601755714e9fSE Android /* link the modules and check for the correct return value. 245255e72915d4cbddceb435e13d81601755714e9fSE Android */ 246255e72915d4cbddceb435e13d81601755714e9fSE Android ret = link_modules(h, base, mods, 1, 0); 247255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(ret == ret_val); 248255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&mod); 249255e72915d4cbddceb435e13d81601755714e9fSE Android if (ret_val < 0) 250255e72915d4cbddceb435e13d81601755714e9fSE Android return; 251255e72915d4cbddceb435e13d81601755714e9fSE Android 252255e72915d4cbddceb435e13d81601755714e9fSE Android decl = test_find_decl_by_sym(base, SYM_TYPES, decl_type); 253255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT_FATAL(decl != NULL); 254255e72915d4cbddceb435e13d81601755714e9fSE Android 255255e72915d4cbddceb435e13d81601755714e9fSE Android if (req_met) { 256255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT(decl->enabled == 1); 257255e72915d4cbddceb435e13d81601755714e9fSE Android } else { 258255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT(decl->enabled == 0); 259255e72915d4cbddceb435e13d81601755714e9fSE Android } 260255e72915d4cbddceb435e13d81601755714e9fSE Android} 261255e72915d4cbddceb435e13d81601755714e9fSE Android 262255e72915d4cbddceb435e13d81601755714e9fSE Android/* Test that symbol require statements in the global scope of a module 263255e72915d4cbddceb435e13d81601755714e9fSE Android * work correctly. This will cover tests 6 - 10 (described above). 264255e72915d4cbddceb435e13d81601755714e9fSE Android * 265255e72915d4cbddceb435e13d81601755714e9fSE Android * Each of these policies will require as few symbols as possible to 266255e72915d4cbddceb435e13d81601755714e9fSE Android * use the required symbol in addition requiring (for example, the type 267255e72915d4cbddceb435e13d81601755714e9fSE Android * test also requires an object class for an allow rule). 268255e72915d4cbddceb435e13d81601755714e9fSE Android */ 269255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void deps_modreq_opt(void) 270255e72915d4cbddceb435e13d81601755714e9fSE Android{ 271255e72915d4cbddceb435e13d81601755714e9fSE Android /* object classes */ 272255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_OBJ_OPT, "modreq-obj-opt.conf", "mod_opt_t"); 273255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, 0, BASE_MODREQ_OBJ_OPT, "modreq-obj-opt.conf", "mod_opt_t"); 274255e72915d4cbddceb435e13d81601755714e9fSE Android /* types */ 275255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_TYPE_OPT, "modreq-type-opt.conf", "mod_opt_t"); 276255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, 0, BASE_MODREQ_TYPE_OPT, "modreq-type-opt.conf", "mod_opt_t"); 277255e72915d4cbddceb435e13d81601755714e9fSE Android /* attributes */ 278255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_ATTR_OPT, "modreq-attr-opt.conf", "mod_opt_t"); 279255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, 0, BASE_MODREQ_ATTR_OPT, "modreq-attr-opt.conf", "mod_opt_t"); 280255e72915d4cbddceb435e13d81601755714e9fSE Android /* booleans */ 281255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_BOOL_OPT, "modreq-bool-opt.conf", "mod_opt_t"); 282255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, 0, BASE_MODREQ_BOOL_OPT, "modreq-bool-opt.conf", "mod_opt_t"); 283255e72915d4cbddceb435e13d81601755714e9fSE Android /* roles */ 284255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_ROLE_OPT, "modreq-role-opt.conf", "mod_opt_t"); 285255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, 0, BASE_MODREQ_ROLE_OPT, "modreq-role-opt.conf", "mod_opt_t"); 286255e72915d4cbddceb435e13d81601755714e9fSE Android /* permissions */ 287255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(1, 0, BASE_MODREQ_PERM_OPT, "modreq-perm-opt.conf", "mod_opt_t"); 288255e72915d4cbddceb435e13d81601755714e9fSE Android do_deps_modreq_opt(0, -3, BASE_MODREQ_PERM_OPT, "modreq-perm-opt.conf", "mod_opt_t"); 289255e72915d4cbddceb435e13d81601755714e9fSE Android} 290255e72915d4cbddceb435e13d81601755714e9fSE Android 291255e72915d4cbddceb435e13d81601755714e9fSE Androidint deps_add_tests(CU_pSuite suite) 292255e72915d4cbddceb435e13d81601755714e9fSE Android{ 293255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "deps_modreq_global", deps_modreq_global)) { 294255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 295255e72915d4cbddceb435e13d81601755714e9fSE Android } 296255e72915d4cbddceb435e13d81601755714e9fSE Android 297255e72915d4cbddceb435e13d81601755714e9fSE Android if (NULL == CU_add_test(suite, "deps_modreq_opt", deps_modreq_opt)) { 298255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 299255e72915d4cbddceb435e13d81601755714e9fSE Android } 300255e72915d4cbddceb435e13d81601755714e9fSE Android 301255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 302255e72915d4cbddceb435e13d81601755714e9fSE Android} 303