1/* 2 * Authors: Chad Sellers <csellers@tresys.com> 3 * Joshua Brindle <jbrindle@tresys.com> 4 * 5 * Copyright (C) 2006 Tresys Technology, LLC 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 20 */ 21 22/* This is where the expander tests should go, including: 23 * - check role, type, bool, user mapping 24 * - add symbols declared in enabled optionals 25 * - do not add symbols declared in disabled optionals 26 * - add rules from enabled optionals 27 * - do not add rules from disabled optionals 28 * - verify attribute mapping 29 30 * - check conditional expressions for correct mapping 31 */ 32 33#include "test-expander.h" 34#include "parse_util.h" 35#include "helpers.h" 36#include "test-common.h" 37#include "test-expander-users.h" 38#include "test-expander-roles.h" 39#include "test-expander-attr-map.h" 40 41#include <sepol/policydb/policydb.h> 42#include <sepol/policydb/expand.h> 43#include <sepol/policydb/link.h> 44#include <sepol/policydb/conditional.h> 45#include <limits.h> 46#include <stdlib.h> 47 48policydb_t role_expanded; 49policydb_t user_expanded; 50policydb_t base_expanded2; 51static policydb_t basemod; 52static policydb_t basemod2; 53static policydb_t mod2; 54static policydb_t base_expanded; 55static policydb_t base_only_mod; 56static policydb_t base_only_expanded; 57static policydb_t role_basemod; 58static policydb_t role_mod; 59static policydb_t user_basemod; 60static policydb_t user_mod; 61static policydb_t alias_basemod; 62static policydb_t alias_mod; 63static policydb_t alias_expanded; 64static uint32_t *typemap; 65extern int mls; 66 67/* Takes base, some number of modules, links them, and expands them 68 reads source from myfiles array, which has the base string followed by 69 each module string */ 70int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, char **myfiles) 71{ 72 char *filename[num_modules + 1]; 73 int i; 74 75 for (i = 0; i < num_modules + 1; i++) { 76 filename[i] = calloc(PATH_MAX, sizeof(char)); 77 if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0) 78 return -1; 79 } 80 81 if (policydb_init(mybase)) { 82 fprintf(stderr, "out of memory!\n"); 83 return -1; 84 } 85 86 for (i = 0; i < num_modules; i++) { 87 if (policydb_init(mymodules[i])) { 88 fprintf(stderr, "out of memory!\n"); 89 return -1; 90 } 91 } 92 93 if (policydb_init(myexpanded)) { 94 fprintf(stderr, "out of memory!\n"); 95 return -1; 96 } 97 98 mybase->policy_type = POLICY_BASE; 99 mybase->mls = mls; 100 101 if (read_source_policy(mybase, filename[0], myfiles[0])) { 102 fprintf(stderr, "read source policy failed %s\n", filename[0]); 103 return -1; 104 } 105 106 for (i = 1; i < num_modules + 1; i++) { 107 mymodules[i - 1]->policy_type = POLICY_MOD; 108 mymodules[i - 1]->mls = mls; 109 if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) { 110 fprintf(stderr, "read source policy failed %s\n", filename[i]); 111 return -1; 112 } 113 } 114 115 if (link_modules(NULL, mybase, mymodules, num_modules, 0)) { 116 fprintf(stderr, "link modules failed\n"); 117 return -1; 118 } 119 120 if (expand_module(NULL, mybase, myexpanded, 0, 0)) { 121 fprintf(stderr, "expand modules failed\n"); 122 return -1; 123 } 124 125 return 0; 126} 127 128int expander_test_init(void) 129{ 130 char *small_base_file = "small-base.conf"; 131 char *base_only_file = "base-base-only.conf"; 132 int rc; 133 policydb_t *mymod2; 134 char *files2[] = { "small-base.conf", "module.conf" }; 135 char *role_files[] = { "role-base.conf", "role-module.conf" }; 136 char *user_files[] = { "user-base.conf", "user-module.conf" }; 137 char *alias_files[] = { "alias-base.conf", "alias-module.conf" }; 138 139 rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file); 140 if (rc != 0) 141 return rc; 142 143 mymod2 = &mod2; 144 rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2); 145 if (rc != 0) 146 return rc; 147 148 rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file); 149 if (rc != 0) 150 return rc; 151 152 mymod2 = &role_mod; 153 rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files); 154 if (rc != 0) 155 return rc; 156 157 /* Just init the base for now, until we figure out how to separate out 158 mls and non-mls tests since users can't be used in mls module */ 159 mymod2 = &user_mod; 160 rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files); 161 if (rc != 0) 162 return rc; 163 164 mymod2 = &alias_mod; 165 rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files); 166 if (rc != 0) 167 return rc; 168 169 return 0; 170} 171 172int expander_test_cleanup(void) 173{ 174 policydb_destroy(&basemod); 175 policydb_destroy(&base_expanded); 176 free(typemap); 177 178 return 0; 179} 180 181static void test_expander_indexes(void) 182{ 183 test_policydb_indexes(&base_expanded); 184} 185 186static void test_expander_alias(void) 187{ 188 test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0); 189 test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0); 190 test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0); 191} 192 193int expander_add_tests(CU_pSuite suite) 194{ 195 if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) { 196 CU_cleanup_registry(); 197 return CU_get_error(); 198 } 199 200 if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) { 201 CU_cleanup_registry(); 202 return CU_get_error(); 203 } 204 205 if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) { 206 CU_cleanup_registry(); 207 return CU_get_error(); 208 } 209 if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) { 210 CU_cleanup_registry(); 211 return CU_get_error(); 212 } 213 if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) { 214 CU_cleanup_registry(); 215 return CU_get_error(); 216 } 217 return 0; 218} 219