1/*
2 * Authors: Chad Sellers <csellers@tresys.com>
3 *          Joshua Brindle <jbrindle@tresys.com>
4 *
5 * Copyright (C) 2006 Tresys Technology, LLC
6 *
7 *  This library is free software; you can redistribute it and/or
8 *  modify it under the terms of the GNU Lesser General Public
9 *  License as published by the Free Software Foundation; either
10 *  version 2.1 of the License, or (at your option) any later version.
11 *
12 *  This library is distributed in the hope that it will be useful,
13 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 *  Lesser General Public License for more details.
16 *
17 *  You should have received a copy of the GNU Lesser General Public
18 *  License along with this library; if not, write to the Free Software
19 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
20 */
21
22/* This is where the expander tests should go, including:
23 * - check role, type, bool, user mapping
24 * - add symbols declared in enabled optionals
25 * - do not add symbols declared in disabled optionals
26 * - add rules from enabled optionals
27 * - do not add rules from disabled optionals
28 * - verify attribute mapping
29
30 * - check conditional expressions for correct mapping
31 */
32
33#include "test-expander.h"
34#include "parse_util.h"
35#include "helpers.h"
36#include "test-common.h"
37#include "test-expander-users.h"
38#include "test-expander-roles.h"
39#include "test-expander-attr-map.h"
40
41#include <sepol/policydb/policydb.h>
42#include <sepol/policydb/expand.h>
43#include <sepol/policydb/link.h>
44#include <sepol/policydb/conditional.h>
45#include <limits.h>
46#include <stdlib.h>
47
48policydb_t role_expanded;
49policydb_t user_expanded;
50policydb_t base_expanded2;
51static policydb_t basemod;
52static policydb_t basemod2;
53static policydb_t mod2;
54static policydb_t base_expanded;
55static policydb_t base_only_mod;
56static policydb_t base_only_expanded;
57static policydb_t role_basemod;
58static policydb_t role_mod;
59static policydb_t user_basemod;
60static policydb_t user_mod;
61static policydb_t alias_basemod;
62static policydb_t alias_mod;
63static policydb_t alias_expanded;
64static uint32_t *typemap;
65extern int mls;
66
67/* Takes base, some number of modules, links them, and expands them
68   reads source from myfiles array, which has the base string followed by
69   each module string */
70int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, char **myfiles)
71{
72	char *filename[num_modules + 1];
73	int i;
74
75	for (i = 0; i < num_modules + 1; i++) {
76		filename[i] = calloc(PATH_MAX, sizeof(char));
77		if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
78			return -1;
79	}
80
81	if (policydb_init(mybase)) {
82		fprintf(stderr, "out of memory!\n");
83		return -1;
84	}
85
86	for (i = 0; i < num_modules; i++) {
87		if (policydb_init(mymodules[i])) {
88			fprintf(stderr, "out of memory!\n");
89			return -1;
90		}
91	}
92
93	if (policydb_init(myexpanded)) {
94		fprintf(stderr, "out of memory!\n");
95		return -1;
96	}
97
98	mybase->policy_type = POLICY_BASE;
99	mybase->mls = mls;
100
101	if (read_source_policy(mybase, filename[0], myfiles[0])) {
102		fprintf(stderr, "read source policy failed %s\n", filename[0]);
103		return -1;
104	}
105
106	for (i = 1; i < num_modules + 1; i++) {
107		mymodules[i - 1]->policy_type = POLICY_MOD;
108		mymodules[i - 1]->mls = mls;
109		if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
110			fprintf(stderr, "read source policy failed %s\n", filename[i]);
111			return -1;
112		}
113	}
114
115	if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
116		fprintf(stderr, "link modules failed\n");
117		return -1;
118	}
119
120	if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
121		fprintf(stderr, "expand modules failed\n");
122		return -1;
123	}
124
125	return 0;
126}
127
128int expander_test_init(void)
129{
130	char *small_base_file = "small-base.conf";
131	char *base_only_file = "base-base-only.conf";
132	int rc;
133	policydb_t *mymod2;
134	char *files2[] = { "small-base.conf", "module.conf" };
135	char *role_files[] = { "role-base.conf", "role-module.conf" };
136	char *user_files[] = { "user-base.conf", "user-module.conf" };
137	char *alias_files[] = { "alias-base.conf", "alias-module.conf" };
138
139	rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file);
140	if (rc != 0)
141		return rc;
142
143	mymod2 = &mod2;
144	rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2);
145	if (rc != 0)
146		return rc;
147
148	rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file);
149	if (rc != 0)
150		return rc;
151
152	mymod2 = &role_mod;
153	rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files);
154	if (rc != 0)
155		return rc;
156
157	/* Just init the base for now, until we figure out how to separate out
158	   mls and non-mls tests since users can't be used in mls module */
159	mymod2 = &user_mod;
160	rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files);
161	if (rc != 0)
162		return rc;
163
164	mymod2 = &alias_mod;
165	rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files);
166	if (rc != 0)
167		return rc;
168
169	return 0;
170}
171
172int expander_test_cleanup(void)
173{
174	policydb_destroy(&basemod);
175	policydb_destroy(&base_expanded);
176	free(typemap);
177
178	return 0;
179}
180
181static void test_expander_indexes(void)
182{
183	test_policydb_indexes(&base_expanded);
184}
185
186static void test_expander_alias(void)
187{
188	test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0);
189	test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0);
190	test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0);
191}
192
193int expander_add_tests(CU_pSuite suite)
194{
195	if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) {
196		CU_cleanup_registry();
197		return CU_get_error();
198	}
199
200	if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) {
201		CU_cleanup_registry();
202		return CU_get_error();
203	}
204
205	if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) {
206		CU_cleanup_registry();
207		return CU_get_error();
208	}
209	if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) {
210		CU_cleanup_registry();
211		return CU_get_error();
212	}
213	if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) {
214		CU_cleanup_registry();
215		return CU_get_error();
216	}
217	return 0;
218}
219