1255e72915d4cbddceb435e13d81601755714e9fSE Android/* 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Author: Joshua Brindle <jbrindle@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * 4255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2006 Tresys Technology, LLC 5255e72915d4cbddceb435e13d81601755714e9fSE Android * 6255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 7255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 8255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 9255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 10255e72915d4cbddceb435e13d81601755714e9fSE Android * 11255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 12255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 13255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 15255e72915d4cbddceb435e13d81601755714e9fSE Android * 16255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 17255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 18255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19255e72915d4cbddceb435e13d81601755714e9fSE Android */ 20255e72915d4cbddceb435e13d81601755714e9fSE Android 21255e72915d4cbddceb435e13d81601755714e9fSE Android#include "parse_util.h" 22255e72915d4cbddceb435e13d81601755714e9fSE Android#include "helpers.h" 23255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-common.h" 24255e72915d4cbddceb435e13d81601755714e9fSE Android 25255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/policydb.h> 26255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/link.h> 27255e72915d4cbddceb435e13d81601755714e9fSE Android 28255e72915d4cbddceb435e13d81601755714e9fSE Android#include <CUnit/Basic.h> 29255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stdlib.h> 30255e72915d4cbddceb435e13d81601755714e9fSE Android 31255e72915d4cbddceb435e13d81601755714e9fSE Android/* Tests for roles: 32255e72915d4cbddceb435e13d81601755714e9fSE Android * Test for each of these for 33255e72915d4cbddceb435e13d81601755714e9fSE Android * - role in appropriate symtab (global and decl) 34255e72915d4cbddceb435e13d81601755714e9fSE Android * - datum in the decl symtab has correct type_set 35255e72915d4cbddceb435e13d81601755714e9fSE Android * - scope datum has correct decl ids 36255e72915d4cbddceb435e13d81601755714e9fSE Android * - dominates bitmap is correct 37255e72915d4cbddceb435e13d81601755714e9fSE Android * Tests: 38255e72915d4cbddceb435e13d81601755714e9fSE Android * - role in base, no modules 39255e72915d4cbddceb435e13d81601755714e9fSE Android * - role in base optional, no modules 40255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base, b in module 41255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base and module (additive) 42255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base and 2 module 43255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base optional, b in module 44255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base, b in module optional 45255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base optional, b in module optional 46255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base optional and module 47255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base and module optional 48255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base optional and module optional 49255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a in base optional and 2 modules 50255e72915d4cbddceb435e13d81601755714e9fSE Android * - role a and b in base, b dom a, are types correct (TODO) 51255e72915d4cbddceb435e13d81601755714e9fSE Android */ 52255e72915d4cbddceb435e13d81601755714e9fSE Android 53255e72915d4cbddceb435e13d81601755714e9fSE Android/* this simply tests whether the passed in role only has its own 54255e72915d4cbddceb435e13d81601755714e9fSE Android * value in its dominates ebitmap */ 55255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic void only_dominates_self(policydb_t * p, role_datum_t * role) 56255e72915d4cbddceb435e13d81601755714e9fSE Android{ 57255e72915d4cbddceb435e13d81601755714e9fSE Android ebitmap_node_t *tnode; 58255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned int i; 59255e72915d4cbddceb435e13d81601755714e9fSE Android int found = 0; 60255e72915d4cbddceb435e13d81601755714e9fSE Android 61255e72915d4cbddceb435e13d81601755714e9fSE Android ebitmap_for_each_bit(&role->dominates, tnode, i) { 62255e72915d4cbddceb435e13d81601755714e9fSE Android if (ebitmap_node_get_bit(tnode, i)) { 63255e72915d4cbddceb435e13d81601755714e9fSE Android found++; 64255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT(i == role->s.value - 1); 65255e72915d4cbddceb435e13d81601755714e9fSE Android } 66255e72915d4cbddceb435e13d81601755714e9fSE Android } 67255e72915d4cbddceb435e13d81601755714e9fSE Android CU_ASSERT(found == 1); 68255e72915d4cbddceb435e13d81601755714e9fSE Android} 69255e72915d4cbddceb435e13d81601755714e9fSE Android 70255e72915d4cbddceb435e13d81601755714e9fSE Androidvoid base_role_tests(policydb_t * base) 71255e72915d4cbddceb435e13d81601755714e9fSE Android{ 72255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_decl_t *decl; 73255e72915d4cbddceb435e13d81601755714e9fSE Android role_datum_t *role; 74255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned int decls[2]; 75255e72915d4cbddceb435e13d81601755714e9fSE Android char *types[2]; 76255e72915d4cbddceb435e13d81601755714e9fSE Android 77255e72915d4cbddceb435e13d81601755714e9fSE Android /* These tests look at roles in the base only, the desire is to ensure that 78255e72915d4cbddceb435e13d81601755714e9fSE Android * roles are not destroyed or otherwise removed during the link process */ 79255e72915d4cbddceb435e13d81601755714e9fSE Android 80255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for g_b_role_1 in base and decl 1 (global) ****/ 81255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 82255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "g_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 83255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (g_b_type_1, no negset, no flags) */ 84255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_b_type_1"; 85255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_b_role_1", NULL, types, 1, 0); 86255e72915d4cbddceb435e13d81601755714e9fSE Android /* This role should only dominate itself */ 87255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 88255e72915d4cbddceb435e13d81601755714e9fSE Android 89255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for o1_b_role_1 in optional (decl 2) ****/ 90255e72915d4cbddceb435e13d81601755714e9fSE Android decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"); 91255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = decl->decl_id; 92255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "o1_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 93255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (o1_b_type_1, no negset, no flags) */ 94255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "o1_b_type_1"; 95255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o1_b_role_1", decl, types, 1, 0); 96255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 97255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 98255e72915d4cbddceb435e13d81601755714e9fSE Android} 99255e72915d4cbddceb435e13d81601755714e9fSE Android 100255e72915d4cbddceb435e13d81601755714e9fSE Androidvoid module_role_tests(policydb_t * base) 101255e72915d4cbddceb435e13d81601755714e9fSE Android{ 102255e72915d4cbddceb435e13d81601755714e9fSE Android role_datum_t *role; 103255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_decl_t *decl; 104255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned int decls[2]; 105255e72915d4cbddceb435e13d81601755714e9fSE Android char *types[3]; 106255e72915d4cbddceb435e13d81601755714e9fSE Android 107255e72915d4cbddceb435e13d81601755714e9fSE Android /* These tests are run when the base is linked with 2 modules, 108255e72915d4cbddceb435e13d81601755714e9fSE Android * They should test whether the roles get copied correctly from the 109255e72915d4cbddceb435e13d81601755714e9fSE Android * modules into the base */ 110255e72915d4cbddceb435e13d81601755714e9fSE Android 111255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in module 1 (global) ****/ 112255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 113255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "g_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 114255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */ 115255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_m1_type_1"; 116255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_m1_role_1", NULL, types, 1, 0); 117255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 118255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 119255e72915d4cbddceb435e13d81601755714e9fSE Android 120255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in module 1 (optional) ****/ 121255e72915d4cbddceb435e13d81601755714e9fSE Android decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1"); 122255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = decl->decl_id; 123255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "o1_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1); 124255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (o1_m1_type_1, no negset, no flags) */ 125255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "o1_m1_type_1"; 126255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o1_m1_role_1", decl, types, 1, 0); 127255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 128255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 129255e72915d4cbddceb435e13d81601755714e9fSE Android 130255e72915d4cbddceb435e13d81601755714e9fSE Android /* These test whether the type sets are copied to the right place and 131255e72915d4cbddceb435e13d81601755714e9fSE Android * correctly unioned when they should be */ 132255e72915d4cbddceb435e13d81601755714e9fSE Android 133255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for type added to base role in module 1 (global) ****/ 134255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 135255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 136255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "g_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2); 137255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */ 138255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_b_type_2"; /* added in base when declared */ 139255e72915d4cbddceb435e13d81601755714e9fSE Android types[1] = "g_m1_type_1"; /* added in module */ 140255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_b_role_2", NULL, types, 2, 0); 141255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 142255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 143255e72915d4cbddceb435e13d81601755714e9fSE Android 144255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for type added to base role in module 1 & 2 (global) ****/ 145255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 146255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 147255e72915d4cbddceb435e13d81601755714e9fSE Android decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id; 148255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "g_b_role_3", SYM_ROLES, SCOPE_DECL, decls, 3); 149255e72915d4cbddceb435e13d81601755714e9fSE Android /* make sure it has the correct type set (g_b_type_2, g_m1_type_2, g_m2_type_2, no negset, no flags) */ 150255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_b_type_2"; /* added in base when declared */ 151255e72915d4cbddceb435e13d81601755714e9fSE Android types[1] = "g_m1_type_2"; /* added in module 1 */ 152255e72915d4cbddceb435e13d81601755714e9fSE Android types[2] = "g_m2_type_2"; /* added in module 2 */ 153255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_b_role_3", NULL, types, 3, 0); 154255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 155255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 156255e72915d4cbddceb435e13d81601755714e9fSE Android 157255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in base optional and module 1 (additive) ****/ 158255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id; 159255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 160255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "o1_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2); 161255e72915d4cbddceb435e13d81601755714e9fSE Android /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */ 162255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_m1_type_1"; 163255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o1_b_role_2", NULL, types, 1, 0); 164255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "o1_b_type_1"; 165255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o1_b_role_2", test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"), types, 1, 0); 166255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 167255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 168255e72915d4cbddceb435e13d81601755714e9fSE Android 169255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in base and module 1 optional (additive) ****/ 170255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id; 171255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"))->decl_id; 172255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "g_b_role_4", SYM_ROLES, SCOPE_DECL, decls, 2); 173255e72915d4cbddceb435e13d81601755714e9fSE Android /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */ 174255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_b_type_2"; 175255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_b_role_4", NULL, types, 1, 0); 176255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_m1_type_2"; 177255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "g_b_role_4", test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"), types, 1, 0); 178255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 179255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 180255e72915d4cbddceb435e13d81601755714e9fSE Android 181255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in base and module 1 optional (additive) ****/ 182255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"))->decl_id; 183255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id; 184255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "o3_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 2); 185255e72915d4cbddceb435e13d81601755714e9fSE Android /* this one will have 2 type sets, one in the 3rd base optional and one in the 3rd module optional */ 186255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "o3_b_type_1"; 187255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"), types, 1, 0); 188255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "o3_m1_type_1"; 189255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"), types, 1, 0); 190255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 191255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 192255e72915d4cbddceb435e13d81601755714e9fSE Android 193255e72915d4cbddceb435e13d81601755714e9fSE Android /**** test for role in base and module 1 optional (additive) ****/ 194255e72915d4cbddceb435e13d81601755714e9fSE Android decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id; 195255e72915d4cbddceb435e13d81601755714e9fSE Android decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id; 196255e72915d4cbddceb435e13d81601755714e9fSE Android decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id; 197255e72915d4cbddceb435e13d81601755714e9fSE Android test_sym_presence(base, "o4_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 3); 198255e72915d4cbddceb435e13d81601755714e9fSE Android /* this one will have 2 type sets, one in the global symtab (with both module types) and one in the 4th optional of base */ 199255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_m1_type_1"; 200255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o4_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"), types, 1, 0); 201255e72915d4cbddceb435e13d81601755714e9fSE Android types[0] = "g_m2_type_1"; 202255e72915d4cbddceb435e13d81601755714e9fSE Android types[1] = "g_m1_type_2"; 203255e72915d4cbddceb435e13d81601755714e9fSE Android role = test_role_type_set(base, "o4_b_role_1", NULL, types, 2, 0); 204255e72915d4cbddceb435e13d81601755714e9fSE Android /* and only dominates itself */ 205255e72915d4cbddceb435e13d81601755714e9fSE Android only_dominates_self(base, role); 206255e72915d4cbddceb435e13d81601755714e9fSE Android} 207