113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Copyright (C) 2006 Red Hat 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# see file 'COPYING' for use and warranty information 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# modify it under the terms of the GNU General Public License as 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# published by the Free Software Foundation; version 2 only 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful, 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details. 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport unittest 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport sepolgen.refpolicy as refpolicy 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport selinux 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestIdSet(unittest.TestCase): 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_set_to_str(self): 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet(["read", "write", "getattr"]) 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(s.to_space_str(), "{ read write getattr }") 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet() 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add("read") 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(s.to_space_str(), "read") 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestSecurityContext(unittest.TestCase): 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext("user_u:object_r:foo_t") 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_from_string(self): 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context = "user_u:object_r:foo_t" 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc.from_string(context) 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.user, "user_u") 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.role, "object_r") 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.type, "foo_t") 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.level, None) 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if selinux.is_selinux_mls_enabled(): 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(str(sc), context + ":s0") 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(str(sc), context) 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.to_string(default_level="s1"), context + ":s1") 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context = "user_u:object_r:foo_t:s0-s0:c0-c255" 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc.from_string(context) 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.user, "user_u") 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.role, "object_r") 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.type, "foo_t") 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.level, "s0-s0:c0-c255") 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(str(sc), context) 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc.to_string(), context) 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertRaises(ValueError, sc.from_string, "abc") 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_equal(self): 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t") 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t") 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0") 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t") 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(sc1, sc2) 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertNotEquals(sc1, sc3) 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertNotEquals(sc1, sc4) 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestObjecClass(unittest.TestCase): 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o = refpolicy.ObjectClass(name="file") 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(o.name, "file") 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(o.perms, set)) 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestAVRule(unittest.TestCase): 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.rule_type, a.ALLOW) 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.src_types, set)) 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.tgt_types, set)) 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.obj_classes, set)) 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.perms, set)) 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_to_string(self): 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_t") 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("file") 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("read") 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.to_string(), "allow foo_t bar_t:file read;") 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = a.DONTAUDIT 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("user_t") 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("user_home_t") 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("lnk_file") 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("write") 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This test might need to go because set ordering is not guaranteed 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.to_string(), 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };") 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestTypeRule(unittest.TestCase): 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.TypeRule() 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.rule_type, a.TYPE_TRANSITION) 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.src_types, set)) 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.tgt_types, set)) 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.obj_classes, set)) 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.dest_type, "") 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_to_string(self): 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.TypeRule() 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_exec_t") 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("process") 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.dest_type = "bar_t" 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEquals(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;") 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestParseNode(unittest.TestCase): 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_walktree(self): 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Construct a small tree 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h = refpolicy.Headers() 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_t") 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("file") 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("read") 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall = refpolicy.InterfaceCall(ifname="allow_foobar") 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall.args.append("foo_t") 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall.args.append("{ file dir }") 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.Interface(name="foo") 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(a) 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(ifcall) 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(i) 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = a.DONTAUDIT 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("user_t") 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("user_home_t") 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("lnk_file") 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("write") 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.Interface(name="bar") 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(a) 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(i) 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestHeaders(unittest.TestCase): 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_iter(self): 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h = refpolicy.Headers() 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.Interface(name="foo")) 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.Interface(name="bar")) 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.ClassMap("file", "read write")) 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = 0 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for node in h: 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i += 1 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEqual(i, 3) 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = 0 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for node in h.interfaces(): 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i += 1 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEqual(i, 2) 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 169