test_access.py revision 13cd4c8960688af11ad23b4c946149015c80d549
1# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 2# 3# Copyright (C) 2006 Red Hat 4# see file 'COPYING' for use and warranty information 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; version 2 only 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program; if not, write to the Free Software 17# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18# 19 20import unittest 21import sepolgen.refpolicy as refpolicy 22import sepolgen.refparser as refparser 23import sepolgen.policygen as policygen 24import sepolgen.access as access 25 26class TestAccessVector(unittest.TestCase): 27 def test_init(self): 28 # Default construction 29 a = access.AccessVector() 30 self.assertEqual(a.src_type, None) 31 self.assertEqual(a.tgt_type, None) 32 self.assertEqual(a.obj_class, None) 33 self.assertTrue(isinstance(a.perms, refpolicy.IdSet)) 34 self.assertTrue(isinstance(a.audit_msgs, type([]))) 35 self.assertEquals(len(a.audit_msgs), 0) 36 37 # Construction from a list 38 a = access.AccessVector() 39 a.src_type = "foo" 40 a.tgt_type = "bar" 41 a.obj_class = "file" 42 a.perms.update(["read", "write"]) 43 44 l = access.AccessVector(['foo', 'bar', 'file', 'read', 'write']) 45 self.assertEqual(a.src_type, l.src_type) 46 self.assertEqual(a.tgt_type, l.tgt_type) 47 self.assertEqual(a.obj_class, l.obj_class) 48 self.assertEqual(a.perms, l.perms) 49 50 def test_from_list(self): 51 a = access.AccessVector() 52 a.src_type = "foo" 53 a.tgt_type = "bar" 54 a.obj_class = "file" 55 a.perms.update(["read", "write"]) 56 57 l = access.AccessVector() 58 l.from_list(['foo', 'bar', 'file', 'read', 'write']) 59 self.assertEqual(a.src_type, l.src_type) 60 self.assertEqual(a.tgt_type, l.tgt_type) 61 self.assertEqual(a.obj_class, l.obj_class) 62 self.assertEqual(a.perms, l.perms) 63 64 def test_to_list(self): 65 a = access.AccessVector() 66 a.src_type = "foo" 67 a.tgt_type = "bar" 68 a.obj_class = "file" 69 a.perms.update(["read", "write"]) 70 71 l = a.to_list() 72 self.assertEqual(l[0], "foo") 73 self.assertEqual(l[1], "bar") 74 self.assertEqual(l[2], "file") 75 self.assertEqual(l[3], "read") 76 self.assertEqual(l[4], "write") 77 78 def test_to_string(self): 79 a = access.AccessVector() 80 a.src_type = "foo" 81 a.tgt_type = "bar" 82 a.obj_class = "file" 83 a.perms.update(["read", "write"]) 84 85 self.assertEquals(str(a), "allow foo bar : file { read write };") 86 self.assertEquals(a.to_string(), "allow foo bar : file { read write };") 87 88 def test_cmp(self): 89 a = access.AccessVector() 90 a.src_type = "foo" 91 a.tgt_type = "bar" 92 a.obj_class = "file" 93 a.perms.update(["read", "write"]) 94 95 b = access.AccessVector() 96 b.src_type = "foo" 97 b.tgt_type = "bar" 98 b.obj_class = "file" 99 b.perms.update(["read", "write"]) 100 101 self.assertEquals(a, b) 102 103 # Source Type 104 b.src_type = "baz" 105 self.assertEquals(cmp(a, b), 1) 106 107 b.src_type = "gaz" 108 self.assertEquals(cmp(a, b), -1) 109 110 # Target Type 111 b.src_type = "foo" 112 b.tgt_type = "aar" 113 self.assertEquals(cmp(a, b), 1) 114 115 b.tgt_type = "gaz" 116 self.assertEquals(cmp(a, b), -1) 117 118 # Perms 119 b.tgt_type = "bar" 120 b.perms = refpolicy.IdSet(["read"]) 121 ret = cmp(a, b) 122 self.assertEquals(ret, 1) 123 124 b.perms = refpolicy.IdSet(["read", "write", "append"]) 125 ret = cmp(a, b) 126 self.assertEquals(ret, -1) 127 128 b.perms = refpolicy.IdSet(["read", "append"]) 129 ret = cmp(a, b) 130 self.assertEquals(ret, 1) 131 132class TestUtilFunctions(unittest.TestCase): 133 def test_is_idparam(self): 134 self.assertTrue(access.is_idparam("$1")) 135 self.assertTrue(access.is_idparam("$2")) 136 self.assertTrue(access.is_idparam("$123")) 137 self.assertFalse(access.is_idparam("$123.23")) 138 self.assertFalse(access.is_idparam("$A")) 139 140 def test_avrule_to_access_vectors(self): 141 rule = refpolicy.AVRule() 142 rule.src_types.add("foo") 143 rule.src_types.add("baz") 144 rule.tgt_types.add("bar") 145 rule.tgt_types.add("what") 146 rule.obj_classes.add("file") 147 rule.obj_classes.add("dir") 148 rule.perms.add("read") 149 rule.perms.add("write") 150 151 avs = access.avrule_to_access_vectors(rule) 152 self.assertEquals(len(avs), 8) 153 comps = [("foo", "what", "dir"), 154 ("foo", "what", "file"), 155 ("foo", "bar", "dir"), 156 ("foo", "bar", "file"), 157 ("baz", "what", "dir"), 158 ("baz", "what", "file"), 159 ("baz", "bar", "dir"), 160 ("baz", "bar", "file")] 161 status = [False] * 8 162 for av in access.avrule_to_access_vectors(rule): 163 self.assertEquals(av.perms, refpolicy.IdSet(["read", "write"])) 164 for i in xrange(len(comps)): 165 if comps[i][0] == av.src_type and \ 166 comps[i][1] == av.tgt_type and \ 167 comps[i][2] == av.obj_class: 168 status[i] = True 169 170 for s in status: 171 self.assertEquals(s, True) 172 173 174class TestAccessVectorSet(unittest.TestCase): 175 def setUp(self): 176 rule = refpolicy.AVRule() 177 rule.src_types.add("foo") 178 rule.src_types.add("baz") 179 rule.tgt_types.add("bar") 180 rule.tgt_types.add("what") 181 rule.obj_classes.add("file") 182 rule.obj_classes.add("dir") 183 rule.perms.add("read") 184 rule.perms.add("write") 185 186 s = access.AccessVectorSet() 187 avs = access.avrule_to_access_vectors(rule) 188 for av in avs: 189 s.add_av(av) 190 self.s = s 191 192 def test_init(self): 193 a = access.AccessVectorSet() 194 195 def test_iter(self): 196 comps = [("foo", "what", "dir"), 197 ("foo", "what", "file"), 198 ("foo", "bar", "dir"), 199 ("foo", "bar", "file"), 200 ("baz", "what", "dir"), 201 ("baz", "what", "file"), 202 ("baz", "bar", "dir"), 203 ("baz", "bar", "file")] 204 status = [False] * 8 205 for av in self.s: 206 self.assertEquals(av.perms, refpolicy.IdSet(["read", "write"])) 207 for i in xrange(len(comps)): 208 if comps[i][0] == av.src_type and \ 209 comps[i][1] == av.tgt_type and \ 210 comps[i][2] == av.obj_class: 211 status[i] = True 212 213 for s in status: 214 self.assertEquals(s, True) 215 216 def test_len(self): 217 self.assertEquals(len(self.s), 8) 218 219 def test_list(self): 220 a = access.AccessVectorSet() 221 a.add("$1", "foo", "file", refpolicy.IdSet(["read", "write"])) 222 a.add("$1", "bar", "file", refpolicy.IdSet(["read", "write"])) 223 a.add("what", "bar", "file", refpolicy.IdSet(["read", "write"])) 224 225 avl = a.to_list() 226 227 test_l = [['what','bar','file','read','write'], 228 ['$1','foo','file','read','write'], 229 ['$1','bar','file','read','write']] 230 231 for a,b in zip(test_l, avl): 232 self.assertEqual(len(a), len(b)) 233 for x,y in zip(a,b): 234 self.assertEqual(x, y) 235 236 b = access.AccessVectorSet() 237 b.from_list(avl) 238 self.assertEqual(len(b), 3) 239