113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Copyright (C) 2006 Red Hat 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# see file 'COPYING' for use and warranty information 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# modify it under the terms of the GNU General Public License as 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# published by the Free Software Foundation; version 2 only 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful, 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details. 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport unittest 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport sepolgen.refpolicy as refpolicy 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport selinux 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestIdSet(unittest.TestCase): 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_set_to_str(self): 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet(["read", "write", "getattr"]) 27a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska s = s.to_space_str().split(' ') 28a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska s.sort() 29a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska expected = "{ read write getattr }".split(' ') 30a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska expected.sort() 31a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska self.assertEqual(s, expected) 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet() 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add("read") 34e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(s.to_space_str(), "read") 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestSecurityContext(unittest.TestCase): 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext("user_u:object_r:foo_t") 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_from_string(self): 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context = "user_u:object_r:foo_t" 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc.from_string(context) 45e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.user, "user_u") 46e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.role, "object_r") 47e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.type, "foo_t") 48e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.level, None) 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if selinux.is_selinux_mls_enabled(): 50e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(str(sc), context + ":s0") 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 52e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(str(sc), context) 53e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.to_string(default_level="s1"), context + ":s1") 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context = "user_u:object_r:foo_t:s0-s0:c0-c255" 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc.from_string(context) 58e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.user, "user_u") 59e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.role, "object_r") 60e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.type, "foo_t") 61e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.level, "s0-s0:c0-c255") 62e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(str(sc), context) 63e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc.to_string(), context) 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc = refpolicy.SecurityContext() 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertRaises(ValueError, sc.from_string, "abc") 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_equal(self): 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t") 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t") 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0") 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t") 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 74e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(sc1, sc2) 75e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertNotEqual(sc1, sc3) 76e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertNotEqual(sc1, sc4) 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestObjecClass(unittest.TestCase): 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o = refpolicy.ObjectClass(name="file") 81e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(o.name, "file") 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(o.perms, set)) 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestAVRule(unittest.TestCase): 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 87e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(a.rule_type, a.ALLOW) 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.src_types, set)) 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.tgt_types, set)) 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.obj_classes, set)) 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.perms, set)) 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_to_string(self): 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_t") 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("file") 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("read") 99e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(a.to_string(), "allow foo_t bar_t:file read;") 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = a.DONTAUDIT 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("user_t") 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("user_home_t") 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("lnk_file") 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("write") 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This test might need to go because set ordering is not guaranteed 107a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska a = a.to_string().split(' ') 108a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska a.sort() 109a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska b = "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };".split(' ') 110a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska b.sort() 111a280b06dd9c674a00f2029fc164335610de4737dRobert Kuska self.assertEqual(a, b) 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestTypeRule(unittest.TestCase): 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_init(self): 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.TypeRule() 116e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(a.rule_type, a.TYPE_TRANSITION) 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.src_types, set)) 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.tgt_types, set)) 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertTrue(isinstance(a.obj_classes, set)) 120e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(a.dest_type, "") 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_to_string(self): 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.TypeRule() 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_exec_t") 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("process") 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.dest_type = "bar_t" 128e25d39addcce0bb2fe74a79f4ab6e350b339a876Robert Kuska self.assertEqual(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;") 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestParseNode(unittest.TestCase): 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_walktree(self): 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Construct a small tree 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h = refpolicy.Headers() 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("foo_t") 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("bar_t") 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("file") 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("read") 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall = refpolicy.InterfaceCall(ifname="allow_foobar") 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall.args.append("foo_t") 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ifcall.args.append("{ file dir }") 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.Interface(name="foo") 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(a) 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(ifcall) 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(i) 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = a.DONTAUDIT 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types.add("user_t") 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types.add("user_home_t") 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes.add("lnk_file") 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms.add("write") 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.Interface(name="bar") 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.children.append(a) 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(i) 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass TestHeaders(unittest.TestCase): 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def test_iter(self): 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h = refpolicy.Headers() 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.Interface(name="foo")) 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.Interface(name="bar")) 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle h.children.append(refpolicy.ClassMap("file", "read write")) 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = 0 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for node in h: 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i += 1 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEqual(i, 3) 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = 0 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for node in h.interfaces(): 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i += 1 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle self.assertEqual(i, 2) 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 176