Tree - source-git/policycoreutils

source-git / policycoreutils

Blame python/sepolgen/tests/test_refpolicy.py

Blob History Raw

Packit Service	9fb14c	`# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# Copyright (C) 2006 Red Hat`
Packit Service	9fb14c	`# see file 'COPYING' for use and warranty information`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# This program is free software; you can redistribute it and/or`
Packit Service	9fb14c	`# modify it under the terms of the GNU General Public License as`
Packit Service	9fb14c	`# published by the Free Software Foundation; version 2 only`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# This program is distributed in the hope that it will be useful,`
Packit Service	9fb14c	`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
Packit Service	9fb14c	`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Packit Service	9fb14c	`# GNU General Public License for more details.`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# You should have received a copy of the GNU General Public License`
Packit Service	9fb14c	`# along with this program; if not, write to the Free Software`
Packit Service	9fb14c	`# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`
Packit Service	9fb14c	`#`
Packit Service	9fb14c
Packit Service	9fb14c	`import unittest`
Packit Service	9fb14c	`import sepolgen.refpolicy as refpolicy`
Packit Service	9fb14c	`import sepolgen.access as access`
Packit Service	9fb14c	`import selinux`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestIdSet(unittest.TestCase):`
Packit Service	9fb14c	`def test_set_to_str(self):`
Packit Service	9fb14c	`s = refpolicy.IdSet(["read", "write", "getattr"])`
Packit Service	9fb14c	`s = s.to_space_str().split(' ')`
Packit Service	9fb14c	`s.sort()`
Packit Service	9fb14c	`expected = "{ read write getattr }".split(' ')`
Packit Service	9fb14c	`expected.sort()`
Packit Service	9fb14c	`self.assertEqual(s, expected)`
Packit Service	9fb14c	`s = refpolicy.IdSet()`
Packit Service	9fb14c	`s.add("read")`
Packit Service	9fb14c	`self.assertEqual(s.to_space_str(), "read")`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestXpermSet(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`""" Test that all atttributes are correctly initialized. """`
Packit Service	9fb14c	`s1 = refpolicy.XpermSet()`
Packit Service	9fb14c	`self.assertEqual(s1.complement, False)`
Packit Service	9fb14c	`self.assertEqual(s1.ranges, [])`
Packit Service	9fb14c
Packit Service	9fb14c	`s2 = refpolicy.XpermSet(True)`
Packit Service	9fb14c	`self.assertEqual(s2.complement, True)`
Packit Service	9fb14c	`self.assertEqual(s2.ranges, [])`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_normalize_ranges(self):`
Packit Service	9fb14c	`""" Test that ranges that are overlapping or neighboring are correctly`
Packit Service	9fb14c	`merged into one range. """`
Packit Service	9fb14c	`s = refpolicy.XpermSet()`
Packit Service	9fb14c	`s.ranges = [(1, 7), (5, 10), (100, 110), (102, 107), (200, 205),`
Packit Service	9fb14c	`(205, 210), (300, 305), (306, 310), (400, 405), (407, 410),`
Packit Service	9fb14c	`(500, 502), (504, 508), (500, 510)]`
Packit Service	9fb14c	`s._XpermSet__normalize_ranges()`
Packit Service	9fb14c
Packit Service	9fb14c	`i = 0`
Packit Service	9fb14c	`r = list(sorted(s.ranges))`
Packit Service	9fb14c	`while i < len(r) - 1:`
Packit Service	9fb14c	`# check that range low bound is less than equal than the upper bound`
Packit Service	9fb14c	`self.assertLessEqual(r[i][0], r[i][1])`
Packit Service	9fb14c	`# check that two ranges are not overlapping or neighboring`
Packit Service	9fb14c	`self.assertGreater(r[i + 1][0] - r[i][1], 1)`
Packit Service	9fb14c	`i += 1`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_add(self):`
Packit Service	9fb14c	`""" Test adding new values or ranges to the set. """`
Packit Service	9fb14c	`s = refpolicy.XpermSet()`
Packit Service	9fb14c	`s.add(1, 7)`
Packit Service	9fb14c	`s.add(5, 10)`
Packit Service	9fb14c	`s.add(42)`
Packit Service	9fb14c	`self.assertEqual(s.ranges, [(1,10), (42,42)])`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_extend(self):`
Packit Service	9fb14c	`""" Test adding ranges from another XpermSet object. """`
Packit Service	9fb14c	`a = refpolicy.XpermSet()`
Packit Service	9fb14c	`a.add(1, 7)`
Packit Service	9fb14c
Packit Service	9fb14c	`b = refpolicy.XpermSet()`
Packit Service	9fb14c	`b.add(5, 10)`
Packit Service	9fb14c
Packit Service	9fb14c	`a.extend(b)`
Packit Service	9fb14c	`self.assertEqual(a.ranges, [(1,10)])`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_to_string(self):`
Packit Service	9fb14c	`""" Test printing the values to a string. """`
Packit Service	9fb14c	`a = refpolicy.XpermSet()`
Packit Service	9fb14c	`a.complement = False`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "")`
Packit Service	9fb14c	`a.complement = True`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "")`
Packit Service	9fb14c	`a.add(1234)`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "~ 1234")`
Packit Service	9fb14c	`a.complement = False`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "1234")`
Packit Service	9fb14c	`a.add(2345)`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "{ 1234 2345 }")`
Packit Service	9fb14c	`a.complement = True`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "~ { 1234 2345 }")`
Packit Service	9fb14c	`a.add(42,64)`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")`
Packit Service	9fb14c	`a.complement = False`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestSecurityContext(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`sc = refpolicy.SecurityContext()`
Packit Service	9fb14c	`sc = refpolicy.SecurityContext("user_u:object_r:foo_t")`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_from_string(self):`
Packit Service	9fb14c	`context = "user_u:object_r:foo_t"`
Packit Service	9fb14c	`sc = refpolicy.SecurityContext()`
Packit Service	9fb14c	`sc.from_string(context)`
Packit Service	9fb14c	`self.assertEqual(sc.user, "user_u")`
Packit Service	9fb14c	`self.assertEqual(sc.role, "object_r")`
Packit Service	9fb14c	`self.assertEqual(sc.type, "foo_t")`
Packit Service	9fb14c	`self.assertEqual(sc.level, None)`
Packit Service	9fb14c	`if selinux.is_selinux_mls_enabled():`
Packit Service	9fb14c	`self.assertEqual(str(sc), context + ":s0")`
Packit Service	9fb14c	`else:`
Packit Service	9fb14c	`self.assertEqual(str(sc), context)`
Packit Service	9fb14c	`self.assertEqual(sc.to_string(default_level="s1"), context + ":s1")`
Packit Service	9fb14c
Packit Service	9fb14c	`context = "user_u:object_r:foo_t:s0-s0:c0-c255"`
Packit Service	9fb14c	`sc = refpolicy.SecurityContext()`
Packit Service	9fb14c	`sc.from_string(context)`
Packit Service	9fb14c	`self.assertEqual(sc.user, "user_u")`
Packit Service	9fb14c	`self.assertEqual(sc.role, "object_r")`
Packit Service	9fb14c	`self.assertEqual(sc.type, "foo_t")`
Packit Service	9fb14c	`self.assertEqual(sc.level, "s0-s0:c0-c255")`
Packit Service	9fb14c	`self.assertEqual(str(sc), context)`
Packit Service	9fb14c	`self.assertEqual(sc.to_string(), context)`
Packit Service	9fb14c
Packit Service	9fb14c	`sc = refpolicy.SecurityContext()`
Packit Service	9fb14c	`self.assertRaises(ValueError, sc.from_string, "abc")`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_equal(self):`
Packit Service	9fb14c	`sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t")`
Packit Service	9fb14c	`sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t")`
Packit Service	9fb14c	`sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0")`
Packit Service	9fb14c	`sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t")`
Packit Service	9fb14c
Packit Service	9fb14c	`self.assertEqual(sc1, sc2)`
Packit Service	9fb14c	`self.assertNotEqual(sc1, sc3)`
Packit Service	9fb14c	`self.assertNotEqual(sc1, sc4)`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestObjecClass(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`o = refpolicy.ObjectClass(name="file")`
Packit Service	9fb14c	`self.assertEqual(o.name, "file")`
Packit Service	9fb14c	`self.assertTrue(isinstance(o.perms, set))`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestAVRule(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`a = refpolicy.AVRule()`
Packit Service	9fb14c	`self.assertEqual(a.rule_type, a.ALLOW)`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.src_types, set))`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.tgt_types, set))`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.obj_classes, set))`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.perms, set))`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_to_string(self):`
Packit Service	9fb14c	`a = refpolicy.AVRule()`
Packit Service	9fb14c	`a.src_types.add("foo_t")`
Packit Service	9fb14c	`a.tgt_types.add("bar_t")`
Packit Service	9fb14c	`a.obj_classes.add("file")`
Packit Service	9fb14c	`a.perms.add("read")`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "allow foo_t bar_t:file read;")`
Packit Service	9fb14c
Packit Service	9fb14c	`a.rule_type = a.DONTAUDIT`
Packit Service	9fb14c	`a.src_types.add("user_t")`
Packit Service	9fb14c	`a.tgt_types.add("user_home_t")`
Packit Service	9fb14c	`a.obj_classes.add("lnk_file")`
Packit Service	9fb14c	`a.perms.add("write")`
Packit Service	9fb14c	`# This test might need to go because set ordering is not guaranteed`
Packit Service	9fb14c	`a = a.to_string().split(' ')`
Packit Service	9fb14c	`a.sort()`
Packit Service	9fb14c	`b = "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };".split(' ')`
Packit Service	9fb14c	`b.sort()`
Packit Service	9fb14c	`self.assertEqual(a, b)`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestAVExtRule(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`""" Test initialization of attributes """`
Packit Service	9fb14c	`a = refpolicy.AVExtRule()`
Packit Service	9fb14c	`self.assertEqual(a.rule_type, a.ALLOWXPERM)`
Packit Service	9fb14c	`self.assertIsInstance(a.src_types, set)`
Packit Service	9fb14c	`self.assertIsInstance(a.tgt_types, set)`
Packit Service	9fb14c	`self.assertIsInstance(a.obj_classes, set)`
Packit Service	9fb14c	`self.assertIsNone(a.operation)`
Packit Service	9fb14c	`self.assertIsInstance(a.xperms, refpolicy.XpermSet)`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_rule_type_str(self):`
Packit Service	9fb14c	`""" Test strings returned by __rule_type_str() """`
Packit Service	9fb14c	`a = refpolicy.AVExtRule()`
Packit Service	9fb14c	`self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm")`
Packit Service	9fb14c	`a.rule_type = a.ALLOWXPERM`
Packit Service	9fb14c	`self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm")`
Packit Service	9fb14c	`a.rule_type = a.DONTAUDITXPERM`
Packit Service	9fb14c	`self.assertEqual(a._AVExtRule__rule_type_str(), "dontauditxperm")`
Packit Service	9fb14c	`a.rule_type = a.NEVERALLOWXPERM`
Packit Service	9fb14c	`self.assertEqual(a._AVExtRule__rule_type_str(), "neverallowxperm")`
Packit Service	9fb14c	`a.rule_type = a.AUDITALLOWXPERM`
Packit Service	9fb14c	`self.assertEqual(a._AVExtRule__rule_type_str(), "auditallowxperm")`
Packit Service	9fb14c	`a.rule_type = 42`
Packit Service	9fb14c	`self.assertIsNone(a._AVExtRule__rule_type_str())`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_from_av(self):`
Packit Service	9fb14c	`""" Test creating the rule from an access vector. """`
Packit Service	9fb14c	`av = access.AccessVector(["foo", "bar", "file", "ioctl"])`
Packit Service	9fb14c	`xp = refpolicy.XpermSet()`
Packit Service	9fb14c	`av.xperms = { "ioctl": xp }`
Packit Service	9fb14c
Packit Service	9fb14c	`a = refpolicy.AVExtRule()`
Packit Service	9fb14c
Packit Service	9fb14c	`a.from_av(av, "ioctl")`
Packit Service	9fb14c	`self.assertEqual(a.src_types, {"foo"})`
Packit Service	9fb14c	`self.assertEqual(a.tgt_types, {"bar"})`
Packit Service	9fb14c	`self.assertEqual(a.obj_classes, {"file"})`
Packit Service	9fb14c	`self.assertEqual(a.operation, "ioctl")`
Packit Service	9fb14c	`self.assertIs(a.xperms, xp)`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_from_av_self(self):`
Packit Service	9fb14c	`""" Test creating the rule from an access vector that has same`
Packit Service	9fb14c	`source and target context. """`
Packit Service	9fb14c	`av = access.AccessVector(["foo", "foo", "file", "ioctl"])`
Packit Service	9fb14c	`xp = refpolicy.XpermSet()`
Packit Service	9fb14c	`av.xperms = { "ioctl": xp }`
Packit Service	9fb14c
Packit Service	9fb14c	`a = refpolicy.AVExtRule()`
Packit Service	9fb14c
Packit Service	9fb14c	`a.from_av(av, "ioctl")`
Packit Service	9fb14c	`self.assertEqual(a.src_types, {"foo"})`
Packit Service	9fb14c	`self.assertEqual(a.tgt_types, {"self"})`
Packit Service	9fb14c	`self.assertEqual(a.obj_classes, {"file"})`
Packit Service	9fb14c	`self.assertEqual(a.operation, "ioctl")`
Packit Service	9fb14c	`self.assertIs(a.xperms, xp)`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_to_string(self):`
Packit Service	9fb14c	`""" Test printing the rule to a string. """`
Packit Service	9fb14c	`a = refpolicy.AVExtRule()`
Packit Service	9fb14c	`a._AVExtRule__rule_type_str = lambda: "first"`
Packit Service	9fb14c	`a.src_types.to_space_str = lambda: "second"`
Packit Service	9fb14c	`a.tgt_types.to_space_str = lambda: "third"`
Packit Service	9fb14c	`a.obj_classes.to_space_str = lambda: "fourth"`
Packit Service	9fb14c	`a.operation = "fifth"`
Packit Service	9fb14c	`a.xperms.to_string = lambda: "seventh"`
Packit Service	9fb14c
Packit Service	9fb14c	`self.assertEqual(a.to_string(),`
Packit Service	9fb14c	`"first second third:fourth fifth seventh;")`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestTypeRule(unittest.TestCase):`
Packit Service	9fb14c	`def test_init(self):`
Packit Service	9fb14c	`a = refpolicy.TypeRule()`
Packit Service	9fb14c	`self.assertEqual(a.rule_type, a.TYPE_TRANSITION)`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.src_types, set))`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.tgt_types, set))`
Packit Service	9fb14c	`self.assertTrue(isinstance(a.obj_classes, set))`
Packit Service	9fb14c	`self.assertEqual(a.dest_type, "")`
Packit Service	9fb14c
Packit Service	9fb14c	`def test_to_string(self):`
Packit Service	9fb14c	`a = refpolicy.TypeRule()`
Packit Service	9fb14c	`a.src_types.add("foo_t")`
Packit Service	9fb14c	`a.tgt_types.add("bar_exec_t")`
Packit Service	9fb14c	`a.obj_classes.add("process")`
Packit Service	9fb14c	`a.dest_type = "bar_t"`
Packit Service	9fb14c	`self.assertEqual(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;")`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`class TestParseNode(unittest.TestCase):`
Packit Service	9fb14c	`def test_walktree(self):`
Packit Service	9fb14c	`# Construct a small tree`
Packit Service	9fb14c	`h = refpolicy.Headers()`
Packit Service	9fb14c	`a = refpolicy.AVRule()`
Packit Service	9fb14c	`a.src_types.add("foo_t")`
Packit Service	9fb14c	`a.tgt_types.add("bar_t")`
Packit Service	9fb14c	`a.obj_classes.add("file")`
Packit Service	9fb14c	`a.perms.add("read")`
Packit Service	9fb14c
Packit Service	9fb14c	`ifcall = refpolicy.InterfaceCall(ifname="allow_foobar")`
Packit Service	9fb14c	`ifcall.args.append("foo_t")`
Packit Service	9fb14c	`ifcall.args.append("{ file dir }")`
Packit Service	9fb14c
Packit Service	9fb14c	`i = refpolicy.Interface(name="foo")`
Packit Service	9fb14c	`i.children.append(a)`
Packit Service	9fb14c	`i.children.append(ifcall)`
Packit Service	9fb14c	`h.children.append(i)`
Packit Service	9fb14c
Packit Service	9fb14c	`a = refpolicy.AVRule()`
Packit Service	9fb14c	`a.rule_type = a.DONTAUDIT`
Packit Service	9fb14c	`a.src_types.add("user_t")`
Packit Service	9fb14c	`a.tgt_types.add("user_home_t")`
Packit Service	9fb14c	`a.obj_classes.add("lnk_file")`
Packit Service	9fb14c	`a.perms.add("write")`
Packit Service	9fb14c	`i = refpolicy.Interface(name="bar")`
Packit Service	9fb14c	`i.children.append(a)`
Packit Service	9fb14c	`h.children.append(i)`
Packit Service	9fb14c
Packit Service	9fb14c	`class TestHeaders(unittest.TestCase):`
Packit Service	9fb14c	`def test_iter(self):`
Packit Service	9fb14c	`h = refpolicy.Headers()`
Packit Service	9fb14c	`h.children.append(refpolicy.Interface(name="foo"))`
Packit Service	9fb14c	`h.children.append(refpolicy.Interface(name="bar"))`
Packit Service	9fb14c	`h.children.append(refpolicy.ClassMap("file", "read write"))`
Packit Service	9fb14c	`i = 0`
Packit Service	9fb14c	`for node in h:`
Packit Service	9fb14c	`i += 1`
Packit Service	9fb14c	`self.assertEqual(i, 3)`
Packit Service	9fb14c
Packit Service	9fb14c	`i = 0`
Packit Service	9fb14c	`for node in h.interfaces():`
Packit Service	9fb14c	`i += 1`
Packit Service	9fb14c	`self.assertEqual(i, 2)`
Packit Service	9fb14c

source-git / policycoreutils

Source Code

Blame python/sepolgen/tests/test_refpolicy.py