Home | History | Annotate | Download | only in unit 
      1 /*
      2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are met:
      6  *
      7  *    1. Redistributions of source code must retain the above copyright notice,
      8  *       this list of conditions and the following disclaimer.
      9  *
     10  *    2. Redistributions in binary form must reproduce the above copyright notice,
     11  *       this list of conditions and the following disclaimer in the documentation
     12  *       and/or other materials provided with the distribution.
     13  *
     14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
     15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
     18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
     19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
     21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
     22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  *
     25  * The views and conclusions contained in the software and documentation are those
     26  * of the authors and should not be interpreted as representing official policies,
     27  * either expressed or implied, of Tresys Technology, LLC.
     28  */
     29 
     30 #include <sepol/policydb/policydb.h>
     31 
     32 #include "CuTest.h"
     33 #include "CilTest.h"
     34 
     35 #include "../../src/cil_build_ast.h"
     36 #include "../../src/cil_resolve_ast.h"
     37 #include "../../src/cil_verify.h"
     38 #include "../../src/cil_internal.h"
     39 
     40 /* this all needs to be moved to a private header file */
     41 int __cil_resolve_ast_node_helper(struct cil_tree_node *, uint32_t *, void *);
     42 int __cil_disable_children_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *);
     43 
     44 struct cil_args_resolve {
     45 	struct cil_db *db;
     46 	enum cil_pass pass;
     47 	uint32_t *changed;
     48 	struct cil_tree_node *callstack;
     49 	struct cil_tree_node *optstack;
     50 	struct cil_tree_node *macro;
     51 };
     52 
     53 struct cil_args_resolve *gen_resolve_args(struct cil_db *db, enum cil_pass pass, uint32_t *changed, struct cil_tree_node *calls, struct cil_tree_node *opts, struct cil_tree_node *macro)
     54 {
     55 	struct cil_args_resolve *args = cil_malloc(sizeof(*args));
     56 	args->db = db;
     57 	args->pass = pass;
     58 	args->changed = changed;
     59 	args->callstack = calls;
     60 	args->optstack = opts;
     61 	args->macro = macro;
     62 
     63 	return args;
     64 }
     65 
     66 void test_cil_resolve_name(CuTest *tc) {
     67 	char *line[] = { "(", "block", "foo",
     68 				"(", "typealias", "test", "type_t", ")",
     69 				"(", "type", "test", ")", ")", NULL};
     70 
     71 	struct cil_tree *test_tree;
     72 	gen_test_tree(&test_tree, line);
     73 
     74 	struct cil_db *test_db;
     75 	cil_db_init(&test_db);
     76 
     77 	uint32_t changed = CIL_FALSE;
     78 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
     79 
     80 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
     81 
     82 	struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
     83 	struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
     84 	struct cil_tree_node *type_node = NULL;
     85 
     86 	int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
     87 	CuAssertIntEquals(tc, SEPOL_OK, rc);
     88 }
     89 
     90 void test_cil_resolve_name_invalid_type_neg(CuTest *tc) {
     91 	char *line[] = { "(", "block", "foo",
     92 				"(", "typealias", "foo.test2", "type_t", ")",
     93 				"(", "type", "test", ")", ")", NULL};
     94 
     95 	struct cil_tree *test_tree;
     96 	gen_test_tree(&test_tree, line);
     97 
     98 	struct cil_db *test_db;
     99 	cil_db_init(&test_db);
    100 
    101 	uint32_t changed = CIL_FALSE;
    102 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    103 
    104 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    105 
    106 	struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
    107 	struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
    108 	struct cil_tree_node *type_node = NULL;
    109 
    110 	int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
    111 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    112 }
    113 
    114 void test_cil_resolve_ast_curr_null_neg(CuTest *tc) {
    115 	struct cil_db *test_db;
    116 	cil_db_init(&test_db);
    117 
    118 	test_db->ast->root = NULL;
    119 
    120 	int rc = cil_resolve_ast(test_db, test_db->ast->root);
    121 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    122 }
    123 
    124 
    125 /*
    126 	cil_resolve test cases
    127 */
    128 
    129 void test_cil_resolve_roleallow(CuTest *tc) {
    130 	char *line[] = {"(", "role", "foo", ")", \
    131 			"(", "role", "bar", ")", \
    132 			"(", "roleallow", "foo", "bar", ")", NULL};
    133 
    134 	struct cil_tree *test_tree;
    135 	gen_test_tree(&test_tree, line);
    136 
    137 	struct cil_db *test_db;
    138 	cil_db_init(&test_db);
    139 
    140 	uint32_t changed = CIL_FALSE;
    141 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    142 
    143 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    144 
    145 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next->next, args);
    146 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    147 }
    148 
    149 void test_cil_resolve_roleallow_srcdecl_neg(CuTest *tc) {
    150 	char *line[] = {"(", "role", "bar", ")", \
    151 			"(", "roleallow", "foo", "bar", ")", NULL};
    152 
    153 	struct cil_tree *test_tree;
    154 	gen_test_tree(&test_tree, line);
    155 
    156 	struct cil_db *test_db;
    157 	cil_db_init(&test_db);
    158 
    159 	uint32_t changed = CIL_FALSE;
    160 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    161 
    162 	int rc1=cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    163 	rc1 = rc1;
    164 
    165 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
    166 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    167 }
    168 
    169 void test_cil_resolve_roleallow_tgtdecl_neg(CuTest *tc) {
    170 	char *line[] = {"(", "role", "foo", ")", \
    171 			"(", "roleallow", "foo", "bar", ")", NULL};
    172 
    173 	struct cil_tree *test_tree;
    174 	gen_test_tree(&test_tree, line);
    175 
    176 	struct cil_db *test_db;
    177 	cil_db_init(&test_db);
    178 
    179 	uint32_t changed = CIL_FALSE;
    180 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    181 
    182 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    183 
    184 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
    185 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    186 }
    187 
    188 void test_cil_resolve_classmapping_anon(CuTest *tc) {
    189 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
    190 			"(", "classmap", "files", "(", "read", ")", ")",
    191 			"(", "classmapping", "files", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
    192 
    193 	struct cil_tree *test_tree;
    194 	gen_test_tree(&test_tree, line);
    195 
    196 	struct cil_db *test_db;
    197 	cil_db_init(&test_db);
    198 
    199 	uint32_t changed = CIL_FALSE;
    200 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    201 
    202 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    203 
    204 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
    205 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    206 }
    207 
    208 void test_cil_resolve_classmapping_anon_inmacro(CuTest *tc) {
    209 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
    210 			"(", "class", "file", "(", "open", ")", ")",
    211 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
    212 				"(", "classmapping", "files", "read", "a", ")", ")",
    213 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
    214 
    215 	struct cil_tree *test_tree;
    216 	gen_test_tree(&test_tree, line);
    217 
    218 	struct cil_db *test_db;
    219 	cil_db_init(&test_db);
    220 
    221 	uint32_t changed = CIL_FALSE;
    222 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
    223 
    224 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    225 
    226 	args->pass = CIL_PASS_CALL1;
    227 
    228 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
    229 
    230 	args->pass = CIL_PASS_CALL2;
    231 
    232 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
    233 
    234 	args->pass = CIL_PASS_MISC3;
    235 	args->callstack = test_db->ast->root->cl_head->next->next->next;
    236 
    237 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
    238 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    239 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
    240 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
    241 }
    242 
    243 void test_cil_resolve_classmapping_anon_inmacro_neg(CuTest *tc) {
    244 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
    245 			"(", "class", "file", "(", "open", ")", ")",
    246 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
    247 				"(", "classmapping", "files", "read", "a", ")", ")",
    248 			"(", "call", "mm", "(", "(", "DNE", "(", "open", ")", ")", ")", ")", NULL};
    249 
    250 	struct cil_tree *test_tree;
    251 	gen_test_tree(&test_tree, line);
    252 
    253 	struct cil_db *test_db;
    254 	cil_db_init(&test_db);
    255 
    256 	uint32_t changed = CIL_FALSE;
    257 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
    258 
    259 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    260 
    261 	args->pass = CIL_PASS_CALL1;
    262 
    263 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
    264 
    265 	args->pass = CIL_PASS_CALL2;
    266 
    267 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
    268 
    269 	args->pass = CIL_PASS_MISC3;
    270 	args->callstack = test_db->ast->root->cl_head->next->next->next;
    271 
    272 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
    273 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    274 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
    275 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
    276 }
    277 
    278 void test_cil_resolve_classmapping_named(CuTest *tc) {
    279 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
    280 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
    281 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
    282 
    283 	struct cil_tree *test_tree;
    284 	gen_test_tree(&test_tree, line);
    285 
    286 	struct cil_db *test_db;
    287 	cil_db_init(&test_db);
    288 
    289 	uint32_t changed = CIL_FALSE;
    290 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    291 
    292 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    293 
    294 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
    295 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    296 }
    297 
    298 void test_cil_resolve_classmapping_named_classmapname_neg(CuTest *tc) {
    299 	char *line[] = {"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
    300 			"(", "classmap", "files", "(", "read", ")", ")",
    301 			"(", "classmapping", "files", "read", "foo", ")", NULL};
    302 
    303 	struct cil_tree *test_tree;
    304 	gen_test_tree(&test_tree, line);
    305 
    306 	struct cil_db *test_db;
    307 	cil_db_init(&test_db);
    308 
    309 	uint32_t changed = CIL_FALSE;
    310 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    311 
    312 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    313 
    314 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
    315 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    316 }
    317 
    318 void test_cil_resolve_classmapping_anon_classmapname_neg(CuTest *tc) {
    319 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
    320 			"(", "classmap", "files", "(", "read", ")", ")",
    321 			"(", "classmapping", "dne", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
    322 
    323 	struct cil_tree *test_tree;
    324 	gen_test_tree(&test_tree, line);
    325 
    326 	struct cil_db *test_db;
    327 	cil_db_init(&test_db);
    328 
    329 	uint32_t changed = CIL_FALSE;
    330 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    331 
    332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    333 
    334 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
    335 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    336 }
    337 
    338 void test_cil_resolve_classmapping_anon_permset_neg(CuTest *tc) {
    339 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
    340 			"(", "classmap", "files", "(", "read", ")", ")",
    341 			"(", "classmapping", "files", "read", "(", "dne", "(", "open", ")", ")", ")", NULL};
    342 
    343 	struct cil_tree *test_tree;
    344 	gen_test_tree(&test_tree, line);
    345 
    346 	struct cil_db *test_db;
    347 	cil_db_init(&test_db);
    348 
    349 	uint32_t changed = CIL_FALSE;
    350 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    351 
    352 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    353 
    354 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
    355 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    356 }
    357 
    358 void test_cil_resolve_rolebounds(CuTest *tc) {
    359 	char *line[] = {"(", "role", "role1", ")",
    360 			"(", "role", "role2", ")",
    361 			"(", "rolebounds", "role1", "role2", ")", NULL};
    362 
    363 	struct cil_tree *test_tree;
    364 	gen_test_tree(&test_tree, line);
    365 
    366 	struct cil_db *test_db;
    367 	cil_db_init(&test_db);
    368 
    369 	uint32_t changed = CIL_FALSE;
    370 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    371 
    372 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    373 
    374 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
    375 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    376 }
    377 
    378 void test_cil_resolve_rolebounds_exists_neg(CuTest *tc) {
    379 	char *line[] = {"(", "role", "role1", ")",
    380 			"(", "role", "role2", ")",
    381 			"(", "rolebounds", "role1", "role2", ")", NULL};
    382 
    383 	struct cil_tree *test_tree;
    384 	gen_test_tree(&test_tree, line);
    385 
    386 	struct cil_db *test_db;
    387 	cil_db_init(&test_db);
    388 
    389 	uint32_t changed = CIL_FALSE;
    390 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    391 
    392 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    393 
    394 	cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
    395 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
    396 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    397 }
    398 
    399 void test_cil_resolve_rolebounds_role1_neg(CuTest *tc) {
    400 	char *line[] = {"(", "role", "role1", ")",
    401 			"(", "role", "role2", ")",
    402 			"(", "rolebounds", "role_DNE", "role2", ")", NULL};
    403 
    404 	struct cil_tree *test_tree;
    405 	gen_test_tree(&test_tree, line);
    406 
    407 	struct cil_db *test_db;
    408 	cil_db_init(&test_db);
    409 
    410 	uint32_t changed = CIL_FALSE;
    411 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    412 
    413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    414 
    415 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
    416 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    417 }
    418 
    419 void test_cil_resolve_rolebounds_role2_neg(CuTest *tc) {
    420 	char *line[] = {"(", "role", "role1", ")",
    421 			"(", "role", "role2", ")",
    422 			"(", "rolebounds", "role1", "role_DNE", ")", NULL};
    423 
    424 	struct cil_tree *test_tree;
    425 	gen_test_tree(&test_tree, line);
    426 
    427 	struct cil_db *test_db;
    428 	cil_db_init(&test_db);
    429 
    430 	uint32_t changed = CIL_FALSE;
    431 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    432 
    433 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    434 
    435 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
    436 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    437 }
    438 
    439 void test_cil_resolve_sensalias(CuTest *tc) {
    440 	char *line[] = {"(", "sensitivity", "s0", ")",
    441 			"(", "sensitivityalias", "s0", "alias", ")", NULL};
    442 
    443 	struct cil_tree *test_tree;
    444 	gen_test_tree(&test_tree, line);
    445 
    446 	struct cil_db *test_db;
    447 	cil_db_init(&test_db);
    448 
    449 	uint32_t changed = CIL_FALSE;
    450 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    451 
    452 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    453 
    454 	int rc = cil_resolve_sensalias(test_db->ast->root->cl_head->next, args);
    455 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    456 }
    457 
    458 void test_cil_resolve_sensalias_sensdecl_neg(CuTest *tc) {
    459 	char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
    460 
    461 	struct cil_tree *test_tree;
    462 	gen_test_tree(&test_tree, line);
    463 
    464 	struct cil_db *test_db;
    465 	cil_db_init(&test_db);
    466 
    467 	uint32_t changed = CIL_FALSE;
    468 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    469 
    470 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    471 
    472 	int rc = cil_resolve_sensalias(test_db->ast->root->cl_head, args);
    473 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    474 }
    475 
    476 void test_cil_resolve_catalias(CuTest *tc) {
    477 	char *line[] = {"(", "category", "c0", ")",
    478 			"(", "categoryalias", "c0", "red", ")", NULL};
    479 
    480 	struct cil_tree *test_tree;
    481 	gen_test_tree(&test_tree, line);
    482 
    483 	struct cil_db *test_db;
    484 	cil_db_init(&test_db);
    485 
    486 	uint32_t changed = CIL_FALSE;
    487 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    488 
    489 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    490 
    491 	int rc = cil_resolve_catalias(test_db->ast->root->cl_head->next, args);
    492 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    493 }
    494 
    495 void test_cil_resolve_catalias_catdecl_neg(CuTest *tc) {
    496 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
    497 
    498 	struct cil_tree *test_tree;
    499 	gen_test_tree(&test_tree, line);
    500 
    501 	struct cil_db *test_db;
    502 	cil_db_init(&test_db);
    503 
    504 	uint32_t changed = CIL_FALSE;
    505 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
    506 
    507 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    508 
    509 	int rc = cil_resolve_catalias(test_db->ast->root->cl_head, args);
    510 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    511 }
    512 
    513 void test_cil_resolve_catorder(CuTest *tc) {
    514 	char *line[] = {"(", "category", "c0", ")",
    515 			"(", "category", "c3", ")",
    516 			"(", "categoryorder", "(", "c0", "c3", ")", NULL};
    517 
    518 	struct cil_tree *test_tree;
    519 	gen_test_tree(&test_tree, line);
    520 
    521 	struct cil_db *test_db;
    522 	cil_db_init(&test_db);
    523 
    524 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    525 
    526 	uint32_t changed = CIL_FALSE;
    527 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    528 
    529 	int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    530 	int rc2 = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    531 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    532 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
    533 }
    534 
    535 void test_cil_resolve_catorder_neg(CuTest *tc) {
    536 	char *line[] = {"(", "category", "c0", ")",
    537 			"(", "category", "c3", ")",
    538 			"(", "categoryorder", "(", "c5", ")", ")", NULL};
    539 
    540 	struct cil_tree *test_tree;
    541 	gen_test_tree(&test_tree, line);
    542 
    543 	struct cil_db *test_db;
    544 	cil_db_init(&test_db);
    545 
    546 	uint32_t changed = CIL_FALSE;
    547 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    548 
    549 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    550 
    551 	int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    552 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    553 }
    554 
    555 void test_cil_resolve_dominance(CuTest *tc) {
    556 	char *line[] = {"(", "sensitivity", "s0", ")",
    557 			"(", "sensitivity", "s1", ")",
    558 			"(", "sensitivity", "s2", ")",
    559 			"(", "dominance", "(", "s0", "s1", ")", NULL};
    560 
    561 	struct cil_tree *test_tree;
    562 	gen_test_tree(&test_tree, line);
    563 
    564 	struct cil_db *test_db;
    565 	cil_db_init(&test_db);
    566 
    567 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    568 
    569 	uint32_t changed = CIL_FALSE;
    570 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    571 
    572 	int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
    573 	int rc2 = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
    574 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    575 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
    576 }
    577 
    578 void test_cil_resolve_dominance_neg(CuTest *tc) {
    579 	char *line[] = {"(", "sensitivity", "s0", ")",
    580 			"(", "sensitivity", "s1", ")",
    581 			"(", "sensitivity", "s2", ")",
    582 			"(", "dominance", "(", "s6", ")", ")", NULL};
    583 
    584 	struct cil_tree *test_tree;
    585 	gen_test_tree(&test_tree, line);
    586 
    587 	struct cil_db *test_db;
    588 	cil_db_init(&test_db);
    589 
    590 	uint32_t changed = CIL_FALSE;
    591 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    592 
    593 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    594 
    595 	int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
    596 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    597 }
    598 
    599 void test_cil_resolve_cat_list(CuTest *tc) {
    600 	char *line[] = {"(", "category", "c0", ")",
    601 			"(", "category", "c1", ")",
    602 			"(", "category", "c2", ")",
    603 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
    604 
    605 	struct cil_tree *test_tree;
    606 	gen_test_tree(&test_tree, line);
    607 
    608 	struct cil_db *test_db;
    609 	cil_db_init(&test_db);
    610 
    611 	uint32_t changed = CIL_FALSE;
    612 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    613 
    614 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    615 
    616 	struct cil_list *test_cat_list;
    617 	cil_list_init(&test_cat_list);
    618 
    619 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
    620 
    621 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    622 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    623 }
    624 
    625 void test_cil_resolve_cat_list_catlistnull_neg(CuTest *tc) {
    626 	char *line[] = {"(", "category", "c0", ")",
    627 			"(", "category", "c1", ")",
    628 			"(", "category", "c2", ")",
    629 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
    630 
    631 	struct cil_tree *test_tree;
    632 	gen_test_tree(&test_tree, line);
    633 
    634 	struct cil_db *test_db;
    635 	cil_db_init(&test_db);
    636 
    637 	uint32_t changed = CIL_FALSE;
    638 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    639 
    640 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    641 
    642 	struct cil_list *test_cat_list;
    643 	cil_list_init(&test_cat_list);
    644 
    645 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
    646 	test_catset->cat_list_str = NULL;
    647 
    648 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    649 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    650 }
    651 
    652 void test_cil_resolve_cat_list_rescatlistnull_neg(CuTest *tc) {
    653 	char *line[] = {"(", "category", "c0", ")",
    654 			"(", "category", "c1", ")",
    655 			"(", "category", "c2", ")",
    656 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
    657 
    658 	struct cil_tree *test_tree;
    659 	gen_test_tree(&test_tree, line);
    660 
    661 	struct cil_db *test_db;
    662 	cil_db_init(&test_db);
    663 
    664 	uint32_t changed = CIL_FALSE;
    665 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    666 
    667 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    668 
    669 	struct cil_list *test_cat_list = NULL;
    670 
    671 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
    672 
    673 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    674 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    675 }
    676 
    677 void test_cil_resolve_cat_list_catrange(CuTest *tc) {
    678 	char *line[] = {"(", "category", "c0", ")",
    679 			"(", "category", "c1", ")",
    680 			"(", "category", "c2", ")",
    681 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
    682 			"(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
    683 
    684 	struct cil_tree *test_tree;
    685 	gen_test_tree(&test_tree, line);
    686 
    687 	struct cil_db *test_db;
    688 	cil_db_init(&test_db);
    689 
    690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    691 
    692 	uint32_t changed = CIL_FALSE;
    693 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    694 
    695 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
    696 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    697 
    698 	struct cil_list *test_cat_list;
    699 	cil_list_init(&test_cat_list);
    700 
    701 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
    702 
    703 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    704 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    705 }
    706 
    707 void test_cil_resolve_cat_list_catrange_neg(CuTest *tc) {
    708 	char *line[] = {"(", "category", "c0", ")",
    709 			"(", "category", "c1", ")",
    710 			"(", "category", "c2", ")",
    711 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
    712 			"(", "categoryset", "somecats", "(", "c0", "(", "c2", "c1", ")", ")", ")", NULL};
    713 
    714 	struct cil_tree *test_tree;
    715 	gen_test_tree(&test_tree, line);
    716 
    717 	struct cil_db *test_db;
    718 	cil_db_init(&test_db);
    719 
    720 	uint32_t changed = CIL_FALSE;
    721 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    722 
    723 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    724 
    725 	struct cil_list *test_cat_list;
    726 	cil_list_init(&test_cat_list);
    727 
    728 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
    729 
    730 	args->pass = CIL_PASS_MLS;
    731 
    732 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
    733 
    734 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    735 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    736 }
    737 
    738 void test_cil_resolve_cat_list_catname_neg(CuTest *tc) {
    739 	char *line[] = {"(", "category", "c5", ")",
    740 			"(", "category", "c6", ")",
    741 			"(", "category", "c7", ")",
    742 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
    743 			"(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
    744 
    745 	struct cil_tree *test_tree;
    746 	gen_test_tree(&test_tree, line);
    747 
    748 	struct cil_db *test_db;
    749 	cil_db_init(&test_db);
    750 
    751 	uint32_t changed = CIL_FALSE;
    752 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    753 
    754 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    755 
    756 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
    757 
    758 	args->pass = CIL_PASS_MLS;
    759 	struct cil_list *test_cat_list;
    760 	cil_list_init(&test_cat_list);
    761 
    762 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
    763 
    764 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
    765 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    766 }
    767 
    768 void test_cil_resolve_catset(CuTest *tc) {
    769 	char *line[] = {"(", "category", "c0", ")",
    770 			"(", "category", "c1", ")",
    771 			"(", "category", "c2", ")",
    772 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
    773 
    774 	struct cil_tree *test_tree;
    775 	gen_test_tree(&test_tree, line);
    776 
    777 	struct cil_db *test_db;
    778 	cil_db_init(&test_db);
    779 
    780 	uint32_t changed = CIL_FALSE;
    781 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    782 
    783 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    784 
    785 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
    786 
    787 	int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
    788 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    789 }
    790 
    791 void test_cil_resolve_catset_catlist_neg(CuTest *tc) {
    792 	char *line[] = {"(", "category", "c0", ")",
    793 			"(", "category", "c1", ")",
    794 			"(", "category", "c2", ")",
    795 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", "c4", ")", ")", NULL};
    796 
    797 	struct cil_tree *test_tree;
    798 	gen_test_tree(&test_tree, line);
    799 
    800 	struct cil_db *test_db;
    801 	cil_db_init(&test_db);
    802 
    803 	uint32_t changed = CIL_FALSE;
    804 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    805 
    806 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    807 
    808 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
    809 
    810 	int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
    811 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    812 }
    813 
    814 void test_cil_resolve_catrange(CuTest *tc) {
    815 	char *line[] = {"(", "category", "c0", ")",
    816                         "(", "category", "c255", ")",
    817                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    818                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
    819 
    820 	struct cil_tree *test_tree;
    821 	gen_test_tree(&test_tree, line);
    822 
    823 	struct cil_db *test_db;
    824 	cil_db_init(&test_db);
    825 
    826 	uint32_t changed = CIL_FALSE;
    827 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    828 
    829 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    830 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    831 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    832 
    833 	args->pass = CIL_PASS_MLS;
    834 
    835 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
    836 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    837 }
    838 
    839 void test_cil_resolve_catrange_catloworder_neg(CuTest *tc) {
    840 	char *line[] = {"(", "category", "c0", ")",
    841                         "(", "category", "c255", ")",
    842                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    843                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
    844 
    845 	struct cil_tree *test_tree;
    846 	gen_test_tree(&test_tree, line);
    847 
    848 	struct cil_db *test_db;
    849 	cil_db_init(&test_db);
    850 
    851 	uint32_t changed = CIL_FALSE;
    852 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    853 
    854 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    855 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    856 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    857 
    858 	test_db->catorder->head = test_db->catorder->head->next;
    859 	test_db->catorder->head->next = NULL;
    860 
    861 	args->pass = CIL_PASS_MLS;
    862 
    863 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
    864 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    865 }
    866 
    867 void test_cil_resolve_catrange_cathighorder_neg(CuTest *tc) {
    868 	char *line[] = {"(", "category", "c0", ")",
    869                         "(", "category", "c255", ")",
    870                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    871                         "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
    872 
    873 	struct cil_tree *test_tree;
    874 	gen_test_tree(&test_tree, line);
    875 
    876 	struct cil_db *test_db;
    877 	cil_db_init(&test_db);
    878 
    879 	uint32_t changed = CIL_FALSE;
    880 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    881 
    882 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    883 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    884 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    885 
    886 	args->pass = CIL_PASS_MLS;
    887 
    888 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
    889 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    890 }
    891 
    892 void test_cil_resolve_catrange_cat1_neg(CuTest *tc) {
    893 	char *line[] = {"(", "category", "c0", ")",
    894                         "(", "category", "c255", ")",
    895                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    896                         "(", "categoryrange", "range", "(", "c12", "c255", ")", ")", NULL};
    897 
    898 	struct cil_tree *test_tree;
    899 	gen_test_tree(&test_tree, line);
    900 
    901 	struct cil_db *test_db;
    902 	cil_db_init(&test_db);
    903 
    904 	uint32_t changed = CIL_FALSE;
    905 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    906 
    907 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    908 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    909 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    910 
    911 	args->pass = CIL_PASS_MLS;
    912 
    913 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
    914 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    915 }
    916 
    917 void test_cil_resolve_catrange_cat2_neg(CuTest *tc) {
    918 	char *line[] = {"(", "category", "c0", ")",
    919                         "(", "category", "c255", ")",
    920                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    921                         "(", "categoryrange", "range", "(", "c0", "c23", ")", ")", NULL};
    922 
    923 	struct cil_tree *test_tree;
    924 	gen_test_tree(&test_tree, line);
    925 
    926 	struct cil_db *test_db;
    927 	cil_db_init(&test_db);
    928 
    929 	uint32_t changed = CIL_FALSE;
    930 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    931 
    932 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    933 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
    934 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
    935 
    936 	args->pass = CIL_PASS_MLS;
    937 
    938 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
    939 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
    940 }
    941 
    942 void test_cil_resolve_senscat(CuTest *tc) {
    943 	char *line[] = {"(", "sensitivity", "s0", ")",
    944                         "(", "sensitivity", "s1", ")",
    945                         "(", "dominance", "(", "s0", "s1", ")", ")",
    946                         "(", "category", "c0", ")",
    947                         "(", "category", "c255", ")",
    948                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
    949                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
    950 
    951 	struct cil_tree *test_tree;
    952 	gen_test_tree(&test_tree, line);
    953 
    954 	struct cil_db *test_db;
    955 	cil_db_init(&test_db);
    956 
    957 	uint32_t changed = CIL_FALSE;
    958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
    959 
    960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    961 
    962 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
    963 	CuAssertIntEquals(tc, SEPOL_OK, rc);
    964 }
    965 
    966 void test_cil_resolve_senscat_catrange_neg(CuTest *tc) {
    967 	char *line[] = {"(", "sensitivity", "s0", ")",
    968                         "(", "sensitivity", "s1", ")",
    969                         "(", "dominance", "(", "s0", "s1", ")", ")",
    970                         "(", "category", "c0", ")",
    971                         "(", "category", "c255", ")",
    972                         "(", "category", "c500", ")",
    973                         "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
    974                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c255", "c5", ")", ")", ")", NULL};
    975 
    976 	struct cil_tree *test_tree;
    977 	gen_test_tree(&test_tree, line);
    978 
    979 	struct cil_db *test_db;
    980 	cil_db_init(&test_db);
    981 
    982 	uint32_t changed = CIL_FALSE;
    983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
    984 
    985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
    986 
    987 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
    988 
    989 	args->pass = CIL_PASS_MLS;
    990 
    991 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
    992 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
    993 }
    994 
    995 void test_cil_resolve_senscat_catsetname(CuTest *tc) {
    996 	char *line[] = {"(", "sensitivity", "s0", ")",
    997                         "(", "sensitivity", "s1", ")",
    998                         "(", "category", "c0", ")",
    999                         "(", "category", "c255", ")",
   1000                         "(", "category", "c500", ")",
   1001 			"(", "categoryset", "foo", "(", "c0", "c255", "c500", ")", ")",
   1002                         "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
   1003                         "(", "sensitivitycategory", "s1", "foo", ")", NULL};
   1004 
   1005 	struct cil_tree *test_tree;
   1006 	gen_test_tree(&test_tree, line);
   1007 
   1008 	struct cil_db *test_db;
   1009 	cil_db_init(&test_db);
   1010 
   1011 	uint32_t changed = CIL_FALSE;
   1012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   1013 
   1014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1015 
   1016 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->next->next->data;
   1017 	cil_resolve_catset(test_db->ast->root->cl_head->next->next->next->next->next, test_catset, args);
   1018 
   1019 	args->pass = CIL_PASS_MISC2;
   1020 
   1021 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   1022 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1023 }
   1024 
   1025 void test_cil_resolve_senscat_catsetname_neg(CuTest *tc) {
   1026 	char *line[] = {"(", "sensitivity", "s0", ")",
   1027                         "(", "sensitivity", "s1", ")",
   1028                         "(", "category", "c0", ")",
   1029                         "(", "category", "c255", ")",
   1030                         "(", "category", "c500", ")",
   1031                         "(", "sensitivitycategory", "s1", "foo", ")", NULL};
   1032 
   1033 	struct cil_tree *test_tree;
   1034 	gen_test_tree(&test_tree, line);
   1035 
   1036 	struct cil_db *test_db;
   1037 	cil_db_init(&test_db);
   1038 
   1039 	uint32_t changed = CIL_FALSE;
   1040 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1041 
   1042 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1043 
   1044 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   1045 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1046 }
   1047 
   1048 void test_cil_resolve_senscat_sublist(CuTest *tc) {
   1049       char *line[] = {"(", "sensitivity", "s0", ")",
   1050                         "(", "sensitivity", "s1", ")",
   1051                         "(", "dominance", "(", "s0", "s1", ")", ")",
   1052                         "(", "category", "c0", ")",
   1053                         "(", "category", "c1", ")",
   1054                         "(", "category", "c255", ")",
   1055                         "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
   1056                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
   1057 
   1058 	struct cil_tree *test_tree;
   1059 	gen_test_tree(&test_tree, line);
   1060 
   1061 	struct cil_db *test_db;
   1062 	cil_db_init(&test_db);
   1063 
   1064 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1065 
   1066 	uint32_t changed = CIL_FALSE;
   1067 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   1068 
   1069 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   1070 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   1071 
   1072 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   1073 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1074 }
   1075 
   1076 void test_cil_resolve_senscat_missingsens_neg(CuTest *tc) {
   1077       char *line[] = {"(", "sensitivity", "s0", ")",
   1078                         "(", "dominance", "(", "s0", "s1", ")", ")",
   1079                         "(", "category", "c0", ")",
   1080                         "(", "category", "c255", ")",
   1081                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   1082                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
   1083 
   1084 	struct cil_tree *test_tree;
   1085 	gen_test_tree(&test_tree, line);
   1086 
   1087 	struct cil_db *test_db;
   1088 	cil_db_init(&test_db);
   1089 
   1090 	uint32_t changed = CIL_FALSE;
   1091 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   1092 
   1093 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1094 
   1095 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   1096 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1097 }
   1098 
   1099 void test_cil_resolve_senscat_category_neg(CuTest *tc) {
   1100       char *line[] = {"(", "sensitivity", "s0", ")",
   1101                         "(", "sensitivity", "s1", ")",
   1102                         "(", "dominance", "(", "s0", "s1", ")", ")",
   1103                         "(", "category", "c0", ")",
   1104                         "(", "category", "c255", ")",
   1105                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   1106                         "(", "sensitivitycategory", "s1", "(", "c5", "c255", ")", ")", NULL};
   1107 
   1108 	struct cil_tree *test_tree;
   1109 	gen_test_tree(&test_tree, line);
   1110 
   1111 	struct cil_db *test_db;
   1112 	cil_db_init(&test_db);
   1113 
   1114 	uint32_t changed = CIL_FALSE;
   1115 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   1116 
   1117 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1118 
   1119 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   1120 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1121 }
   1122 
   1123 void test_cil_resolve_senscat_currrangecat(CuTest *tc) {
   1124       char *line[] = {"(", "sensitivity", "s0", ")",
   1125                         "(", "sensitivity", "s1", ")",
   1126                         "(", "dominance", "(", "s0", "s1", ")", ")",
   1127                         "(", "category", "c0", ")",
   1128                         "(", "category", "c1", ")",
   1129                         "(", "category", "c255", ")",
   1130                         "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
   1131                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
   1132 
   1133 	struct cil_tree *test_tree;
   1134 	gen_test_tree(&test_tree, line);
   1135 
   1136 	struct cil_db *test_db;
   1137 	cil_db_init(&test_db);
   1138 
   1139 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1140 
   1141 	uint32_t changed = CIL_FALSE;
   1142 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   1143 
   1144 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   1145 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   1146 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   1147 
   1148 	args->pass = CIL_PASS_MISC2;
   1149 
   1150 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   1151 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1152 }
   1153 
   1154 void test_cil_resolve_level(CuTest *tc) {
   1155 	char *line[] = {"(", "category", "c0", ")",
   1156 			"(", "categoryorder", "(", "c0", ")", ")",
   1157 			"(", "sensitivity", "s0", ")",
   1158 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1159 			"(", "type", "blah_t", ")",
   1160 			"(", "role", "blah_r", ")",
   1161 			"(", "user", "blah_u", ")",
   1162 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1163 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1164 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1165 
   1166 	struct cil_tree *test_tree;
   1167 	gen_test_tree(&test_tree, line);
   1168 
   1169 	struct cil_db *test_db;
   1170 	cil_db_init(&test_db);
   1171 
   1172 	uint32_t changed = CIL_FALSE;
   1173 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1174 
   1175 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1176 
   1177 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   1178 
   1179 	args->pass = CIL_PASS_MISC3;
   1180 
   1181 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   1182 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1183 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
   1184 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1185 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   1186 }
   1187 
   1188 void test_cil_resolve_level_catlist(CuTest *tc) {
   1189 	char *line[] = {"(", "category", "c0", ")",
   1190 			"(", "category", "c1", ")",
   1191 			"(", "categoryorder", "(", "c0", "c1", ")", ")",
   1192 			"(", "sensitivity", "s0", ")",
   1193 			"(", "sensitivitycategory", "s0", "(", "c0", "c1", ")", ")",
   1194 			"(", "type", "blah_t", ")",
   1195 			"(", "role", "blah_r", ")",
   1196 			"(", "user", "blah_u", ")",
   1197 			"(", "level", "low", "(", "s0", "(", "c0", "c1", ")", ")", ")",
   1198 			"(", "level", "high", "(", "s0", "(", "c0", "c1", ")", ")", ")",
   1199 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1200 
   1201 	struct cil_tree *test_tree;
   1202 	gen_test_tree(&test_tree, line);
   1203 
   1204 	struct cil_db *test_db;
   1205 	cil_db_init(&test_db);
   1206 
   1207 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1208 
   1209 	uint32_t changed = CIL_FALSE;
   1210 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1211 
   1212 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next, args);
   1213 
   1214 	args->pass = CIL_PASS_MISC3;
   1215 
   1216 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   1217 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1218 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1219 	rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1220 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1221 }
   1222 
   1223 void test_cil_resolve_level_catset(CuTest *tc) {
   1224 	char *line[] = {"(", "category", "c0", ")",
   1225 			"(", "category", "c1", ")",
   1226 			"(", "category", "c2", ")",
   1227 			"(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
   1228 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
   1229 			"(", "sensitivity", "s0", ")",
   1230 			"(", "sensitivitycategory", "s0", "cats", ")",
   1231 			"(", "type", "blah_t", ")",
   1232 			"(", "role", "blah_r", ")",
   1233 			"(", "user", "blah_u", ")",
   1234 			"(", "level", "low", "(", "s0", "cats", ")", ")",
   1235 			"(", "level", "high", "(", "s0", "(", "cats", ")", ")", ")",
   1236 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1237 
   1238 	struct cil_tree *test_tree;
   1239 	gen_test_tree(&test_tree, line);
   1240 
   1241 	struct cil_db *test_db;
   1242 	cil_db_init(&test_db);
   1243 
   1244 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1245 
   1246 	uint32_t changed = CIL_FALSE;
   1247 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   1248 
   1249 	struct cil_catset *cs = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
   1250 
   1251 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next, args);
   1252 
   1253 	args->pass = CIL_PASS_MLS;
   1254 
   1255 	cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, cs, args);
   1256 
   1257 	args->pass = CIL_PASS_MISC2;
   1258 
   1259 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   1260 
   1261 	args->pass = CIL_PASS_MISC3;
   1262 
   1263 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
   1264 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1265 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1266 }
   1267 
   1268 void test_cil_resolve_level_catset_name_neg(CuTest *tc) {
   1269 	char *line[] = {"(", "category", "c0", ")",
   1270 			"(", "category", "c1", ")",
   1271 			"(", "category", "c2", ")",
   1272 			"(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
   1273 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
   1274 			"(", "sensitivity", "s0", ")",
   1275 			"(", "sensitivitycategory", "s0", "cats", ")",
   1276 			"(", "type", "blah_t", ")",
   1277 			"(", "role", "blah_r", ")",
   1278 			"(", "user", "blah_u", ")",
   1279 			"(", "level", "low", "(", "s0", "dne", ")", ")",
   1280 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1281 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1282 
   1283 	struct cil_tree *test_tree;
   1284 	gen_test_tree(&test_tree, line);
   1285 
   1286 	struct cil_db *test_db;
   1287 	cil_db_init(&test_db);
   1288 
   1289 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1290 
   1291 	uint32_t changed = CIL_FALSE;
   1292 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1293 
   1294 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   1295 
   1296 	args->pass = CIL_PASS_MISC3;
   1297 
   1298 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
   1299 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1300 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1301 }
   1302 
   1303 void test_cil_resolve_level_sens_neg(CuTest *tc) {
   1304 	char *line[] = {"(", "category", "c0", ")",
   1305 			"(", "categoryorder", "(", "c0", ")", ")",
   1306 			"(", "sensitivity", "s0", ")",
   1307 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1308 			"(", "type", "blah_t", ")",
   1309 			"(", "role", "blah_r", ")",
   1310 			"(", "user", "blah_u", ")",
   1311 			"(", "level", "low", "(", "s1", "(", "c0", ")", ")", ")",
   1312 			"(", "level", "high", "(", "s1", "(", "c0", ")", ")", ")",
   1313 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1314 
   1315 	struct cil_tree *test_tree;
   1316 	gen_test_tree(&test_tree, line);
   1317 
   1318 	struct cil_db *test_db;
   1319 	cil_db_init(&test_db);
   1320 
   1321 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1322 
   1323 	uint32_t changed = CIL_FALSE;
   1324 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1325 
   1326 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   1327 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   1328 
   1329 	args->pass = CIL_PASS_MISC3;
   1330 
   1331 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1332 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
   1333 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1334 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
   1335 }
   1336 
   1337 void test_cil_resolve_level_cat_neg(CuTest *tc) {
   1338 	char *line[] = {"(", "category", "c0", ")",
   1339 			"(", "categoryorder", "(", "c0", ")", ")",
   1340 			"(", "sensitivity", "s0", ")",
   1341 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1342 			"(", "type", "blah_t", ")",
   1343 			"(", "role", "blah_r", ")",
   1344 			"(", "user", "blah_u", ")",
   1345 			"(", "level", "low", "(", "s0", "(", "c1", ")", ")", ")",
   1346 			"(", "level", "high", "(", "s0", "(", "c1", ")", ")", ")",
   1347 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1348 
   1349 	struct cil_tree *test_tree;
   1350 	gen_test_tree(&test_tree, line);
   1351 
   1352 	struct cil_db *test_db;
   1353 	cil_db_init(&test_db);
   1354 
   1355 	uint32_t changed = CIL_FALSE;
   1356 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1357 
   1358 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1359 
   1360 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   1361 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   1362 
   1363 	args->pass = CIL_PASS_MISC3;
   1364 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1365 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
   1366 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1367 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
   1368 }
   1369 
   1370 void test_cil_resolve_level_senscat_neg(CuTest *tc) {
   1371 	char *line[] = {"(", "category", "c0", ")",
   1372 			"(", "categoryorder", "(", "c0", ")", ")",
   1373 			"(", "sensitivity", "s0", ")",
   1374 			"(", "sensitivitycategory", "s1", "(", "c0", ")", ")",
   1375 			"(", "type", "blah_t", ")",
   1376 			"(", "role", "blah_r", ")",
   1377 			"(", "user", "blah_u", ")",
   1378 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1379 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1380 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   1381 
   1382 	struct cil_tree *test_tree;
   1383 	gen_test_tree(&test_tree, line);
   1384 
   1385 	struct cil_db *test_db;
   1386 	cil_db_init(&test_db);
   1387 
   1388 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1389 
   1390 	uint32_t changed = CIL_FALSE;
   1391 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1392 
   1393 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   1394 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   1395 
   1396 	args->pass = CIL_PASS_MISC3;
   1397 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
   1398 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
   1399 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   1400 	CuAssertIntEquals(tc, SEPOL_ERR, rc2);
   1401 }
   1402 
   1403 void test_cil_resolve_levelrange_namedlvl(CuTest *tc) {
   1404 	char *line[] = {"(", "category", "c0", ")",
   1405 			"(", "sensitivity", "s0", ")",
   1406 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1407 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1408 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1409 			"(", "levelrange", "range", "(", "low", "high", ")", ")", NULL};
   1410 
   1411 	struct cil_tree *test_tree;
   1412 	gen_test_tree(&test_tree, line);
   1413 
   1414 	struct cil_db *test_db;
   1415 	cil_db_init(&test_db);
   1416 
   1417 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1418 
   1419 	uint32_t changed = CIL_FALSE;
   1420 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1421 
   1422 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1423 
   1424 	args->pass = CIL_PASS_MISC3;
   1425 
   1426 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
   1427 
   1428 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
   1429 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1430 }
   1431 
   1432 void test_cil_resolve_levelrange_namedlvl_low_neg(CuTest *tc) {
   1433 	char *line[] = {"(", "category", "c0", ")",
   1434 			"(", "sensitivity", "s0", ")",
   1435 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1436 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1437 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1438 			"(", "levelrange", "range", "(", "DNE", "high", ")", ")", NULL};
   1439 
   1440 	struct cil_tree *test_tree;
   1441 	gen_test_tree(&test_tree, line);
   1442 
   1443 	struct cil_db *test_db;
   1444 	cil_db_init(&test_db);
   1445 
   1446 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1447 
   1448 	uint32_t changed = CIL_FALSE;
   1449 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1450 
   1451 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1452 
   1453 	args->pass = CIL_PASS_MISC3;
   1454 
   1455 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
   1456 
   1457 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
   1458 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1459 }
   1460 
   1461 void test_cil_resolve_levelrange_namedlvl_high_neg(CuTest *tc) {
   1462 	char *line[] = {"(", "category", "c0", ")",
   1463 			"(", "sensitivity", "s0", ")",
   1464 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1465 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1466 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1467 			"(", "levelrange", "range", "(", "low", "DNE", ")", ")", NULL};
   1468 
   1469 	struct cil_tree *test_tree;
   1470 	gen_test_tree(&test_tree, line);
   1471 
   1472 	struct cil_db *test_db;
   1473 	cil_db_init(&test_db);
   1474 
   1475 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1476 
   1477 	uint32_t changed = CIL_FALSE;
   1478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1479 
   1480 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1481 
   1482 	args->pass = CIL_PASS_MISC3;
   1483 
   1484 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
   1485 
   1486 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
   1487 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1488 }
   1489 
   1490 void test_cil_resolve_levelrange_anonlvl(CuTest *tc) {
   1491 	char *line[] = {"(", "category", "c0", ")",
   1492 			"(", "sensitivity", "s0", ")",
   1493 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1494 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   1495 
   1496 	struct cil_tree *test_tree;
   1497 	gen_test_tree(&test_tree, line);
   1498 
   1499 	struct cil_db *test_db;
   1500 	cil_db_init(&test_db);
   1501 
   1502 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1503 
   1504 	uint32_t changed = CIL_FALSE;
   1505 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1506 
   1507 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1508 
   1509 	args->pass = CIL_PASS_MISC3;
   1510 
   1511 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
   1512 
   1513 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
   1514 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1515 }
   1516 
   1517 void test_cil_resolve_levelrange_anonlvl_low_neg(CuTest *tc) {
   1518 	char *line[] = {"(", "category", "c0", ")",
   1519 			"(", "sensitivity", "s0", ")",
   1520 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1521 			"(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   1522 
   1523 	struct cil_tree *test_tree;
   1524 	gen_test_tree(&test_tree, line);
   1525 
   1526 	struct cil_db *test_db;
   1527 	cil_db_init(&test_db);
   1528 
   1529 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1530 
   1531 	uint32_t changed = CIL_FALSE;
   1532 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1533 
   1534 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1535 
   1536 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
   1537 
   1538 	args->pass = CIL_PASS_MISC3;
   1539 
   1540 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
   1541 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1542 }
   1543 
   1544 void test_cil_resolve_levelrange_anonlvl_high_neg(CuTest *tc) {
   1545 	char *line[] = {"(", "category", "c0", ")",
   1546 			"(", "sensitivity", "s0", ")",
   1547 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1548 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "dne", "(", "c0", ")", ")", ")", ")", NULL};
   1549 
   1550 	struct cil_tree *test_tree;
   1551 	gen_test_tree(&test_tree, line);
   1552 
   1553 	struct cil_db *test_db;
   1554 	cil_db_init(&test_db);
   1555 
   1556 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1557 
   1558 	uint32_t changed = CIL_FALSE;
   1559 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1560 
   1561 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1562 
   1563 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
   1564 
   1565 	args->pass = CIL_PASS_MISC3;
   1566 
   1567 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
   1568 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1569 }
   1570 
   1571 void test_cil_resolve_constrain(CuTest *tc) {
   1572         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   1573 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   1574 			"(", "sensitivity", "s0", ")",
   1575 			"(", "category", "c1", ")",
   1576 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   1577 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   1578 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   1579 
   1580 	struct cil_tree *test_tree;
   1581 	gen_test_tree(&test_tree, line);
   1582 
   1583 	struct cil_db *test_db;
   1584 	cil_db_init(&test_db);
   1585 
   1586 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1587 
   1588 	uint32_t changed = CIL_FALSE;
   1589 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1590 
   1591 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   1592 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1593 }
   1594 
   1595 void test_cil_resolve_constrain_class_neg(CuTest *tc) {
   1596         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   1597 			"(", "sensitivity", "s0", ")",
   1598 			"(", "category", "c1", ")",
   1599 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   1600 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   1601 			"(", "mlsconstrain", "(", "foo", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   1602 
   1603 	struct cil_tree *test_tree;
   1604 	gen_test_tree(&test_tree, line);
   1605 
   1606 	struct cil_db *test_db;
   1607 	cil_db_init(&test_db);
   1608 
   1609 	uint32_t changed = CIL_FALSE;
   1610 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1611 
   1612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1613 
   1614 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next, args);
   1615 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1616 }
   1617 
   1618 void test_cil_resolve_constrain_perm_neg(CuTest *tc) {
   1619         char *line[] = {"(", "class", "file", "(", "create", ")", ")",
   1620 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   1621 			"(", "sensitivity", "s0", ")",
   1622 			"(", "category", "c1", ")",
   1623 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   1624 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   1625 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   1626 
   1627 	struct cil_tree *test_tree;
   1628 	gen_test_tree(&test_tree, line);
   1629 
   1630 	struct cil_db *test_db;
   1631 	cil_db_init(&test_db);
   1632 
   1633 	uint32_t changed = CIL_FALSE;
   1634 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1635 
   1636 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1637 
   1638 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   1639 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1640 }
   1641 
   1642 void test_cil_resolve_constrain_perm_resolve_neg(CuTest *tc) {
   1643         char *line[] = {"(", "sensitivity", "s0", ")",
   1644 			"(", "category", "c1", ")",
   1645 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   1646 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   1647 			"(", "mlsconstrain", "(", "file", "(", "foo", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   1648 
   1649 	struct cil_tree *test_tree;
   1650 	gen_test_tree(&test_tree, line);
   1651 
   1652 	struct cil_db *test_db;
   1653 	cil_db_init(&test_db);
   1654 
   1655 	uint32_t changed = CIL_FALSE;
   1656 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1657 
   1658 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1659 
   1660 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next, args);
   1661 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1662 }
   1663 
   1664 void test_cil_resolve_context(CuTest *tc) {
   1665 	char *line[] = {"(", "sensitivity", "s0", ")",
   1666 			"(", "category", "c0", ")",
   1667 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1668 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1669 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1670 			"(", "user", "system_u", ")",
   1671 			"(", "role", "object_r", ")",
   1672 			"(", "type", "netif_t", ")",
   1673 			"(", "context", "con",
   1674                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   1675 
   1676 	struct cil_tree *test_tree;
   1677 	gen_test_tree(&test_tree, line);
   1678 
   1679 	struct cil_db *test_db;
   1680 	cil_db_init(&test_db);
   1681 
   1682 	uint32_t changed = CIL_FALSE;
   1683 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1684 
   1685 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1686 
   1687 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
   1688 
   1689 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
   1690 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1691 }
   1692 
   1693 void test_cil_resolve_context_macro(CuTest *tc) {
   1694 	char *line[] = {"(", "sensitivity", "s0", ")",
   1695 			"(", "category", "c0", ")",
   1696 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1697 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1698 			"(", "user", "system_u", ")",
   1699 			"(", "role", "object_r", ")",
   1700 			"(", "type", "netif_t", ")",
   1701 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
   1702 				"(", "context", "con",
   1703 					"(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
   1704 			"(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
   1705 
   1706 	struct cil_tree *test_tree;
   1707 	gen_test_tree(&test_tree, line);
   1708 
   1709 	struct cil_db *test_db;
   1710 	cil_db_init(&test_db);
   1711 
   1712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1713 
   1714 	uint32_t changed = CIL_FALSE;
   1715 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   1716 
   1717 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
   1718 
   1719 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   1720 
   1721 	args->pass = CIL_PASS_CALL2;
   1722 
   1723 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   1724 
   1725 	args->pass = CIL_PASS_MISC2;
   1726 
   1727 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1728 
   1729 	args->pass = CIL_PASS_MISC3;
   1730 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   1731 
   1732 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context,  args);
   1733 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1734 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   1735 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   1736 }
   1737 
   1738 void test_cil_resolve_context_macro_neg(CuTest *tc) {
   1739 	char *line[] = {"(", "sensitivity", "s0", ")",
   1740 			"(", "category", "c0", ")",
   1741 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1742 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1743 			"(", "user", "system_u", ")",
   1744 			"(", "role", "object_r", ")",
   1745 			"(", "type", "netif_t", ")",
   1746 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
   1747 				"(", "context", "con",
   1748 					"(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
   1749 			"(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "DNE", ")", ")", ")", ")", NULL};
   1750 
   1751 	struct cil_tree *test_tree;
   1752 	gen_test_tree(&test_tree, line);
   1753 
   1754 	struct cil_db *test_db;
   1755 	cil_db_init(&test_db);
   1756 
   1757 	uint32_t changed = CIL_FALSE;
   1758 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   1759 
   1760 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1761 
   1762 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
   1763 
   1764 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   1765 
   1766 	args->pass = CIL_PASS_CALL2;
   1767 
   1768 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   1769 
   1770 	args->pass = CIL_PASS_CALL2;
   1771 
   1772 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1773 
   1774 	args->pass = CIL_PASS_MISC3;
   1775 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   1776 
   1777 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args);
   1778 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1779 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   1780 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   1781 }
   1782 
   1783 void test_cil_resolve_context_namedrange(CuTest *tc) {
   1784 	char *line[] = {"(", "sensitivity", "s0", ")",
   1785 			"(", "category", "c0", ")",
   1786 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1787 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1788 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1789 			"(", "levelrange", "range", "(", "low", "high", ")", ")",
   1790 			"(", "user", "system_u", ")",
   1791 			"(", "role", "object_r", ")",
   1792 			"(", "type", "netif_t", ")",
   1793 			"(", "context", "con",
   1794                         "(", "system_u", "object_r", "netif_t", "range", ")", ")", NULL};
   1795 
   1796 	struct cil_tree *test_tree;
   1797 	gen_test_tree(&test_tree, line);
   1798 
   1799 	struct cil_db *test_db;
   1800 	cil_db_init(&test_db);
   1801 
   1802 	uint32_t changed = CIL_FALSE;
   1803 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1804 
   1805 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1806 
   1807 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
   1808 
   1809 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
   1810 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1811 }
   1812 
   1813 void test_cil_resolve_context_namedrange_neg(CuTest *tc) {
   1814 	char *line[] = {"(", "sensitivity", "s0", ")",
   1815 			"(", "category", "c0", ")",
   1816 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1817 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1818 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1819 			"(", "levelrange", "range", "(", "low", "high", ")", ")",
   1820 			"(", "user", "system_u", ")",
   1821 			"(", "role", "object_r", ")",
   1822 			"(", "type", "netif_t", ")",
   1823 			"(", "context", "con",
   1824                         "(", "system_u", "object_r", "netif_t", "DNE", ")", ")", NULL};
   1825 
   1826 	struct cil_tree *test_tree;
   1827 	gen_test_tree(&test_tree, line);
   1828 
   1829 	struct cil_db *test_db;
   1830 	cil_db_init(&test_db);
   1831 
   1832 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1833 
   1834 	uint32_t changed = CIL_FALSE;
   1835 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1836 
   1837 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
   1838 
   1839 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
   1840 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1841 }
   1842 
   1843 void test_cil_resolve_context_user_neg(CuTest *tc) {
   1844 	char *line[] = {"(", "sensitivity", "s0", ")",
   1845 			"(", "category", "c0", ")",
   1846 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1847 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1848 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1849 			"(", "role", "object_r", ")",
   1850 			"(", "type", "netif_t", ")",
   1851 			"(", "context", "con",
   1852                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   1853 
   1854 	struct cil_tree *test_tree;
   1855 	gen_test_tree(&test_tree, line);
   1856 
   1857 	struct cil_db *test_db;
   1858 	cil_db_init(&test_db);
   1859 
   1860 	uint32_t changed = CIL_FALSE;
   1861 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1862 
   1863 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1864 
   1865 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
   1866 
   1867 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
   1868 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1869 }
   1870 
   1871 void test_cil_resolve_context_role_neg(CuTest *tc) {
   1872 	char *line[] = {"(", "sensitivity", "s0", ")",
   1873 			"(", "category", "c0", ")",
   1874 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1875 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1876 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1877 			"(", "user", "system_u", ")",
   1878 			"(", "type", "netif_t", ")",
   1879 			"(", "context", "con",
   1880                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   1881 
   1882 	struct cil_tree *test_tree;
   1883 	gen_test_tree(&test_tree, line);
   1884 
   1885 	struct cil_db *test_db;
   1886 	cil_db_init(&test_db);
   1887 
   1888 	uint32_t changed = CIL_FALSE;
   1889 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1890 
   1891 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1892 
   1893 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
   1894 
   1895 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
   1896 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1897 }
   1898 
   1899 void test_cil_resolve_context_type_neg(CuTest *tc) {
   1900 	char *line[] = {"(", "sensitivity", "s0", ")",
   1901 			"(", "category", "c0", ")",
   1902 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1903 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1904 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1905 			"(", "user", "system_u", ")",
   1906 			"(", "role", "object_r", ")",
   1907 			"(", "context", "con",
   1908                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   1909 
   1910 	struct cil_tree *test_tree;
   1911 	gen_test_tree(&test_tree, line);
   1912 
   1913 	struct cil_db *test_db;
   1914 	cil_db_init(&test_db);
   1915 
   1916 	uint32_t changed = CIL_FALSE;
   1917 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1918 
   1919 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1920 
   1921 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
   1922 
   1923 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
   1924 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1925 }
   1926 
   1927 void test_cil_resolve_context_anon_level_neg(CuTest *tc) {
   1928 	char *line[] = {"(", "sensitivity", "s0", ")",
   1929 			"(", "category", "c0", ")",
   1930 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   1931 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   1932 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   1933 			"(", "user", "system_u", ")",
   1934 			"(", "role", "object_r", ")",
   1935 			"(", "type", "netif_t", ")",
   1936 			"(", "context", "con",
   1937                         "(", "system_u", "object_r", "netif_t", "(", "DNE", "high", ")", ")", ")", NULL};
   1938 
   1939 	struct cil_tree *test_tree;
   1940 	gen_test_tree(&test_tree, line);
   1941 
   1942 	struct cil_db *test_db;
   1943 	cil_db_init(&test_db);
   1944 
   1945 	uint32_t changed = CIL_FALSE;
   1946 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   1947 
   1948 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1949 
   1950 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
   1951 
   1952 	args->pass = CIL_PASS_MISC3;
   1953 
   1954 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
   1955 
   1956 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
   1957 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   1958 }
   1959 
   1960 void test_cil_resolve_roletransition(CuTest *tc) {
   1961 	char *line[] = {"(", "role", "foo_r", ")",
   1962 			"(", "type", "bar_t", ")",
   1963 			"(", "role", "foobar_r", ")",
   1964 			"(", "class", "process", "(", "transition", ")", ")",
   1965 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   1966 
   1967 	struct cil_tree *test_tree;
   1968 	gen_test_tree(&test_tree, line);
   1969 
   1970 	struct cil_db *test_db;
   1971 	cil_db_init(&test_db);
   1972 
   1973 	uint32_t changed = CIL_FALSE;
   1974 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1975 
   1976 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1977 
   1978 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next->next, args);
   1979 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   1980 }
   1981 
   1982 void test_cil_resolve_roletransition_srcdecl_neg(CuTest *tc) {
   1983 	char *line[] = {"(", "type", "bar_t", ")",
   1984 			"(", "role", "foobar_r", ")",
   1985 			"(", "class", "process", "(", "transition", ")", ")",
   1986 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   1987 
   1988 	struct cil_tree *test_tree;
   1989 	gen_test_tree(&test_tree, line);
   1990 
   1991 	struct cil_db *test_db;
   1992 	cil_db_init(&test_db);
   1993 
   1994 	uint32_t changed = CIL_FALSE;
   1995 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   1996 
   1997 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   1998 
   1999 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
   2000 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2001 }
   2002 
   2003 void test_cil_resolve_roletransition_tgtdecl_neg(CuTest *tc) {
   2004 	char *line[] = {"(", "role", "foo_r", ")",
   2005 			"(", "role", "foobar_r", ")",
   2006 			"(", "class", "process", "(", "transition", ")", ")",
   2007 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   2008 
   2009 	struct cil_tree *test_tree;
   2010 	gen_test_tree(&test_tree, line);
   2011 
   2012 	struct cil_db *test_db;
   2013 	cil_db_init(&test_db);
   2014 
   2015 	uint32_t changed = CIL_FALSE;
   2016 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2017 
   2018 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2019 
   2020 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
   2021 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2022 }
   2023 
   2024 void test_cil_resolve_roletransition_resultdecl_neg(CuTest *tc) {
   2025 	char *line[] = {"(", "role", "foo_r", ")",
   2026 			"(", "type", "bar_t", ")",
   2027 			"(", "class", "process", "(", "transition", ")", ")",
   2028 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   2029 
   2030 	struct cil_tree *test_tree;
   2031 	gen_test_tree(&test_tree, line);
   2032 
   2033 	struct cil_db *test_db;
   2034 	cil_db_init(&test_db);
   2035 
   2036 	uint32_t changed = CIL_FALSE;
   2037 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2038 
   2039 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2040 
   2041 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
   2042 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2043 }
   2044 
   2045 void test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest *tc) {
   2046 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2047 			"(", "typeattribute", "attrs2", ")",
   2048 			"(", "type", "type_t", ")",
   2049 			"(", "typeattributeset", "attrs2", "type_t", ")",
   2050 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
   2051 
   2052 	struct cil_tree *test_tree;
   2053 	gen_test_tree(&test_tree, line);
   2054 
   2055 	struct cil_db *test_db;
   2056 	cil_db_init(&test_db);
   2057 
   2058 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2059 
   2060 	uint32_t changed = CIL_FALSE;
   2061 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2062 
   2063 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next, args);
   2064 	int rc2 = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
   2065 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2066 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2067 }
   2068 
   2069 void test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest *tc) {
   2070 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2071 			"(", "typeattribute", "attrs2", ")",
   2072 			"(", "type", "type_t", ")",
   2073 			"(", "type", "type_b", ")",
   2074 			"(", "type", "type_a", ")",
   2075 			"(", "typeattributeset", "attrs", "(", "and", "type_a", "type_b", ")", ")",
   2076 			"(", "typeattributeset", "attrs2", "(", "not", "attrs", ")", ")", NULL};
   2077 
   2078 	struct cil_tree *test_tree;
   2079 	gen_test_tree(&test_tree, line);
   2080 
   2081 	struct cil_db *test_db;
   2082 	cil_db_init(&test_db);
   2083 
   2084 	uint32_t changed = CIL_FALSE;
   2085 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2086 
   2087 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2088 
   2089 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   2090 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2091 }
   2092 
   2093 void test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest *tc) {
   2094 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2095 			"(", "type", "type_t", ")",
   2096 			"(", "type", "type_tt", ")",
   2097 			"(", "typeattributeset", "attrs", "(", "and", "type_t", "type_tt", ")", ")", NULL};
   2098 
   2099 	struct cil_tree *test_tree;
   2100 	gen_test_tree(&test_tree, line);
   2101 
   2102 	struct cil_db *test_db;
   2103 	cil_db_init(&test_db);
   2104 
   2105 	uint32_t changed = CIL_FALSE;
   2106 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2107 
   2108 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2109 
   2110 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
   2111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2112 }
   2113 
   2114 void test_cil_resolve_typeattributeset_using_attr(CuTest *tc) {
   2115 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2116 			"(", "typeattribute", "attr_a", ")",
   2117 			"(", "typeattributeset", "attrs", "attr_a", ")", NULL};
   2118 
   2119 	struct cil_tree *test_tree;
   2120 	gen_test_tree(&test_tree, line);
   2121 
   2122 	struct cil_db *test_db;
   2123 	cil_db_init(&test_db);
   2124 
   2125 	uint32_t changed = CIL_FALSE;
   2126 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2127 
   2128 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2129 
   2130 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
   2131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2132 }
   2133 
   2134 void test_cil_resolve_typeattributeset_name_neg(CuTest *tc) {
   2135 	char *line[] = {"(", "type", "type_t", ")",
   2136 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
   2137 
   2138 	struct cil_tree *test_tree;
   2139 	gen_test_tree(&test_tree, line);
   2140 
   2141 	struct cil_db *test_db;
   2142 	cil_db_init(&test_db);
   2143 
   2144 	uint32_t changed = CIL_FALSE;
   2145 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2146 
   2147 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2148 
   2149 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
   2150 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2151 }
   2152 
   2153 void test_cil_resolve_typeattributeset_undef_type_neg(CuTest *tc) {
   2154 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2155 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
   2156 
   2157 	struct cil_tree *test_tree;
   2158 	gen_test_tree(&test_tree, line);
   2159 
   2160 	struct cil_db *test_db;
   2161 	cil_db_init(&test_db);
   2162 
   2163 	uint32_t changed = CIL_FALSE;
   2164 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2165 
   2166 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2167 
   2168 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
   2169 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2170 }
   2171 
   2172 void test_cil_resolve_typeattributeset_not(CuTest *tc) {
   2173 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2174 			"(", "type", "type_t", ")",
   2175 			"(", "type", "t_t", ")",
   2176 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
   2177 
   2178 	struct cil_tree *test_tree;
   2179 	gen_test_tree(&test_tree, line);
   2180 
   2181 	struct cil_db *test_db;
   2182 	cil_db_init(&test_db);
   2183 
   2184 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2185 
   2186 	uint32_t changed = CIL_FALSE;
   2187 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2188 
   2189 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
   2190 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2191 }
   2192 
   2193 void test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest *tc) {
   2194 	char *line[] = {"(", "typeattribute", "attrs", ")",
   2195 			"(", "type", "type_t", ")",
   2196 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
   2197 
   2198 	struct cil_tree *test_tree;
   2199 	gen_test_tree(&test_tree, line);
   2200 
   2201 	struct cil_db *test_db;
   2202 	cil_db_init(&test_db);
   2203 
   2204 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2205 
   2206 	uint32_t changed = CIL_FALSE;
   2207 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2208 
   2209 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
   2210 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2211 }
   2212 
   2213 void test_cil_resolve_typealias(CuTest *tc) {
   2214 	char *line[] = {"(", "block", "foo",
   2215 				"(", "typealias", ".foo.test", "type_t", ")",
   2216 				"(", "type", "test", ")", ")", NULL};
   2217 
   2218 	struct cil_tree *test_tree;
   2219 	gen_test_tree(&test_tree, line);
   2220 
   2221 	struct cil_db *test_db;
   2222 	cil_db_init(&test_db);
   2223 
   2224 	uint32_t changed = CIL_FALSE;
   2225 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   2226 
   2227 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2228 
   2229 	int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
   2230 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2231 }
   2232 
   2233 void test_cil_resolve_typealias_neg(CuTest *tc) {
   2234 	char *line[] = {"(", "block", "foo",
   2235 				"(", "typealias", ".foo", "apache_alias", ")", ")", NULL};
   2236 
   2237 	struct cil_tree *test_tree;
   2238 	gen_test_tree(&test_tree, line);
   2239 
   2240 	struct cil_db *test_db;
   2241 	cil_db_init(&test_db);
   2242 
   2243 	uint32_t changed = CIL_FALSE;
   2244 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   2245 
   2246 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2247 
   2248 	int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
   2249 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2250 }
   2251 
   2252 void test_cil_resolve_typebounds(CuTest *tc) {
   2253 	char *line[] = {"(", "type", "type_a", ")",
   2254 			"(", "type", "type_b", ")",
   2255 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   2256 
   2257 	struct cil_tree *test_tree;
   2258 	gen_test_tree(&test_tree, line);
   2259 
   2260 	struct cil_db *test_db;
   2261 	cil_db_init(&test_db);
   2262 
   2263 	uint32_t changed = CIL_FALSE;
   2264 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2265 
   2266 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2267 
   2268 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
   2269 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2270 }
   2271 
   2272 void test_cil_resolve_typebounds_repeatbind_neg(CuTest *tc) {
   2273 	char *line[] = {"(", "type", "type_a", ")",
   2274 			"(", "type", "type_b", ")",
   2275 			"(", "typebounds", "type_a", "type_b", ")",
   2276 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   2277 
   2278 	struct cil_tree *test_tree;
   2279 	gen_test_tree(&test_tree, line);
   2280 
   2281 	struct cil_db *test_db;
   2282 	cil_db_init(&test_db);
   2283 
   2284 	uint32_t changed = CIL_FALSE;
   2285 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2286 
   2287 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2288 
   2289 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
   2290 	int rc2 = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next->next, args);
   2291 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2292 	CuAssertIntEquals(tc, SEPOL_ERR, rc2);
   2293 }
   2294 
   2295 void test_cil_resolve_typebounds_type1_neg(CuTest *tc) {
   2296 	char *line[] = {"(", "type", "type_b", ")",
   2297 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   2298 
   2299 	struct cil_tree *test_tree;
   2300 	gen_test_tree(&test_tree, line);
   2301 
   2302 	struct cil_db *test_db;
   2303 	cil_db_init(&test_db);
   2304 
   2305 	uint32_t changed = CIL_FALSE;
   2306 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2307 
   2308 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2309 
   2310 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
   2311 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2312 }
   2313 
   2314 void test_cil_resolve_typebounds_type2_neg(CuTest *tc) {
   2315 	char *line[] = {"(", "type", "type_a", ")",
   2316 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   2317 
   2318 	struct cil_tree *test_tree;
   2319 	gen_test_tree(&test_tree, line);
   2320 
   2321 	struct cil_db *test_db;
   2322 	cil_db_init(&test_db);
   2323 
   2324 	uint32_t changed = CIL_FALSE;
   2325 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2326 
   2327 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2328 
   2329 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
   2330 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2331 }
   2332 
   2333 void test_cil_resolve_typepermissive(CuTest *tc) {
   2334 	char *line[] = {"(", "type", "type_a", ")",
   2335 			"(", "typepermissive", "type_a", ")", NULL};
   2336 
   2337 	struct cil_tree *test_tree;
   2338 	gen_test_tree(&test_tree, line);
   2339 
   2340 	struct cil_db *test_db;
   2341 	cil_db_init(&test_db);
   2342 
   2343 	uint32_t changed = CIL_FALSE;
   2344 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   2345 
   2346 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2347 
   2348 	int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
   2349 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2350 }
   2351 
   2352 void test_cil_resolve_typepermissive_neg(CuTest *tc) {
   2353 	char *line[] = {"(", "type", "type_a", ")",
   2354 			"(", "typepermissive", "type_b", ")", NULL};
   2355 
   2356 	struct cil_tree *test_tree;
   2357 	gen_test_tree(&test_tree, line);
   2358 
   2359 	struct cil_db *test_db;
   2360 	cil_db_init(&test_db);
   2361 
   2362 	uint32_t changed = CIL_FALSE;
   2363 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2364 
   2365 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2366 
   2367 	int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
   2368 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2369 }
   2370 
   2371 void test_cil_resolve_nametypetransition(CuTest *tc) {
   2372 	char *line[] = {"(", "type", "foo", ")",
   2373 			"(", "type", "bar", ")",
   2374 			"(", "class", "file", "(", "read", ")", ")",
   2375 			"(", "type", "foobar", ")",
   2376 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
   2377 
   2378 	struct cil_tree *test_tree;
   2379 	gen_test_tree(&test_tree, line);
   2380 
   2381 	struct cil_db *test_db;
   2382 	cil_db_init(&test_db);
   2383 
   2384 	uint32_t changed = CIL_FALSE;
   2385 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2386 
   2387 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2388 
   2389 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
   2390 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2391 }
   2392 
   2393 void test_cil_resolve_nametypetransition_src_neg(CuTest *tc) {
   2394 	char *line[] = {"(", "type", "foo", ")",
   2395 			"(", "type", "bar", ")",
   2396 			"(", "class", "file", "(", "read", ")", ")",
   2397 			"(", "type", "foobar", ")",
   2398 			"(", "nametypetransition", "str", "wrong", "bar", "file", "foobar", ")", NULL};
   2399 
   2400 	struct cil_tree *test_tree;
   2401 	gen_test_tree(&test_tree, line);
   2402 
   2403 	struct cil_db *test_db;
   2404 	cil_db_init(&test_db);
   2405 
   2406 	uint32_t changed = CIL_FALSE;
   2407 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2408 
   2409 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2410 
   2411 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
   2412 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2413 }
   2414 
   2415 void test_cil_resolve_nametypetransition_tgt_neg(CuTest *tc) {
   2416 	char *line[] = {"(", "type", "foo", ")",
   2417 			"(", "type", "bar", ")",
   2418 			"(", "class", "file", "(", "read", ")", ")",
   2419 			"(", "type", "foobar", ")",
   2420 			"(", "nametypetransition", "str", "foo", "wrong", "file", "foobar", ")", NULL};
   2421 
   2422 	struct cil_tree *test_tree;
   2423 	gen_test_tree(&test_tree, line);
   2424 
   2425 	struct cil_db *test_db;
   2426 	cil_db_init(&test_db);
   2427 
   2428 	uint32_t changed = CIL_FALSE;
   2429 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2430 
   2431 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2432 
   2433 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
   2434 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2435 }
   2436 
   2437 void test_cil_resolve_nametypetransition_class_neg(CuTest *tc) {
   2438 	char *line[] = {"(", "type", "foo", ")",
   2439 			"(", "type", "bar", ")",
   2440 			"(", "class", "file", "(", "read", ")", ")",
   2441 			"(", "type", "foobar", ")",
   2442 			"(", "nametypetransition", "str", "foo", "bar", "wrong", "foobar", ")", NULL};
   2443 
   2444 	struct cil_tree *test_tree;
   2445 	gen_test_tree(&test_tree, line);
   2446 
   2447 	struct cil_db *test_db;
   2448 	cil_db_init(&test_db);
   2449 
   2450 	uint32_t changed = CIL_FALSE;
   2451 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2452 
   2453 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2454 
   2455 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
   2456 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2457 }
   2458 
   2459 void test_cil_resolve_nametypetransition_dest_neg(CuTest *tc) {
   2460 	char *line[] = {"(", "type", "foo", ")",
   2461 			"(", "type", "bar", ")",
   2462 			"(", "class", "file", "(", "read", ")", ")",
   2463 			"(", "type", "foobar", ")",
   2464 			"(", "nametypetransition", "str", "foo", "bar", "file", "wrong", ")", NULL};
   2465 
   2466 	struct cil_tree *test_tree;
   2467 	gen_test_tree(&test_tree, line);
   2468 
   2469 	struct cil_db *test_db;
   2470 	cil_db_init(&test_db);
   2471 
   2472 	uint32_t changed = CIL_FALSE;
   2473 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2474 
   2475 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2476 
   2477 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
   2478 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2479 }
   2480 
   2481 void test_cil_resolve_rangetransition(CuTest *tc) {
   2482 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2483 			"(", "type", "type_a", ")",
   2484 			"(", "type", "type_b", ")",
   2485 			"(", "sensitivity", "s0", ")",
   2486 			"(", "category", "c0", ")",
   2487 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2488 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2489 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
   2490 
   2491 	struct cil_tree *test_tree;
   2492 	gen_test_tree(&test_tree, line);
   2493 
   2494 	struct cil_db *test_db;
   2495 	cil_db_init(&test_db);
   2496 
   2497 	uint32_t changed = CIL_FALSE;
   2498 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2499 
   2500 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2501 
   2502 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2503 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2504 }
   2505 
   2506 void test_cil_resolve_rangetransition_namedrange_anon(CuTest *tc) {
   2507 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2508 			"(", "type", "type_a", ")",
   2509 			"(", "type", "type_b", ")",
   2510 			"(", "sensitivity", "s0", ")",
   2511 			"(", "category", "c0", ")",
   2512 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2513 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2514 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2515 			"(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
   2516 				"(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
   2517 			"(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
   2518 
   2519 	struct cil_tree *test_tree;
   2520 	gen_test_tree(&test_tree, line);
   2521 
   2522 	struct cil_db *test_db;
   2523 	cil_db_init(&test_db);
   2524 
   2525 	uint32_t changed = CIL_FALSE;
   2526 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2527 
   2528 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2529 
   2530 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   2531 
   2532 	args->pass = CIL_PASS_CALL2;
   2533 
   2534 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   2535 
   2536 	args->pass = CIL_PASS_MISC2;
   2537 
   2538 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   2539 
   2540 	args->pass = CIL_PASS_MISC3;
   2541 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
   2542 
   2543 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args);
   2544 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2545 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2546 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2547 }
   2548 
   2549 void test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest *tc) {
   2550 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2551 			"(", "type", "type_a", ")",
   2552 			"(", "type", "type_b", ")",
   2553 			"(", "sensitivity", "s0", ")",
   2554 			"(", "category", "c0", ")",
   2555 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2556 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2557 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2558 			"(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
   2559 				"(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
   2560 			"(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
   2561 
   2562 	struct cil_tree *test_tree;
   2563 	gen_test_tree(&test_tree, line);
   2564 
   2565 	struct cil_db *test_db;
   2566 	cil_db_init(&test_db);
   2567 
   2568 	uint32_t changed = CIL_FALSE;
   2569 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2570 
   2571 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2572 
   2573 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   2574 
   2575 	args->pass = CIL_PASS_CALL2;
   2576 
   2577 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   2578 
   2579 	args->pass = CIL_PASS_MISC2;
   2580 
   2581 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   2582 
   2583 	args->pass = CIL_PASS_MISC3;
   2584 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
   2585 
   2586 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head,  args);
   2587 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2588 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2589 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2590 }
   2591 
   2592 void test_cil_resolve_rangetransition_namedrange(CuTest *tc) {
   2593 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2594 			"(", "type", "type_a", ")",
   2595 			"(", "type", "type_b", ")",
   2596 			"(", "sensitivity", "s0", ")",
   2597 			"(", "category", "c0", ")",
   2598 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2599 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2600 			"(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
   2601 			"(", "rangetransition", "type_a", "type_b", "class_", "foo_range", ")", NULL};
   2602 
   2603 	struct cil_tree *test_tree;
   2604 	gen_test_tree(&test_tree, line);
   2605 
   2606 	struct cil_db *test_db;
   2607 	cil_db_init(&test_db);
   2608 
   2609 	uint32_t changed = CIL_FALSE;
   2610 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2611 
   2612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2613 
   2614 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2615 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2616 }
   2617 
   2618 void test_cil_resolve_rangetransition_namedrange_neg(CuTest *tc) {
   2619 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2620 			"(", "type", "type_a", ")",
   2621 			"(", "type", "type_b", ")",
   2622 			"(", "sensitivity", "s0", ")",
   2623 			"(", "category", "c0", ")",
   2624 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2625 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2626 			"(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
   2627 			"(", "rangetransition", "type_a", "type_b", "class_", "DNE", ")", NULL};
   2628 
   2629 	struct cil_tree *test_tree;
   2630 	gen_test_tree(&test_tree, line);
   2631 
   2632 	struct cil_db *test_db;
   2633 	cil_db_init(&test_db);
   2634 
   2635 	uint32_t changed = CIL_FALSE;
   2636 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2637 
   2638 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2639 
   2640 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2641 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2642 }
   2643 
   2644 void test_cil_resolve_rangetransition_type1_neg(CuTest *tc) {
   2645 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2646 			"(", "type", "type_a", ")",
   2647 			"(", "type", "type_b", ")",
   2648 			"(", "sensitivity", "s0", ")",
   2649 			"(", "category", "c0", ")",
   2650 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2651 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2652 			"(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
   2653 
   2654 	struct cil_tree *test_tree;
   2655 	gen_test_tree(&test_tree, line);
   2656 
   2657 	struct cil_db *test_db;
   2658 	cil_db_init(&test_db);
   2659 
   2660 	uint32_t changed = CIL_FALSE;
   2661 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2662 
   2663 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2664 
   2665 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2666 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2667 }
   2668 
   2669 void test_cil_resolve_rangetransition_type2_neg(CuTest *tc) {
   2670 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2671 			"(", "type", "type_a", ")",
   2672 			"(", "type", "type_b", ")",
   2673 			"(", "sensitivity", "s0", ")",
   2674 			"(", "category", "c0", ")",
   2675 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2676 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2677 			"(", "rangetransition", "type_a", "type_DNE", "class_", "(", "low", "high", ")", ")", NULL};
   2678 
   2679 	struct cil_tree *test_tree;
   2680 	gen_test_tree(&test_tree, line);
   2681 
   2682 	struct cil_db *test_db;
   2683 	cil_db_init(&test_db);
   2684 
   2685 	uint32_t changed = CIL_FALSE;
   2686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2687 
   2688 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2689 
   2690 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2691 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2692 }
   2693 
   2694 void test_cil_resolve_rangetransition_class_neg(CuTest *tc) {
   2695 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2696 			"(", "type", "type_a", ")",
   2697 			"(", "type", "type_b", ")",
   2698 			"(", "sensitivity", "s0", ")",
   2699 			"(", "category", "c0", ")",
   2700 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2701 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2702 			"(", "rangetransition", "type_a", "type_b", "class_DNE", "(", "low", "high", ")", ")", NULL};
   2703 
   2704 	struct cil_tree *test_tree;
   2705 	gen_test_tree(&test_tree, line);
   2706 
   2707 	struct cil_db *test_db;
   2708 	cil_db_init(&test_db);
   2709 
   2710 	uint32_t changed = CIL_FALSE;
   2711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2712 
   2713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2714 
   2715 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2716 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2717 }
   2718 
   2719 void test_cil_resolve_rangetransition_call_level_l_anon(CuTest *tc) {
   2720 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2721 			"(", "type", "type_a", ")",
   2722 			"(", "type", "type_b", ")",
   2723 			"(", "sensitivity", "s0", ")",
   2724 			"(", "category", "c0", ")",
   2725 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2726 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2727 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
   2728 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
   2729 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   2730 
   2731 	struct cil_tree *test_tree;
   2732 	gen_test_tree(&test_tree, line);
   2733 
   2734 	struct cil_db *test_db;
   2735 	cil_db_init(&test_db);
   2736 
   2737 	uint32_t changed = CIL_FALSE;
   2738 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2739 
   2740 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2741 
   2742 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2743 
   2744 	args->pass = CIL_PASS_CALL2;
   2745 
   2746 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2747 
   2748 	args->pass = CIL_PASS_MISC2;
   2749 
   2750 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2751 
   2752 	args->pass = CIL_PASS_MISC3;
   2753 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   2754 
   2755 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
   2756 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2757 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2758 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2759 }
   2760 
   2761 void test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest *tc) {
   2762 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2763 			"(", "type", "type_a", ")",
   2764 			"(", "type", "type_b", ")",
   2765 			"(", "sensitivity", "s0", ")",
   2766 			"(", "category", "c0", ")",
   2767 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2769 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
   2770 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
   2771 			"(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
   2772 
   2773 	struct cil_tree *test_tree;
   2774 	gen_test_tree(&test_tree, line);
   2775 
   2776 	struct cil_db *test_db;
   2777 	cil_db_init(&test_db);
   2778 
   2779 	uint32_t changed = CIL_FALSE;
   2780 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2781 
   2782 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2783 
   2784 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2785 
   2786 	args->pass = CIL_PASS_CALL2;
   2787 
   2788 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2789 
   2790 	args->pass = CIL_PASS_MISC2;
   2791 
   2792 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2793 
   2794 	args->pass = CIL_PASS_MISC3;
   2795 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   2796 
   2797 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
   2798 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2799 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2800 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2801 }
   2802 
   2803 void test_cil_resolve_rangetransition_call_level_h_anon(CuTest *tc) {
   2804 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2805 			"(", "type", "type_a", ")",
   2806 			"(", "type", "type_b", ")",
   2807 			"(", "sensitivity", "s0", ")",
   2808 			"(", "category", "c0", ")",
   2809 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2810 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2811 			"(", "macro", "mm", "(", "(", "level", "h", ")", ")",
   2812 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
   2813 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   2814 
   2815 	struct cil_tree *test_tree;
   2816 	gen_test_tree(&test_tree, line);
   2817 
   2818 	struct cil_db *test_db;
   2819 	cil_db_init(&test_db);
   2820 
   2821 	uint32_t changed = CIL_FALSE;
   2822 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2823 
   2824 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2825 
   2826 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2827 
   2828 	args->pass = CIL_PASS_CALL2;
   2829 
   2830 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2831 
   2832 	args->pass = CIL_PASS_MISC2;
   2833 
   2834 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2835 
   2836 	args->pass = CIL_PASS_MISC3;
   2837 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   2838 
   2839 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
   2840 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2841 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2842 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2843 }
   2844 
   2845 void test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest *tc) {
   2846 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2847 			"(", "type", "type_a", ")",
   2848 			"(", "type", "type_b", ")",
   2849 			"(", "sensitivity", "s0", ")",
   2850 			"(", "category", "c0", ")",
   2851 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2852 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2853 			"(", "macro", "mm", "(", "(", "level", "h", ")", ")",
   2854 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
   2855 			"(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
   2856 
   2857 	struct cil_tree *test_tree;
   2858 	gen_test_tree(&test_tree, line);
   2859 
   2860 	struct cil_db *test_db;
   2861 	cil_db_init(&test_db);
   2862 
   2863 	uint32_t changed = CIL_FALSE;
   2864 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   2865 
   2866 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2867 
   2868 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2869 
   2870 	args->pass = CIL_PASS_CALL2;
   2871 
   2872 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   2873 
   2874 	args->pass = CIL_PASS_MISC2;
   2875 
   2876 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2877 
   2878 	args->pass = CIL_PASS_MISC3;
   2879 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
   2880 
   2881 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
   2882 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2883 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   2884 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   2885 }
   2886 
   2887 void test_cil_resolve_rangetransition_level_l_neg(CuTest *tc) {
   2888 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2889 			"(", "type", "type_a", ")",
   2890 			"(", "type", "type_b", ")",
   2891 			"(", "sensitivity", "s0", ")",
   2892 			"(", "category", "c0", ")",
   2893 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2894 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2895 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low_DNE", "high", ")", ")", NULL};
   2896 
   2897 	struct cil_tree *test_tree;
   2898 	gen_test_tree(&test_tree, line);
   2899 
   2900 	struct cil_db *test_db;
   2901 	cil_db_init(&test_db);
   2902 
   2903 	uint32_t changed = CIL_FALSE;
   2904 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2905 
   2906 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2907 
   2908 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2909 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2910 }
   2911 
   2912 void test_cil_resolve_rangetransition_level_h_neg(CuTest *tc) {
   2913 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2914 			"(", "type", "type_a", ")",
   2915 			"(", "type", "type_b", ")",
   2916 			"(", "sensitivity", "s0", ")",
   2917 			"(", "category", "c0", ")",
   2918 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   2919 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2920 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high_DNE", ")", ")", NULL};
   2921 
   2922 	struct cil_tree *test_tree;
   2923 	gen_test_tree(&test_tree, line);
   2924 
   2925 	struct cil_db *test_db;
   2926 	cil_db_init(&test_db);
   2927 
   2928 	uint32_t changed = CIL_FALSE;
   2929 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   2930 
   2931 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2932 
   2933 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2934 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2935 }
   2936 
   2937 void test_cil_resolve_rangetransition_anon_level_l(CuTest *tc) {
   2938 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2939 			"(", "type", "type_a", ")",
   2940 			"(", "type", "type_b", ")",
   2941 			"(", "sensitivity", "s0", ")",
   2942 			"(", "category", "c0", ")",
   2943 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2944 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2945 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c0", ")", ")", "high", ")", ")", NULL};
   2946 
   2947 	struct cil_tree *test_tree;
   2948 	gen_test_tree(&test_tree, line);
   2949 
   2950 	struct cil_db *test_db;
   2951 	cil_db_init(&test_db);
   2952 
   2953 	uint32_t changed = CIL_FALSE;
   2954 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   2955 
   2956 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2957 
   2958 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2959 
   2960 	args->pass = CIL_PASS_MISC3;
   2961 
   2962 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2963 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   2964 }
   2965 
   2966 void test_cil_resolve_rangetransition_anon_level_l_neg(CuTest *tc) {
   2967 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2968 			"(", "type", "type_a", ")",
   2969 			"(", "type", "type_b", ")",
   2970 			"(", "sensitivity", "s0", ")",
   2971 			"(", "category", "c0", ")",
   2972 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   2973 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   2974 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c_DNE", ")", ")", "high", ")", ")", NULL};
   2975 
   2976 	struct cil_tree *test_tree;
   2977 	gen_test_tree(&test_tree, line);
   2978 
   2979 	struct cil_db *test_db;
   2980 	cil_db_init(&test_db);
   2981 
   2982 	uint32_t changed = CIL_FALSE;
   2983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   2984 
   2985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   2986 
   2987 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   2988 
   2989 	args->pass = CIL_PASS_MISC3;
   2990 
   2991 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   2992 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   2993 }
   2994 
   2995 void test_cil_resolve_rangetransition_anon_level_h(CuTest *tc) {
   2996 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   2997 			"(", "type", "type_a", ")",
   2998 			"(", "type", "type_b", ")",
   2999 			"(", "sensitivity", "s0", ")",
   3000 			"(", "category", "c0", ")",
   3001 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   3002 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3003 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s0", "(", "c0", ")",  ")", ")", ")", NULL};
   3004 
   3005 	struct cil_tree *test_tree;
   3006 	gen_test_tree(&test_tree, line);
   3007 
   3008 	struct cil_db *test_db;
   3009 	cil_db_init(&test_db);
   3010 
   3011 	uint32_t changed = CIL_FALSE;
   3012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   3013 
   3014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3015 
   3016 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   3017 
   3018 	args->pass = CIL_PASS_MISC3;
   3019 
   3020 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   3021 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3022 }
   3023 
   3024 void test_cil_resolve_rangetransition_anon_level_h_neg(CuTest *tc) {
   3025 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   3026 			"(", "type", "type_a", ")",
   3027 			"(", "type", "type_b", ")",
   3028 			"(", "sensitivity", "s0", ")",
   3029 			"(", "category", "c0", ")",
   3030 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   3031 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3032 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s_DNE", "(", "c0", ")",  ")", ")", NULL};
   3033 
   3034 	struct cil_tree *test_tree;
   3035 	gen_test_tree(&test_tree, line);
   3036 
   3037 	struct cil_db *test_db;
   3038 	cil_db_init(&test_db);
   3039 
   3040 	uint32_t changed = CIL_FALSE;
   3041 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   3042 
   3043 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3044 
   3045 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   3046 
   3047 	args->pass = CIL_PASS_MISC3;
   3048 
   3049 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   3050 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3051 }
   3052 
   3053 void test_cil_resolve_classcommon(CuTest *tc) {
   3054 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
   3055 			"(", "common", "file", "(", "write", ")", ")",
   3056 			"(", "classcommon", "file", "file", ")", NULL};
   3057 
   3058 	struct cil_tree *test_tree;
   3059 	gen_test_tree(&test_tree, line);
   3060 
   3061 	struct cil_db *test_db;
   3062 	cil_db_init(&test_db);
   3063 
   3064 	uint32_t changed = CIL_FALSE;
   3065 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   3066 
   3067 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3068 
   3069 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next->next, args);
   3070 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3071 }
   3072 
   3073 void test_cil_resolve_classcommon_no_class_neg(CuTest *tc) {
   3074 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   3075 			"(", "classcommon", "foo", "foo", ")", NULL};
   3076 
   3077 	struct cil_tree *test_tree;
   3078 	gen_test_tree(&test_tree, line);
   3079 
   3080 	struct cil_db *test_db;
   3081 	cil_db_init(&test_db);
   3082 
   3083 	uint32_t changed = CIL_FALSE;
   3084 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   3085 
   3086 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3087 
   3088 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
   3089 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3090 }
   3091 
   3092 void test_cil_resolve_classcommon_no_common_neg(CuTest *tc) {
   3093 	char *line[] = {"(", "common", "foo", "(", "read", ")", ")",
   3094 			"(", "classcommon", "foo", "foo", ")", NULL};
   3095 
   3096 	struct cil_tree *test_tree;
   3097 	gen_test_tree(&test_tree, line);
   3098 
   3099 	struct cil_db *test_db;
   3100 	cil_db_init(&test_db);
   3101 
   3102 	uint32_t changed = CIL_FALSE;
   3103 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   3104 
   3105 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3106 
   3107 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
   3108 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3109 }
   3110 
   3111 void test_cil_resolve_classpermset_named(CuTest *tc) {
   3112 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3113 			"(", "class", "char", "(", "read", ")", ")",
   3114 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
   3115 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
   3116 
   3117 	struct cil_tree *test_tree;
   3118 	gen_test_tree(&test_tree, line);
   3119 
   3120 	struct cil_db *test_db;
   3121 	cil_db_init(&test_db);
   3122 
   3123 	uint32_t changed = CIL_FALSE;
   3124 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3125 
   3126 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3127 
   3128 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
   3129 
   3130 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
   3131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3132 }
   3133 
   3134 void test_cil_resolve_classpermset_named_namedpermlist(CuTest *tc) {
   3135 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3136 			"(", "class", "char", "(", "read", ")", ")",
   3137 			"(", "classpermissionset", "char_w", "(", "char", "baz", ")", ")",
   3138 			"(", "permissionset", "baz", "(", "read", ")", ")",
   3139 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
   3140 
   3141 	struct cil_tree *test_tree;
   3142 	gen_test_tree(&test_tree, line);
   3143 
   3144 	struct cil_db *test_db;
   3145 	cil_db_init(&test_db);
   3146 
   3147 	uint32_t changed = CIL_FALSE;
   3148 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3149 
   3150 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3151 
   3152 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
   3153 
   3154 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
   3155 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3156 }
   3157 
   3158 void test_cil_resolve_classpermset_named_permlist_neg(CuTest *tc) {
   3159 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3160 			"(", "class", "char", "(", "read", ")", ")",
   3161 			"(", "classpermissionset", "char_w", "(", "dne", "(", "read", ")", ")", ")",
   3162 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
   3163 
   3164 	struct cil_tree *test_tree;
   3165 	gen_test_tree(&test_tree, line);
   3166 
   3167 	struct cil_db *test_db;
   3168 	cil_db_init(&test_db);
   3169 
   3170 	uint32_t changed = CIL_FALSE;
   3171 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3172 
   3173 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3174 
   3175 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
   3176 
   3177 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
   3178 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3179 }
   3180 
   3181 void test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest *tc) {
   3182 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3183 			"(", "class", "char", "(", "read", ")", ")",
   3184 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
   3185 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
   3186 
   3187 	struct cil_tree *test_tree;
   3188 	gen_test_tree(&test_tree, line);
   3189 
   3190 	struct cil_db *test_db;
   3191 	cil_db_init(&test_db);
   3192 
   3193 	uint32_t changed = CIL_FALSE;
   3194 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3195 
   3196 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3197 
   3198 	struct cil_classpermset *cps;
   3199 	cil_classpermset_init(&cps);
   3200 
   3201 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
   3202 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   3203 }
   3204 
   3205 void test_cil_resolve_classpermset_anon(CuTest *tc) {
   3206 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3207 			"(", "classmapping", "files", "read", "(", "char", "(", "read", ")", ")", ")",
   3208 			"(", "class", "char", "(", "read", ")", ")", NULL};
   3209 
   3210 	struct cil_tree *test_tree;
   3211 	gen_test_tree(&test_tree, line);
   3212 
   3213 	struct cil_db *test_db;
   3214 	cil_db_init(&test_db);
   3215 
   3216 	uint32_t changed = CIL_FALSE;
   3217 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3218 
   3219 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3220 
   3221 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
   3222 
   3223 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
   3224 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3225 }
   3226 
   3227 void test_cil_resolve_classpermset_anon_namedpermlist(CuTest *tc) {
   3228 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3229 			"(", "classmapping", "files", "read", "(", "char", "baz", ")", ")",
   3230 			"(", "permissionset", "baz", "(", "read", ")", ")",
   3231 			"(", "class", "char", "(", "read", ")", ")", NULL};
   3232 
   3233 	struct cil_tree *test_tree;
   3234 	gen_test_tree(&test_tree, line);
   3235 
   3236 	struct cil_db *test_db;
   3237 	cil_db_init(&test_db);
   3238 
   3239 	uint32_t changed = CIL_FALSE;
   3240 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3241 
   3242 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3243 
   3244 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
   3245 
   3246 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
   3247 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3248 }
   3249 
   3250 void test_cil_resolve_classpermset_anon_permlist_neg(CuTest *tc) {
   3251 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   3252 			"(", "classmapping", "files", "read", "(", "char", "(", "dne", ")", ")", ")",
   3253 			"(", "class", "char", "(", "read", ")", ")", NULL};
   3254 
   3255 	struct cil_tree *test_tree;
   3256 	gen_test_tree(&test_tree, line);
   3257 
   3258 	struct cil_db *test_db;
   3259 	cil_db_init(&test_db);
   3260 
   3261 	uint32_t changed = CIL_FALSE;
   3262 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3263 
   3264 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3265 
   3266 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
   3267 
   3268 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
   3269 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3270 }
   3271 
   3272 void test_cil_resolve_avrule(CuTest *tc) {
   3273 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3274 	                "(", "type", "test", ")",
   3275 			"(", "type", "foo", ")",
   3276 	                "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   3277 
   3278 	struct cil_tree *test_tree;
   3279 	gen_test_tree(&test_tree, line);
   3280 
   3281 	struct cil_db *test_db;
   3282 	cil_db_init(&test_db);
   3283 
   3284 	uint32_t changed = CIL_FALSE;
   3285 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3286 
   3287 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3288 
   3289 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
   3290 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3291 }
   3292 
   3293 void test_cil_resolve_avrule_permset(CuTest *tc) {
   3294 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3295 	                "(", "type", "test", ")",
   3296 			"(", "type", "foo", ")",
   3297 			"(", "permissionset", "baz", "(", "open", "write", ")", ")",
   3298 	                "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
   3299 
   3300 	struct cil_tree *test_tree;
   3301 	gen_test_tree(&test_tree, line);
   3302 
   3303 	struct cil_db *test_db;
   3304 	cil_db_init(&test_db);
   3305 
   3306 	uint32_t changed = CIL_FALSE;
   3307 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3308 
   3309 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3310 
   3311 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
   3312 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3313 }
   3314 
   3315 void test_cil_resolve_avrule_permset_neg(CuTest *tc) {
   3316 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3317 	                "(", "type", "test", ")",
   3318 			"(", "type", "foo", ")",
   3319 			"(", "permissionset", "baz", "(", "open", "close", ")", ")",
   3320 	                "(", "allow", "test", "foo", "(", "bar", "dne", ")", ")", NULL};
   3321 
   3322 	struct cil_tree *test_tree;
   3323 	gen_test_tree(&test_tree, line);
   3324 
   3325 	struct cil_db *test_db;
   3326 	cil_db_init(&test_db);
   3327 
   3328 	uint32_t changed = CIL_FALSE;
   3329 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3330 
   3331 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3332 
   3333 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
   3334 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3335 }
   3336 
   3337 void test_cil_resolve_avrule_permset_permdne_neg(CuTest *tc) {
   3338 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3339 	                "(", "type", "test", ")",
   3340 			"(", "type", "foo", ")",
   3341 			"(", "permissionset", "baz", "(", "open", "dne", ")", ")",
   3342 	                "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
   3343 
   3344 	struct cil_tree *test_tree;
   3345 	gen_test_tree(&test_tree, line);
   3346 
   3347 	struct cil_db *test_db;
   3348 	cil_db_init(&test_db);
   3349 
   3350 	uint32_t changed = CIL_FALSE;
   3351 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3352 
   3353 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3354 
   3355 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
   3356 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3357 }
   3358 
   3359 void test_cil_resolve_avrule_firsttype_neg(CuTest *tc) {
   3360 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3361 	                "(", "type", "test", ")",
   3362 			"(", "type", "foo", ")",
   3363 	                "(", "allow", "fail1", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   3364 
   3365 	struct cil_tree *test_tree;
   3366 	gen_test_tree(&test_tree, line);
   3367 
   3368 	struct cil_db *test_db;
   3369 	cil_db_init(&test_db);
   3370 
   3371 	uint32_t changed = CIL_FALSE;
   3372 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3373 
   3374 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3375 
   3376 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
   3377 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3378 }
   3379 
   3380 void test_cil_resolve_avrule_secondtype_neg(CuTest *tc) {
   3381 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3382 	                "(", "type", "test", ")",
   3383 			"(", "type", "foo", ")",
   3384 	                "(", "allow", "test", "fail2", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   3385 
   3386 	struct cil_tree *test_tree;
   3387 	gen_test_tree(&test_tree, line);
   3388 
   3389 	struct cil_db *test_db;
   3390 	cil_db_init(&test_db);
   3391 
   3392 	uint32_t changed = CIL_FALSE;
   3393 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3394 
   3395 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3396 
   3397 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
   3398 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3399 }
   3400 
   3401 void test_cil_resolve_avrule_class_neg(CuTest *tc) {
   3402 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3403 	                "(", "type", "test", ")",
   3404 			"(", "type", "foo", ")",
   3405 	                "(", "allow", "test", "foo", "(", "fail3", "(", "read", "write", ")", ")", ")", NULL};
   3406 
   3407 	struct cil_tree *test_tree;
   3408 	gen_test_tree(&test_tree, line);
   3409 
   3410 	struct cil_db *test_db;
   3411 	cil_db_init(&test_db);
   3412 
   3413 	uint32_t changed = CIL_FALSE;
   3414 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3415 
   3416 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3417 
   3418 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
   3419 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3420 }
   3421 
   3422 void test_cil_resolve_avrule_perm_neg(CuTest *tc) {
   3423 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   3424 	                "(", "type", "test", ")",
   3425 			"(", "type", "foo", ")",
   3426 	                "(", "allow", "test", "foo", "(", "bar", "(", "execute", ")", ")", ")", NULL};
   3427 
   3428 	struct cil_tree *test_tree;
   3429 	gen_test_tree(&test_tree, line);
   3430 
   3431 	struct cil_db *test_db;
   3432 	cil_db_init(&test_db);
   3433 
   3434 	uint32_t changed = CIL_FALSE;
   3435 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3436 
   3437 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3438 
   3439 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
   3440 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3441 }
   3442 
   3443 void test_cil_resolve_type_rule_transition(CuTest *tc) {
   3444 	char *line[] = {"(", "type", "foo", ")",
   3445 			"(", "type", "bar", ")",
   3446 			"(", "class", "file", "(", "write", ")", ")",
   3447 			"(", "type", "foobar", ")",
   3448 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   3449 
   3450 	struct cil_tree *test_tree;
   3451 	gen_test_tree(&test_tree, line);
   3452 
   3453 	struct cil_db *test_db;
   3454 	cil_db_init(&test_db);
   3455 
   3456 	uint32_t changed = CIL_FALSE;
   3457 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3458 
   3459 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3460 
   3461 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
   3462 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3463 }
   3464 
   3465 void test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest *tc) {
   3466 	char *line[] = {"(", "type", "bar", ")",
   3467 			"(", "class", "file", "(", "write", ")", ")",
   3468 			"(", "type", "foobar", ")",
   3469 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   3470 
   3471 	struct cil_tree *test_tree;
   3472 	gen_test_tree(&test_tree, line);
   3473 
   3474 	struct cil_db *test_db;
   3475 	cil_db_init(&test_db);
   3476 
   3477 	uint32_t changed = CIL_FALSE;
   3478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3479 
   3480 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3481 
   3482 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3483 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3484 }
   3485 
   3486 void test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest *tc) {
   3487 	char *line[] = {"(", "type", "foo", ")",
   3488 			"(", "class", "file", "(", "write", ")", ")",
   3489 			"(", "type", "foobar", ")",
   3490 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   3491 
   3492 	struct cil_tree *test_tree;
   3493 	gen_test_tree(&test_tree, line);
   3494 
   3495 	struct cil_db *test_db;
   3496 	cil_db_init(&test_db);
   3497 
   3498 	uint32_t changed = CIL_FALSE;
   3499 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3500 
   3501 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3502 
   3503 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3504 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3505 }
   3506 
   3507 void test_cil_resolve_type_rule_transition_objdecl_neg(CuTest *tc) {
   3508 	char *line[] = {"(", "type", "foo", ")",
   3509 			"(", "type", "bar", ")",
   3510 			"(", "type", "foobar", ")",
   3511 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   3512 
   3513 	struct cil_tree *test_tree;
   3514 	gen_test_tree(&test_tree, line);
   3515 
   3516 	struct cil_db *test_db;
   3517 	cil_db_init(&test_db);
   3518 
   3519 	uint32_t changed = CIL_FALSE;
   3520 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3521 
   3522 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3523 
   3524 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3525 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3526 }
   3527 
   3528 void test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest *tc) {
   3529 	char *line[] = {"(", "type", "foo", ")",
   3530 			"(", "type", "bar", ")",
   3531 			"(", "class", "file", "(", "write", ")", ")",
   3532 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   3533 
   3534 	struct cil_tree *test_tree;
   3535 	gen_test_tree(&test_tree, line);
   3536 
   3537 	struct cil_db *test_db;
   3538 	cil_db_init(&test_db);
   3539 
   3540 	uint32_t changed = CIL_FALSE;
   3541 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3542 
   3543 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3544 
   3545 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3546 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3547 }
   3548 
   3549 void test_cil_resolve_type_rule_change(CuTest *tc) {
   3550 	char *line[] = {"(", "type", "foo", ")",
   3551 			"(", "type", "bar", ")",
   3552 			"(", "class", "file", "(", "write", ")", ")",
   3553 			"(", "type", "foobar", ")",
   3554 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   3555 
   3556 	struct cil_tree *test_tree;
   3557 	gen_test_tree(&test_tree, line);
   3558 
   3559 	struct cil_db *test_db;
   3560 	cil_db_init(&test_db);
   3561 
   3562 	uint32_t changed = CIL_FALSE;
   3563 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3564 
   3565 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3566 
   3567 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
   3568 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3569 }
   3570 
   3571 void test_cil_resolve_type_rule_change_srcdecl_neg(CuTest *tc) {
   3572 	char *line[] = {"(", "type", "bar", ")",
   3573 			"(", "class", "file", "(", "write", ")", ")",
   3574 			"(", "type", "foobar", ")",
   3575 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   3576 
   3577 	struct cil_tree *test_tree;
   3578 	gen_test_tree(&test_tree, line);
   3579 
   3580 	struct cil_db *test_db;
   3581 	cil_db_init(&test_db);
   3582 
   3583 	uint32_t changed = CIL_FALSE;
   3584 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3585 
   3586 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3587 
   3588 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3589 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3590 }
   3591 
   3592 void test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest *tc) {
   3593 	char *line[] = {"(", "type", "foo", ")",
   3594 			"(", "class", "file", "(", "write", ")", ")",
   3595 			"(", "type", "foobar", ")",
   3596 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   3597 
   3598 	struct cil_tree *test_tree;
   3599 	gen_test_tree(&test_tree, line);
   3600 
   3601 	struct cil_db *test_db;
   3602 	cil_db_init(&test_db);
   3603 
   3604 	uint32_t changed = CIL_FALSE;
   3605 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3606 
   3607 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3608 
   3609 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3610 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3611 }
   3612 
   3613 void test_cil_resolve_type_rule_change_objdecl_neg(CuTest *tc) {
   3614 	char *line[] = {"(", "type", "foo", ")",
   3615 			"(", "type", "bar", ")",
   3616 			"(", "type", "foobar", ")",
   3617 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   3618 
   3619 	struct cil_tree *test_tree;
   3620 	gen_test_tree(&test_tree, line);
   3621 
   3622 	struct cil_db *test_db;
   3623 	cil_db_init(&test_db);
   3624 
   3625 	uint32_t changed = CIL_FALSE;
   3626 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3627 
   3628 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3629 
   3630 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3631 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3632 }
   3633 
   3634 void test_cil_resolve_type_rule_change_resultdecl_neg(CuTest *tc) {
   3635 	char *line[] = {"(", "type", "foo", ")",
   3636 			"(", "type", "bar", ")",
   3637 			"(", "class", "file", "(", "write", ")", ")",
   3638 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   3639 
   3640 	struct cil_tree *test_tree;
   3641 	gen_test_tree(&test_tree, line);
   3642 
   3643 	struct cil_db *test_db;
   3644 	cil_db_init(&test_db);
   3645 
   3646 	uint32_t changed = CIL_FALSE;
   3647 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3648 
   3649 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3650 
   3651 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3652 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3653 }
   3654 
   3655 void test_cil_resolve_type_rule_member(CuTest *tc) {
   3656 	char *line[] = {"(", "type", "foo", ")",
   3657 			"(", "type", "bar", ")",
   3658 			"(", "class", "file", "(", "write", ")", ")",
   3659 			"(", "type", "foobar", ")",
   3660 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   3661 
   3662 	struct cil_tree *test_tree;
   3663 	gen_test_tree(&test_tree, line);
   3664 
   3665 	struct cil_db *test_db;
   3666 	cil_db_init(&test_db);
   3667 
   3668 	uint32_t changed = CIL_FALSE;
   3669 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3670 
   3671 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3672 
   3673 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
   3674 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3675 }
   3676 
   3677 void test_cil_resolve_type_rule_member_srcdecl_neg(CuTest *tc) {
   3678 	char *line[] = {"(", "type", "bar", ")",
   3679 			"(", "class", "file", "(", "write", ")", ")",
   3680 			"(", "type", "foobar", ")",
   3681 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   3682 
   3683 	struct cil_tree *test_tree;
   3684 	gen_test_tree(&test_tree, line);
   3685 
   3686 	struct cil_db *test_db;
   3687 	cil_db_init(&test_db);
   3688 
   3689 	uint32_t changed = CIL_FALSE;
   3690 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3691 
   3692 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3693 
   3694 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3695 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3696 }
   3697 
   3698 void test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest *tc) {
   3699 	char *line[] = {"(", "type", "foo", ")",
   3700 			"(", "class", "file", "(", "write", ")", ")",
   3701 			"(", "type", "foobar", ")",
   3702 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   3703 
   3704 	struct cil_tree *test_tree;
   3705 	gen_test_tree(&test_tree, line);
   3706 
   3707 	struct cil_db *test_db;
   3708 	cil_db_init(&test_db);
   3709 
   3710 	uint32_t changed = CIL_FALSE;
   3711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3712 
   3713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3714 
   3715 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3716 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3717 }
   3718 
   3719 void test_cil_resolve_type_rule_member_objdecl_neg(CuTest *tc) {
   3720 	char *line[] = {"(", "type", "foo", ")",
   3721 			"(", "type", "bar", ")",
   3722 			"(", "type", "foobar", ")",
   3723 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   3724 
   3725 	struct cil_tree *test_tree;
   3726 	gen_test_tree(&test_tree, line);
   3727 
   3728 	struct cil_db *test_db;
   3729 	cil_db_init(&test_db);
   3730 
   3731 	uint32_t changed = CIL_FALSE;
   3732 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3733 
   3734 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3735 
   3736 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3737 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3738 }
   3739 
   3740 void test_cil_resolve_type_rule_member_resultdecl_neg(CuTest *tc) {
   3741 	char *line[] = {"(", "type", "foo", ")",
   3742 			"(", "type", "bar", ")",
   3743 			"(", "class", "file", "(", "write", ")", ")",
   3744 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   3745 
   3746 	struct cil_tree *test_tree;
   3747 	gen_test_tree(&test_tree, line);
   3748 
   3749 	struct cil_db *test_db;
   3750 	cil_db_init(&test_db);
   3751 
   3752 	uint32_t changed = CIL_FALSE;
   3753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3754 
   3755 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3756 
   3757 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
   3758 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3759 }
   3760 
   3761 void test_cil_resolve_filecon(CuTest *tc) {
   3762 	char *line[] = {"(", "user", "user_u", ")",
   3763 			"(", "role", "role_r", ")",
   3764 			"(", "type", "type_t", ")",
   3765 			"(", "category", "c0", ")",
   3766 			"(", "sensitivity", "s0", ")",
   3767 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3769 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3770 			"(", "filecon", "root", "path", "file", "con", ")", NULL};
   3771 
   3772 	struct cil_tree *test_tree;
   3773 	gen_test_tree(&test_tree, line);
   3774 
   3775 	struct cil_db *test_db;
   3776 	cil_db_init(&test_db);
   3777 
   3778 	uint32_t changed = CIL_FALSE;
   3779 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3780 
   3781 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3782 
   3783 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   3784 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3785 }
   3786 
   3787 void test_cil_resolve_filecon_neg(CuTest *tc) {
   3788 	char *line[] = {"(", "user", "user_u", ")",
   3789 			"(", "role", "role_r", ")",
   3790 			"(", "type", "type_t", ")",
   3791 			"(", "category", "c0", ")",
   3792 			"(", "sensitivity", "s0", ")",
   3793 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3794 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3795 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3796 			"(", "filecon", "root", "path", "file", "conn", ")", NULL};
   3797 
   3798 	struct cil_tree *test_tree;
   3799 	gen_test_tree(&test_tree, line);
   3800 
   3801 	struct cil_db *test_db;
   3802 	cil_db_init(&test_db);
   3803 
   3804 	uint32_t changed = CIL_FALSE;
   3805 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3806 
   3807 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3808 
   3809 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   3810 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3811 }
   3812 
   3813 void test_cil_resolve_filecon_anon_context(CuTest *tc) {
   3814 	char *line[] = {"(", "user", "user_u", ")",
   3815 			"(", "role", "role_r", ")",
   3816 			"(", "type", "type_t", ")",
   3817 			"(", "category", "c0", ")",
   3818 			"(", "sensitivity", "s0", ")",
   3819 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3820 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3821 			"(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   3822 
   3823 	struct cil_tree *test_tree;
   3824 	gen_test_tree(&test_tree, line);
   3825 
   3826 	struct cil_db *test_db;
   3827 	cil_db_init(&test_db);
   3828 
   3829 	uint32_t changed = CIL_FALSE;
   3830 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3831 
   3832 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3833 
   3834 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   3835 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3836 }
   3837 
   3838 void test_cil_resolve_filecon_anon_context_neg(CuTest *tc) {
   3839 	char *line[] = {"(", "user", "system_u", ")",
   3840 			"(", "type", "type_t", ")",
   3841 			"(", "category", "c0", ")",
   3842 			"(", "sensitivity", "s0", ")",
   3843 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3844 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3845 			"(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   3846 
   3847 	struct cil_tree *test_tree;
   3848 	gen_test_tree(&test_tree, line);
   3849 
   3850 	struct cil_db *test_db;
   3851 	cil_db_init(&test_db);
   3852 
   3853 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3854 
   3855 	uint32_t changed = CIL_FALSE;
   3856 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3857 
   3858 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   3859 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3860 }
   3861 
   3862 void test_cil_resolve_portcon(CuTest *tc) {
   3863 	char *line[] = {"(", "user", "user_u", ")",
   3864 			"(", "role", "role_r", ")",
   3865 			"(", "type", "type_t", ")",
   3866 			"(", "category", "c0", ")",
   3867 			"(", "sensitivity", "s0", ")",
   3868 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3869 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3870 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3871 			"(", "portcon", "udp", "25", "con", ")", NULL};
   3872 
   3873 	struct cil_tree *test_tree;
   3874 	gen_test_tree(&test_tree, line);
   3875 
   3876 	struct cil_db *test_db;
   3877 	cil_db_init(&test_db);
   3878 
   3879 	uint32_t changed = CIL_FALSE;
   3880 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3881 
   3882 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3883 
   3884 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   3885 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3886 }
   3887 
   3888 void test_cil_resolve_portcon_neg(CuTest *tc) {
   3889 	char *line[] = {"(", "user", "user_u", ")",
   3890 			"(", "role", "role_r", ")",
   3891 			"(", "type", "type_t", ")",
   3892 			"(", "category", "c0", ")",
   3893 			"(", "sensitivity", "s0", ")",
   3894 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3895 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3896 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3897 			"(", "portcon", "udp", "25", "conn", ")", NULL};
   3898 
   3899 	struct cil_tree *test_tree;
   3900 	gen_test_tree(&test_tree, line);
   3901 
   3902 	struct cil_db *test_db;
   3903 	cil_db_init(&test_db);
   3904 
   3905 	uint32_t changed = CIL_FALSE;
   3906 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3907 
   3908 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3909 
   3910 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   3911 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3912 }
   3913 
   3914 void test_cil_resolve_portcon_anon_context(CuTest *tc) {
   3915 	char *line[] = {"(", "user", "user_u", ")",
   3916 			"(", "role", "role_r", ")",
   3917 			"(", "type", "type_t", ")",
   3918 			"(", "category", "c0", ")",
   3919 			"(", "sensitivity", "s0", ")",
   3920 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3921 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3922 			"(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   3923 
   3924 	struct cil_tree *test_tree;
   3925 	gen_test_tree(&test_tree, line);
   3926 
   3927 	struct cil_db *test_db;
   3928 	cil_db_init(&test_db);
   3929 
   3930 	uint32_t changed = CIL_FALSE;
   3931 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3932 
   3933 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3934 
   3935 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   3936 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3937 }
   3938 
   3939 void test_cil_resolve_portcon_anon_context_neg(CuTest *tc) {
   3940 	char *line[] = {"(", "user", "system_u", ")",
   3941 			"(", "type", "type_t", ")",
   3942 			"(", "category", "c0", ")",
   3943 			"(", "sensitivity", "s0", ")",
   3944 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3945 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3946 			"(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   3947 
   3948 	struct cil_tree *test_tree;
   3949 	gen_test_tree(&test_tree, line);
   3950 
   3951 	struct cil_db *test_db;
   3952 	cil_db_init(&test_db);
   3953 
   3954 	uint32_t changed = CIL_FALSE;
   3955 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3956 
   3957 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3958 
   3959 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   3960 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   3961 }
   3962 
   3963 void test_cil_resolve_genfscon(CuTest *tc) {
   3964 	char *line[] = {"(", "user", "user_u", ")",
   3965 			"(", "role", "role_r", ")",
   3966 			"(", "type", "type_t", ")",
   3967 			"(", "category", "c0", ")",
   3968 			"(", "sensitivity", "s0", ")",
   3969 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3970 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3971 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3972 			"(", "genfscon", "type", "path", "con", ")", NULL};
   3973 
   3974 	struct cil_tree *test_tree;
   3975 	gen_test_tree(&test_tree, line);
   3976 
   3977 	struct cil_db *test_db;
   3978 	cil_db_init(&test_db);
   3979 
   3980 	uint32_t changed = CIL_FALSE;
   3981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   3982 
   3983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   3984 
   3985 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   3986 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   3987 }
   3988 
   3989 void test_cil_resolve_genfscon_neg(CuTest *tc) {
   3990 	char *line[] = {"(", "user", "user_u", ")",
   3991 			"(", "role", "role_r", ")",
   3992 			"(", "type", "type_t", ")",
   3993 			"(", "category", "c0", ")",
   3994 			"(", "sensitivity", "s0", ")",
   3995 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   3996 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   3997 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   3998 			"(", "genfscon", "type", "path", "conn", ")", NULL};
   3999 
   4000 	struct cil_tree *test_tree;
   4001 	gen_test_tree(&test_tree, line);
   4002 
   4003 	struct cil_db *test_db;
   4004 	cil_db_init(&test_db);
   4005 
   4006 	uint32_t changed = CIL_FALSE;
   4007 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4008 
   4009 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4010 
   4011 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4012 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4013 }
   4014 
   4015 void test_cil_resolve_genfscon_anon_context(CuTest *tc) {
   4016 	char *line[] = {"(", "user", "user_u", ")",
   4017 			"(", "role", "role_r", ")",
   4018 			"(", "type", "type_t", ")",
   4019 			"(", "category", "c0", ")",
   4020 			"(", "sensitivity", "s0", ")",
   4021 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4022 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4023 			"(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   4024 
   4025 	struct cil_tree *test_tree;
   4026 	gen_test_tree(&test_tree, line);
   4027 
   4028 	struct cil_db *test_db;
   4029 	cil_db_init(&test_db);
   4030 
   4031 	uint32_t changed = CIL_FALSE;
   4032 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4033 
   4034 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4035 
   4036 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   4037 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4038 }
   4039 
   4040 void test_cil_resolve_genfscon_anon_context_neg(CuTest *tc) {
   4041 	char *line[] = {"(", "user", "system_u", ")",
   4042 			"(", "type", "type_t", ")",
   4043 			"(", "category", "c0", ")",
   4044 			"(", "sensitivity", "s0", ")",
   4045 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4046 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4047 			"(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   4048 
   4049 	struct cil_tree *test_tree;
   4050 	gen_test_tree(&test_tree, line);
   4051 
   4052 	struct cil_db *test_db;
   4053 	cil_db_init(&test_db);
   4054 
   4055 	uint32_t changed = CIL_FALSE;
   4056 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4057 
   4058 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4059 
   4060 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   4061 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4062 }
   4063 
   4064 void test_cil_resolve_nodecon_ipv4(CuTest *tc) {
   4065 	char *line[] = {"(", "user", "user_u", ")",
   4066 			"(", "role", "role_r", ")",
   4067 			"(", "type", "type_t", ")",
   4068 			"(", "category", "c0", ")",
   4069 			"(", "sensitivity", "s0", ")",
   4070 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4071 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4072 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4073 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4074 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   4075 			"(", "nodecon", "ip", "netmask", "con", ")", NULL};
   4076 
   4077 	struct cil_tree *test_tree;
   4078 	gen_test_tree(&test_tree, line);
   4079 
   4080 	struct cil_db *test_db;
   4081 	cil_db_init(&test_db);
   4082 
   4083 	uint32_t changed = CIL_FALSE;
   4084 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4085 
   4086 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4087 
   4088 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   4089 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4090 }
   4091 
   4092 void test_cil_resolve_nodecon_ipv6(CuTest *tc) {
   4093 	char *line[] = {"(", "user", "user_u", ")",
   4094 			"(", "role", "role_r", ")",
   4095 			"(", "type", "type_t", ")",
   4096 			"(", "category", "c0", ")",
   4097 			"(", "sensitivity", "s0", ")",
   4098 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4099 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4100 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4101 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
   4102 			"(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
   4103 			"(", "nodecon", "ip", "netmask", "con", ")", NULL};
   4104 
   4105 	struct cil_tree *test_tree;
   4106 	gen_test_tree(&test_tree, line);
   4107 
   4108 	struct cil_db *test_db;
   4109 	cil_db_init(&test_db);
   4110 
   4111 	uint32_t changed = CIL_FALSE;
   4112 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4113 
   4114 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4115 
   4116 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   4117 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4118 }
   4119 
   4120 void test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest *tc) {
   4121 	char *line[] = {"(", "user", "user_u", ")",
   4122 			"(", "role", "role_r", ")",
   4123 			"(", "type", "type_t", ")",
   4124 			"(", "category", "c0", ")",
   4125 			"(", "sensitivity", "s0", ")",
   4126 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4127 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4128 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4129 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   4130 			"(", "nodecon", "(", "192.168.1.1", ")", "netmask", "con", ")", NULL};
   4131 
   4132 	struct cil_tree *test_tree;
   4133 	gen_test_tree(&test_tree, line);
   4134 
   4135 	struct cil_db *test_db;
   4136 	cil_db_init(&test_db);
   4137 
   4138 	uint32_t changed = CIL_FALSE;
   4139 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4140 
   4141 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4142 
   4143 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4144 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4145 }
   4146 
   4147 void test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest *tc) {
   4148 	char *line[] = {"(", "user", "user_u", ")",
   4149 			"(", "role", "role_r", ")",
   4150 			"(", "type", "type_t", ")",
   4151 			"(", "category", "c0", ")",
   4152 			"(", "sensitivity", "s0", ")",
   4153 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4154 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4155 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4156 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4157 			"(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
   4158 
   4159 	struct cil_tree *test_tree;
   4160 	gen_test_tree(&test_tree, line);
   4161 
   4162 	struct cil_db *test_db;
   4163 	cil_db_init(&test_db);
   4164 
   4165 	uint32_t changed = CIL_FALSE;
   4166 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4167 
   4168 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4169 
   4170 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4171 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4172 }
   4173 
   4174 void test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest *tc) {
   4175 	char *line[] = {"(", "user", "user_u", ")",
   4176 			"(", "role", "role_r", ")",
   4177 			"(", "type", "type_t", ")",
   4178 			"(", "category", "c0", ")",
   4179 			"(", "sensitivity", "s0", ")",
   4180 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4181 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4182 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4183 			"(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
   4184 			"(", "nodecon", "(", "2001:0DB8:AC10:FE01::", ")", "netmask", "con", ")", NULL};
   4185 
   4186 	struct cil_tree *test_tree;
   4187 	gen_test_tree(&test_tree, line);
   4188 
   4189 	struct cil_db *test_db;
   4190 	cil_db_init(&test_db);
   4191 
   4192 	uint32_t changed = CIL_FALSE;
   4193 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4194 
   4195 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4196 
   4197 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4198 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4199 }
   4200 
   4201 void test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest *tc) {
   4202 	char *line[] = {"(", "user", "user_u", ")",
   4203 			"(", "role", "role_r", ")",
   4204 			"(", "type", "type_t", ")",
   4205 			"(", "category", "c0", ")",
   4206 			"(", "sensitivity", "s0", ")",
   4207 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4208 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4209 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4210 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
   4211 			"(", "nodecon", "ip", "(", "2001:0DB8:AC10:FE01::", ")", "con", ")", NULL};
   4212 
   4213 	struct cil_tree *test_tree;
   4214 	gen_test_tree(&test_tree, line);
   4215 
   4216 	struct cil_db *test_db;
   4217 	cil_db_init(&test_db);
   4218 
   4219 	uint32_t changed = CIL_FALSE;
   4220 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4221 
   4222 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4223 
   4224 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4225 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4226 }
   4227 
   4228 void test_cil_resolve_nodecon_diffipfam_neg(CuTest *tc) {
   4229 	char *line[] = {"(", "user", "user_u", ")",
   4230 			"(", "role", "role_r", ")",
   4231 			"(", "type", "type_t", ")",
   4232 			"(", "category", "c0", ")",
   4233 			"(", "sensitivity", "s0", ")",
   4234 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4235 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4236 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4237 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
   4238 			"(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
   4239 
   4240 	struct cil_tree *test_tree;
   4241 	gen_test_tree(&test_tree, line);
   4242 
   4243 	struct cil_db *test_db;
   4244 	cil_db_init(&test_db);
   4245 
   4246 	uint32_t changed = CIL_FALSE;
   4247 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4248 
   4249 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4250 
   4251 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4252 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   4253 }
   4254 
   4255 void test_cil_resolve_nodecon_context_neg(CuTest *tc) {
   4256 	char *line[] = {"(", "user", "user_u", ")",
   4257 			"(", "role", "role_r", ")",
   4258 			"(", "type", "type_t", ")",
   4259 			"(", "category", "c0", ")",
   4260 			"(", "sensitivity", "s0", ")",
   4261 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4262 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4263 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4264 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4265 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   4266 			"(", "nodecon", "n", "netmask", "con", ")", NULL};
   4267 
   4268 	struct cil_tree *test_tree;
   4269 	gen_test_tree(&test_tree, line);
   4270 
   4271 	struct cil_db *test_db;
   4272 	cil_db_init(&test_db);
   4273 
   4274 	uint32_t changed = CIL_FALSE;
   4275 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4276 
   4277 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4278 
   4279 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   4280 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4281 }
   4282 
   4283 void test_cil_resolve_nodecon_ipaddr_neg(CuTest *tc) {
   4284 	char *line[] = {"(", "user", "user_u", ")",
   4285 			"(", "role", "role_r", ")",
   4286 			"(", "type", "type_t", ")",
   4287 			"(", "category", "c0", ")",
   4288 			"(", "sensitivity", "s0", ")",
   4289 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4290 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4291 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4292 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4293 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   4294 			"(", "nodecon", "ip", "n", "con", ")", NULL};
   4295 
   4296 	struct cil_tree *test_tree;
   4297 	gen_test_tree(&test_tree, line);
   4298 
   4299 	struct cil_db *test_db;
   4300 	cil_db_init(&test_db);
   4301 
   4302 	uint32_t changed = CIL_FALSE;
   4303 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4304 
   4305 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4306 
   4307 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   4308 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4309 }
   4310 
   4311 void test_cil_resolve_nodecon_netmask_neg(CuTest *tc) {
   4312 	char *line[] = {"(", "user", "user_u", ")",
   4313 			"(", "role", "role_r", ")",
   4314 			"(", "type", "type_t", ")",
   4315 			"(", "category", "c0", ")",
   4316 			"(", "sensitivity", "s0", ")",
   4317 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4318 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4319 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   4320 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4321 			"(", "nodecon", "ip", "ip", "conn", ")", NULL};
   4322 
   4323 	struct cil_tree *test_tree;
   4324 	gen_test_tree(&test_tree, line);
   4325 
   4326 	struct cil_db *test_db;
   4327 	cil_db_init(&test_db);
   4328 
   4329 	uint32_t changed = CIL_FALSE;
   4330 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4331 
   4332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4333 
   4334 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4335 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4336 }
   4337 
   4338 void test_cil_resolve_nodecon_anon_context(CuTest *tc) {
   4339 	char *line[] = {"(", "user", "user_u", ")",
   4340 			"(", "role", "role_r", ")",
   4341 			"(", "type", "type_t", ")",
   4342 			"(", "category", "c0", ")",
   4343 			"(", "sensitivity", "s0", ")",
   4344 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4345 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4346 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4347 			"(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   4348 
   4349 	struct cil_tree *test_tree;
   4350 	gen_test_tree(&test_tree, line);
   4351 
   4352 	struct cil_db *test_db;
   4353 	cil_db_init(&test_db);
   4354 
   4355 	uint32_t changed = CIL_FALSE;
   4356 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4357 
   4358 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4359 
   4360 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4361 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4362 }
   4363 
   4364 void test_cil_resolve_nodecon_anon_context_neg(CuTest *tc) {
   4365 	char *line[] = {"(", "user", "system_u", ")",
   4366 			"(", "type", "type_t", ")",
   4367 			"(", "category", "c0", ")",
   4368 			"(", "sensitivity", "s0", ")",
   4369 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4370 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4371 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   4372 			"(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
   4373 
   4374 	struct cil_tree *test_tree;
   4375 	gen_test_tree(&test_tree, line);
   4376 
   4377 	struct cil_db *test_db;
   4378 	cil_db_init(&test_db);
   4379 
   4380 	uint32_t changed = CIL_FALSE;
   4381 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4382 
   4383 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4384 
   4385 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   4386 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4387 }
   4388 
   4389 void test_cil_resolve_netifcon(CuTest *tc) {
   4390 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4391 			"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4392 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   4393 
   4394 	struct cil_tree *test_tree;
   4395 	gen_test_tree(&test_tree, line);
   4396 
   4397 	struct cil_db *test_db;
   4398 	cil_db_init(&test_db);
   4399 
   4400 	uint32_t changed = CIL_FALSE;
   4401 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4402 
   4403 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4404 
   4405 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next, args);
   4406 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4407 }
   4408 
   4409 void test_cil_resolve_netifcon_otf_neg(CuTest *tc) {
   4410 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4411 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   4412 
   4413 	struct cil_tree *test_tree;
   4414 	gen_test_tree(&test_tree, line);
   4415 
   4416 	struct cil_db *test_db;
   4417 	cil_db_init(&test_db);
   4418 
   4419 	uint32_t changed = CIL_FALSE;
   4420 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4421 
   4422 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4423 
   4424 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
   4425 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4426 }
   4427 
   4428 void test_cil_resolve_netifcon_interface_neg(CuTest *tc) {
   4429 	char *line[] = {"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4430 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   4431 
   4432 	struct cil_tree *test_tree;
   4433 	gen_test_tree(&test_tree, line);
   4434 
   4435 	struct cil_db *test_db;
   4436 	cil_db_init(&test_db);
   4437 
   4438 	uint32_t changed = CIL_FALSE;
   4439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4440 
   4441 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4442 
   4443 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
   4444 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4445 }
   4446 
   4447 void test_cil_resolve_netifcon_unnamed(CuTest *tc) {
   4448 	char *line[] = {"(", "sensitivity", "s0", ")",
   4449 			"(", "category", "c0", ")",
   4450 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4451 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4452 			"(", "user", "system_u", ")",
   4453 			"(", "role", "object_r", ")",
   4454 			"(", "type", "netif_t", ")",
   4455 			"(", "netifcon", "eth1",
   4456                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
   4457                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   4458 
   4459 	struct cil_tree *test_tree;
   4460 	gen_test_tree(&test_tree, line);
   4461 
   4462 	struct cil_db *test_db;
   4463 	cil_db_init(&test_db);
   4464 
   4465 	uint32_t changed = CIL_FALSE;
   4466 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4467 
   4468 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4469 
   4470 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   4471 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4472 }
   4473 
   4474 void test_cil_resolve_netifcon_unnamed_packet_neg(CuTest *tc) {
   4475 	char *line[] = {"(", "sensitivity", "s0", ")",
   4476 			"(", "category", "c0", ")",
   4477 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4478 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4479 			"(", "role", "object_r", ")",
   4480 			"(", "type", "netif_t", ")",
   4481 			"(", "netifcon", "eth1",
   4482                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
   4483                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   4484 
   4485 	struct cil_tree *test_tree;
   4486 	gen_test_tree(&test_tree, line);
   4487 
   4488 	struct cil_db *test_db;
   4489 	cil_db_init(&test_db);
   4490 
   4491 	uint32_t changed = CIL_FALSE;
   4492 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4493 
   4494 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4495 
   4496 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   4497 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4498 }
   4499 
   4500 void test_cil_resolve_netifcon_unnamed_otf_neg(CuTest *tc) {
   4501 	char *line[] = {"(", "sensitivity", "s0", ")",
   4502 			"(", "category", "c0", ")",
   4503 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4504 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4505 			"(", "user", "system_u", ")",
   4506 			"(", "role", "object_r", ")",
   4507 			"(", "type", "netif_t", ")",
   4508 			"(", "netifcon", "eth1",
   4509                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
   4510                         "(", "system_u", "foo_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   4511 
   4512 	struct cil_tree *test_tree;
   4513 	gen_test_tree(&test_tree, line);
   4514 
   4515 	struct cil_db *test_db;
   4516 	cil_db_init(&test_db);
   4517 
   4518 	uint32_t changed = CIL_FALSE;
   4519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4520 
   4521 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4522 
   4523 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   4524 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4525 }
   4526 
   4527 void test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest *tc) {
   4528 	char *line[] = {"(", "netifcon", "eth1",
   4529                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   4530 
   4531 	struct cil_tree *test_tree;
   4532 	gen_test_tree(&test_tree, line);
   4533 
   4534 	struct cil_db *test_db;
   4535 	cil_db_init(&test_db);
   4536 
   4537 	uint32_t changed = CIL_FALSE;
   4538 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4539 
   4540 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4541 
   4542 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head, args);
   4543 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4544 }
   4545 
   4546 void test_cil_resolve_pirqcon(CuTest *tc) {
   4547 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4548 			"(", "pirqcon", "1", "con", ")", NULL};
   4549 
   4550 	struct cil_tree *test_tree;
   4551 	gen_test_tree(&test_tree, line);
   4552 
   4553 	struct cil_db *test_db;
   4554 	cil_db_init(&test_db);
   4555 
   4556 	uint32_t changed = CIL_FALSE;
   4557 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4558 
   4559 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4560 
   4561 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
   4562 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4563 }
   4564 
   4565 void test_cil_resolve_pirqcon_context_neg(CuTest *tc) {
   4566 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4567 			"(", "pirqcon", "1", "dne", ")", NULL};
   4568 
   4569 	struct cil_tree *test_tree;
   4570 	gen_test_tree(&test_tree, line);
   4571 
   4572 	struct cil_db *test_db;
   4573 	cil_db_init(&test_db);
   4574 
   4575 	uint32_t changed = CIL_FALSE;
   4576 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4577 
   4578 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4579 
   4580 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
   4581 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4582 }
   4583 
   4584 void test_cil_resolve_pirqcon_anon_context(CuTest *tc) {
   4585 	char *line[] = {"(", "user", "system_u", ")",
   4586 			"(", "role", "object_r", ")",
   4587 			"(", "type", "etc_t", ")",
   4588 			"(", "sensitivity", "s0", ")",
   4589 			"(", "category", "c0", ")",
   4590 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4591 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4592 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4593 			"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4594 
   4595 	struct cil_tree *test_tree;
   4596 	gen_test_tree(&test_tree, line);
   4597 
   4598 	struct cil_db *test_db;
   4599 	cil_db_init(&test_db);
   4600 
   4601 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4602 
   4603 	uint32_t changed = CIL_FALSE;
   4604 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   4605 
   4606 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   4607 
   4608 	args->pass = CIL_PASS_MISC3;
   4609 
   4610 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4611 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4612 }
   4613 
   4614 void test_cil_resolve_pirqcon_anon_context_neg(CuTest *tc) {
   4615 	char *line[] = {"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4616 
   4617 	struct cil_tree *test_tree;
   4618 	gen_test_tree(&test_tree, line);
   4619 
   4620 	struct cil_db *test_db;
   4621 	cil_db_init(&test_db);
   4622 
   4623 	uint32_t changed = CIL_FALSE;
   4624 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4625 
   4626 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4627 
   4628 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head, args);
   4629 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4630 }
   4631 
   4632 void test_cil_resolve_iomemcon(CuTest *tc) {
   4633 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4634 			"(", "iomemcon", "1", "con", ")", NULL};
   4635 
   4636 	struct cil_tree *test_tree;
   4637 	gen_test_tree(&test_tree, line);
   4638 
   4639 	struct cil_db *test_db;
   4640 	cil_db_init(&test_db);
   4641 
   4642 	uint32_t changed = CIL_FALSE;
   4643 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4644 
   4645 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4646 
   4647 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
   4648 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4649 }
   4650 
   4651 void test_cil_resolve_iomemcon_context_neg(CuTest *tc) {
   4652 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4653 			"(", "iomemcon", "1", "dne", ")", NULL};
   4654 
   4655 	struct cil_tree *test_tree;
   4656 	gen_test_tree(&test_tree, line);
   4657 
   4658 	struct cil_db *test_db;
   4659 	cil_db_init(&test_db);
   4660 
   4661 	uint32_t changed = CIL_FALSE;
   4662 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4663 
   4664 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4665 
   4666 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
   4667 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4668 }
   4669 
   4670 void test_cil_resolve_iomemcon_anon_context(CuTest *tc) {
   4671 	char *line[] = {"(", "user", "system_u", ")",
   4672 			"(", "role", "object_r", ")",
   4673 			"(", "type", "etc_t", ")",
   4674 			"(", "sensitivity", "s0", ")",
   4675 			"(", "category", "c0", ")",
   4676 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4677 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4678 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4679 			"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4680 
   4681 	struct cil_tree *test_tree;
   4682 	gen_test_tree(&test_tree, line);
   4683 
   4684 	struct cil_db *test_db;
   4685 	cil_db_init(&test_db);
   4686 
   4687 	uint32_t changed = CIL_FALSE;
   4688 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   4689 
   4690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4691 
   4692 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   4693 
   4694 	args->pass = CIL_PASS_MISC3;
   4695 
   4696 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4697 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4698 }
   4699 
   4700 void test_cil_resolve_iomemcon_anon_context_neg(CuTest *tc) {
   4701 	char *line[] = {"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4702 
   4703 	struct cil_tree *test_tree;
   4704 	gen_test_tree(&test_tree, line);
   4705 
   4706 	struct cil_db *test_db;
   4707 	cil_db_init(&test_db);
   4708 
   4709 	uint32_t changed = CIL_FALSE;
   4710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4711 
   4712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4713 
   4714 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head, args);
   4715 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4716 }
   4717 
   4718 void test_cil_resolve_ioportcon(CuTest *tc) {
   4719 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4720 			"(", "ioportcon", "1", "con", ")", NULL};
   4721 
   4722 	struct cil_tree *test_tree;
   4723 	gen_test_tree(&test_tree, line);
   4724 
   4725 	struct cil_db *test_db;
   4726 	cil_db_init(&test_db);
   4727 
   4728 	uint32_t changed = CIL_FALSE;
   4729 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4730 
   4731 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4732 
   4733 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
   4734 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4735 }
   4736 
   4737 void test_cil_resolve_ioportcon_context_neg(CuTest *tc) {
   4738 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4739 			"(", "ioportcon", "1", "dne", ")", NULL};
   4740 
   4741 	struct cil_tree *test_tree;
   4742 	gen_test_tree(&test_tree, line);
   4743 
   4744 	struct cil_db *test_db;
   4745 	cil_db_init(&test_db);
   4746 
   4747 	uint32_t changed = CIL_FALSE;
   4748 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4749 
   4750 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4751 
   4752 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
   4753 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4754 }
   4755 
   4756 void test_cil_resolve_ioportcon_anon_context(CuTest *tc) {
   4757 	char *line[] = {"(", "user", "system_u", ")",
   4758 			"(", "role", "object_r", ")",
   4759 			"(", "type", "etc_t", ")",
   4760 			"(", "sensitivity", "s0", ")",
   4761 			"(", "category", "c0", ")",
   4762 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4763 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4764 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4765 			"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4766 
   4767 	struct cil_tree *test_tree;
   4768 	gen_test_tree(&test_tree, line);
   4769 
   4770 	struct cil_db *test_db;
   4771 	cil_db_init(&test_db);
   4772 
   4773 	uint32_t changed = CIL_FALSE;
   4774 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   4775 
   4776 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4777 
   4778 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   4779 
   4780 	args->pass = CIL_PASS_MISC3;
   4781 
   4782 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4783 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4784 }
   4785 
   4786 void test_cil_resolve_ioportcon_anon_context_neg(CuTest *tc) {
   4787 	char *line[] = {"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4788 
   4789 	struct cil_tree *test_tree;
   4790 	gen_test_tree(&test_tree, line);
   4791 
   4792 	struct cil_db *test_db;
   4793 	cil_db_init(&test_db);
   4794 
   4795 	uint32_t changed = CIL_FALSE;
   4796 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4797 
   4798 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4799 
   4800 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head, args);
   4801 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4802 }
   4803 
   4804 void test_cil_resolve_pcidevicecon(CuTest *tc) {
   4805 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4806 			"(", "pcidevicecon", "1", "con", ")", NULL};
   4807 
   4808 	struct cil_tree *test_tree;
   4809 	gen_test_tree(&test_tree, line);
   4810 
   4811 	struct cil_db *test_db;
   4812 	cil_db_init(&test_db);
   4813 
   4814 	uint32_t changed = CIL_FALSE;
   4815 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4816 
   4817 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4818 
   4819 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
   4820 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4821 }
   4822 
   4823 void test_cil_resolve_pcidevicecon_context_neg(CuTest *tc) {
   4824 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   4825 			"(", "pcidevicecon", "1", "dne", ")", NULL};
   4826 
   4827 	struct cil_tree *test_tree;
   4828 	gen_test_tree(&test_tree, line);
   4829 
   4830 	struct cil_db *test_db;
   4831 	cil_db_init(&test_db);
   4832 
   4833 	uint32_t changed = CIL_FALSE;
   4834 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4835 
   4836 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4837 
   4838 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
   4839 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4840 }
   4841 
   4842 void test_cil_resolve_pcidevicecon_anon_context(CuTest *tc) {
   4843 	char *line[] = {"(", "user", "system_u", ")",
   4844 			"(", "role", "object_r", ")",
   4845 			"(", "type", "etc_t", ")",
   4846 			"(", "sensitivity", "s0", ")",
   4847 			"(", "category", "c0", ")",
   4848 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4849 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4850 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4851 			"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4852 
   4853 	struct cil_tree *test_tree;
   4854 	gen_test_tree(&test_tree, line);
   4855 
   4856 	struct cil_db *test_db;
   4857 	cil_db_init(&test_db);
   4858 
   4859 	uint32_t changed = CIL_FALSE;
   4860 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   4861 
   4862 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4863 
   4864 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
   4865 
   4866 	args->pass = CIL_PASS_MISC3;
   4867 
   4868 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4869 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4870 }
   4871 
   4872 void test_cil_resolve_pcidevicecon_anon_context_neg(CuTest *tc) {
   4873 	char *line[] = {"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
   4874 
   4875 	struct cil_tree *test_tree;
   4876 	gen_test_tree(&test_tree, line);
   4877 
   4878 	struct cil_db *test_db;
   4879 	cil_db_init(&test_db);
   4880 
   4881 	uint32_t changed = CIL_FALSE;
   4882 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4883 
   4884 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4885 
   4886 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head, args);
   4887 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4888 }
   4889 
   4890 void test_cil_resolve_fsuse(CuTest *tc) {
   4891 	char *line[] = {"(", "sensitivity", "s0", ")",
   4892 			"(", "category", "c0", ")",
   4893 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4894 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4895 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4896 			"(", "user", "system_u", ")",
   4897 			"(", "role", "object_r", ")",
   4898 			"(", "type", "netif_t", ")",
   4899 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
   4900 			"(", "fsuse", "xattr", "ext3", "con", ")", NULL};
   4901 
   4902 	struct cil_tree *test_tree;
   4903 	gen_test_tree(&test_tree, line);
   4904 
   4905 	struct cil_db *test_db;
   4906 	cil_db_init(&test_db);
   4907 
   4908 	uint32_t changed = CIL_FALSE;
   4909 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4910 
   4911 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4912 
   4913 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4914 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4915 }
   4916 
   4917 void test_cil_resolve_fsuse_nocontext_neg(CuTest *tc) {
   4918 	char *line[] = {"(", "sensitivity", "s0", ")",
   4919 			"(", "category", "c0", ")",
   4920 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4921 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4922 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4923 			"(", "user", "system_u", ")",
   4924 			"(", "role", "object_r", ")",
   4925 			"(", "type", "netif_t", ")",
   4926 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
   4927 			"(", "fsuse", "xattr", "ext3", "(", ")", ")", NULL};
   4928 
   4929 	struct cil_tree *test_tree;
   4930 	gen_test_tree(&test_tree, line);
   4931 
   4932 	struct cil_db *test_db;
   4933 	cil_db_init(&test_db);
   4934 
   4935 	uint32_t changed = CIL_FALSE;
   4936 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4937 
   4938 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4939 
   4940 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4941 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   4942 }
   4943 
   4944 void test_cil_resolve_fsuse_neg(CuTest *tc) {
   4945 	char *line[] = {"(", "sensitivity", "s0", ")",
   4946 			"(", "category", "c0", ")",
   4947 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4948 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4949 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4950 			"(", "user", "system_u", ")",
   4951 			"(", "role", "object_r", ")",
   4952 			"(", "type", "netif_t", ")",
   4953 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
   4954 			"(", "fsuse", "xattr", "ext3", "conn", ")", NULL};
   4955 
   4956 	struct cil_tree *test_tree;
   4957 	gen_test_tree(&test_tree, line);
   4958 
   4959 	struct cil_db *test_db;
   4960 	cil_db_init(&test_db);
   4961 
   4962 	uint32_t changed = CIL_FALSE;
   4963 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4964 
   4965 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4966 
   4967 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   4968 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   4969 }
   4970 
   4971 void test_cil_resolve_fsuse_anon(CuTest *tc) {
   4972 	char *line[] = {"(", "sensitivity", "s0", ")",
   4973 			"(", "category", "c0", ")",
   4974 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   4975 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   4976 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   4977 			"(", "user", "system_u", ")",
   4978 			"(", "role", "object_r", ")",
   4979 			"(", "type", "netif_t", ")",
   4980 			"(", "fsuse", "xattr", "ext3", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   4981 
   4982 	struct cil_tree *test_tree;
   4983 	gen_test_tree(&test_tree, line);
   4984 
   4985 	struct cil_db *test_db;
   4986 	cil_db_init(&test_db);
   4987 
   4988 	uint32_t changed = CIL_FALSE;
   4989 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   4990 
   4991 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   4992 
   4993 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   4994 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   4995 }
   4996 
   4997 void test_cil_resolve_fsuse_anon_neg(CuTest *tc) {
   4998 	char *line[] = {"(", "sensitivity", "s0", ")",
   4999 			"(", "category", "c0", ")",
   5000 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5001 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   5002 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   5003 			"(", "user", "system_u", ")",
   5004 			"(", "role", "object_r", ")",
   5005 			"(", "type", "netif_t", ")",
   5006 			"(", "fsuse", "xattr", "ext3", "(", "system_uu", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   5007 
   5008 	struct cil_tree *test_tree;
   5009 	gen_test_tree(&test_tree, line);
   5010 
   5011 	struct cil_db *test_db;
   5012 	cil_db_init(&test_db);
   5013 
   5014 	uint32_t changed = CIL_FALSE;
   5015 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   5016 
   5017 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5018 
   5019 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5020 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5021 }
   5022 
   5023 void test_cil_resolve_sidcontext(CuTest *tc) {
   5024 	char *line[] = {"(", "category", "c0", ")",
   5025 			"(", "categoryorder", "(", "c0", ")", ")",
   5026 			"(", "sensitivity", "s0", ")",
   5027 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5028 			"(", "type", "blah_t", ")",
   5029 			"(", "role", "blah_r", ")",
   5030 			"(", "user", "blah_u", ")",
   5031 			"(", "sid", "test", ")",
   5032 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
   5033 
   5034 	struct cil_tree *test_tree;
   5035 	gen_test_tree(&test_tree, line);
   5036 
   5037 	struct cil_db *test_db;
   5038 	cil_db_init(&test_db);
   5039 
   5040 	uint32_t changed = CIL_FALSE;
   5041 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   5042 
   5043 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5044 
   5045 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   5046 
   5047 	args->pass = CIL_PASS_MISC3;
   5048 
   5049 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5050 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5051 }
   5052 
   5053 void test_cil_resolve_sidcontext_named_levels(CuTest *tc) {
   5054 	char *line[] = {"(", "category", "c0", ")",
   5055 			"(", "categoryorder", "(", "c0", ")", ")",
   5056 			"(", "sensitivity", "s0", ")",
   5057 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5058 			"(", "type", "blah_t", ")",
   5059 			"(", "role", "blah_r", ")",
   5060 			"(", "user", "blah_u", ")",
   5061 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   5062 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   5063 			"(", "sid", "test", ")",
   5064 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   5065 
   5066 	struct cil_tree *test_tree;
   5067 	gen_test_tree(&test_tree, line);
   5068 
   5069 	struct cil_db *test_db;
   5070 	cil_db_init(&test_db);
   5071 
   5072 	uint32_t changed = CIL_FALSE;
   5073 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   5074 
   5075 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5076 
   5077 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   5078 
   5079 	args->pass = CIL_PASS_MISC3;
   5080 
   5081 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   5082 	cil_resolve_level(level, (struct cil_level*)level->data, args);
   5083 	cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
   5084 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   5085 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5086 }
   5087 
   5088 void test_cil_resolve_sidcontext_named_context(CuTest *tc) {
   5089 	char *line[] = {"(", "category", "c0", ")",
   5090 			"(", "categoryorder", "(", "c0", ")", ")",
   5091 			"(", "sensitivity", "s0", ")",
   5092 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5093 			"(", "type", "blah_t", ")",
   5094 			"(", "role", "blah_r", ")",
   5095 			"(", "user", "blah_u", ")",
   5096 			"(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
   5097 			"(", "sid", "test", ")",
   5098 			"(", "sidcontext", "test", "con", ")", NULL};
   5099 
   5100 	struct cil_tree *test_tree;
   5101 	gen_test_tree(&test_tree, line);
   5102 
   5103 	struct cil_db *test_db;
   5104 	cil_db_init(&test_db);
   5105 
   5106 	uint32_t changed = CIL_FALSE;
   5107 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   5108 
   5109 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5110 
   5111 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   5112 
   5113 	args->pass = CIL_PASS_MISC3;
   5114 
   5115 	struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   5116 	cil_resolve_context(context, (struct cil_context*)context->data, args);
   5117 
   5118 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   5119 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5120 }
   5121 
   5122 void test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest *tc) {
   5123 	char *line[] = {"(", "category", "c0", ")",
   5124 			"(", "categoryorder", "(", "c0", ")", ")",
   5125 			"(", "sensitivity", "s0", ")",
   5126 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5127 			"(", "type", "blah_t", ")",
   5128 			"(", "role", "blah_r", ")",
   5129 			"(", "user", "blah_u", ")",
   5130 			"(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
   5131 			"(", "sid", "test", ")",
   5132 			"(", "sidcontext", "test", "foo", ")", NULL};
   5133 
   5134 	struct cil_tree *test_tree;
   5135 	gen_test_tree(&test_tree, line);
   5136 
   5137 	struct cil_db *test_db;
   5138 	cil_db_init(&test_db);
   5139 
   5140 	uint32_t changed = CIL_FALSE;
   5141 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   5142 
   5143 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5144 
   5145 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   5146 
   5147 	args->pass = CIL_PASS_MISC3;
   5148 
   5149 	struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   5150 	cil_resolve_context(context, (struct cil_context*)context->data, args);
   5151 
   5152 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
   5153 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5154 }
   5155 
   5156 void test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest *tc) {
   5157            char *line[] = {"(", "category", "c0", ")",
   5158                         "(", "categoryorder", "(", "c0", ")", ")",
   5159                         "(", "sensitivity", "s0", ")",
   5160                         "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   5161                         "(", "type", "blah_t", ")",
   5162                         "(", "role", "blah_r", ")",
   5163                         "(", "user", "blah_u", ")",
   5164 			"(", "sid", "test", ")",
   5165                         "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
   5166 
   5167         struct cil_tree *test_tree;
   5168         gen_test_tree(&test_tree, line);
   5169 
   5170         struct cil_db *test_db;
   5171         cil_db_init(&test_db);
   5172 
   5173 	uint32_t changed = CIL_FALSE;
   5174 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   5175 
   5176         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5177 
   5178         cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   5179 
   5180         int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5181         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5182 }
   5183 
   5184 void test_cil_resolve_blockinherit(CuTest *tc) {
   5185 	char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
   5186 			"(", "block", "foo", "(", "type", "a", ")",
   5187 				"(", "blockinherit", "baz", ")", ")", NULL};
   5188 
   5189 	struct cil_tree *test_tree;
   5190 	gen_test_tree(&test_tree, line);
   5191 
   5192 	struct cil_db *test_db;
   5193 	cil_db_init(&test_db);
   5194 
   5195 	uint32_t changed = CIL_FALSE;
   5196 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5197 
   5198 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5199 
   5200 	int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
   5201 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5202 }
   5203 
   5204 void test_cil_resolve_blockinherit_blockstrdne_neg(CuTest *tc) {
   5205 	char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
   5206 			"(", "block", "foo", "(", "type", "a", ")",
   5207 				"(", "blockinherit", "dne", ")", ")", NULL};
   5208 
   5209 	struct cil_tree *test_tree;
   5210 	gen_test_tree(&test_tree, line);
   5211 
   5212 	struct cil_db *test_db;
   5213 	cil_db_init(&test_db);
   5214 
   5215 	uint32_t changed = CIL_FALSE;
   5216 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5217 
   5218 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5219 
   5220 	int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
   5221 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5222 }
   5223 
   5224 void test_cil_resolve_in_block(CuTest *tc) {
   5225 	char *line[] = {"(", "class", "char", "(", "read", ")", ")",
   5226 			"(", "block", "foo", "(", "type", "a", ")", ")",
   5227 			"(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
   5228 
   5229 	struct cil_tree *test_tree;
   5230 	gen_test_tree(&test_tree, line);
   5231 
   5232 	struct cil_db *test_db;
   5233 	cil_db_init(&test_db);
   5234 
   5235 	uint32_t changed = CIL_FALSE;
   5236 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5237 
   5238 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5239 
   5240 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
   5241 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5242 }
   5243 
   5244 void test_cil_resolve_in_blockstrdne_neg(CuTest *tc) {
   5245 	char *line[] = {"(", "class", "char", "(", "read", ")", ")",
   5246 			"(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
   5247 
   5248 	struct cil_tree *test_tree;
   5249 	gen_test_tree(&test_tree, line);
   5250 
   5251 	struct cil_db *test_db;
   5252 	cil_db_init(&test_db);
   5253 
   5254 	uint32_t changed = CIL_FALSE;
   5255 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5256 
   5257 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5258 
   5259 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next, args);
   5260 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5261 }
   5262 
   5263 void test_cil_resolve_in_macro(CuTest *tc) {
   5264 	char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
   5265 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   5266 				"(", "allow", "foo", "bar", "(", "file", "(", "write", ")", ")", ")", ")",
   5267 			"(", "in", "mm", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
   5268 
   5269 	struct cil_tree *test_tree;
   5270 	gen_test_tree(&test_tree, line);
   5271 
   5272 	struct cil_db *test_db;
   5273 	cil_db_init(&test_db);
   5274 
   5275 	uint32_t changed = CIL_FALSE;
   5276 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5277 
   5278 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5279 
   5280 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
   5281 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5282 }
   5283 
   5284 void test_cil_resolve_in_optional(CuTest *tc) {
   5285 	char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
   5286 			"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")",
   5287 			"(", "in", "opt", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
   5288 
   5289 	struct cil_tree *test_tree;
   5290 	gen_test_tree(&test_tree, line);
   5291 
   5292 	struct cil_db *test_db;
   5293 	cil_db_init(&test_db);
   5294 
   5295 	uint32_t changed = CIL_FALSE;
   5296 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5297 
   5298 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5299 
   5300 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
   5301 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5302 }
   5303 
   5304 void test_cil_resolve_call1_noparam(CuTest *tc) {
   5305 	char *line[] = {"(", "type", "qaz", ")",
   5306 			"(", "class", "file", "(", "read", ")", ")",
   5307 			"(", "macro", "mm", "(", "(", "type", ")", ")",
   5308 				"(", "type", "b", ")",
   5309 				"(", "allow", "qaz", "b", "file", "(", "read", ")", ")", ")",
   5310 			"(", "call", "mm", "(", ")", ")", NULL};
   5311 
   5312 	struct cil_tree *test_tree;
   5313 	gen_test_tree(&test_tree, line);
   5314 
   5315 	struct cil_db *test_db;
   5316 	cil_db_init(&test_db);
   5317 
   5318 	uint32_t changed = CIL_FALSE;
   5319 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5320 
   5321 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5322 
   5323 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5324 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5325 }
   5326 
   5327 void test_cil_resolve_call1_type(CuTest *tc) {
   5328 	char *line[] = {"(", "type", "qaz", ")",
   5329 			"(", "class", "file", "(", "read", ")", ")",
   5330 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   5331 				"(", "type", "b", ")",
   5332 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5333 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   5334 
   5335 	struct cil_tree *test_tree;
   5336 	gen_test_tree(&test_tree, line);
   5337 
   5338 	struct cil_db *test_db;
   5339 	cil_db_init(&test_db);
   5340 
   5341 	uint32_t changed = CIL_FALSE;
   5342 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5343 
   5344 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5345 
   5346 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5347 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5348 }
   5349 
   5350 void test_cil_resolve_call1_role(CuTest *tc) {
   5351 	char *line[] = {"(", "role", "role_r", ")",
   5352 			"(", "class", "file", "(", "read", ")", ")",
   5353 			"(", "macro", "mm", "(", "(", "role", "a", ")", ")",
   5354 				"(", "role", "b", ")",
   5355 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5356 			"(", "call", "mm", "(", "role_r", ")", ")", NULL};
   5357 
   5358 	struct cil_tree *test_tree;
   5359 	gen_test_tree(&test_tree, line);
   5360 
   5361 	struct cil_db *test_db;
   5362 	cil_db_init(&test_db);
   5363 
   5364 	uint32_t changed = CIL_FALSE;
   5365 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5366 
   5367 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5368 
   5369 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5370 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5371 }
   5372 
   5373 void test_cil_resolve_call1_user(CuTest *tc) {
   5374 	char *line[] = {"(", "user", "user_u", ")",
   5375 			"(", "class", "file", "(", "read", ")", ")",
   5376 			"(", "macro", "mm", "(", "(", "user", "a", ")", ")",
   5377 				"(", "user", "b", ")",
   5378 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5379 			"(", "call", "mm", "(", "user_u", ")", ")", NULL};
   5380 
   5381 	struct cil_tree *test_tree;
   5382 	gen_test_tree(&test_tree, line);
   5383 
   5384 	struct cil_db *test_db;
   5385 	cil_db_init(&test_db);
   5386 
   5387 	uint32_t changed = CIL_FALSE;
   5388 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5389 
   5390 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5391 
   5392 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5393 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5394 }
   5395 
   5396 void test_cil_resolve_call1_sens(CuTest *tc) {
   5397 	char *line[] = {"(", "sensitivity", "sens", ")",
   5398 			"(", "class", "file", "(", "read", ")", ")",
   5399 			"(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
   5400 				"(", "sensitivity", "b", ")",
   5401 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5402 			"(", "call", "mm", "(", "sens", ")", ")", NULL};
   5403 
   5404 	struct cil_tree *test_tree;
   5405 	gen_test_tree(&test_tree, line);
   5406 
   5407 	struct cil_db *test_db;
   5408 	cil_db_init(&test_db);
   5409 
   5410 	uint32_t changed = CIL_FALSE;
   5411 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5412 
   5413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5414 
   5415 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5416 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5417 }
   5418 
   5419 void test_cil_resolve_call1_cat(CuTest *tc) {
   5420 	char *line[] = {"(", "category", "c0", ")",
   5421 			"(", "class", "file", "(", "read", ")", ")",
   5422 			"(", "macro", "mm", "(", "(", "category", "a", ")", ")",
   5423 				"(", "category", "b", ")",
   5424 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5425 			"(", "call", "mm", "(", "c0", ")", ")", NULL};
   5426 
   5427 	struct cil_tree *test_tree;
   5428 	gen_test_tree(&test_tree, line);
   5429 
   5430 	struct cil_db *test_db;
   5431 	cil_db_init(&test_db);
   5432 
   5433 	uint32_t changed = CIL_FALSE;
   5434 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5435 
   5436 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5437 
   5438 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5439 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5440 }
   5441 
   5442 void test_cil_resolve_call1_catset(CuTest *tc) {
   5443 	char *line[] = {"(", "category", "c0", ")",
   5444 			"(", "category", "c1", ")",
   5445 			"(", "category", "c2", ")",
   5446 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
   5447 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
   5448 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
   5449 			"(", "call", "mm", "(", "somecats", ")", ")", NULL};
   5450 
   5451 	struct cil_tree *test_tree;
   5452 	gen_test_tree(&test_tree, line);
   5453 
   5454 	struct cil_db *test_db;
   5455 	cil_db_init(&test_db);
   5456 
   5457 	uint32_t changed = CIL_FALSE;
   5458 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5459 
   5460 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5461 
   5462 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   5463 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5464 }
   5465 
   5466 void test_cil_resolve_call1_catset_anon(CuTest *tc) {
   5467 	char *line[] = {"(", "category", "c0", ")",
   5468 			"(", "category", "c1", ")",
   5469 			"(", "category", "c2", ")",
   5470 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
   5471 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
   5472 			"(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
   5473 
   5474 	struct cil_tree *test_tree;
   5475 	gen_test_tree(&test_tree, line);
   5476 
   5477 	struct cil_db *test_db;
   5478 	cil_db_init(&test_db);
   5479 
   5480 	uint32_t changed = CIL_FALSE;
   5481 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5482 
   5483 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5484 
   5485 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   5486 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5487 }
   5488 
   5489 void test_cil_resolve_call1_catset_anon_neg(CuTest *tc) {
   5490 	char *line[] = {"(", "category", "c0", ")",
   5491 			"(", "category", "c1", ")",
   5492 			"(", "category", "c2", ")",
   5493 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
   5494 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
   5495 			"(", "call", "mm", "(", "(", "c5", "(", "c2", ")", "c4", ")", ")", ")", NULL};
   5496 
   5497 	struct cil_tree *test_tree;
   5498 	gen_test_tree(&test_tree, line);
   5499 
   5500 	struct cil_db *test_db;
   5501 	cil_db_init(&test_db);
   5502 
   5503 	uint32_t changed = CIL_FALSE;
   5504 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5505 
   5506 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5507 
   5508 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   5509 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5510 }
   5511 
   5512 void test_cil_resolve_call1_level(CuTest *tc) {
   5513 	char *line[] = {"(", "category", "c0", ")",
   5514 			"(", "sensitivity", "s0", ")",
   5515 			"(", "user", "system_u", ")",
   5516 			"(", "role", "role_r", ")",
   5517 			"(", "type", "type_t", ")",
   5518 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   5519 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   5520 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
   5521 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
   5522 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
   5523 
   5524 	struct cil_tree *test_tree;
   5525 	gen_test_tree(&test_tree, line);
   5526 
   5527 	struct cil_db *test_db;
   5528 	cil_db_init(&test_db);
   5529 
   5530 	uint32_t changed = CIL_FALSE;
   5531 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5532 
   5533 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5534 
   5535 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5536 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5537 }
   5538 
   5539 void test_cil_resolve_call1_level_anon(CuTest *tc) {
   5540 	char *line[] = {"(", "category", "c0", ")",
   5541 			"(", "sensitivity", "s0", ")",
   5542 			"(", "user", "system_u", ")",
   5543 			"(", "role", "role_r", ")",
   5544 			"(", "type", "type_t", ")",
   5545 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   5546 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   5547 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
   5548 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
   5549 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   5550 
   5551 	struct cil_tree *test_tree;
   5552 	gen_test_tree(&test_tree, line);
   5553 
   5554 	struct cil_db *test_db;
   5555 	cil_db_init(&test_db);
   5556 
   5557 	uint32_t changed = CIL_FALSE;
   5558 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5559 
   5560 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5561 
   5562 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5563 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5564 }
   5565 
   5566 void test_cil_resolve_call1_level_anon_neg(CuTest *tc) {
   5567 	char *line[] = {"(", "category", "c0", ")",
   5568 			"(", "sensitivity", "s0", ")",
   5569 			"(", "user", "system_u", ")",
   5570 			"(", "role", "role_r", ")",
   5571 			"(", "type", "type_t", ")",
   5572 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   5573 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   5574 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
   5575 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
   5576 			"(", "call", "mm", "(", "(", "s0", "(", "c0", "(", "c5", ")", ")", ")", ")", ")", NULL};
   5577 
   5578 	struct cil_tree *test_tree;
   5579 	gen_test_tree(&test_tree, line);
   5580 
   5581 	struct cil_db *test_db;
   5582 	cil_db_init(&test_db);
   5583 
   5584 	uint32_t changed = CIL_FALSE;
   5585 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5586 
   5587 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5588 
   5589 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5590 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5591 }
   5592 
   5593 void test_cil_resolve_call1_ipaddr(CuTest *tc) {
   5594 	char *line[] = {"(", "category", "c0", ")",
   5595 			"(", "sensitivity", "s0", ")",
   5596 			"(", "user", "system_u", ")",
   5597 			"(", "role", "role_r", ")",
   5598 			"(", "type", "type_t", ")",
   5599 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
   5600 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
   5601 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
   5602 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
   5603 			"(", "ipaddr", "ip", "192.168.0.1", ")",
   5604 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
   5605 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
   5606 			"(", "call", "mm", "(", "ip", ")", ")", NULL};
   5607 
   5608 	struct cil_tree *test_tree;
   5609 	gen_test_tree(&test_tree, line);
   5610 
   5611 	struct cil_db *test_db;
   5612 	cil_db_init(&test_db);
   5613 
   5614 	uint32_t changed = CIL_FALSE;
   5615 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5616 
   5617 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5618 
   5619 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
   5620 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5621 }
   5622 
   5623 void test_cil_resolve_call1_ipaddr_anon(CuTest *tc) {
   5624 	char *line[] = {"(", "category", "c0", ")",
   5625 			"(", "sensitivity", "s0", ")",
   5626 			"(", "user", "system_u", ")",
   5627 			"(", "role", "role_r", ")",
   5628 			"(", "type", "type_t", ")",
   5629 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
   5630 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
   5631 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
   5632 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
   5633 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
   5634 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
   5635 			"(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
   5636 
   5637 	struct cil_tree *test_tree;
   5638 	gen_test_tree(&test_tree, line);
   5639 
   5640 	struct cil_db *test_db;
   5641 	cil_db_init(&test_db);
   5642 
   5643 	uint32_t changed = CIL_FALSE;
   5644 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5645 
   5646 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5647 
   5648 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   5649 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5650 }
   5651 
   5652 void test_cil_resolve_call1_ipaddr_anon_neg(CuTest *tc) {
   5653 	char *line[] = {"(", "category", "c0", ")",
   5654 			"(", "sensitivity", "s0", ")",
   5655 			"(", "user", "system_u", ")",
   5656 			"(", "role", "role_r", ")",
   5657 			"(", "type", "type_t", ")",
   5658 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
   5659 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
   5660 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
   5661 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
   5662 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
   5663 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
   5664 			"(", "call", "mm", "(", "(", "192.1.1", ")", ")", ")", NULL};
   5665 
   5666 	struct cil_tree *test_tree;
   5667 	gen_test_tree(&test_tree, line);
   5668 
   5669 	struct cil_db *test_db;
   5670 	cil_db_init(&test_db);
   5671 
   5672 	uint32_t changed = CIL_FALSE;
   5673 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5674 
   5675 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5676 
   5677 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   5678 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5679 }
   5680 
   5681 void test_cil_resolve_call1_class(CuTest *tc) {
   5682 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   5683 			"(", "class", "file", "(", "read", ")", ")",
   5684 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   5685 				"(", "class", "b", "(", "read", ")", ")",
   5686 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5687 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
   5688 
   5689 	struct cil_tree *test_tree;
   5690 	gen_test_tree(&test_tree, line);
   5691 
   5692 	struct cil_db *test_db;
   5693 	cil_db_init(&test_db);
   5694 
   5695 	uint32_t changed = CIL_FALSE;
   5696 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5697 
   5698 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5699 
   5700 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5701 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5702 }
   5703 
   5704 void test_cil_resolve_call1_classmap(CuTest *tc) {
   5705 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
   5706 			"(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
   5707 				"(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
   5708 			"(", "call", "mm", "(", "(", "read", ")", ")", ")", NULL};
   5709 
   5710 	struct cil_tree *test_tree;
   5711 	gen_test_tree(&test_tree, line);
   5712 
   5713 	struct cil_db *test_db;
   5714 	cil_db_init(&test_db);
   5715 
   5716 	uint32_t changed = CIL_FALSE;
   5717 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5718 
   5719 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5720 
   5721 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
   5722 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5723 }
   5724 
   5725 void test_cil_resolve_call1_permset(CuTest *tc) {
   5726 	char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
   5727 			"(", "type", "dead", ")",
   5728 			"(", "type", "bar", ")",
   5729 			"(", "class", "baz", "(", "close", "read", "open", ")", ")",
   5730 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
   5731 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
   5732 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
   5733 
   5734 	struct cil_tree *test_tree;
   5735 	gen_test_tree(&test_tree, line);
   5736 
   5737 	struct cil_db *test_db;
   5738 	cil_db_init(&test_db);
   5739 
   5740 	uint32_t changed = CIL_FALSE;
   5741 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5742 
   5743 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5744 
   5745 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   5746 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5747 }
   5748 
   5749 void test_cil_resolve_call1_permset_anon(CuTest *tc) {
   5750 	char *line[] = {"(", "type", "dead", ")",
   5751 			"(", "type", "bar", ")",
   5752 			"(", "class", "baz", "(", "close", "read", "open", ")", ")",
   5753 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
   5754 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
   5755 			"(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
   5756 
   5757 	struct cil_tree *test_tree;
   5758 	gen_test_tree(&test_tree, line);
   5759 
   5760 	struct cil_db *test_db;
   5761 	cil_db_init(&test_db);
   5762 
   5763 	uint32_t changed = CIL_FALSE;
   5764 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5765 
   5766 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5767 
   5768 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   5769 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5770 }
   5771 
   5772 void test_cil_resolve_call1_classpermset_named(CuTest *tc) {
   5773 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   5774 			"(", "class", "file", "(", "open", ")", ")",
   5775 			"(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
   5776 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
   5777 				"(", "classmapping", "files", "read", "a", ")", ")",
   5778 			"(", "call", "mm", "(", "char_w", ")", ")", NULL};
   5779 
   5780 	struct cil_tree *test_tree;
   5781 	gen_test_tree(&test_tree, line);
   5782 
   5783 	struct cil_db *test_db;
   5784 	cil_db_init(&test_db);
   5785 
   5786 	uint32_t changed = CIL_FALSE;
   5787 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5788 
   5789 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5790 
   5791 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   5792 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5793 }
   5794 
   5795 void test_cil_resolve_call1_classpermset_anon(CuTest *tc) {
   5796 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   5797 			"(", "class", "file", "(", "open", ")", ")",
   5798 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
   5799 				"(", "classmapping", "files", "read", "a", ")", ")",
   5800 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
   5801 
   5802 	struct cil_tree *test_tree;
   5803 	gen_test_tree(&test_tree, line);
   5804 
   5805 	struct cil_db *test_db;
   5806 	cil_db_init(&test_db);
   5807 
   5808 	uint32_t changed = CIL_FALSE;
   5809 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5810 
   5811 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5812 
   5813 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5814 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5815 }
   5816 
   5817 void test_cil_resolve_call1_classpermset_anon_neg(CuTest *tc) {
   5818 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   5819 			"(", "class", "file", "(", "open", ")", ")",
   5820 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
   5821 				"(", "classmapping", "files", "read", "a", ")", ")",
   5822 			"(", "call", "mm", "(", "(", "file", "(", ")", ")", ")", ")", NULL};
   5823 
   5824 	struct cil_tree *test_tree;
   5825 	gen_test_tree(&test_tree, line);
   5826 
   5827 	struct cil_db *test_db;
   5828 	cil_db_init(&test_db);
   5829 
   5830 	uint32_t changed = CIL_FALSE;
   5831 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5832 
   5833 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5834 
   5835 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5836 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5837 }
   5838 
   5839 void test_cil_resolve_call1_unknown_neg(CuTest *tc) {
   5840 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   5841 			"(", "class", "file", "(", "read", ")", ")",
   5842 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   5843 				"(", "class", "b", "(", "read", ")", ")",
   5844 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5845 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
   5846 
   5847 	struct cil_tree *test_tree;
   5848 	gen_test_tree(&test_tree, line);
   5849 
   5850 	struct cil_db *test_db;
   5851 	cil_db_init(&test_db);
   5852 
   5853 	uint32_t changed = CIL_FALSE;
   5854 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5855 
   5856 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5857 
   5858 	struct cil_tree_node *macro_node = NULL;
   5859 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
   5860 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro = (struct cil_macro*)macro_node->data;
   5861 	free(((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str);
   5862 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str = NULL;
   5863 
   5864 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro->params->head->flavor = CIL_NETIFCON;
   5865 
   5866 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5867 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5868 }
   5869 
   5870 void test_cil_resolve_call1_unknowncall_neg(CuTest *tc) {
   5871 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   5872 			"(", "class", "file", "(", "read", ")", ")",
   5873 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   5874 				"(", "class", "b", "(", "read", ")", ")",
   5875 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5876 			"(", "call", "m", "(", "foo", ")", ")", NULL};
   5877 
   5878 	struct cil_tree *test_tree;
   5879 	gen_test_tree(&test_tree, line);
   5880 
   5881 	struct cil_db *test_db;
   5882 	cil_db_init(&test_db);
   5883 
   5884 	uint32_t changed = CIL_FALSE;
   5885 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5886 
   5887 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5888 
   5889 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5890 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   5891 }
   5892 
   5893 void test_cil_resolve_call1_extraargs_neg(CuTest *tc) {
   5894 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   5895 			"(", "class", "file", "(", "read", ")", ")",
   5896 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   5897 				"(", "class", "b", "(", "read", ")", ")",
   5898 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5899 			"(", "call", "mm", "(", "foo", "bar", ")", ")", NULL};
   5900 
   5901 	struct cil_tree *test_tree;
   5902 	gen_test_tree(&test_tree, line);
   5903 
   5904 	struct cil_db *test_db;
   5905 	cil_db_init(&test_db);
   5906 
   5907 	uint32_t changed = CIL_FALSE;
   5908 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5909 
   5910 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5911 
   5912 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5913 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5914 }
   5915 
   5916 void test_cil_resolve_call1_copy_dup(CuTest *tc) {
   5917 	char *line[] = {"(", "type", "qaz", ")",
   5918 			"(", "class", "file", "(", "read", ")", ")",
   5919 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   5920 				"(", "type", "qaz", ")",
   5921 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5922 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   5923 
   5924 	struct cil_tree *test_tree;
   5925 	gen_test_tree(&test_tree, line);
   5926 
   5927 	struct cil_db *test_db;
   5928 	cil_db_init(&test_db);
   5929 
   5930 	uint32_t changed = CIL_FALSE;
   5931 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5932 
   5933 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5934 
   5935 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5936 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   5937 }
   5938 
   5939 void test_cil_resolve_call1_missing_arg_neg(CuTest *tc) {
   5940 	char *line[] = {"(", "category", "c0", ")",
   5941 			"(", "sensitivity", "s0", ")",
   5942 			"(", "user", "system_u", ")",
   5943 			"(", "role", "role_r", ")",
   5944 			"(", "type", "type_t", ")",
   5945 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   5946 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   5947 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
   5948 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
   5949 			"(", "call", "mm", "(", "l", ")", ")", NULL};
   5950 
   5951 	struct cil_tree *test_tree;
   5952 	gen_test_tree(&test_tree, line);
   5953 
   5954 	struct cil_db *test_db;
   5955 	cil_db_init(&test_db);
   5956 
   5957 	uint32_t changed = CIL_FALSE;
   5958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5959 
   5960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5961 
   5962 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   5963 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5964 }
   5965 
   5966 void test_cil_resolve_call1_paramsflavor_neg(CuTest *tc) {
   5967 	char *line[] = {"(", "type", "qaz", ")",
   5968 			"(", "class", "file", "(", "read", ")", ")",
   5969 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   5970 				"(", "type", "b", ")",
   5971 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   5972 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   5973 
   5974 	struct cil_tree *test_tree;
   5975 	gen_test_tree(&test_tree, line);
   5976 
   5977 	struct cil_db *test_db;
   5978 	cil_db_init(&test_db);
   5979 
   5980 	uint32_t changed = CIL_FALSE;
   5981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   5982 
   5983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   5984 
   5985 	struct cil_tree_node *macro_node = NULL;
   5986 
   5987 	struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
   5988 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
   5989 	new_call->macro = (struct cil_macro*)macro_node->data;
   5990 	struct cil_list_item *item = new_call->macro->params->head;
   5991 	item->flavor = CIL_CONTEXT;
   5992 
   5993 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   5994 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   5995 }
   5996 
   5997 void test_cil_resolve_call1_unknownflavor_neg(CuTest *tc) {
   5998 	char *line[] = {"(", "type", "qaz", ")",
   5999 			"(", "class", "file", "(", "read", ")", ")",
   6000 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6001 				"(", "type", "b", ")",
   6002 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6003 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6004 
   6005 	struct cil_tree *test_tree;
   6006 	gen_test_tree(&test_tree, line);
   6007 
   6008 	struct cil_db *test_db;
   6009 	cil_db_init(&test_db);
   6010 
   6011 	uint32_t changed = CIL_FALSE;
   6012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6013 
   6014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6015 
   6016 	struct cil_tree_node *macro_node = NULL;
   6017 
   6018 	struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
   6019 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
   6020 	new_call->macro = (struct cil_macro*)macro_node->data;
   6021 	struct cil_list_item *item = new_call->macro->params->head;
   6022 	((struct cil_param*)item->data)->flavor = CIL_CONTEXT;
   6023 
   6024 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6025 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6026 }
   6027 
   6028 void test_cil_resolve_call2_type(CuTest *tc) {
   6029 	char *line[] = {"(", "type", "qaz", ")",
   6030 			"(", "class", "file", "(", "read", ")", ")",
   6031 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6032 				"(", "type", "b", ")",
   6033 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6034 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6035 
   6036 	struct cil_tree *test_tree;
   6037 	gen_test_tree(&test_tree, line);
   6038 
   6039 	struct cil_db *test_db;
   6040 	cil_db_init(&test_db);
   6041 
   6042 	uint32_t changed = CIL_FALSE;
   6043 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6044 
   6045 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6046 
   6047 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6048 
   6049 	args->pass = CIL_PASS_CALL2;
   6050 
   6051 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6052 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6053 }
   6054 
   6055 void test_cil_resolve_call2_role(CuTest *tc) {
   6056 	char *line[] = {"(", "role", "role_r", ")",
   6057 			"(", "class", "file", "(", "read", ")", ")",
   6058 			"(", "macro", "mm", "(", "(", "role", "a", ")", ")",
   6059 				"(", "role", "b", ")",
   6060 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6061 			"(", "call", "mm", "(", "role_r", ")", ")", NULL};
   6062 
   6063 	struct cil_tree *test_tree;
   6064 	gen_test_tree(&test_tree, line);
   6065 
   6066 	struct cil_db *test_db;
   6067 	cil_db_init(&test_db);
   6068 
   6069 	uint32_t changed = CIL_FALSE;
   6070 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6071 
   6072 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6073 
   6074 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6075 
   6076 	args->pass = CIL_PASS_CALL2;
   6077 
   6078 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6079 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6080 }
   6081 
   6082 void test_cil_resolve_call2_user(CuTest *tc) {
   6083 	char *line[] = {"(", "user", "user_u", ")",
   6084 			"(", "class", "file", "(", "read", ")", ")",
   6085 			"(", "macro", "mm", "(", "(", "user", "a", ")", ")",
   6086 				"(", "user", "b", ")",
   6087 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6088 			"(", "call", "mm", "(", "user_u", ")", ")", NULL};
   6089 
   6090 	struct cil_tree *test_tree;
   6091 	gen_test_tree(&test_tree, line);
   6092 
   6093 	struct cil_db *test_db;
   6094 	cil_db_init(&test_db);
   6095 
   6096 	uint32_t changed = CIL_FALSE;
   6097 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6098 
   6099 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6100 
   6101 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6102 
   6103 	args->pass = CIL_PASS_CALL2;
   6104 
   6105 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6106 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6107 }
   6108 
   6109 void test_cil_resolve_call2_sens(CuTest *tc) {
   6110 	char *line[] = {"(", "sensitivity", "sens", ")",
   6111 			"(", "class", "file", "(", "read", ")", ")",
   6112 			"(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
   6113 				"(", "sensitivity", "b", ")",
   6114 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6115 			"(", "call", "mm", "(", "sens", ")", ")", NULL};
   6116 
   6117 	struct cil_tree *test_tree;
   6118 	gen_test_tree(&test_tree, line);
   6119 
   6120 	struct cil_db *test_db;
   6121 	cil_db_init(&test_db);
   6122 
   6123 	uint32_t changed = CIL_FALSE;
   6124 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6125 
   6126 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6127 
   6128 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6129 
   6130 	args->pass = CIL_PASS_CALL2;
   6131 
   6132 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6133 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6134 }
   6135 
   6136 void test_cil_resolve_call2_cat(CuTest *tc) {
   6137 	char *line[] = {"(", "category", "c0", ")",
   6138 			"(", "class", "file", "(", "read", ")", ")",
   6139 			"(", "macro", "mm", "(", "(", "category", "a", ")", ")",
   6140 				"(", "category", "b", ")",
   6141 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6142 			"(", "call", "mm", "(", "c0", ")", ")", NULL};
   6143 
   6144 	struct cil_tree *test_tree;
   6145 	gen_test_tree(&test_tree, line);
   6146 
   6147 	struct cil_db *test_db;
   6148 	cil_db_init(&test_db);
   6149 
   6150 	uint32_t changed = CIL_FALSE;
   6151 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6152 
   6153 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6154 
   6155 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6156 
   6157 	args->pass = CIL_PASS_CALL2;
   6158 
   6159 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6160 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6161 }
   6162 
   6163 void test_cil_resolve_call2_catset(CuTest *tc) {
   6164 	char *line[] = {"(", "category", "c0", ")",
   6165 			"(", "category", "c1", ")",
   6166 			"(", "category", "c2", ")",
   6167 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
   6168 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
   6169 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
   6170 			"(", "call", "mm", "(", "somecats", ")", ")", NULL};
   6171 
   6172 	struct cil_tree *test_tree;
   6173 	gen_test_tree(&test_tree, line);
   6174 
   6175 	struct cil_db *test_db;
   6176 	cil_db_init(&test_db);
   6177 
   6178 	uint32_t changed = CIL_FALSE;
   6179 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6180 
   6181 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6182 
   6183 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   6184 
   6185 	args->pass = CIL_PASS_CALL2;
   6186 
   6187 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
   6188 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6189 }
   6190 
   6191 void test_cil_resolve_call2_catset_anon(CuTest *tc) {
   6192 	char *line[] = {"(", "category", "c0", ")",
   6193 			"(", "category", "c1", ")",
   6194 			"(", "category", "c2", ")",
   6195 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
   6196 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
   6197 			"(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
   6198 
   6199 	struct cil_tree *test_tree;
   6200 	gen_test_tree(&test_tree, line);
   6201 
   6202 	struct cil_db *test_db;
   6203 	cil_db_init(&test_db);
   6204 
   6205 	uint32_t changed = CIL_FALSE;
   6206 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6207 
   6208 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6209 
   6210 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   6211 
   6212 	args->pass = CIL_PASS_CALL2;
   6213 
   6214 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
   6215 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6216 }
   6217 
   6218 void test_cil_resolve_call2_permset(CuTest *tc) {
   6219 	char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
   6220 			"(", "class", "dead", "(", "close", ")", ")",
   6221 			"(", "class", "bar", "(", "close", ")", ")",
   6222 			"(", "class", "baz", "(", "close", ")", ")",
   6223 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
   6224 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
   6225 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
   6226 
   6227 	struct cil_tree *test_tree;
   6228 	gen_test_tree(&test_tree, line);
   6229 
   6230 	struct cil_db *test_db;
   6231 	cil_db_init(&test_db);
   6232 
   6233 	uint32_t changed = CIL_FALSE;
   6234 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6235 
   6236 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6237 
   6238 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   6239 
   6240 	args->pass = CIL_PASS_CALL2;
   6241 
   6242 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
   6243 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6244 }
   6245 
   6246 void test_cil_resolve_call2_permset_anon(CuTest *tc) {
   6247 	char *line[] = {"(", "class", "dead", "(", "close", ")", ")",
   6248 			"(", "class", "bar", "(", "close", ")", ")",
   6249 			"(", "class", "baz", "(", "close", ")", ")",
   6250 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
   6251 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
   6252 			"(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
   6253 
   6254 	struct cil_tree *test_tree;
   6255 	gen_test_tree(&test_tree, line);
   6256 
   6257 	struct cil_db *test_db;
   6258 	cil_db_init(&test_db);
   6259 
   6260 	uint32_t changed = CIL_FALSE;
   6261 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6262 
   6263 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6264 
   6265 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   6266 
   6267 	args->pass = CIL_PASS_CALL2;
   6268 
   6269 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
   6270 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6271 }
   6272 
   6273 void test_cil_resolve_call2_classpermset_named(CuTest *tc) {
   6274 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   6275 			"(", "class", "file", "(", "open", ")", ")",
   6276 			"(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
   6277 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
   6278 				"(", "classmapping", "files", "read", "a", ")", ")",
   6279 			"(", "call", "mm", "(", "char_w", ")", ")", NULL};
   6280 
   6281 	struct cil_tree *test_tree;
   6282 	gen_test_tree(&test_tree, line);
   6283 
   6284 	struct cil_db *test_db;
   6285 	cil_db_init(&test_db);
   6286 
   6287 	uint32_t changed = CIL_FALSE;
   6288 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6289 
   6290 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6291 
   6292 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
   6293 
   6294 	args->pass = CIL_PASS_CALL2;
   6295 
   6296 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
   6297 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6298 }
   6299 
   6300 void test_cil_resolve_call2_classpermset_anon(CuTest *tc) {
   6301 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
   6302 			"(", "class", "file", "(", "open", ")", ")",
   6303 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
   6304 				"(", "classmapping", "files", "read", "a", ")", ")",
   6305 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
   6306 
   6307 	struct cil_tree *test_tree;
   6308 	gen_test_tree(&test_tree, line);
   6309 
   6310 	struct cil_db *test_db;
   6311 	cil_db_init(&test_db);
   6312 
   6313 	uint32_t changed = CIL_FALSE;
   6314 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6315 
   6316 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6317 
   6318 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6319 
   6320 	args->pass = CIL_PASS_CALL2;
   6321 
   6322 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6323 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6324 }
   6325 
   6326 void test_cil_resolve_call2_class(CuTest *tc) {
   6327 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   6328 			"(", "class", "file", "(", "read", ")", ")",
   6329 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   6330 				"(", "class", "b", "(", "read", ")", ")",
   6331 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6332 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
   6333 
   6334 	struct cil_tree *test_tree;
   6335 	gen_test_tree(&test_tree, line);
   6336 
   6337 	struct cil_db *test_db;
   6338 	cil_db_init(&test_db);
   6339 
   6340 	uint32_t changed = CIL_FALSE;
   6341 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6342 
   6343 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6344 
   6345 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6346 
   6347 	args->pass = CIL_PASS_CALL2;
   6348 
   6349 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6350 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6351 }
   6352 
   6353 void test_cil_resolve_call2_classmap(CuTest *tc) {
   6354 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
   6355 			"(", "classmap", "files", "(", "read", ")", ")",
   6356 			"(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
   6357 				"(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
   6358 			"(", "call", "mm", "(", "files", ")", ")", NULL};
   6359 
   6360 	struct cil_tree *test_tree;
   6361 	gen_test_tree(&test_tree, line);
   6362 
   6363 	struct cil_db *test_db;
   6364 	cil_db_init(&test_db);
   6365 
   6366 	uint32_t changed = CIL_FALSE;
   6367 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6368 
   6369 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6370 
   6371 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6372 
   6373 	args->pass = CIL_PASS_CALL2;
   6374 
   6375 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6376 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6377 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   6378 }
   6379 
   6380 void test_cil_resolve_call2_level(CuTest *tc) {
   6381 	char *line[] = {"(", "category", "c0", ")",
   6382 			"(", "sensitivity", "s0", ")",
   6383 			"(", "user", "system_u", ")",
   6384 			"(", "role", "role_r", ")",
   6385 			"(", "type", "type_t", ")",
   6386 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   6387 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   6388 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
   6389 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
   6390 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
   6391 
   6392 	struct cil_tree *test_tree;
   6393 	gen_test_tree(&test_tree, line);
   6394 
   6395 	struct cil_db *test_db;
   6396 	cil_db_init(&test_db);
   6397 
   6398 	uint32_t changed = CIL_FALSE;
   6399 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6400 
   6401 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6402 
   6403 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6404 
   6405 	args->pass = CIL_PASS_CALL2;
   6406 
   6407 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6408 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6409 }
   6410 
   6411 void test_cil_resolve_call2_level_anon(CuTest *tc) {
   6412 	char *line[] = {"(", "category", "c0", ")",
   6413 			"(", "sensitivity", "s0", ")",
   6414 			"(", "user", "system_u", ")",
   6415 			"(", "role", "role_r", ")",
   6416 			"(", "type", "type_t", ")",
   6417 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   6418 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   6419 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
   6420 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
   6421 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   6422 
   6423 	struct cil_tree *test_tree;
   6424 	gen_test_tree(&test_tree, line);
   6425 
   6426 	struct cil_db *test_db;
   6427 	cil_db_init(&test_db);
   6428 
   6429 	uint32_t changed = CIL_FALSE;
   6430 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6431 
   6432 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6433 
   6434 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6435 
   6436 	args->pass = CIL_PASS_CALL2;
   6437 
   6438 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6439 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6440 }
   6441 
   6442 void test_cil_resolve_call2_ipaddr(CuTest *tc) {
   6443 	char *line[] = {"(", "category", "c0", ")",
   6444 			"(", "sensitivity", "s0", ")",
   6445 			"(", "user", "system_u", ")",
   6446 			"(", "role", "role_r", ")",
   6447 			"(", "type", "type_t", ")",
   6448 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
   6449 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
   6450 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
   6451 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
   6452 			"(", "ipaddr", "ip", "192.168.0.1", ")",
   6453 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
   6454 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
   6455 			"(", "call", "mm", "(", "ip", ")", ")", NULL};
   6456 
   6457 	struct cil_tree *test_tree;
   6458 	gen_test_tree(&test_tree, line);
   6459 
   6460 	struct cil_db *test_db;
   6461 	cil_db_init(&test_db);
   6462 
   6463 	uint32_t changed = CIL_FALSE;
   6464 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6465 
   6466 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6467 
   6468 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
   6469 
   6470 	args->pass = CIL_PASS_CALL2;
   6471 
   6472 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
   6473 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6474 }
   6475 
   6476 void test_cil_resolve_call2_ipaddr_anon(CuTest *tc) {
   6477 	char *line[] = {"(", "category", "c0", ")",
   6478 			"(", "sensitivity", "s0", ")",
   6479 			"(", "user", "system_u", ")",
   6480 			"(", "role", "role_r", ")",
   6481 			"(", "type", "type_t", ")",
   6482 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
   6483 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
   6484 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
   6485 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
   6486 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
   6487 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
   6488 			"(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
   6489 
   6490 	struct cil_tree *test_tree;
   6491 	gen_test_tree(&test_tree, line);
   6492 
   6493 	struct cil_db *test_db;
   6494 	cil_db_init(&test_db);
   6495 
   6496 	uint32_t changed = CIL_FALSE;
   6497 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6498 
   6499 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6500 
   6501 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   6502 
   6503 	args->pass = CIL_PASS_CALL2;
   6504 
   6505 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
   6506 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6507 }
   6508 
   6509 void test_cil_resolve_call2_unknown_neg(CuTest *tc) {
   6510 	char *line[] = {"(", "category", "c0", ")",
   6511 			"(", "sensitivity", "s0", ")",
   6512 			"(", "user", "system_u", ")",
   6513 			"(", "role", "role_r", ")",
   6514 			"(", "type", "type_t", ")",
   6515 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   6516 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   6517 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
   6518 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
   6519 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
   6520 
   6521 	struct cil_tree *test_tree;
   6522 	gen_test_tree(&test_tree, line);
   6523 
   6524 	struct cil_db *test_db;
   6525 	cil_db_init(&test_db);
   6526 
   6527 	uint32_t changed = CIL_FALSE;
   6528 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6529 
   6530 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6531 
   6532 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6533 	((struct cil_args*)((struct cil_list_item *)((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data)->args->head)->data)->flavor = CIL_SYM_UNKNOWN;
   6534 
   6535 	args->pass = CIL_PASS_CALL2;
   6536 
   6537 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6538 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6539 }
   6540 
   6541 void test_cil_resolve_call2_name_neg(CuTest *tc) {
   6542 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
   6543 			"(", "class", "file", "(", "read", ")", ")",
   6544 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
   6545 				"(", "class", "b", "(", "read", ")", ")",
   6546 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6547 			"(", "call", "mm", ")", NULL};
   6548 
   6549 	struct cil_tree *test_tree;
   6550 	gen_test_tree(&test_tree, line);
   6551 
   6552 	struct cil_db *test_db;
   6553 	cil_db_init(&test_db);
   6554 
   6555 	uint32_t changed = CIL_FALSE;
   6556 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6557 
   6558 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6559 
   6560 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6561 
   6562 	args->pass = CIL_PASS_CALL2;
   6563 
   6564 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6565 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6566 }
   6567 
   6568 void test_cil_resolve_name_call_args(CuTest *tc) {
   6569 	char *line[] = {"(", "type", "qaz", ")",
   6570 			"(", "class", "file", "(", "read", ")", ")",
   6571 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6572 				"(", "type", "b", ")",
   6573 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6574 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6575 
   6576 	struct cil_tree *test_tree;
   6577 	gen_test_tree(&test_tree, line);
   6578 
   6579 	struct cil_db *test_db;
   6580 	cil_db_init(&test_db);
   6581 
   6582 	uint32_t changed = CIL_FALSE;
   6583 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6584 
   6585 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6586 
   6587 	struct cil_tree_node *test_node;
   6588 	cil_tree_node_init(&test_node);
   6589 
   6590 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6591 
   6592 	args->pass = CIL_PASS_CALL2;
   6593 
   6594 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6595 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "a", CIL_SYM_TYPES, &test_node);
   6596 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6597 }
   6598 
   6599 void test_cil_resolve_name_call_args_multipleparams(CuTest *tc) {
   6600 	char *line[] = {"(", "category", "c0", ")",
   6601 			"(", "sensitivity", "s0", ")",
   6602 			"(", "user", "system_u", ")",
   6603 			"(", "role", "role_r", ")",
   6604 			"(", "type", "type_t", ")",
   6605 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
   6606 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
   6607 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
   6608 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
   6609 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
   6610 
   6611 	struct cil_tree *test_tree;
   6612 	gen_test_tree(&test_tree, line);
   6613 
   6614 	struct cil_db *test_db;
   6615 	cil_db_init(&test_db);
   6616 
   6617 	uint32_t changed = CIL_FALSE;
   6618 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6619 
   6620 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6621 
   6622 	struct cil_tree_node *test_node;
   6623 	cil_tree_node_init(&test_node);
   6624 
   6625 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6626 
   6627 	args->pass = CIL_PASS_CALL2;
   6628 
   6629 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
   6630 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data, "lvl_h", CIL_SYM_LEVELS, &test_node);
   6631 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6632 }
   6633 
   6634 void test_cil_resolve_name_call_args_diffflavor(CuTest *tc) {
   6635 	char *line[] = {"(", "type", "qaz", ")",
   6636 			"(", "class", "file", "(", "read", ")", ")",
   6637 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6638 				"(", "type", "b", ")",
   6639 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6640 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6641 
   6642 	struct cil_tree *test_tree;
   6643 	gen_test_tree(&test_tree, line);
   6644 
   6645 	struct cil_db *test_db;
   6646 	cil_db_init(&test_db);
   6647 
   6648 	uint32_t changed = CIL_FALSE;
   6649 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6650 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6651 
   6652 	struct cil_tree_node *test_node;
   6653 	cil_tree_node_init(&test_node);
   6654 
   6655 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6656 
   6657 	args->pass = CIL_PASS_CALL2;
   6658 
   6659 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6660 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qaz", CIL_LEVEL, &test_node);
   6661 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6662 }
   6663 
   6664 void test_cil_resolve_name_call_args_callnull_neg(CuTest *tc) {
   6665 	char *line[] = {"(", "type", "qaz", ")",
   6666 			"(", "class", "file", "(", "read", ")", ")",
   6667 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6668 				"(", "type", "b", ")",
   6669 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6670 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6671 
   6672 	struct cil_tree *test_tree;
   6673 	gen_test_tree(&test_tree, line);
   6674 
   6675 	struct cil_db *test_db;
   6676 	cil_db_init(&test_db);
   6677 
   6678 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6679 
   6680 	uint32_t changed = CIL_FALSE;
   6681 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6682 
   6683 	struct cil_tree_node *test_node;
   6684 	cil_tree_node_init(&test_node);
   6685 
   6686 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6687 
   6688 	args->pass = CIL_PASS_CALL2;
   6689 
   6690 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6691 	int rc = cil_resolve_name_call_args(NULL, "qaz", CIL_LEVEL, &test_node);
   6692 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6693 }
   6694 
   6695 void test_cil_resolve_name_call_args_namenull_neg(CuTest *tc) {
   6696 	char *line[] = {"(", "type", "qaz", ")",
   6697 			"(", "class", "file", "(", "read", ")", ")",
   6698 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6699 				"(", "type", "b", ")",
   6700 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6701 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   6702 
   6703 	struct cil_tree *test_tree;
   6704 	gen_test_tree(&test_tree, line);
   6705 
   6706 	struct cil_db *test_db;
   6707 	cil_db_init(&test_db);
   6708 
   6709 	uint32_t changed = CIL_FALSE;
   6710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6711 
   6712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6713 
   6714 	struct cil_tree_node *test_node;
   6715 	cil_tree_node_init(&test_node);
   6716 
   6717 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6718 
   6719 	args->pass = CIL_PASS_CALL2;
   6720 
   6721 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6722 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, NULL, CIL_LEVEL, &test_node);
   6723 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6724 }
   6725 
   6726 void test_cil_resolve_name_call_args_callargsnull_neg(CuTest *tc) {
   6727 	char *line[] = {"(", "type", "qaz", ")",
   6728 			"(", "class", "file", "(", "read", ")", ")",
   6729 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6730 				"(", "type", "b", ")",
   6731 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6732 			"(", "call", "mm", ")", NULL};
   6733 
   6734 	struct cil_tree *test_tree;
   6735 	gen_test_tree(&test_tree, line);
   6736 
   6737 	struct cil_db *test_db;
   6738 	cil_db_init(&test_db);
   6739 
   6740 	uint32_t changed = CIL_FALSE;
   6741 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6742 
   6743 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6744 
   6745 	struct cil_tree_node *test_node;
   6746 	cil_tree_node_init(&test_node);
   6747 
   6748 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6749 
   6750 	args->pass = CIL_PASS_CALL2;
   6751 
   6752 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6753 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_LEVEL, &test_node);
   6754 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6755 }
   6756 
   6757 void test_cil_resolve_name_call_args_name_neg(CuTest *tc) {
   6758 	char *line[] = {"(", "type", "qaz", ")",
   6759 			"(", "class", "file", "(", "read", ")", ")",
   6760 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   6761 				"(", "type", "b", ")",
   6762 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   6763 			"(", "call", "mm", "(", "baz", ")", ")", NULL};
   6764 
   6765 	struct cil_tree *test_tree;
   6766 	gen_test_tree(&test_tree, line);
   6767 
   6768 	struct cil_db *test_db;
   6769 	cil_db_init(&test_db);
   6770 
   6771 	uint32_t changed = CIL_FALSE;
   6772 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   6773 
   6774 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6775 
   6776 	struct cil_tree_node *test_node = NULL;
   6777 	//cil_tree_node_init(&test_node);
   6778 
   6779 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   6780 
   6781 	args->pass = CIL_PASS_CALL2;
   6782 
   6783 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
   6784 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_TYPE, &test_node);
   6785 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6786 }
   6787 
   6788 void test_cil_resolve_expr_stack_bools(CuTest *tc) {
   6789 	char *line[] = {"(", "boolean", "foo", "true", ")",
   6790 			"(", "boolean", "bar", "false", ")",
   6791 			"(", "class", "baz", "(", "read", ")", ")",
   6792 			"(", "booleanif", "(", "and", "foo", "bar", ")",
   6793 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
   6794 
   6795 	struct cil_tree *test_tree;
   6796 	gen_test_tree(&test_tree, line);
   6797 
   6798 	struct cil_db *test_db;
   6799 	cil_db_init(&test_db);
   6800 
   6801 	uint32_t changed = CIL_FALSE;
   6802 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   6803 
   6804 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6805 
   6806 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
   6807 
   6808 	int rc = cil_resolve_expr_stack(bif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   6809 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6810 }
   6811 
   6812 void test_cil_resolve_expr_stack_tunables(CuTest *tc) {
   6813 	char *line[] = {"(", "tunable", "foo", "true", ")",
   6814 			"(", "tunable", "bar", "false", ")",
   6815 			"(", "class", "baz", "(", "read", ")", ")",
   6816 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   6817 			"(", "true",
   6818 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   6819 
   6820 	struct cil_tree *test_tree;
   6821 	gen_test_tree(&test_tree, line);
   6822 
   6823 	struct cil_db *test_db;
   6824 	cil_db_init(&test_db);
   6825 
   6826 	uint32_t changed = CIL_FALSE;
   6827 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   6828 
   6829 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6830 
   6831 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   6832 
   6833 	int rc = cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   6834 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6835 }
   6836 
   6837 void test_cil_resolve_expr_stack_type(CuTest *tc) {
   6838         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   6839 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   6840 			"(", "type", "t1", ")",
   6841 			"(", "type", "type_t", ")",
   6842 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "t1", "type_t", ")", ")", NULL};
   6843 
   6844 	struct cil_tree *test_tree;
   6845 	gen_test_tree(&test_tree, line);
   6846 
   6847 	struct cil_db *test_db;
   6848 	cil_db_init(&test_db);
   6849 
   6850 	uint32_t changed = CIL_FALSE;
   6851 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   6852 
   6853 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6854 
   6855 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
   6856 
   6857 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
   6858 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6859 }
   6860 
   6861 void test_cil_resolve_expr_stack_role(CuTest *tc) {
   6862         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   6863 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   6864 			"(", "role", "r1", ")",
   6865 			"(", "role", "role_r", ")",
   6866 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "role_r", ")", ")", NULL};
   6867 
   6868 	struct cil_tree *test_tree;
   6869 	gen_test_tree(&test_tree, line);
   6870 
   6871 	struct cil_db *test_db;
   6872 	cil_db_init(&test_db);
   6873 
   6874 	uint32_t changed = CIL_FALSE;
   6875 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   6876 
   6877 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6878 
   6879 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
   6880 
   6881 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
   6882 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6883 }
   6884 
   6885 void test_cil_resolve_expr_stack_user(CuTest *tc) {
   6886         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   6887 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   6888 			"(", "user", "u1", ")",
   6889 			"(", "user", "user_u", ")",
   6890 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "u1", "user_u", ")", ")", NULL};
   6891 
   6892 	struct cil_tree *test_tree;
   6893 	gen_test_tree(&test_tree, line);
   6894 
   6895 	struct cil_db *test_db;
   6896 	cil_db_init(&test_db);
   6897 
   6898 	uint32_t changed = CIL_FALSE;
   6899 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   6900 
   6901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6902 
   6903 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
   6904 
   6905 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
   6906 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6907 }
   6908 
   6909 void test_cil_resolve_expr_stack_neg(CuTest *tc) {
   6910 	char *line[] = {"(", "boolean", "foo", "true", ")",
   6911 			"(", "boolean", "bar", "false", ")",
   6912 			"(", "class", "baz", "(", "read", ")", ")",
   6913 			"(", "booleanif", "(", "and", "beef", "baf", ")",
   6914 			"(", "true",
   6915 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   6916 
   6917 	struct cil_tree *test_tree;
   6918 	gen_test_tree(&test_tree, line);
   6919 
   6920 	struct cil_db *test_db;
   6921 	cil_db_init(&test_db);
   6922 
   6923 	uint32_t changed = CIL_FALSE;
   6924 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   6925 
   6926 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6927 
   6928 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
   6929 
   6930 	int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
   6931 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   6932 }
   6933 
   6934 void test_cil_resolve_expr_stack_emptystr_neg(CuTest *tc) {
   6935 	char *line[] = {"(", "boolean", "foo", "true", ")",
   6936 			"(", "boolean", "bar", "false", ")",
   6937 			"(", "class", "baz", "(", "read", ")", ")",
   6938 			"(", "booleanif", "(", "and", "foo", "bar", ")",
   6939 			"(", "true",
   6940 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   6941 
   6942 	struct cil_tree *test_tree;
   6943 	gen_test_tree(&test_tree, line);
   6944 
   6945 	struct cil_db *test_db;
   6946 	cil_db_init(&test_db);
   6947 
   6948 	uint32_t changed = CIL_FALSE;
   6949 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   6950 
   6951 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6952 
   6953 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
   6954 	((struct cil_conditional*)bif->expr_stack->head->data)->str = NULL;
   6955 
   6956 	int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
   6957 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   6958 }
   6959 
   6960 void test_cil_resolve_boolif(CuTest *tc) {
   6961 	char *line[] = {"(", "boolean", "foo", "true", ")",
   6962 			"(", "boolean", "bar", "false", ")",
   6963 			"(", "class", "baz", "(", "read", ")", ")",
   6964 			"(", "booleanif", "(", "and", "foo", "bar", ")",
   6965 			"(", "true",
   6966 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   6967 
   6968 	struct cil_tree *test_tree;
   6969 	gen_test_tree(&test_tree, line);
   6970 
   6971 	struct cil_db *test_db;
   6972 	cil_db_init(&test_db);
   6973 
   6974 	uint32_t changed = CIL_FALSE;
   6975 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   6976 
   6977 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   6978 
   6979 	int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
   6980 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   6981 }
   6982 
   6983 void test_cil_resolve_boolif_neg(CuTest *tc) {
   6984 	char *line[] = {"(", "boolean", "foo", "true", ")",
   6985 			"(", "boolean", "bar", "false", ")",
   6986 			"(", "class", "baz", "(", "read", ")", ")",
   6987 			"(", "booleanif", "(", "and", "dne", "N/A", ")",
   6988 			"(", "true",
   6989 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   6990 
   6991 	struct cil_tree *test_tree;
   6992 	gen_test_tree(&test_tree, line);
   6993 
   6994 	struct cil_db *test_db;
   6995 	cil_db_init(&test_db);
   6996 
   6997 	uint32_t changed = CIL_FALSE;
   6998 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   6999 
   7000 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7001 
   7002 	int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
   7003 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7004 }
   7005 
   7006 void test_cil_evaluate_expr_stack_and(CuTest *tc) {
   7007 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7008 			"(", "tunable", "bar", "false", ")",
   7009 			"(", "class", "baz", "(", "read", ")", ")",
   7010 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   7011 			"(", "true",
   7012 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7013 
   7014 	struct cil_tree *test_tree;
   7015 	gen_test_tree(&test_tree, line);
   7016 
   7017 	struct cil_db *test_db;
   7018 	cil_db_init(&test_db);
   7019 
   7020 	uint16_t result = CIL_FALSE;
   7021 	uint32_t changed = CIL_FALSE;
   7022 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7023 
   7024 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7025 
   7026 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7027 
   7028 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7029 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7030 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7031 }
   7032 
   7033 void test_cil_evaluate_expr_stack_not(CuTest *tc) {
   7034 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7035 			"(", "tunable", "bar", "false", ")",
   7036 			"(", "class", "baz", "(", "read", ")", ")",
   7037 			"(", "tunableif", "(", "not", "bar", ")",
   7038 			"(", "true",
   7039 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7040 
   7041 	struct cil_tree *test_tree;
   7042 	gen_test_tree(&test_tree, line);
   7043 
   7044 	struct cil_db *test_db;
   7045 	cil_db_init(&test_db);
   7046 
   7047 	uint16_t result = CIL_FALSE;
   7048 	uint32_t changed = CIL_FALSE;
   7049 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7050 
   7051 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7052 
   7053 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7054 
   7055 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7056 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7057 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7058 }
   7059 
   7060 void test_cil_evaluate_expr_stack_or(CuTest *tc) {
   7061 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7062 			"(", "tunable", "bar", "false", ")",
   7063 			"(", "class", "baz", "(", "read", ")", ")",
   7064 			"(", "tunableif", "(", "or", "foo", "bar", ")",
   7065 			"(", "true",
   7066 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7067 
   7068 	struct cil_tree *test_tree;
   7069 	gen_test_tree(&test_tree, line);
   7070 
   7071 	struct cil_db *test_db;
   7072 	cil_db_init(&test_db);
   7073 
   7074 	uint16_t result = CIL_FALSE;
   7075 	uint32_t changed = CIL_FALSE;
   7076 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7077 
   7078 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7079 
   7080 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7081 
   7082 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7083 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7084 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7085 }
   7086 
   7087 void test_cil_evaluate_expr_stack_xor(CuTest *tc) {
   7088 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7089 			"(", "tunable", "bar", "false", ")",
   7090 			"(", "class", "baz", "(", "read", ")", ")",
   7091 			"(", "tunableif", "(", "xor", "foo", "bar", ")",
   7092 			"(", "true",
   7093 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7094 
   7095 	struct cil_tree *test_tree;
   7096 	gen_test_tree(&test_tree, line);
   7097 
   7098 	struct cil_db *test_db;
   7099 	cil_db_init(&test_db);
   7100 
   7101 	uint16_t result = CIL_FALSE;
   7102 	uint32_t changed = CIL_FALSE;
   7103 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7104 
   7105 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7106 
   7107 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7108 
   7109 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7110 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7112 }
   7113 
   7114 void test_cil_evaluate_expr_stack_eq(CuTest *tc) {
   7115 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7116 			"(", "tunable", "bar", "false", ")",
   7117 			"(", "class", "baz", "(", "read", ")", ")",
   7118 			"(", "tunableif", "(", "eq", "foo", "bar", ")",
   7119 			"(", "true",
   7120 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7121 
   7122 	struct cil_tree *test_tree;
   7123 	gen_test_tree(&test_tree, line);
   7124 
   7125 	struct cil_db *test_db;
   7126 	cil_db_init(&test_db);
   7127 
   7128 	uint16_t result = CIL_FALSE;
   7129 	uint32_t changed = CIL_FALSE;
   7130 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7131 
   7132 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7133 
   7134 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7135 
   7136 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7137 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7138 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7139 }
   7140 
   7141 void test_cil_evaluate_expr_stack_neq(CuTest *tc) {
   7142 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7143 			"(", "tunable", "bar", "false", ")",
   7144 			"(", "class", "baz", "(", "read", ")", ")",
   7145 			"(", "tunableif", "(", "neq", "foo", "bar", ")",
   7146 			"(", "true",
   7147 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7148 
   7149 	struct cil_tree *test_tree;
   7150 	gen_test_tree(&test_tree, line);
   7151 
   7152 	struct cil_db *test_db;
   7153 	cil_db_init(&test_db);
   7154 
   7155 	uint16_t result = CIL_FALSE;
   7156 	uint32_t changed = CIL_FALSE;
   7157 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7158 
   7159 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7160 
   7161 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
   7162 
   7163 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
   7164 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7165 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7166 }
   7167 
   7168 void test_cil_evaluate_expr_stack_oper1(CuTest *tc) {
   7169 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7170 			"(", "tunable", "bar", "false", ")",
   7171 			"(", "tunable", "baz", "false", ")",
   7172 			"(", "class", "baz", "(", "read", ")", ")",
   7173 			"(", "tunableif", "(", "and", "(", "or", "foo", "bar", ")", "baz", ")",
   7174 			"(", "true",
   7175 			"(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7176 
   7177 	struct cil_tree *test_tree;
   7178 	gen_test_tree(&test_tree, line);
   7179 
   7180 	struct cil_db *test_db;
   7181 	cil_db_init(&test_db);
   7182 
   7183 	uint16_t result = CIL_FALSE;
   7184 	uint32_t changed = CIL_FALSE;
   7185 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7186 
   7187 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7188 
   7189 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
   7190 
   7191 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
   7192 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7193 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7194 }
   7195 
   7196 void test_cil_evaluate_expr_stack_oper2(CuTest *tc) {
   7197 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7198 			"(", "tunable", "bar", "false", ")",
   7199 			"(", "tunable", "baz", "false", ")",
   7200 			"(", "class", "baz", "(", "read", ")", ")",
   7201 			"(", "tunableif", "(", "and", "baz", "(", "or", "foo", "bar", ")", ")",
   7202 			"(", "true",
   7203 			"(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7204 
   7205 	struct cil_tree *test_tree;
   7206 	gen_test_tree(&test_tree, line);
   7207 
   7208 	struct cil_db *test_db;
   7209 	cil_db_init(&test_db);
   7210 
   7211 	uint16_t result = CIL_FALSE;
   7212 	uint32_t changed = CIL_FALSE;
   7213 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7214 
   7215 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7216 
   7217 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
   7218 
   7219 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
   7220 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7221 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7222 }
   7223 /*
   7224 void test_cil_evaluate_expr_stack_neg(CuTest *tc) {
   7225 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7226 			"(", "tunable", "bar", "false", ")",
   7227 			"(", "class", "baz", "(", "read", ")", ")",
   7228 			"(", "tunableif", "(", "neq", "foo", "bar", ")",
   7229 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
   7230 
   7231 	struct cil_tree *test_tree;
   7232 	gen_test_tree(&test_tree, line);
   7233 
   7234 	struct cil_db *test_db;
   7235 	cil_db_init(&test_db);
   7236 
   7237 	uint16_t result = CIL_FALSE;
   7238 
   7239 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7240 
   7241 	struct cil_tree_node *test_node;
   7242 	cil_tree_node_init(&test_node);
   7243 
   7244 	struct cil_conditional *new_cond;
   7245 	cil_conditional_init(&new_cond);
   7246 	new_cond->flavor = CIL_COND;
   7247 	char *baz = "baz";
   7248 	new_cond->str = baz;
   7249 	new_cond->flavor = CIL_TUNABLE;
   7250 
   7251 	struct cil_tunableif *tif = test_db->ast->root->cl_head->next->next->next->next->data;
   7252 
   7253 	test_node->data = new_cond;
   7254 	test_node->cl_head = tif->expr_stack;
   7255 	tif->expr_stack->parent = test_node;
   7256 
   7257 	cil_resolve_expr_stack(test_db, tif->expr_stack, test_db->ast->root->cl_head->next->next->next, NULL);
   7258 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
   7259 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   7260 }
   7261 */
   7262 void test_cil_resolve_tunif_false(CuTest *tc) {
   7263 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7264 			"(", "tunable", "bar", "false", ")",
   7265 			"(", "class", "baz", "(", "read", ")", ")",
   7266 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   7267 			"(", "false",
   7268 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7269 
   7270 	struct cil_tree *test_tree;
   7271 	gen_test_tree(&test_tree, line);
   7272 
   7273 	struct cil_db *test_db;
   7274 	cil_db_init(&test_db);
   7275 
   7276 	uint32_t changed = CIL_FALSE;
   7277 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7278 
   7279 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7280 
   7281 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
   7282 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7283 }
   7284 
   7285 void test_cil_resolve_tunif_true(CuTest *tc) {
   7286 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7287 			"(", "tunable", "bar", "true", ")",
   7288 			"(", "class", "baz", "(", "read", ")", ")",
   7289 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   7290 			"(", "true",
   7291 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7292 
   7293 	struct cil_tree *test_tree;
   7294 	gen_test_tree(&test_tree, line);
   7295 
   7296 	struct cil_db *test_db;
   7297 	cil_db_init(&test_db);
   7298 
   7299 	uint32_t changed = CIL_FALSE;
   7300 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7301 
   7302 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7303 
   7304 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
   7305 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7306 }
   7307 
   7308 void test_cil_resolve_tunif_resolveexpr_neg(CuTest *tc) {
   7309 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7310 			"(", "tunable", "bar", "false", ")",
   7311 			"(", "class", "baz", "(", "read", ")", ")",
   7312 			"(", "tunableif", "(", "and", "dne", "N/A", ")",
   7313 			"(", "true",
   7314 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   7315 
   7316 	struct cil_tree *test_tree;
   7317 	gen_test_tree(&test_tree, line);
   7318 
   7319 	struct cil_db *test_db;
   7320 	cil_db_init(&test_db);
   7321 
   7322 	uint32_t changed = CIL_FALSE;
   7323 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   7324 
   7325 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7326 
   7327 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
   7328 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7329 }
   7330 /*
   7331 void test_cil_resolve_tunif_evaluateexpr_neg(CuTest *tc) {
   7332 	char *line[] = {"(", "tunable", "foo", "true", ")",
   7333 			"(", "tunable", "bar", "false", ")",
   7334 			"(", "class", "baz", "(", "read", ")", ")",
   7335 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   7336 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
   7337 
   7338 	struct cil_tree *test_tree;
   7339 	gen_test_tree(&test_tree, line);
   7340 
   7341 	struct cil_db *test_db;
   7342 	cil_db_init(&test_db);
   7343 
   7344 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7345 
   7346 	struct cil_tree_node *test_node;
   7347 	cil_tree_node_init(&test_node);
   7348 
   7349 	struct cil_conditional *new_cond;
   7350 	cil_conditional_init(&new_cond);
   7351 	new_cond->flavor = CIL_COND;
   7352 	char *baz = "baz";
   7353 	new_cond->str = baz;
   7354 	new_cond->flavor = CIL_TUNABLE;
   7355 
   7356 	struct tunableif *tif = test_db->ast->root->cl_head->next->next->next->data;
   7357 
   7358 	test_node->data = new_cond;
   7359 	test_node->cl_head = tif->expr_stack;
   7360 	tif->expr_stack->parent = test_node;
   7361 
   7362 	int rc = cil_resolve_tunif(test_db, test_db->ast->root->cl_head->next->next->next, NULL);
   7363 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   7364 }
   7365 */
   7366 void test_cil_resolve_userbounds(CuTest *tc) {
   7367 	char *line[] = {"(", "user", "user1", ")",
   7368 			"(", "user", "user2", ")",
   7369 			"(", "userbounds", "user1", "user2", ")", NULL};
   7370 
   7371 	struct cil_tree *test_tree;
   7372 	gen_test_tree(&test_tree, line);
   7373 
   7374 	struct cil_db *test_db;
   7375 	cil_db_init(&test_db);
   7376 
   7377 	uint32_t changed = CIL_FALSE;
   7378 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7379 
   7380 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7381 
   7382 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
   7383 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7384 }
   7385 
   7386 void test_cil_resolve_userbounds_exists_neg(CuTest *tc) {
   7387 	char *line[] = {"(", "user", "user1", ")",
   7388 			"(", "user", "user2", ")",
   7389 			"(", "userbounds", "user1", "user2", ")", NULL};
   7390 
   7391 	struct cil_tree *test_tree;
   7392 	gen_test_tree(&test_tree, line);
   7393 
   7394 	struct cil_db *test_db;
   7395 	cil_db_init(&test_db);
   7396 
   7397 	uint32_t changed = CIL_FALSE;
   7398 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7399 
   7400 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7401 
   7402 	cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
   7403 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
   7404 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   7405 }
   7406 
   7407 void test_cil_resolve_userbounds_user1_neg(CuTest *tc) {
   7408 	char *line[] = {"(", "user", "user1", ")",
   7409 			"(", "user", "user2", ")",
   7410 			"(", "userbounds", "user_DNE", "user2", ")", NULL};
   7411 
   7412 	struct cil_tree *test_tree;
   7413 	gen_test_tree(&test_tree, line);
   7414 
   7415 	struct cil_db *test_db;
   7416 	cil_db_init(&test_db);
   7417 
   7418 	uint32_t changed = CIL_FALSE;
   7419 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7420 
   7421 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7422 
   7423 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
   7424 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7425 }
   7426 
   7427 void test_cil_resolve_userbounds_user2_neg(CuTest *tc) {
   7428 	char *line[] = {"(", "user", "user1", ")",
   7429 			"(", "user", "user2", ")",
   7430 			"(", "userbounds", "user1", "user_DNE", ")", NULL};
   7431 
   7432 	struct cil_tree *test_tree;
   7433 	gen_test_tree(&test_tree, line);
   7434 
   7435 	struct cil_db *test_db;
   7436 	cil_db_init(&test_db);
   7437 
   7438 	uint32_t changed = CIL_FALSE;
   7439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7440 
   7441 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7442 
   7443 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
   7444 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7445 }
   7446 
   7447 void test_cil_resolve_roletype(CuTest *tc) {
   7448 	char *line[] = {"(", "role",  "admin_r", ")",
   7449 			"(", "type", "admin_t", ")",
   7450 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   7451 
   7452 	struct cil_tree *test_tree;
   7453 	gen_test_tree(&test_tree, line);
   7454 
   7455 	struct cil_db *test_db;
   7456 	cil_db_init(&test_db);
   7457 
   7458 	uint32_t changed = CIL_FALSE;
   7459 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7460 
   7461 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7462 
   7463 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next->next, args);
   7464 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7465 }
   7466 
   7467 void test_cil_resolve_roletype_type_neg(CuTest *tc) {
   7468 	char *line[] = {"(", "role",  "admin_r", ")",
   7469 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   7470 
   7471 	struct cil_tree *test_tree;
   7472 	gen_test_tree(&test_tree, line);
   7473 
   7474 	struct cil_db *test_db;
   7475 	cil_db_init(&test_db);
   7476 
   7477 	uint32_t changed = CIL_FALSE;
   7478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7479 
   7480 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7481 
   7482 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
   7483 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7484 }
   7485 
   7486 void test_cil_resolve_roletype_role_neg(CuTest *tc) {
   7487 	char *line[] = {"(", "type", "admin_t", ")",
   7488 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   7489 
   7490 	struct cil_tree *test_tree;
   7491 	gen_test_tree(&test_tree, line);
   7492 
   7493 	struct cil_db *test_db;
   7494 	cil_db_init(&test_db);
   7495 
   7496 	uint32_t changed = CIL_FALSE;
   7497 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7498 
   7499 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7500 
   7501 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
   7502 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7503 }
   7504 
   7505 void test_cil_resolve_userrole(CuTest *tc) {
   7506 	char *line[] = {"(", "role",  "staff_r", ")",
   7507 			"(", "user", "staff_u", ")",
   7508 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   7509 
   7510 	struct cil_tree *test_tree;
   7511 	gen_test_tree(&test_tree, line);
   7512 
   7513 	struct cil_db *test_db;
   7514 	cil_db_init(&test_db);
   7515 
   7516 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7517 
   7518 	uint32_t changed = CIL_FALSE;
   7519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7520 
   7521 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next->next, args);
   7522 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7523 }
   7524 
   7525 void test_cil_resolve_userrole_user_neg(CuTest *tc) {
   7526 	char *line[] = {"(", "role",  "staff_r", ")",
   7527 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   7528 
   7529 	struct cil_tree *test_tree;
   7530 	gen_test_tree(&test_tree, line);
   7531 
   7532 	struct cil_db *test_db;
   7533 	cil_db_init(&test_db);
   7534 
   7535 	uint32_t changed = CIL_FALSE;
   7536 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7537 
   7538 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7539 
   7540 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
   7541 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7542 }
   7543 
   7544 void test_cil_resolve_userrole_role_neg(CuTest *tc) {
   7545 	char *line[] = {"(", "user", "staff_u", ")",
   7546 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   7547 
   7548 	struct cil_tree *test_tree;
   7549 	gen_test_tree(&test_tree, line);
   7550 
   7551 	struct cil_db *test_db;
   7552 	cil_db_init(&test_db);
   7553 
   7554 	uint32_t changed = CIL_FALSE;
   7555 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   7556 
   7557 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7558 
   7559 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
   7560 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7561 }
   7562 
   7563 void test_cil_resolve_userlevel(CuTest *tc) {
   7564 	char *line[] = {"(", "user",  "foo_u", ")",
   7565 			"(", "category", "c0", ")",
   7566 			"(", "sensitivity", "s0", ")",
   7567 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7568 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7569 			"(", "userlevel", "foo_u", "low", ")", NULL};
   7570 
   7571 	struct cil_tree *test_tree;
   7572 	gen_test_tree(&test_tree, line);
   7573 
   7574 	struct cil_db *test_db;
   7575 	cil_db_init(&test_db);
   7576 
   7577 	uint32_t changed = CIL_FALSE;
   7578 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7579 
   7580 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7581 
   7582 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7583 
   7584 	args->pass = CIL_PASS_MISC3;
   7585 
   7586 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7587 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7588 }
   7589 
   7590 void test_cil_resolve_userlevel_macro(CuTest *tc) {
   7591 	char *line[] = {"(", "user",  "foo_u", ")",
   7592 			"(", "category", "c0", ")",
   7593 			"(", "sensitivity", "s0", ")",
   7594 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7595 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
   7596 				"(", "userlevel", "foo_u", "l", ")", ")",
   7597 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   7598 
   7599 	struct cil_tree *test_tree;
   7600 	gen_test_tree(&test_tree, line);
   7601 
   7602 	struct cil_db *test_db;
   7603 	cil_db_init(&test_db);
   7604 
   7605 	uint32_t changed = CIL_FALSE;
   7606 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   7607 
   7608 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7609 
   7610 
   7611 	args->pass = CIL_PASS_CALL1;
   7612 
   7613 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7614 
   7615 	args->pass = CIL_PASS_CALL2;
   7616 
   7617 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7618 
   7619 	args->pass = CIL_PASS_MISC2;
   7620 
   7621 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7622 
   7623 	args->pass = CIL_PASS_MISC3;
   7624 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
   7625 
   7626 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
   7627 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7628 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   7629 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   7630 }
   7631 
   7632 void test_cil_resolve_userlevel_macro_neg(CuTest *tc) {
   7633 	char *line[] = {"(", "user",  "foo_u", ")",
   7634 			"(", "category", "c0", ")",
   7635 			"(", "sensitivity", "s0", ")",
   7636 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7637 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
   7638 				"(", "userlevel", "foo_u", "l", ")", ")",
   7639 			"(", "call", "mm", "(", "(", "DNE", "(", "c0", ")", ")", ")", ")", NULL};
   7640 
   7641 	struct cil_tree *test_tree;
   7642 	gen_test_tree(&test_tree, line);
   7643 
   7644 	struct cil_db *test_db;
   7645 	cil_db_init(&test_db);
   7646 
   7647 	uint32_t changed = CIL_FALSE;
   7648 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   7649 
   7650 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7651 
   7652 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7653 
   7654 	args->pass = CIL_PASS_CALL2;
   7655 
   7656 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7657 
   7658 	args->pass = CIL_PASS_MISC2;
   7659 
   7660 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7661 
   7662 	args->pass = CIL_PASS_MISC3;
   7663 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
   7664 
   7665 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
   7666 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7667 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   7668 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   7669 }
   7670 
   7671 void test_cil_resolve_userlevel_level_anon(CuTest *tc) {
   7672 	char *line[] = {"(", "user",  "foo_u", ")",
   7673 			"(", "category", "c0", ")",
   7674 			"(", "sensitivity", "s0", ")",
   7675 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7676 			"(", "userlevel", "foo_u", "(", "s0", "(", "c0", ")", ")", ")", NULL};
   7677 
   7678 	struct cil_tree *test_tree;
   7679 	gen_test_tree(&test_tree, line);
   7680 
   7681 	struct cil_db *test_db;
   7682 	cil_db_init(&test_db);
   7683 
   7684 	uint32_t changed = CIL_FALSE;
   7685 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7686 
   7687 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7688 
   7689 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7690 
   7691 	args->pass = CIL_PASS_MISC3;
   7692 
   7693 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
   7694 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7695 }
   7696 
   7697 void test_cil_resolve_userlevel_level_anon_neg(CuTest *tc) {
   7698 	char *line[] = {"(", "user",  "foo_u", ")",
   7699 			"(", "category", "c0", ")",
   7700 			"(", "sensitivity", "s0", ")",
   7701 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7702 			"(", "userlevel", "foo_u", "(", "s0", "(", "DNE", ")", ")", ")", NULL};
   7703 
   7704 	struct cil_tree *test_tree;
   7705 	gen_test_tree(&test_tree, line);
   7706 
   7707 	struct cil_db *test_db;
   7708 	cil_db_init(&test_db);
   7709 
   7710 	uint32_t changed = CIL_FALSE;
   7711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7712 
   7713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7714 
   7715 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7716 
   7717 	args->pass = CIL_PASS_MISC3;
   7718 
   7719 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
   7720 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7721 }
   7722 
   7723 void test_cil_resolve_userlevel_user_neg(CuTest *tc) {
   7724 	char *line[] = {"(", "user",  "foo_u", ")",
   7725 			"(", "category", "c0", ")",
   7726 			"(", "sensitivity", "s0", ")",
   7727 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7728 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7729 			"(", "userlevel", "DNE", "low", ")", NULL};
   7730 
   7731 	struct cil_tree *test_tree;
   7732 	gen_test_tree(&test_tree, line);
   7733 
   7734 	struct cil_db *test_db;
   7735 	cil_db_init(&test_db);
   7736 
   7737 	uint32_t changed = CIL_FALSE;
   7738 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7739 
   7740 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7741 
   7742 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7743 
   7744 	args->pass = CIL_PASS_MISC3;
   7745 
   7746 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7747 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7748 }
   7749 
   7750 void test_cil_resolve_userlevel_level_neg(CuTest *tc) {
   7751 	char *line[] = {"(", "user",  "foo_u", ")",
   7752 			"(", "category", "c0", ")",
   7753 			"(", "sensitivity", "s0", ")",
   7754 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7755 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7756 			"(", "userlevel", "foo_u", "DNE", ")", NULL};
   7757 
   7758 	struct cil_tree *test_tree;
   7759 	gen_test_tree(&test_tree, line);
   7760 
   7761 	struct cil_db *test_db;
   7762 	cil_db_init(&test_db);
   7763 
   7764 	uint32_t changed = CIL_FALSE;
   7765 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7766 
   7767 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7768 
   7769 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7770 
   7771 	args->pass = CIL_PASS_MISC3;
   7772 
   7773 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7774 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7775 }
   7776 
   7777 void test_cil_resolve_userrange(CuTest *tc) {
   7778 	char *line[] = {"(", "user",  "foo_u", ")",
   7779 			"(", "category", "c0", ")",
   7780 			"(", "sensitivity", "s0", ")",
   7781 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7782 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
   7783 			"(", "userrange", "foo_u", "range", ")", NULL};
   7784 
   7785 	struct cil_tree *test_tree;
   7786 	gen_test_tree(&test_tree, line);
   7787 
   7788 	struct cil_db *test_db;
   7789 	cil_db_init(&test_db);
   7790 
   7791 	uint32_t changed = CIL_FALSE;
   7792 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7793 
   7794 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7795 
   7796 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7797 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7798 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7799 }
   7800 
   7801 void test_cil_resolve_userrange_macro(CuTest *tc) {
   7802 	char *line[] = {"(", "user",  "foo_u", ")",
   7803 			"(", "category", "c0", ")",
   7804 			"(", "sensitivity", "s0", ")",
   7805 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7806 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   7807 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7808 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
   7809 				"(", "userrange", "foo_u", "range", ")", ")",
   7810 			"(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
   7811 
   7812 	struct cil_tree *test_tree;
   7813 	gen_test_tree(&test_tree, line);
   7814 
   7815 	struct cil_db *test_db;
   7816 	cil_db_init(&test_db);
   7817 
   7818 	uint32_t changed = CIL_FALSE;
   7819 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   7820 
   7821 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7822 
   7823 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   7824 
   7825 	args->pass = CIL_PASS_CALL2;
   7826 
   7827 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   7828 
   7829 	args->pass = CIL_PASS_MISC2;
   7830 
   7831 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7832 
   7833 	args->pass = CIL_PASS_MISC3;
   7834 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   7835 
   7836 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
   7837 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7838 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   7839 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   7840 }
   7841 
   7842 void test_cil_resolve_userrange_macro_neg(CuTest *tc) {
   7843 	char *line[] = {"(", "user",  "foo_u", ")",
   7844 			"(", "category", "c0", ")",
   7845 			"(", "sensitivity", "s0", ")",
   7846 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7847 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   7848 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7849 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
   7850 				"(", "userrange", "foo_u", "range", ")", ")",
   7851 			"(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
   7852 
   7853 	struct cil_tree *test_tree;
   7854 	gen_test_tree(&test_tree, line);
   7855 
   7856 	struct cil_db *test_db;
   7857 	cil_db_init(&test_db);
   7858 
   7859 	uint32_t changed = CIL_FALSE;
   7860 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   7861 
   7862 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7863 
   7864 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   7865 
   7866 	args->pass = CIL_PASS_CALL2;
   7867 
   7868 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
   7869 
   7870 	args->pass = CIL_PASS_MISC2;
   7871 
   7872 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7873 
   7874 	args->pass = CIL_PASS_MISC3;
   7875 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
   7876 
   7877 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
   7878 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7879 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
   7880 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
   7881 }
   7882 
   7883 void test_cil_resolve_userrange_range_anon(CuTest *tc) {
   7884 	char *line[] = {"(", "user",  "foo_u", ")",
   7885 			"(", "category", "c0", ")",
   7886 			"(", "sensitivity", "s0", ")",
   7887 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7888 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7889 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   7890 			"(", "userrange", "foo_u", "(", "low", "high", ")", ")", NULL};
   7891 
   7892 	struct cil_tree *test_tree;
   7893 	gen_test_tree(&test_tree, line);
   7894 
   7895 	struct cil_db *test_db;
   7896 	cil_db_init(&test_db);
   7897 
   7898 	uint32_t changed = CIL_FALSE;
   7899 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7900 
   7901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7902 
   7903 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7904 
   7905 	args->pass = CIL_PASS_MISC3;
   7906 
   7907 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   7908 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   7909 }
   7910 
   7911 void test_cil_resolve_userrange_range_anon_neg(CuTest *tc) {
   7912 	char *line[] = {"(", "user",  "foo_u", ")",
   7913 			"(", "category", "c0", ")",
   7914 			"(", "sensitivity", "s0", ")",
   7915 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7916 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   7917 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   7918 			"(", "userrange", "foo_u", "(", "DNE", "high", ")", ")", NULL};
   7919 
   7920 	struct cil_tree *test_tree;
   7921 	gen_test_tree(&test_tree, line);
   7922 
   7923 	struct cil_db *test_db;
   7924 	cil_db_init(&test_db);
   7925 
   7926 	uint32_t changed = CIL_FALSE;
   7927 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7928 
   7929 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7930 
   7931 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7932 
   7933 	args->pass = CIL_PASS_MISC3;
   7934 
   7935 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
   7936 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7937 }
   7938 
   7939 void test_cil_resolve_userrange_user_neg(CuTest *tc) {
   7940 	char *line[] = {"(", "user",  "foo_u", ")",
   7941 			"(", "category", "c0", ")",
   7942 			"(", "sensitivity", "s0", ")",
   7943 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7944 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
   7945 			"(", "userrange", "DNE", "range", ")", NULL};
   7946 
   7947 	struct cil_tree *test_tree;
   7948 	gen_test_tree(&test_tree, line);
   7949 
   7950 	struct cil_db *test_db;
   7951 	cil_db_init(&test_db);
   7952 
   7953 	uint32_t changed = CIL_FALSE;
   7954 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7955 
   7956 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7957 
   7958 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7959 
   7960 	args->pass = CIL_PASS_MISC3;
   7961 
   7962 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7963 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7964 }
   7965 
   7966 void test_cil_resolve_userrange_range_neg(CuTest *tc) {
   7967 	char *line[] = {"(", "user",  "foo_u", ")",
   7968 			"(", "category", "c0", ")",
   7969 			"(", "sensitivity", "s0", ")",
   7970 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   7971 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
   7972 			"(", "userrange", "foo_u", "DNE", ")", NULL};
   7973 
   7974 	struct cil_tree *test_tree;
   7975 	gen_test_tree(&test_tree, line);
   7976 
   7977 	struct cil_db *test_db;
   7978 	cil_db_init(&test_db);
   7979 
   7980 	uint32_t changed = CIL_FALSE;
   7981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   7982 
   7983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   7984 
   7985 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
   7986 
   7987 	args->pass = CIL_PASS_MISC3;
   7988 
   7989 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
   7990 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   7991 }
   7992 
   7993 void test_cil_disable_children_helper_optional_enabled(CuTest *tc) {
   7994 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
   7995 
   7996 	struct cil_tree *test_tree;
   7997 	gen_test_tree(&test_tree, line);
   7998 
   7999 	struct cil_db *test_db;
   8000 	cil_db_init(&test_db);
   8001 
   8002 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8003 
   8004 	uint32_t finished = 0;
   8005 
   8006 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8007 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8008 }
   8009 
   8010 void test_cil_disable_children_helper_optional_disabled(CuTest *tc) {
   8011 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
   8012 
   8013 	struct cil_tree *test_tree;
   8014 	gen_test_tree(&test_tree, line);
   8015 
   8016 	struct cil_db *test_db;
   8017 	cil_db_init(&test_db);
   8018 
   8019 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8020 
   8021 	uint32_t finished = 0;
   8022 
   8023 	((struct cil_optional *)test_db->ast->root->cl_head->data)->datum.state = CIL_STATE_DISABLED;
   8024 
   8025 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8026 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8027 }
   8028 
   8029 void test_cil_disable_children_helper_block(CuTest *tc) {
   8030 	char *line[] = {"(", "block", "a", "(", "type", "log", ")", ")", NULL};
   8031 
   8032 	struct cil_tree *test_tree;
   8033 	gen_test_tree(&test_tree, line);
   8034 
   8035 	struct cil_db *test_db;
   8036 	cil_db_init(&test_db);
   8037 
   8038 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8039 
   8040 	uint32_t finished = 0;
   8041 
   8042 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8043 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8044 }
   8045 
   8046 void test_cil_disable_children_helper_user(CuTest *tc) {
   8047 	char *line[] = {"(", "user", "staff_u", NULL};
   8048 
   8049 	struct cil_tree *test_tree;
   8050 	gen_test_tree(&test_tree, line);
   8051 
   8052 	struct cil_db *test_db;
   8053 	cil_db_init(&test_db);
   8054 
   8055 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8056 
   8057 	uint32_t finished = 0;
   8058 
   8059 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8060 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8061 }
   8062 
   8063 void test_cil_disable_children_helper_role(CuTest *tc) {
   8064 	char *line[] = {"(", "role", "role_r", NULL};
   8065 
   8066 	struct cil_tree *test_tree;
   8067 	gen_test_tree(&test_tree, line);
   8068 
   8069 	struct cil_db *test_db;
   8070 	cil_db_init(&test_db);
   8071 
   8072 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8073 
   8074 	uint32_t finished = 0;
   8075 
   8076 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8077 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8078 }
   8079 
   8080 void test_cil_disable_children_helper_type(CuTest *tc) {
   8081 	char *line[] = {"(", "type", "type_t", NULL};
   8082 
   8083 	struct cil_tree *test_tree;
   8084 	gen_test_tree(&test_tree, line);
   8085 
   8086 	struct cil_db *test_db;
   8087 	cil_db_init(&test_db);
   8088 
   8089 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8090 
   8091 	uint32_t finished = 0;
   8092 
   8093 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8094 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8095 }
   8096 
   8097 void test_cil_disable_children_helper_typealias(CuTest *tc) {
   8098 	char *line[] = {"(", "typealias", ".test.type", "type_t", ")", "(", "type", "test", ")", NULL};
   8099 
   8100 	struct cil_tree *test_tree;
   8101 	gen_test_tree(&test_tree, line);
   8102 
   8103 	struct cil_db *test_db;
   8104 	cil_db_init(&test_db);
   8105 
   8106 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8107 
   8108 	uint32_t finished = 0;
   8109 
   8110 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8112 }
   8113 
   8114 void test_cil_disable_children_helper_common(CuTest *tc) {
   8115 	char *line[] = {"(", "common", "foo", "(", "read", ")", ")", NULL};
   8116 
   8117 	struct cil_tree *test_tree;
   8118 	gen_test_tree(&test_tree, line);
   8119 
   8120 	struct cil_db *test_db;
   8121 	cil_db_init(&test_db);
   8122 
   8123 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8124 
   8125 	uint32_t finished = 0;
   8126 
   8127 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8128 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8129 }
   8130 
   8131 void test_cil_disable_children_helper_class(CuTest *tc) {
   8132 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
   8133 
   8134 	struct cil_tree *test_tree;
   8135 	gen_test_tree(&test_tree, line);
   8136 
   8137 	struct cil_db *test_db;
   8138 	cil_db_init(&test_db);
   8139 
   8140 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8141 
   8142 	uint32_t finished = 0;
   8143 
   8144 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8145 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8146 }
   8147 
   8148 void test_cil_disable_children_helper_bool(CuTest *tc) {
   8149 	char *line[] = {"(", "boolean", "foo", "true", ")", NULL};
   8150 
   8151 	struct cil_tree *test_tree;
   8152 	gen_test_tree(&test_tree, line);
   8153 
   8154 	struct cil_db *test_db;
   8155 	cil_db_init(&test_db);
   8156 
   8157 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8158 
   8159 	uint32_t finished = 0;
   8160 
   8161 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8162 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8163 }
   8164 
   8165 void test_cil_disable_children_helper_sens(CuTest *tc) {
   8166 	char *line[] = {"(", "sensitivity", "s0", ")", NULL};
   8167 
   8168 	struct cil_tree *test_tree;
   8169 	gen_test_tree(&test_tree, line);
   8170 
   8171 	struct cil_db *test_db;
   8172 	cil_db_init(&test_db);
   8173 
   8174 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8175 
   8176 	uint32_t finished = 0;
   8177 
   8178 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8179 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8180 }
   8181 
   8182 void test_cil_disable_children_helper_cat(CuTest *tc) {
   8183 	char *line[] = {"(", "category", "c0", ")", NULL};
   8184 
   8185 	struct cil_tree *test_tree;
   8186 	gen_test_tree(&test_tree, line);
   8187 
   8188 	struct cil_db *test_db;
   8189 	cil_db_init(&test_db);
   8190 
   8191 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8192 
   8193 	uint32_t finished = 0;
   8194 
   8195 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8196 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8197 }
   8198 
   8199 void test_cil_disable_children_helper_catset(CuTest *tc) {
   8200 	char *line[] = {"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
   8201 
   8202 	struct cil_tree *test_tree;
   8203 	gen_test_tree(&test_tree, line);
   8204 
   8205 	struct cil_db *test_db;
   8206 	cil_db_init(&test_db);
   8207 
   8208 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8209 
   8210 	uint32_t finished = 0;
   8211 
   8212 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8213 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8214 }
   8215 
   8216 void test_cil_disable_children_helper_sid(CuTest *tc) {
   8217 	char *line[] = {"(", "sid", "foo", ")", NULL};
   8218 
   8219 	struct cil_tree *test_tree;
   8220 	gen_test_tree(&test_tree, line);
   8221 
   8222 	struct cil_db *test_db;
   8223 	cil_db_init(&test_db);
   8224 
   8225 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8226 
   8227 	uint32_t finished = 0;
   8228 
   8229 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8230 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8231 }
   8232 
   8233 void test_cil_disable_children_helper_macro(CuTest *tc) {
   8234 	char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   8235 				"(", "type", "b", ")",
   8236 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
   8237 
   8238 	struct cil_tree *test_tree;
   8239 	gen_test_tree(&test_tree, line);
   8240 
   8241 	struct cil_db *test_db;
   8242 	cil_db_init(&test_db);
   8243 
   8244 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8245 
   8246 	uint32_t finished = 0;
   8247 
   8248 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8249 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8250 }
   8251 
   8252 void test_cil_disable_children_helper_context(CuTest *tc) {
   8253 	char *line[] = {"(", "context", "con",
   8254                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
   8255 
   8256 	struct cil_tree *test_tree;
   8257 	gen_test_tree(&test_tree, line);
   8258 
   8259 	struct cil_db *test_db;
   8260 	cil_db_init(&test_db);
   8261 
   8262 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8263 
   8264 	uint32_t finished = 0;
   8265 
   8266 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8267 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8268 }
   8269 
   8270 void test_cil_disable_children_helper_level(CuTest *tc) {
   8271 	char *line[] = {"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", NULL};
   8272 
   8273 	struct cil_tree *test_tree;
   8274 	gen_test_tree(&test_tree, line);
   8275 
   8276 	struct cil_db *test_db;
   8277 	cil_db_init(&test_db);
   8278 
   8279 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8280 
   8281 	uint32_t finished = 0;
   8282 
   8283 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8284 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8285 }
   8286 
   8287 void test_cil_disable_children_helper_policycap(CuTest *tc) {
   8288 	char *line[] = {"(", "policycap", "foo", NULL};
   8289 
   8290 	struct cil_tree *test_tree;
   8291 	gen_test_tree(&test_tree, line);
   8292 
   8293 	struct cil_db *test_db;
   8294 	cil_db_init(&test_db);
   8295 
   8296 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8297 
   8298 	uint32_t finished = 0;
   8299 
   8300 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8301 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8302 }
   8303 
   8304 void test_cil_disable_children_helper_perm(CuTest *tc) {
   8305 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
   8306 
   8307 	struct cil_tree *test_tree;
   8308 	gen_test_tree(&test_tree, line);
   8309 
   8310 	struct cil_db *test_db;
   8311 	cil_db_init(&test_db);
   8312 
   8313 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8314 
   8315 	uint32_t finished = 0;
   8316 
   8317 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head->cl_head, &finished, NULL);
   8318 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8319 }
   8320 
   8321 void test_cil_disable_children_helper_catalias(CuTest *tc) {
   8322 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
   8323 
   8324 	struct cil_tree *test_tree;
   8325 	gen_test_tree(&test_tree, line);
   8326 
   8327 	struct cil_db *test_db;
   8328 	cil_db_init(&test_db);
   8329 
   8330 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8331 
   8332 	uint32_t finished = 0;
   8333 
   8334 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8335 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8336 }
   8337 
   8338 void test_cil_disable_children_helper_sensalias(CuTest *tc) {
   8339 	char *line[] = {"(", "sensitivityalias", "s0", "red", ")", NULL};
   8340 
   8341 	struct cil_tree *test_tree;
   8342 	gen_test_tree(&test_tree, line);
   8343 
   8344 	struct cil_db *test_db;
   8345 	cil_db_init(&test_db);
   8346 
   8347 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8348 
   8349 	uint32_t finished = 0;
   8350 
   8351 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8352 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8353 }
   8354 
   8355 void test_cil_disable_children_helper_tunable(CuTest *tc) {
   8356 	char *line[] = {"(", "tunable", "foo", "false", ")", NULL};
   8357 
   8358 	struct cil_tree *test_tree;
   8359 	gen_test_tree(&test_tree, line);
   8360 
   8361 	struct cil_db *test_db;
   8362 	cil_db_init(&test_db);
   8363 
   8364 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8365 
   8366 	uint32_t finished = 0;
   8367 
   8368 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8369 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8370 }
   8371 
   8372 void test_cil_disable_children_helper_unknown(CuTest *tc) {
   8373 	char *line[] = {"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   8374 
   8375 	struct cil_tree *test_tree;
   8376 	gen_test_tree(&test_tree, line);
   8377 
   8378 	struct cil_db *test_db;
   8379 	cil_db_init(&test_db);
   8380 
   8381 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8382 
   8383 	uint32_t finished = 0;
   8384 
   8385 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
   8386 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8387 }
   8388 
   8389 
   8390 /*
   8391 	__cil_resolve_ast_node_helper test cases
   8392 */
   8393 
   8394 void test_cil_resolve_ast_node_helper_call1(CuTest *tc) {
   8395 	char *line[] = {"(", "type", "qaz", ")",
   8396 			"(", "class", "file", "(", "read", ")", ")",
   8397 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   8398 				"(", "type", "b", ")",
   8399 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   8400 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   8401 
   8402 	struct cil_tree *test_tree;
   8403 	gen_test_tree(&test_tree, line);
   8404 
   8405 	struct cil_db *test_db;
   8406 	cil_db_init(&test_db);
   8407 
   8408 	uint32_t changed = CIL_FALSE;
   8409 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   8410 
   8411 	uint32_t finished = 0;
   8412 
   8413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8414 
   8415 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8416 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8417 	CuAssertIntEquals(tc, 0, finished);
   8418 }
   8419 
   8420 void test_cil_resolve_ast_node_helper_call1_neg(CuTest *tc) {
   8421 	char *line[] = {"(", "type", "qaz", ")",
   8422 			"(", "class", "file", "(", "read", ")", ")",
   8423 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   8424 				"(", "type", "b", ")",
   8425 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   8426 			"(", "call", "m", "(", "qaz", ")", ")", NULL};
   8427 
   8428 	struct cil_tree *test_tree;
   8429 	gen_test_tree(&test_tree, line);
   8430 
   8431 	struct cil_db *test_db;
   8432 	cil_db_init(&test_db);
   8433 
   8434 	uint32_t changed = CIL_FALSE;
   8435 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   8436 
   8437 	uint32_t finished = 0;
   8438 
   8439 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8440 
   8441 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8442 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8443 	CuAssertIntEquals(tc, 0, finished);
   8444 }
   8445 
   8446 void test_cil_resolve_ast_node_helper_call2(CuTest *tc) {
   8447 	char *line[] = {"(", "type", "qaz", ")",
   8448 			"(", "class", "file", "(", "read", ")", ")",
   8449 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   8450 				"(", "type", "b", ")",
   8451 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   8452 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   8453 
   8454 	struct cil_tree *test_tree;
   8455 	gen_test_tree(&test_tree, line);
   8456 
   8457 	struct cil_db *test_db;
   8458 	cil_db_init(&test_db);
   8459 
   8460 	uint32_t changed = CIL_FALSE;
   8461 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   8462 
   8463 	uint32_t finished = 0;
   8464 
   8465 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8466 
   8467 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   8468 
   8469 	args->pass = CIL_PASS_CALL2;
   8470 
   8471 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8472 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8473 	CuAssertIntEquals(tc, 0, finished);
   8474 }
   8475 
   8476 void test_cil_resolve_ast_node_helper_call2_neg(CuTest *tc) {
   8477 	char *line[] = {"(", "type", "qaz", ")",
   8478 			"(", "class", "file", "(", "read", ")", ")",
   8479 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   8480 				"(", "type", "b", ")",
   8481 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   8482 			"(", "call", "mm", "(", "foo", "extra", ")", ")", NULL};
   8483 
   8484 	struct cil_tree *test_tree;
   8485 	gen_test_tree(&test_tree, line);
   8486 
   8487 	struct cil_db *test_db;
   8488 	cil_db_init(&test_db);
   8489 
   8490 	uint32_t changed = CIL_FALSE;
   8491 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
   8492 	uint32_t finished = 0;
   8493 
   8494 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8495 
   8496 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
   8497 
   8498 	args->pass = CIL_PASS_CALL2;
   8499 
   8500 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8501 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8502 }
   8503 
   8504 void test_cil_resolve_ast_node_helper_boolif(CuTest *tc) {
   8505 	char *line[] = {"(", "boolean", "foo", "true", ")",
   8506 			"(", "boolean", "bar", "false", ")",
   8507 			"(", "class", "baz", "(", "read", ")", ")",
   8508 			"(", "booleanif", "(", "and", "foo", "bar", ")",
   8509 			"(", "true",
   8510 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   8511 
   8512 	struct cil_tree *test_tree;
   8513 	gen_test_tree(&test_tree, line);
   8514 
   8515 	struct cil_db *test_db;
   8516 	cil_db_init(&test_db);
   8517 
   8518 	uint32_t changed = CIL_FALSE;
   8519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8520 	uint32_t finished = 0;
   8521 
   8522 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8523 
   8524 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8525 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8526 	CuAssertIntEquals(tc, 0, finished);
   8527 }
   8528 
   8529 void test_cil_resolve_ast_node_helper_boolif_neg(CuTest *tc) {
   8530 	char *line[] = {"(", "boolean", "foo", "true", ")",
   8531 			"(", "boolean", "bar", "false", ")",
   8532 			"(", "class", "baz", "(", "read", ")", ")",
   8533 			"(", "booleanif", "(", "and", "dne", "N/A", ")",
   8534 			"(", "true",
   8535 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   8536 
   8537 	struct cil_tree *test_tree;
   8538 	gen_test_tree(&test_tree, line);
   8539 
   8540 	struct cil_db *test_db;
   8541 	cil_db_init(&test_db);
   8542 
   8543 	uint32_t changed = CIL_FALSE;
   8544 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8545 	uint32_t finished = 0;
   8546 
   8547 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8548 
   8549 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8550 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8551 	CuAssertIntEquals(tc, 0, finished);
   8552 }
   8553 
   8554 void test_cil_resolve_ast_node_helper_tunif(CuTest *tc) {
   8555 	char *line[] = {"(", "tunable", "foo", "true", ")",
   8556 			"(", "tunable", "bar", "false", ")",
   8557 			"(", "class", "baz", "(", "read", ")", ")",
   8558 			"(", "tunableif", "(", "and", "foo", "bar", ")",
   8559 			"(", "false",
   8560 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   8561 
   8562 	struct cil_tree *test_tree;
   8563 	gen_test_tree(&test_tree, line);
   8564 
   8565 	struct cil_db *test_db;
   8566 	cil_db_init(&test_db);
   8567 
   8568 	uint32_t changed = CIL_FALSE;
   8569 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   8570 	uint32_t finished = 0;
   8571 
   8572 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8573 
   8574 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8575 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8576 	CuAssertIntEquals(tc, 0, finished);
   8577 }
   8578 
   8579 void test_cil_resolve_ast_node_helper_tunif_neg(CuTest *tc) {
   8580 	char *line[] = {"(", "tunable", "foo", "true", ")",
   8581 			"(", "tunable", "bar", "false", ")",
   8582 			"(", "class", "baz", "(", "read", ")", ")",
   8583 			"(", "tunableif", "(", "and", "dne", "N/A", ")",
   8584 			"(", "true",
   8585 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
   8586 
   8587 	struct cil_tree *test_tree;
   8588 	gen_test_tree(&test_tree, line);
   8589 
   8590 	struct cil_db *test_db;
   8591 	cil_db_init(&test_db);
   8592 
   8593 	uint32_t changed = CIL_FALSE;
   8594 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   8595 
   8596 	uint32_t finished = 0;
   8597 
   8598 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8599 
   8600 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8601 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8602 	CuAssertIntEquals(tc, 0, finished);
   8603 }
   8604 
   8605 void test_cil_resolve_ast_node_helper_catorder(CuTest *tc) {
   8606 	char *line[] = {"(", "category", "c0", ")",
   8607 			"(", "category", "c1", ")",
   8608 			"(", "category", "c2", ")",
   8609 			"(", "categoryorder", "(", "c0", "c1", ")", ")", NULL};
   8610 
   8611 	struct cil_tree *test_tree;
   8612 	gen_test_tree(&test_tree, line);
   8613 
   8614 	struct cil_db *test_db;
   8615 	cil_db_init(&test_db);
   8616 
   8617 	uint32_t changed = CIL_FALSE;
   8618 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8619 	uint32_t finished = 0;
   8620 
   8621 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8622 
   8623 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8624 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8625 	CuAssertIntEquals(tc, 0, finished);
   8626 }
   8627 
   8628 void test_cil_resolve_ast_node_helper_catorder_neg(CuTest *tc) {
   8629 	char *line[] = {"(", "category", "c0", ")",
   8630 			"(", "category", "c1", ")",
   8631 			"(", "category", "c2", ")",
   8632 			"(", "categoryorder", "(", "c8", ")", ")", NULL};
   8633 
   8634 	struct cil_tree *test_tree;
   8635 	gen_test_tree(&test_tree, line);
   8636 
   8637 	struct cil_db *test_db;
   8638 	cil_db_init(&test_db);
   8639 
   8640 	uint32_t changed = CIL_FALSE;
   8641 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8642 	uint32_t finished = 0;
   8643 
   8644 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8645 
   8646 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8647 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8648 	CuAssertIntEquals(tc, 0, finished);
   8649 }
   8650 
   8651 void test_cil_resolve_ast_node_helper_dominance(CuTest *tc) {
   8652 	char *line[] = {"(", "sensitivity", "s0", ")",
   8653 			"(", "sensitivity", "s1", ")",
   8654 			"(", "sensitivity", "s2", ")",
   8655 			"(", "dominance", "(", "s0", "s1", ")", ")", NULL};
   8656 
   8657 	struct cil_tree *test_tree;
   8658 	gen_test_tree(&test_tree, line);
   8659 
   8660 	struct cil_db *test_db;
   8661 	cil_db_init(&test_db);
   8662 
   8663 	uint32_t changed = CIL_FALSE;
   8664 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8665 	uint32_t finished = 0;
   8666 
   8667 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8668 
   8669 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8670 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8671 	CuAssertIntEquals(tc, 0, finished);
   8672 }
   8673 
   8674 void test_cil_resolve_ast_node_helper_dominance_neg(CuTest *tc) {
   8675 	char *line[] = {"(", "sensitivity", "s0", ")",
   8676 			"(", "sensitivity", "s1", ")",
   8677 			"(", "sensitivity", "s2", ")",
   8678 			"(", "dominance", "(", "s0", "s6", ")", ")", NULL};
   8679 
   8680 	struct cil_tree *test_tree;
   8681 	gen_test_tree(&test_tree, line);
   8682 
   8683 	struct cil_db *test_db;
   8684 	cil_db_init(&test_db);
   8685 
   8686 	uint32_t changed = CIL_FALSE;
   8687 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8688 	uint32_t finished = 0;
   8689 
   8690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8691 
   8692 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8693 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8694 	CuAssertIntEquals(tc, 0, finished);
   8695 }
   8696 
   8697 void test_cil_resolve_ast_node_helper_roleallow(CuTest *tc) {
   8698 	char *line[] = {"(", "role", "foo", ")", \
   8699 			"(", "role", "bar", ")", \
   8700 			"(", "roleallow", "foo", "bar", ")", NULL};
   8701 
   8702 	struct cil_tree *test_tree;
   8703 	gen_test_tree(&test_tree, line);
   8704 
   8705 	struct cil_db *test_db;
   8706 	cil_db_init(&test_db);
   8707 
   8708 	uint32_t changed = CIL_FALSE;
   8709 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   8710 
   8711 	uint32_t finished = 0;
   8712 
   8713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8714 
   8715 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   8716 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8717 	CuAssertIntEquals(tc, 0, finished);
   8718 }
   8719 
   8720 void test_cil_resolve_ast_node_helper_roleallow_neg(CuTest *tc) {
   8721 	char *line[] = {"(", "role", "foo", ")", \
   8722 			"(", "roleallow", "foo", "bar", ")", NULL};
   8723 
   8724 	struct cil_tree *test_tree;
   8725 	gen_test_tree(&test_tree, line);
   8726 
   8727 	struct cil_db *test_db;
   8728 	cil_db_init(&test_db);
   8729 
   8730 	uint32_t changed = CIL_FALSE;
   8731 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   8732 
   8733 	uint32_t finished = 0;
   8734 
   8735 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8736 
   8737 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   8738 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8739 	CuAssertIntEquals(tc, 0, finished);
   8740 }
   8741 
   8742 void test_cil_resolve_ast_node_helper_sensalias(CuTest *tc) {
   8743 	char *line[] = {"(", "sensitivity", "s0", ")",
   8744 			"(", "sensitivityalias", "s0", "alias", ")", NULL};
   8745 
   8746 	struct cil_tree *test_tree;
   8747 	gen_test_tree(&test_tree, line);
   8748 
   8749 	struct cil_db *test_db;
   8750 	cil_db_init(&test_db);
   8751 
   8752 	uint32_t changed = CIL_FALSE;
   8753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8754 
   8755 	uint32_t finished = 0;
   8756 
   8757 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8758 
   8759 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   8760 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8761 	CuAssertIntEquals(tc, 0, finished);
   8762 }
   8763 
   8764 void test_cil_resolve_ast_node_helper_sensalias_neg(CuTest *tc) {
   8765 	char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
   8766 
   8767 	struct cil_tree *test_tree;
   8768 	gen_test_tree(&test_tree, line);
   8769 
   8770 	struct cil_db *test_db;
   8771 	cil_db_init(&test_db);
   8772 
   8773 	uint32_t changed = CIL_FALSE;
   8774 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8775 
   8776 	uint32_t finished = 0;
   8777 
   8778 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8779 
   8780 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   8781 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8782 	CuAssertIntEquals(tc, 0, finished);
   8783 }
   8784 
   8785 void test_cil_resolve_ast_node_helper_catalias(CuTest *tc) {
   8786 	char *line[] = {"(", "category", "c0", ")",
   8787 			"(", "categoryalias", "c0", "red", ")", NULL};
   8788 
   8789 	struct cil_tree *test_tree;
   8790 	gen_test_tree(&test_tree, line);
   8791 
   8792 	struct cil_db *test_db;
   8793 	cil_db_init(&test_db);
   8794 
   8795 	uint32_t changed = CIL_FALSE;
   8796 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8797 
   8798 	uint32_t finished = 0;
   8799 
   8800 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8801 
   8802 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   8803 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8804 	CuAssertIntEquals(tc, 0, finished);
   8805 }
   8806 
   8807 void test_cil_resolve_ast_node_helper_catalias_neg(CuTest *tc) {
   8808 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
   8809 
   8810 	struct cil_tree *test_tree;
   8811 	gen_test_tree(&test_tree, line);
   8812 
   8813 	struct cil_db *test_db;
   8814 	cil_db_init(&test_db);
   8815 
   8816 	uint32_t changed = CIL_FALSE;
   8817 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   8818 	uint32_t finished = 0;
   8819 
   8820 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8821 
   8822 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   8823 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8824 	CuAssertIntEquals(tc, 0, finished);
   8825 }
   8826 
   8827 void test_cil_resolve_ast_node_helper_catset(CuTest *tc) {
   8828 	char *line[] = {"(", "category", "c0", ")",
   8829 			"(", "category", "c1", ")",
   8830 			"(", "category", "c2", ")",
   8831 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
   8832 
   8833 	struct cil_tree *test_tree;
   8834 	gen_test_tree(&test_tree, line);
   8835 
   8836 	struct cil_db *test_db;
   8837 	cil_db_init(&test_db);
   8838 
   8839 	uint32_t changed = CIL_FALSE;
   8840 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8841 
   8842 	uint32_t finished = 0;
   8843 
   8844 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8845 
   8846 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8847 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8848 	CuAssertIntEquals(tc, 0, finished);
   8849 }
   8850 
   8851 void test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest *tc) {
   8852 	char *line[] = {"(", "category", "c0", ")",
   8853 			"(", "category", "c1", ")",
   8854 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
   8855 
   8856 	struct cil_tree *test_tree;
   8857 	gen_test_tree(&test_tree, line);
   8858 
   8859 	struct cil_db *test_db;
   8860 	cil_db_init(&test_db);
   8861 
   8862 	uint32_t changed = CIL_FALSE;
   8863 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8864 
   8865 	uint32_t finished = 0;
   8866 
   8867 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8868 
   8869 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   8870 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8871 	CuAssertIntEquals(tc, 0, finished);
   8872 }
   8873 
   8874 void test_cil_resolve_ast_node_helper_catrange(CuTest *tc) {
   8875 	char *line[] = {"(", "category", "c0", ")",
   8876                         "(", "category", "c255", ")",
   8877                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   8878                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
   8879 
   8880 
   8881 	struct cil_tree *test_tree;
   8882 	gen_test_tree(&test_tree, line);
   8883 
   8884 	struct cil_db *test_db;
   8885 	cil_db_init(&test_db);
   8886 
   8887 	uint32_t changed = CIL_FALSE;
   8888 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8889 
   8890 	uint32_t finished = 0;
   8891 
   8892 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8893 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
   8894 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   8895 
   8896 	args->pass = CIL_PASS_MLS;
   8897 
   8898 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8899 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8900 	CuAssertIntEquals(tc, 0, finished);
   8901 }
   8902 
   8903 void test_cil_resolve_ast_node_helper_catrange_neg(CuTest *tc) {
   8904 	char *line[] = {"(", "category", "c0", ")",
   8905                         "(", "category", "c255", ")",
   8906                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   8907                         "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
   8908 
   8909 	struct cil_tree *test_tree;
   8910 	gen_test_tree(&test_tree, line);
   8911 
   8912 	struct cil_db *test_db;
   8913 	cil_db_init(&test_db);
   8914 
   8915 	uint32_t changed = CIL_FALSE;
   8916 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
   8917 
   8918 	uint32_t finished = 0;
   8919 
   8920 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8921 
   8922 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8923 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   8924 	CuAssertIntEquals(tc, 0, finished);
   8925 }
   8926 
   8927 void test_cil_resolve_ast_node_helper_level(CuTest *tc) {
   8928         char *line[] = {"(", "sensitivity", "s0", ")",
   8929 			"(", "category", "c1", ")",
   8930 			"(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
   8931 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",  NULL};
   8932 
   8933 	struct cil_tree *test_tree;
   8934 	gen_test_tree(&test_tree, line);
   8935 
   8936 	struct cil_db *test_db;
   8937 	cil_db_init(&test_db);
   8938 
   8939 	uint32_t changed = CIL_FALSE;
   8940 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8941 
   8942 	uint32_t finished = 0;
   8943 
   8944 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8945 
   8946 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   8947 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   8948 
   8949 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   8950 
   8951 	args->pass = CIL_PASS_MLS;
   8952 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   8953 
   8954 	args->pass = CIL_PASS_MISC2;
   8955 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   8956 
   8957 	args->pass = CIL_PASS_MISC3;
   8958 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8959 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   8960 	CuAssertIntEquals(tc, finished, 0);
   8961 }
   8962 
   8963 void test_cil_resolve_ast_node_helper_level_neg(CuTest *tc) {
   8964         char *line[] = {"(", "sensitivity", "s0", ")",
   8965 			"(", "category", "c1", ")",
   8966 			"(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
   8967 			"(", "level", "l2", "(", "s8", "(", "c1", ")", ")", ")", NULL};
   8968 
   8969 	struct cil_tree *test_tree;
   8970 	gen_test_tree(&test_tree, line);
   8971 
   8972 	struct cil_db *test_db;
   8973 	cil_db_init(&test_db);
   8974 
   8975 	uint32_t changed = CIL_FALSE;
   8976 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   8977 
   8978 	uint32_t finished = 0;
   8979 
   8980 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   8981 
   8982 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   8983 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   8984 
   8985 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   8986 
   8987 	args->pass = CIL_PASS_MLS;
   8988 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   8989 
   8990 	args->pass = CIL_PASS_MISC3;
   8991 
   8992 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   8993 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   8994 	CuAssertIntEquals(tc, finished, 0);
   8995 }
   8996 
   8997 void test_cil_resolve_ast_node_helper_levelrange(CuTest *tc) {
   8998         char *line[] = {"(", "sensitivity", "s0", ")",
   8999 			"(", "category", "c0", ")",
   9000 			"(", "categoryorder", "(", "c0", ")", ")",
   9001 			"(", "dominance", "(", "s0", ")", ")",
   9002 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   9003 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   9004 
   9005 	struct cil_tree *test_tree;
   9006 	gen_test_tree(&test_tree, line);
   9007 
   9008 	struct cil_db *test_db;
   9009 	cil_db_init(&test_db);
   9010 
   9011 	uint32_t changed = CIL_FALSE;
   9012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   9013 
   9014 	uint32_t finished = 0;
   9015 
   9016 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9017 
   9018 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   9019 
   9020 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   9021 
   9022 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   9023 
   9024 	args->pass = CIL_PASS_MLS;
   9025 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   9026 
   9027 	args->pass = CIL_PASS_MISC2;
   9028 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   9029 
   9030 	args->pass = CIL_PASS_MISC3;
   9031 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   9032 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9033 	CuAssertIntEquals(tc, finished, 0);
   9034 }
   9035 
   9036 void test_cil_resolve_ast_node_helper_levelrange_neg(CuTest *tc) {
   9037         char *line[] = {"(", "sensitivity", "s0", ")",
   9038 			"(", "category", "c0", ")",
   9039 			"(", "categoryorder", "(", "c0", ")", ")",
   9040 			"(", "dominance", "(", "s0", ")", ")",
   9041 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   9042 			"(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
   9043 
   9044 	struct cil_tree *test_tree;
   9045 	gen_test_tree(&test_tree, line);
   9046 
   9047 	struct cil_db *test_db;
   9048 	cil_db_init(&test_db);
   9049 
   9050 	uint32_t changed = CIL_FALSE;
   9051 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   9052 
   9053 	uint32_t finished = 0;
   9054 
   9055 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9056 
   9057 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   9058 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   9059 
   9060 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   9061 
   9062 	args->pass = CIL_PASS_MLS;
   9063 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   9064 
   9065 	args->pass = CIL_PASS_MISC3;
   9066 
   9067 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   9068 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9069 	CuAssertIntEquals(tc, finished, 0);
   9070 }
   9071 
   9072 void test_cil_resolve_ast_node_helper_constrain(CuTest *tc) {
   9073         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   9074 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   9075 			"(", "sensitivity", "s0", ")",
   9076 			"(", "category", "c1", ")",
   9077 			"(", "role", "r1", ")",
   9078 			"(", "role", "r2", ")",
   9079 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
   9080 
   9081 	struct cil_tree *test_tree;
   9082 	gen_test_tree(&test_tree, line);
   9083 
   9084 	struct cil_db *test_db;
   9085 	cil_db_init(&test_db);
   9086 
   9087 	uint32_t changed = CIL_FALSE;
   9088 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9089 
   9090 	uint32_t finished = 0;
   9091 
   9092 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9093 
   9094 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9095 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9096 	CuAssertIntEquals(tc, 0, finished);
   9097 }
   9098 
   9099 void test_cil_resolve_ast_node_helper_constrain_neg(CuTest *tc) {
   9100         char *line[] = {"(", "class", "file", "(", "create", ")", ")",
   9101 			"(", "class", "dir", "(", "create", ")", ")",
   9102 			"(", "sensitivity", "s0", ")",
   9103 			"(", "category", "c1", ")",
   9104 			"(", "role", "r1", ")",
   9105 			"(", "role", "r2", ")",
   9106 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
   9107 
   9108 	struct cil_tree *test_tree;
   9109 	gen_test_tree(&test_tree, line);
   9110 
   9111 	struct cil_db *test_db;
   9112 	cil_db_init(&test_db);
   9113 
   9114 	uint32_t changed = CIL_FALSE;
   9115 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9116 
   9117 	uint32_t finished = 0;
   9118 
   9119 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9120 
   9121 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9122 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9123 	CuAssertIntEquals(tc, 0, finished);
   9124 }
   9125 
   9126 void test_cil_resolve_ast_node_helper_mlsconstrain(CuTest *tc) {
   9127         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
   9128 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
   9129 			"(", "sensitivity", "s0", ")",
   9130 			"(", "category", "c1", ")",
   9131 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   9132 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   9133 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   9134 
   9135 	struct cil_tree *test_tree;
   9136 	gen_test_tree(&test_tree, line);
   9137 
   9138 	struct cil_db *test_db;
   9139 	cil_db_init(&test_db);
   9140 
   9141 	uint32_t changed = CIL_FALSE;
   9142 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9143 
   9144 	uint32_t finished = 0;
   9145 
   9146 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9147 
   9148 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9149 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9150 	CuAssertIntEquals(tc, 0, finished);
   9151 }
   9152 
   9153 void test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest *tc) {
   9154         char *line[] = {"(", "class", "file", "(", "read", ")", ")",
   9155 			"(", "class", "dir", "(", "read", ")", ")",
   9156 			"(", "sensitivity", "s0", ")",
   9157 			"(", "category", "c1", ")",
   9158 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
   9159 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
   9160 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
   9161 
   9162 	struct cil_tree *test_tree;
   9163 	gen_test_tree(&test_tree, line);
   9164 
   9165 	struct cil_db *test_db;
   9166 	cil_db_init(&test_db);
   9167 
   9168 	uint32_t changed = CIL_FALSE;
   9169 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9170 
   9171 	uint32_t finished = 0;
   9172 
   9173 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9174 
   9175 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9176 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9177 	CuAssertIntEquals(tc, 0, finished);
   9178 }
   9179 
   9180 void test_cil_resolve_ast_node_helper_context(CuTest *tc) {
   9181 	char *line[] = {"(", "sensitivity", "s0", ")",
   9182 			"(", "category", "c0", ")",
   9183 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   9184 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   9185 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   9186 			"(", "user", "system_u", ")",
   9187 			"(", "role", "object_r", ")",
   9188 			"(", "type", "netif_t", ")",
   9189 			"(", "context", "con",
   9190                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", NULL};
   9191 
   9192 	struct cil_tree *test_tree;
   9193 	gen_test_tree(&test_tree, line);
   9194 
   9195 	struct cil_db *test_db;
   9196 	cil_db_init(&test_db);
   9197 
   9198 	uint32_t changed = CIL_FALSE;
   9199 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   9200 
   9201 	uint32_t finished = 0;
   9202 
   9203 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9204 
   9205 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   9206 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   9207 
   9208 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   9209 
   9210 	args->pass = CIL_PASS_MLS;
   9211 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   9212 
   9213 	args->pass = CIL_PASS_MISC3;
   9214 
   9215 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   9216 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9217 	CuAssertIntEquals(tc, finished, 0);
   9218 }
   9219 
   9220 void test_cil_resolve_ast_node_helper_context_neg(CuTest *tc) {
   9221 	char *line[] = {"(", "sensitivity", "s0", ")",
   9222 			"(", "category", "c0", ")",
   9223 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   9224 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   9225 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   9226 			"(", "user", "system_u", ")",
   9227 			"(", "role", "object_r", ")",
   9228 			"(", "type", "netif_t", ")",
   9229 			"(", "context", "con",
   9230                         "(", "system_u", "object_r", "netif_t", "DNE", "high", NULL};
   9231 
   9232 	struct cil_tree *test_tree;
   9233 	gen_test_tree(&test_tree, line);
   9234 
   9235 	struct cil_db *test_db;
   9236 	cil_db_init(&test_db);
   9237 
   9238 	uint32_t changed = CIL_FALSE;
   9239 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
   9240 
   9241 	uint32_t finished = 0;
   9242 
   9243 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9244 
   9245 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
   9246 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
   9247 
   9248 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
   9249 
   9250 	args->pass = CIL_PASS_MLS;
   9251 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
   9252 
   9253 	args->pass = CIL_PASS_MISC3;
   9254 
   9255 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   9256 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   9257 	CuAssertIntEquals(tc, finished, 0);
   9258 }
   9259 
   9260 void test_cil_resolve_ast_node_helper_senscat(CuTest *tc) {
   9261 	char *line[] = {"(", "sensitivity", "s0", ")",
   9262                         "(", "sensitivity", "s1", ")",
   9263                         "(", "dominance", "(", "s0", "s1", ")", ")",
   9264                         "(", "category", "c0", ")",
   9265                         "(", "category", "c255", ")",
   9266                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   9267                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
   9268 
   9269 	struct cil_tree *test_tree;
   9270 	gen_test_tree(&test_tree, line);
   9271 
   9272 	struct cil_db *test_db;
   9273 	cil_db_init(&test_db);
   9274 
   9275 	uint32_t changed = CIL_FALSE;
   9276 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   9277 
   9278 	uint32_t finished = 0;
   9279 
   9280 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9281 
   9282 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9283 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9284 	CuAssertIntEquals(tc, 0, finished);
   9285 }
   9286 
   9287 void test_cil_resolve_ast_node_helper_senscat_neg(CuTest *tc) {
   9288 	char *line[] = {"(", "sensitivity", "s0", ")",
   9289                         "(", "sensitivity", "s1", ")",
   9290                         "(", "dominance", "(", "s0", "s1", ")", ")",
   9291                         "(", "category", "c0", ")",
   9292                         "(", "category", "c255", ")",
   9293                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
   9294                         "(", "sensitivitycategory", "s5", "foo", ")", NULL};
   9295 
   9296 	struct cil_tree *test_tree;
   9297 	gen_test_tree(&test_tree, line);
   9298 
   9299 	struct cil_db *test_db;
   9300 	cil_db_init(&test_db);
   9301 
   9302 	uint32_t changed = CIL_FALSE;
   9303 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   9304 
   9305 	uint32_t finished = 0;
   9306 
   9307 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9308 
   9309 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
   9310 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9311 	CuAssertIntEquals(tc, 0, finished);
   9312 }
   9313 
   9314 void test_cil_resolve_ast_node_helper_roletransition(CuTest *tc) {
   9315 	char *line[] = {"(", "role", "foo_r", ")",
   9316 			"(", "type", "bar_t", ")",
   9317 			"(", "role", "foobar_r", ")",
   9318 			"(", "class", "process", "(", "transition", ")", ")",
   9319 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   9320 
   9321 	struct cil_tree *test_tree;
   9322 	gen_test_tree(&test_tree, line);
   9323 
   9324 	struct cil_db *test_db;
   9325 	cil_db_init(&test_db);
   9326 
   9327 	uint32_t changed = CIL_FALSE;
   9328 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9329 
   9330 	uint32_t finished = 0;
   9331 
   9332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9333 
   9334 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9335 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9336 	CuAssertIntEquals(tc, 0, finished);
   9337 }
   9338 
   9339 void test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest *tc) {
   9340 	char *line[] = {"(", "type", "bar_t", ")",
   9341 			"(", "role", "foobar_r", ")",
   9342 			"(", "class", "process", "(", "transition", ")", ")",
   9343 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   9344 
   9345 	struct cil_tree *test_tree;
   9346 	gen_test_tree(&test_tree, line);
   9347 
   9348 	struct cil_db *test_db;
   9349 	cil_db_init(&test_db);
   9350 
   9351 	uint32_t changed = CIL_FALSE;
   9352 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9353 
   9354 	uint32_t finished = 0;
   9355 
   9356 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9357 
   9358 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9359 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9360 	CuAssertIntEquals(tc, 0, finished);
   9361 }
   9362 
   9363 void test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest *tc) {
   9364 	char *line[] = {"(", "role", "foo_r", ")",
   9365 			"(", "role", "foobar_r", ")",
   9366 			"(", "class", "process", "(", "transition", ")", ")",
   9367 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   9368 
   9369 	struct cil_tree *test_tree;
   9370 	gen_test_tree(&test_tree, line);
   9371 
   9372 	struct cil_db *test_db;
   9373 	cil_db_init(&test_db);
   9374 
   9375 	uint32_t changed = CIL_FALSE;
   9376 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9377 
   9378 	uint32_t finished = 0;
   9379 
   9380 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9381 
   9382 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9383 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9384 	CuAssertIntEquals(tc, 0, finished);
   9385 }
   9386 
   9387 void test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest *tc) {
   9388 	char *line[] = {"(", "role", "foo_r", ")",
   9389 			"(", "type", "bar_t", ")",
   9390 			"(", "class", "process", "(", "transition", ")", ")",
   9391 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
   9392 
   9393 	struct cil_tree *test_tree;
   9394 	gen_test_tree(&test_tree, line);
   9395 
   9396 	struct cil_db *test_db;
   9397 	cil_db_init(&test_db);
   9398 
   9399 	uint32_t changed = CIL_FALSE;
   9400 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9401 
   9402 	uint32_t finished = 0;
   9403 
   9404 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9405 
   9406 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9407 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9408 	CuAssertIntEquals(tc, 0, finished);
   9409 }
   9410 
   9411 void test_cil_resolve_ast_node_helper_typeattributeset(CuTest *tc) {
   9412 	char *line[] = {"(", "typeattribute", "attrs", ")",
   9413 			"(", "type", "type_t", ")",
   9414 			"(", "type", "type_tt", ")",
   9415 			"(", "typeattributeset", "attrs", "(", "type_t", "type_tt", ")", ")", NULL};
   9416 
   9417 	struct cil_tree *test_tree;
   9418 	gen_test_tree(&test_tree, line);
   9419 
   9420 	struct cil_db *test_db;
   9421 	cil_db_init(&test_db);
   9422 
   9423 	uint32_t changed = CIL_FALSE;
   9424 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9425 
   9426 	uint32_t finished = 0;
   9427 
   9428 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9429 
   9430 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9431 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9432 	CuAssertIntEquals(tc, 0, finished);
   9433 }
   9434 
   9435 void test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest *tc) {
   9436 	char *line[] = {"(", "typeattribute", "attrs", ")",
   9437 			"(", "type", "type_t", ")",
   9438 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
   9439 
   9440 	struct cil_tree *test_tree;
   9441 	gen_test_tree(&test_tree, line);
   9442 
   9443 	struct cil_db *test_db;
   9444 	cil_db_init(&test_db);
   9445 
   9446 	uint32_t changed = CIL_FALSE;
   9447 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9448 
   9449 	uint32_t finished = 0;
   9450 
   9451 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9452 
   9453 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   9454 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9455 	CuAssertIntEquals(tc, 0, finished);
   9456 }
   9457 
   9458 void test_cil_resolve_ast_node_helper_typealias(CuTest *tc) {
   9459 	char *line[] = {"(", "block", "foo",
   9460 				"(", "typealias", ".foo.test", "type_t", ")",
   9461 				"(", "type", "test", ")", ")", NULL};
   9462 
   9463 	struct cil_tree *test_tree;
   9464 	gen_test_tree(&test_tree, line);
   9465 
   9466 	struct cil_db *test_db;
   9467 	cil_db_init(&test_db);
   9468 
   9469 	uint32_t changed = CIL_FALSE;
   9470 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   9471 
   9472 	uint32_t finished = 0;
   9473 
   9474 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9475 
   9476 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
   9477 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9478 	CuAssertIntEquals(tc, 0, finished);
   9479 }
   9480 
   9481 void test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest *tc) {
   9482 	char *line[] = {"(", "block", "bar",
   9483 				"(", "typealias", ".bar.test", "type_t", ")", NULL};
   9484 
   9485 	struct cil_tree *test_tree;
   9486 	gen_test_tree(&test_tree, line);
   9487 
   9488 	struct cil_db *test_db;
   9489 	cil_db_init(&test_db);
   9490 
   9491 	uint32_t changed = CIL_FALSE;
   9492 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   9493 
   9494 	uint32_t finished = 0;
   9495 
   9496 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9497 
   9498 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
   9499 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9500 	CuAssertIntEquals(tc, 0, finished);
   9501 }
   9502 
   9503 void test_cil_resolve_ast_node_helper_typebounds(CuTest *tc) {
   9504 	char *line[] = {"(", "type", "type_a", ")",
   9505 			"(", "type", "type_b", ")",
   9506 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   9507 
   9508 	struct cil_tree *test_tree;
   9509 	gen_test_tree(&test_tree, line);
   9510 
   9511 	struct cil_db *test_db;
   9512 	cil_db_init(&test_db);
   9513 
   9514 	uint32_t changed = CIL_FALSE;
   9515 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9516 
   9517 	uint32_t finished = 0;
   9518 
   9519 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9520 
   9521 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   9522 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9523 	CuAssertIntEquals(tc, 0, finished);
   9524 }
   9525 
   9526 void test_cil_resolve_ast_node_helper_typebounds_neg(CuTest *tc) {
   9527 	char *line[] = {"(", "type", "type_b", ")",
   9528 			"(", "typebounds", "type_a", "type_b", ")", NULL};
   9529 
   9530 	struct cil_tree *test_tree;
   9531 	gen_test_tree(&test_tree, line);
   9532 
   9533 	struct cil_db *test_db;
   9534 	cil_db_init(&test_db);
   9535 
   9536 	uint32_t changed = CIL_FALSE;
   9537 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9538 
   9539 	uint32_t finished = 0;
   9540 
   9541 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9542 
   9543 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   9544 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9545 	CuAssertIntEquals(tc, 0, finished);
   9546 }
   9547 
   9548 void test_cil_resolve_ast_node_helper_typepermissive(CuTest *tc) {
   9549 	char *line[] = {"(", "type", "type_a", ")",
   9550 			"(", "typepermissive", "type_a", ")", NULL};
   9551 
   9552 	struct cil_tree *test_tree;
   9553 	gen_test_tree(&test_tree, line);
   9554 
   9555 	struct cil_db *test_db;
   9556 	cil_db_init(&test_db);
   9557 
   9558 	uint32_t changed = CIL_FALSE;
   9559 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9560 	uint32_t finished = 0;
   9561 
   9562 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9563 
   9564 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   9565 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9566 	CuAssertIntEquals(tc, 0, finished);
   9567 }
   9568 
   9569 void test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest *tc) {
   9570 	char *line[] = {"(", "type", "type_b", ")",
   9571 			"(", "typepermissive", "type_a", ")", NULL};
   9572 
   9573 	struct cil_tree *test_tree;
   9574 	gen_test_tree(&test_tree, line);
   9575 
   9576 	struct cil_db *test_db;
   9577 	cil_db_init(&test_db);
   9578 
   9579 	uint32_t changed = CIL_FALSE;
   9580 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9581 
   9582 	uint32_t finished = 0;
   9583 
   9584 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9585 
   9586 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   9587 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9588 	CuAssertIntEquals(tc, 0, finished);
   9589 }
   9590 
   9591 void test_cil_resolve_ast_node_helper_rangetransition(CuTest *tc) {
   9592 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   9593 			"(", "type", "type_a", ")",
   9594 			"(", "type", "type_b", ")",
   9595 			"(", "sensitivity", "s0", ")",
   9596 			"(", "category", "c0", ")",
   9597 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   9598 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   9599 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
   9600 
   9601 	struct cil_tree *test_tree;
   9602 	gen_test_tree(&test_tree, line);
   9603 
   9604 	struct cil_db *test_db;
   9605 	cil_db_init(&test_db);
   9606 
   9607 	uint32_t changed = CIL_FALSE;
   9608 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9609 
   9610 	uint32_t finished = 0;
   9611 
   9612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9613 
   9614 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
   9615 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9616 	CuAssertIntEquals(tc, 0, finished);
   9617 }
   9618 
   9619 void test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest *tc) {
   9620 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
   9621 			"(", "type", "type_a", ")",
   9622 			"(", "type", "type_b", ")",
   9623 			"(", "sensitivity", "s0", ")",
   9624 			"(", "category", "c0", ")",
   9625 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   9626 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   9627 			"(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
   9628 
   9629 	struct cil_tree *test_tree;
   9630 	gen_test_tree(&test_tree, line);
   9631 
   9632 	struct cil_db *test_db;
   9633 	cil_db_init(&test_db);
   9634 
   9635 	uint32_t changed = CIL_FALSE;
   9636 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9637 
   9638 	uint32_t finished = 0;
   9639 
   9640 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9641 
   9642 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
   9643 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9644 	CuAssertIntEquals(tc, 0, finished);
   9645 }
   9646 
   9647 void test_cil_resolve_ast_node_helper_nametypetransition(CuTest *tc) {
   9648 	char *line[] = {"(", "type", "foo", ")",
   9649 			"(", "type", "bar", ")",
   9650 			"(", "class", "file", "(", "read", ")", ")",
   9651 			"(", "type", "foobar", ")",
   9652 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
   9653 
   9654 	struct cil_tree *test_tree;
   9655 	gen_test_tree(&test_tree, line);
   9656 
   9657 	struct cil_db *test_db;
   9658 	cil_db_init(&test_db);
   9659 
   9660 	uint32_t changed = CIL_FALSE;
   9661 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9662 
   9663 	uint32_t finished = 0;
   9664 
   9665 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9666 
   9667 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9668 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9669 	CuAssertIntEquals(tc, 0, finished);
   9670 }
   9671 
   9672 void test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest *tc) {
   9673 	char *line[] = {"(", "type", "foo", ")",
   9674 			"(", "type", "bar", ")",
   9675 			"(", "class", "file", "(", "read", ")", ")",
   9676 			"(", "type", "foobar", ")",
   9677 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobarrr", ")", NULL};
   9678 
   9679 	struct cil_tree *test_tree;
   9680 	gen_test_tree(&test_tree, line);
   9681 
   9682 	struct cil_db *test_db;
   9683 	cil_db_init(&test_db);
   9684 
   9685 	uint32_t changed = CIL_FALSE;
   9686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9687 
   9688 	uint32_t finished = 0;
   9689 
   9690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9691 
   9692 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9693 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9694 	CuAssertIntEquals(tc, 0, finished);
   9695 }
   9696 
   9697 void test_cil_resolve_ast_node_helper_avrule(CuTest *tc) {
   9698 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   9699 	                "(", "type", "test", ")",
   9700 			"(", "type", "foo", ")",
   9701 	                "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   9702 
   9703 	struct cil_tree *test_tree;
   9704 	gen_test_tree(&test_tree, line);
   9705 
   9706 	struct cil_db *test_db;
   9707 	cil_db_init(&test_db);
   9708 
   9709 	uint32_t changed = CIL_FALSE;
   9710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9711 
   9712 	uint32_t finished = 0;
   9713 
   9714 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9715 
   9716 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9717 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9718 	CuAssertIntEquals(tc, 0, finished);
   9719 }
   9720 
   9721 void test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest *tc) {
   9722 	char *line[] = {"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   9723 
   9724 	struct cil_tree *test_tree;
   9725 	gen_test_tree(&test_tree, line);
   9726 
   9727 	struct cil_db *test_db;
   9728 	cil_db_init(&test_db);
   9729 
   9730 	uint32_t changed = CIL_FALSE;
   9731 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9732 
   9733 	uint32_t finished = 0;
   9734 
   9735 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9736 
   9737 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   9738 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9739 	CuAssertIntEquals(tc, 0, finished);
   9740 }
   9741 
   9742 void test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest *tc) {
   9743 	char *line[] = {"(", "type", "test", ")",
   9744 			"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   9745 
   9746 	struct cil_tree *test_tree;
   9747 	gen_test_tree(&test_tree, line);
   9748 
   9749 	struct cil_db *test_db;
   9750 	cil_db_init(&test_db);
   9751 
   9752 	uint32_t changed = CIL_FALSE;
   9753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9754 
   9755 	uint32_t finished = 0;
   9756 
   9757 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9758 
   9759 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   9760 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9761 	CuAssertIntEquals(tc, 0, finished);
   9762 }
   9763 
   9764 void test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest *tc) {
   9765 	char *line[] = {"(", "type", "test", ")",
   9766 			"(", "type", "foo", ")",
   9767 			"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
   9768 
   9769 	struct cil_tree *test_tree;
   9770 	gen_test_tree(&test_tree, line);
   9771 
   9772 	struct cil_db *test_db;
   9773 	cil_db_init(&test_db);
   9774 
   9775 	uint32_t changed = CIL_FALSE;
   9776 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9777 
   9778 	uint32_t finished = 0;
   9779 
   9780 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9781 
   9782 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   9783 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9784 	CuAssertIntEquals(tc, 0, finished);
   9785 }
   9786 
   9787 void test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest *tc) {
   9788 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
   9789 	                "(", "type", "test", ")", "(", "type", "foo", ")",
   9790 	                "(", "allow", "test", "foo", "(", "bar", "(","fake", ")", ")", ")", NULL};
   9791 
   9792 	struct cil_tree *test_tree;
   9793 	gen_test_tree(&test_tree, line);
   9794 
   9795 	struct cil_db *test_db;
   9796 	cil_db_init(&test_db);
   9797 
   9798 	uint32_t changed = CIL_FALSE;
   9799 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9800 
   9801 	uint32_t finished = 0;
   9802 
   9803 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9804 
   9805 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9806 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9807 	CuAssertIntEquals(tc, 0, finished);
   9808 }
   9809 
   9810 void test_cil_resolve_ast_node_helper_type_rule_transition(CuTest *tc) {
   9811 	char *line[] = {"(", "type", "foo", ")",
   9812 			"(", "type", "bar", ")",
   9813 			"(", "class", "file", "(", "write", ")", ")",
   9814 			"(", "type", "foobar", ")",
   9815 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   9816 
   9817 	struct cil_tree *test_tree;
   9818 	gen_test_tree(&test_tree, line);
   9819 
   9820 	struct cil_db *test_db;
   9821 	cil_db_init(&test_db);
   9822 
   9823 	uint32_t changed = CIL_FALSE;
   9824 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9825 
   9826 	uint32_t finished = 0;
   9827 
   9828 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9829 
   9830 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9831 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9832 	CuAssertIntEquals(tc, 0, finished);
   9833 }
   9834 
   9835 void test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest *tc) {
   9836 	char *line[] = {"(", "type", "foo", ")",
   9837 			"(", "class", "file", "(", "write", ")", ")",
   9838 			"(", "type", "foobar", ")",
   9839 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
   9840 
   9841 	struct cil_tree *test_tree;
   9842 	gen_test_tree(&test_tree, line);
   9843 
   9844 	struct cil_db *test_db;
   9845 	cil_db_init(&test_db);
   9846 
   9847 	uint32_t changed = CIL_FALSE;
   9848 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9849 
   9850 	uint32_t finished = 0;
   9851 
   9852 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9853 
   9854 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9855 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9856 	CuAssertIntEquals(tc, 0, finished);
   9857 }
   9858 
   9859 void test_cil_resolve_ast_node_helper_type_rule_change(CuTest *tc) {
   9860 	char *line[] = {"(", "type", "foo", ")",
   9861 			"(", "type", "bar", ")",
   9862 			"(", "class", "file", "(", "write", ")", ")",
   9863 			"(", "type", "foobar", ")",
   9864 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   9865 
   9866 	struct cil_tree *test_tree;
   9867 	gen_test_tree(&test_tree, line);
   9868 
   9869 	struct cil_db *test_db;
   9870 	cil_db_init(&test_db);
   9871 
   9872 	uint32_t changed = CIL_FALSE;
   9873 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9874 
   9875 	uint32_t finished = 0;
   9876 
   9877 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9878 
   9879 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9880 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9881 	CuAssertIntEquals(tc, 0, finished);
   9882 }
   9883 
   9884 void test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest *tc) {
   9885 	char *line[] = {"(", "type", "foo", ")",
   9886 			"(", "class", "file", "(", "write", ")", ")",
   9887 			"(", "type", "foobar", ")",
   9888 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
   9889 
   9890 	struct cil_tree *test_tree;
   9891 	gen_test_tree(&test_tree, line);
   9892 
   9893 	struct cil_db *test_db;
   9894 	cil_db_init(&test_db);
   9895 
   9896 	uint32_t changed = CIL_FALSE;
   9897 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9898 
   9899 	uint32_t finished = 0;
   9900 
   9901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9902 
   9903 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9904 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9905 	CuAssertIntEquals(tc, 0, finished);
   9906 }
   9907 
   9908 void test_cil_resolve_ast_node_helper_type_rule_member(CuTest *tc) {
   9909 	char *line[] = {"(", "type", "foo", ")",
   9910 			"(", "type", "bar", ")",
   9911 			"(", "class", "file", "(", "write", ")", ")",
   9912 			"(", "type", "foobar", ")",
   9913 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   9914 
   9915 	struct cil_tree *test_tree;
   9916 	gen_test_tree(&test_tree, line);
   9917 
   9918 	struct cil_db *test_db;
   9919 	cil_db_init(&test_db);
   9920 
   9921 	uint32_t changed = CIL_FALSE;
   9922 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9923 
   9924 	uint32_t finished = 0;
   9925 
   9926 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9927 
   9928 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
   9929 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9930 	CuAssertIntEquals(tc, 0, finished);
   9931 }
   9932 
   9933 void test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest *tc) {
   9934 	char *line[] = {"(", "type", "foo", ")",
   9935 			"(", "class", "file", "(", "write", ")", ")",
   9936 			"(", "type", "foobar", ")",
   9937 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
   9938 
   9939 	struct cil_tree *test_tree;
   9940 	gen_test_tree(&test_tree, line);
   9941 
   9942 	struct cil_db *test_db;
   9943 	cil_db_init(&test_db);
   9944 
   9945 	uint32_t changed = CIL_FALSE;
   9946 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9947 
   9948 	uint32_t finished = 0;
   9949 
   9950 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9951 
   9952 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   9953 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   9954 	CuAssertIntEquals(tc, 0, finished);
   9955 }
   9956 
   9957 void test_cil_resolve_ast_node_helper_userbounds(CuTest *tc) {
   9958 	char *line[] = {"(", "user", "user1", ")",
   9959 			"(", "user", "user2", ")",
   9960 			"(", "userbounds", "user1", "user2", ")", NULL};
   9961 
   9962 	struct cil_tree *test_tree;
   9963 	gen_test_tree(&test_tree, line);
   9964 
   9965 	struct cil_db *test_db;
   9966 	cil_db_init(&test_db);
   9967 
   9968 	struct cil_tree_node *test_ast_node;
   9969 	cil_tree_node_init(&test_ast_node);
   9970 
   9971 	uint32_t finished = 0;
   9972 
   9973 	uint32_t changed = CIL_FALSE;
   9974 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   9975 
   9976 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   9977 
   9978 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   9979 	CuAssertIntEquals(tc, 0, finished);
   9980 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   9981 }
   9982 
   9983 void test_cil_resolve_ast_node_helper_userbounds_neg(CuTest *tc) {
   9984 	char *line[] = {"(", "user", "user1", ")",
   9985 			"(", "userbounds", "user1", "user2", ")", NULL};
   9986 
   9987 	struct cil_tree *test_tree;
   9988 	gen_test_tree(&test_tree, line);
   9989 
   9990 	struct cil_db *test_db;
   9991 	cil_db_init(&test_db);
   9992 
   9993 	struct cil_tree_node *test_ast_node;
   9994 	cil_tree_node_init(&test_ast_node);
   9995 
   9996 	uint32_t finished = 0;
   9997 
   9998 	uint32_t changed = CIL_FALSE;
   9999 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10000 
   10001 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10002 
   10003 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10004 	CuAssertIntEquals(tc, 0, finished);
   10005 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10006 }
   10007 
   10008 void test_cil_resolve_ast_node_helper_roletype(CuTest *tc) {
   10009 	char *line[] = {"(", "role",  "admin_r", ")",
   10010 			"(", "type", "admin_t", ")",
   10011 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   10012 
   10013 	struct cil_tree *test_tree;
   10014 	gen_test_tree(&test_tree, line);
   10015 
   10016 	struct cil_db *test_db;
   10017 	cil_db_init(&test_db);
   10018 
   10019 	struct cil_tree_node *test_ast_node;
   10020 	cil_tree_node_init(&test_ast_node);
   10021 
   10022 	uint32_t finished = 0;
   10023 
   10024 	uint32_t changed = CIL_FALSE;
   10025 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10026 
   10027 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10028 
   10029 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   10030 	CuAssertIntEquals(tc, 0, finished);
   10031 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   10032 }
   10033 
   10034 void test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest *tc) {
   10035 	char *line[] = {"(", "type", "admin_t", ")",
   10036 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   10037 
   10038 	struct cil_tree *test_tree;
   10039 	gen_test_tree(&test_tree, line);
   10040 
   10041 	struct cil_db *test_db;
   10042 	cil_db_init(&test_db);
   10043 
   10044 	struct cil_tree_node *test_ast_node;
   10045 	cil_tree_node_init(&test_ast_node);
   10046 
   10047 	uint32_t finished = 0;
   10048 
   10049 	uint32_t changed = CIL_FALSE;
   10050 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10051 
   10052 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10053 
   10054 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10055 	CuAssertIntEquals(tc, 0, finished);
   10056 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10057 }
   10058 
   10059 void test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest *tc) {
   10060 	char *line[] = {"(", "role", "admin_r", ")",
   10061 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
   10062 
   10063 	struct cil_tree *test_tree;
   10064 	gen_test_tree(&test_tree, line);
   10065 
   10066 	struct cil_db *test_db;
   10067 	cil_db_init(&test_db);
   10068 
   10069 	struct cil_tree_node *test_ast_node;
   10070 	cil_tree_node_init(&test_ast_node);
   10071 
   10072 	uint32_t finished = 0;
   10073 
   10074 	uint32_t changed = CIL_FALSE;
   10075 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10076 
   10077 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10078 
   10079 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10080 	CuAssertIntEquals(tc, 0, finished);
   10081 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10082 }
   10083 
   10084 void test_cil_resolve_ast_node_helper_userrole(CuTest *tc) {
   10085 	char *line[] = {"(", "role",  "staff_r", ")",
   10086 			"(", "user", "staff_u", ")",
   10087 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   10088 
   10089 	struct cil_tree *test_tree;
   10090 	gen_test_tree(&test_tree, line);
   10091 
   10092 	struct cil_db *test_db;
   10093 	cil_db_init(&test_db);
   10094 
   10095 	struct cil_tree_node *test_ast_node;
   10096 	cil_tree_node_init(&test_ast_node);
   10097 
   10098 	uint32_t finished = 0;
   10099 
   10100 	uint32_t changed = CIL_FALSE;
   10101 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10102 
   10103 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10104 
   10105 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   10106 	CuAssertIntEquals(tc, 0, finished);
   10107 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   10108 }
   10109 
   10110 void test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest *tc) {
   10111 	char *line[] = {"(", "role",  "staff_r", ")",
   10112 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   10113 
   10114 	struct cil_tree *test_tree;
   10115 	gen_test_tree(&test_tree, line);
   10116 
   10117 	struct cil_db *test_db;
   10118 	cil_db_init(&test_db);
   10119 
   10120 	struct cil_tree_node *test_ast_node;
   10121 	cil_tree_node_init(&test_ast_node);
   10122 
   10123 	uint32_t finished = 0;
   10124 
   10125 	uint32_t changed = CIL_FALSE;
   10126 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10127 
   10128 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10129 
   10130 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10131 	CuAssertIntEquals(tc, 0, finished);
   10132 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10133 }
   10134 
   10135 void test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest *tc) {
   10136 	char *line[] = {"(", "user",  "staff_u", ")",
   10137 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   10138 
   10139 	struct cil_tree *test_tree;
   10140 	gen_test_tree(&test_tree, line);
   10141 
   10142 	struct cil_db *test_db;
   10143 	cil_db_init(&test_db);
   10144 
   10145 	struct cil_tree_node *test_ast_node;
   10146 	cil_tree_node_init(&test_ast_node);
   10147 
   10148 	uint32_t finished = 0;
   10149 
   10150 	uint32_t changed = CIL_FALSE;
   10151 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10152 
   10153 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10154 
   10155 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10156 	CuAssertIntEquals(tc, 0, finished);
   10157 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10158 }
   10159 
   10160 void test_cil_resolve_ast_node_helper_userlevel(CuTest *tc) {
   10161 	char *line[] = {"(", "user",  "foo_u", ")",
   10162 			"(", "category", "c0", ")",
   10163 			"(", "sensitivity", "s0", ")",
   10164 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10165 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10166 			"(", "userlevel", "foo_u", "low", ")", NULL};
   10167 
   10168 	struct cil_tree *test_tree;
   10169 	gen_test_tree(&test_tree, line);
   10170 
   10171 	struct cil_db *test_db;
   10172 	cil_db_init(&test_db);
   10173 
   10174 	struct cil_tree_node *test_ast_node;
   10175 	cil_tree_node_init(&test_ast_node);
   10176 
   10177 	uint32_t finished = 0;
   10178 
   10179 	uint32_t changed = CIL_FALSE;
   10180 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10181 
   10182 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10183 
   10184 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   10185 	CuAssertIntEquals(tc, 0, finished);
   10186 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   10187 }
   10188 
   10189 void test_cil_resolve_ast_node_helper_userlevel_neg(CuTest *tc) {
   10190 	char *line[] = {"(", "user",  "foo_u", ")",
   10191 			"(", "category", "c0", ")",
   10192 			"(", "sensitivity", "s0", ")",
   10193 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10194 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10195 			"(", "userlevel", "DNE", "low", ")", NULL};
   10196 
   10197 	struct cil_tree *test_tree;
   10198 	gen_test_tree(&test_tree, line);
   10199 
   10200 	struct cil_db *test_db;
   10201 	cil_db_init(&test_db);
   10202 
   10203 	struct cil_tree_node *test_ast_node;
   10204 	cil_tree_node_init(&test_ast_node);
   10205 
   10206 	uint32_t finished = 0;
   10207 
   10208 	uint32_t changed = CIL_FALSE;
   10209 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10210 
   10211 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10212 
   10213 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   10214 	CuAssertIntEquals(tc, 0, finished);
   10215 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10216 }
   10217 
   10218 void test_cil_resolve_ast_node_helper_userrange(CuTest *tc) {
   10219 	char *line[] = {"(", "user",  "foo_u", ")",
   10220 			"(", "category", "c0", ")",
   10221 			"(", "sensitivity", "s0", ")",
   10222 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10223 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
   10224 			"(", "userrange", "foo_u", "range", ")", NULL};
   10225 
   10226 	struct cil_tree *test_tree;
   10227 	gen_test_tree(&test_tree, line);
   10228 
   10229 	struct cil_db *test_db;
   10230 	cil_db_init(&test_db);
   10231 
   10232 	struct cil_tree_node *test_ast_node;
   10233 	cil_tree_node_init(&test_ast_node);
   10234 
   10235 	uint32_t finished = 0;
   10236 
   10237 	uint32_t changed = CIL_FALSE;
   10238 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10239 
   10240 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10241 
   10242 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   10243 	CuAssertIntEquals(tc, 0, finished);
   10244 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   10245 }
   10246 
   10247 void test_cil_resolve_ast_node_helper_userrange_neg(CuTest *tc) {
   10248 	char *line[] = {"(", "user",  "foo_u", ")",
   10249 			"(", "category", "c0", ")",
   10250 			"(", "sensitivity", "s0", ")",
   10251 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10252 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
   10253 			"(", "userrange", "DNE", "range", ")", NULL};
   10254 
   10255 	struct cil_tree *test_tree;
   10256 	gen_test_tree(&test_tree, line);
   10257 
   10258 	struct cil_db *test_db;
   10259 	cil_db_init(&test_db);
   10260 
   10261 	struct cil_tree_node *test_ast_node;
   10262 	cil_tree_node_init(&test_ast_node);
   10263 
   10264 	uint32_t finished = 0;
   10265 
   10266 	uint32_t changed = CIL_FALSE;
   10267 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10268 
   10269 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10270 
   10271 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
   10272 	CuAssertIntEquals(tc, 0, finished);
   10273 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10274 }
   10275 
   10276 void test_cil_resolve_ast_node_helper_filecon(CuTest *tc) {
   10277 	char *line[] = {"(", "user", "user_u", ")",
   10278 			"(", "role", "role_r", ")",
   10279 			"(", "type", "type_t", ")",
   10280 			"(", "category", "c0", ")",
   10281 			"(", "sensitivity", "s0", ")",
   10282 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10283 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10284 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10285 			"(", "filecon", "root", "path", "file", "con", ")", NULL};
   10286 
   10287 	struct cil_tree *test_tree;
   10288         gen_test_tree(&test_tree, line);
   10289 
   10290         struct cil_db *test_db;
   10291         cil_db_init(&test_db);
   10292 
   10293 	uint32_t changed = CIL_FALSE;
   10294 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10295 
   10296         uint32_t finished = 0;
   10297 
   10298         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10299 
   10300         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10301         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10302         CuAssertIntEquals(tc, 0, finished);
   10303 }
   10304 
   10305 void test_cil_resolve_ast_node_helper_filecon_neg(CuTest *tc) {
   10306 	char *line[] = {"(", "user", "user_u", ")",
   10307 			"(", "role", "role_r", ")",
   10308 			"(", "type", "type_t", ")",
   10309 			"(", "category", "c0", ")",
   10310 			"(", "sensitivity", "s0", ")",
   10311 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10312 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10313 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10314 			"(", "filecon", "root", "path", "file", "foo", ")", NULL};
   10315 
   10316         struct cil_tree *test_tree;
   10317         gen_test_tree(&test_tree, line);
   10318 
   10319         struct cil_db *test_db;
   10320         cil_db_init(&test_db);
   10321 
   10322 	uint32_t changed = CIL_FALSE;
   10323 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10324 
   10325         uint32_t finished = 0;
   10326 
   10327         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10328 
   10329         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10330         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10331         CuAssertIntEquals(tc, 0, finished);
   10332 }
   10333 
   10334 void test_cil_resolve_ast_node_helper_portcon(CuTest *tc) {
   10335 	char *line[] = {"(", "user", "user_u", ")",
   10336 			"(", "role", "role_r", ")",
   10337 			"(", "type", "type_t", ")",
   10338 			"(", "category", "c0", ")",
   10339 			"(", "sensitivity", "s0", ")",
   10340 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10341 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10342 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10343 			"(", "portcon", "udp", "25", "con", ")", NULL};
   10344 
   10345 	struct cil_tree *test_tree;
   10346         gen_test_tree(&test_tree, line);
   10347 
   10348         struct cil_db *test_db;
   10349         cil_db_init(&test_db);
   10350 
   10351 	uint32_t changed = CIL_FALSE;
   10352 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10353 
   10354         uint32_t finished = 0;
   10355 
   10356         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10357 
   10358         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10359         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10360         CuAssertIntEquals(tc, 0, finished);
   10361 }
   10362 
   10363 void test_cil_resolve_ast_node_helper_portcon_neg(CuTest *tc) {
   10364 	char *line[] = {"(", "user", "user_u", ")",
   10365 			"(", "role", "role_r", ")",
   10366 			"(", "type", "type_t", ")",
   10367 			"(", "category", "c0", ")",
   10368 			"(", "sensitivity", "s0", ")",
   10369 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10370 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10371 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10372 			"(", "portcon", "udp", "25", "foo", ")", NULL};
   10373 
   10374         struct cil_tree *test_tree;
   10375         gen_test_tree(&test_tree, line);
   10376 
   10377         struct cil_db *test_db;
   10378         cil_db_init(&test_db);
   10379 
   10380 	uint32_t changed = CIL_FALSE;
   10381 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10382 
   10383         uint32_t finished = 0;
   10384 
   10385         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10386 
   10387         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10388         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10389         CuAssertIntEquals(tc, 0, finished);
   10390 }
   10391 
   10392 void test_cil_resolve_ast_node_helper_genfscon(CuTest *tc) {
   10393 	char *line[] = {"(", "user", "user_u", ")",
   10394 			"(", "role", "role_r", ")",
   10395 			"(", "type", "type_t", ")",
   10396 			"(", "category", "c0", ")",
   10397 			"(", "sensitivity", "s0", ")",
   10398 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10399 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10400 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10401 			"(", "genfscon", "type", "path", "con", ")", NULL};
   10402 
   10403 	struct cil_tree *test_tree;
   10404         gen_test_tree(&test_tree, line);
   10405 
   10406         struct cil_db *test_db;
   10407         cil_db_init(&test_db);
   10408 
   10409 	uint32_t changed = CIL_FALSE;
   10410 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10411 
   10412         uint32_t finished = 0;
   10413 
   10414         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10415 
   10416         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10417         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10418         CuAssertIntEquals(tc, 0, finished);
   10419 }
   10420 
   10421 void test_cil_resolve_ast_node_helper_genfscon_neg(CuTest *tc) {
   10422 	char *line[] = {"(", "user", "user_u", ")",
   10423 			"(", "role", "role_r", ")",
   10424 			"(", "type", "type_t", ")",
   10425 			"(", "category", "c0", ")",
   10426 			"(", "sensitivity", "s0", ")",
   10427 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10428 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10429 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10430 			"(", "genfscon", "type", "path", "foo", ")", NULL};
   10431 
   10432         struct cil_tree *test_tree;
   10433         gen_test_tree(&test_tree, line);
   10434 
   10435         struct cil_db *test_db;
   10436         cil_db_init(&test_db);
   10437 
   10438 	uint32_t changed = CIL_FALSE;
   10439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10440 
   10441         uint32_t finished = 0;
   10442 
   10443         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10444 
   10445         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
   10446         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10447         CuAssertIntEquals(tc, 0, finished);
   10448 }
   10449 
   10450 void test_cil_resolve_ast_node_helper_nodecon(CuTest *tc) {
   10451 	char *line[] = {"(", "user", "user_u", ")",
   10452 			"(", "role", "role_r", ")",
   10453 			"(", "type", "type_t", ")",
   10454 			"(", "category", "c0", ")",
   10455 			"(", "sensitivity", "s0", ")",
   10456 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10457 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10458 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10459 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   10460 			"(", "nodecon", "ip", "ip", "con", ")", NULL};
   10461 
   10462 	struct cil_tree *test_tree;
   10463         gen_test_tree(&test_tree, line);
   10464 
   10465         struct cil_db *test_db;
   10466         cil_db_init(&test_db);
   10467 
   10468 	uint32_t changed = CIL_FALSE;
   10469 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10470 
   10471         uint32_t finished = 0;
   10472 
   10473         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10474 
   10475         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
   10476         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10477         CuAssertIntEquals(tc, 0, finished);
   10478 }
   10479 
   10480 void test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest *tc) {
   10481 	char *line[] = {"(", "user", "user_u", ")",
   10482 			"(", "role", "role_r", ")",
   10483 			"(", "type", "type_t", ")",
   10484 			"(", "category", "c0", ")",
   10485 			"(", "sensitivity", "s0", ")",
   10486 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10487 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10488 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10489 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   10490 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   10491 			"(", "nodecon", "ipp", "netmask", "foo", ")", NULL};
   10492 
   10493         struct cil_tree *test_tree;
   10494         gen_test_tree(&test_tree, line);
   10495 
   10496         struct cil_db *test_db;
   10497         cil_db_init(&test_db);
   10498 
   10499 	uint32_t changed = CIL_FALSE;
   10500 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10501 
   10502         uint32_t finished = 0;
   10503 
   10504         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10505 
   10506         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
   10507         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10508         CuAssertIntEquals(tc, 0, finished);
   10509 }
   10510 
   10511 void test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest *tc) {
   10512 	char *line[] = {"(", "user", "user_u", ")",
   10513 			"(", "role", "role_r", ")",
   10514 			"(", "type", "type_t", ")",
   10515 			"(", "category", "c0", ")",
   10516 			"(", "sensitivity", "s0", ")",
   10517 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10518 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10519 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
   10520 			"(", "ipaddr", "ip", "192.168.1.1", ")",
   10521 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
   10522 			"(", "nodecon", "ip", "nnetmask", "foo", ")", NULL};
   10523 
   10524         struct cil_tree *test_tree;
   10525         gen_test_tree(&test_tree, line);
   10526 
   10527         struct cil_db *test_db;
   10528         cil_db_init(&test_db);
   10529 
   10530 	uint32_t changed = CIL_FALSE;
   10531 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10532 
   10533         uint32_t finished = 0;
   10534 
   10535         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10536 
   10537         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
   10538         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10539         CuAssertIntEquals(tc, 0, finished);
   10540 }
   10541 
   10542 void test_cil_resolve_ast_node_helper_netifcon(CuTest *tc) {
   10543 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10544 			"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10545 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   10546 
   10547 	struct cil_tree *test_tree;
   10548         gen_test_tree(&test_tree, line);
   10549 
   10550         struct cil_db *test_db;
   10551         cil_db_init(&test_db);
   10552 
   10553 	uint32_t changed = CIL_FALSE;
   10554 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10555 
   10556         uint32_t finished = 0;
   10557 
   10558         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10559 
   10560         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   10561         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10562         CuAssertIntEquals(tc, 0, finished);
   10563 }
   10564 
   10565 void test_cil_resolve_ast_node_helper_netifcon_neg(CuTest *tc) {
   10566 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10567 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   10568 
   10569         struct cil_tree *test_tree;
   10570         gen_test_tree(&test_tree, line);
   10571 
   10572         struct cil_db *test_db;
   10573         cil_db_init(&test_db);
   10574 
   10575 	uint32_t changed = CIL_FALSE;
   10576 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10577 
   10578         uint32_t finished = 0;
   10579 
   10580         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10581 
   10582         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10583         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10584         CuAssertIntEquals(tc, 0, finished);
   10585 }
   10586 
   10587 void test_cil_resolve_ast_node_helper_pirqcon(CuTest *tc) {
   10588 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10589 			"(", "pirqcon", "1", "con", ")", NULL};
   10590 
   10591 	struct cil_tree *test_tree;
   10592         gen_test_tree(&test_tree, line);
   10593 
   10594         struct cil_db *test_db;
   10595         cil_db_init(&test_db);
   10596 
   10597 	uint32_t changed = CIL_FALSE;
   10598 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10599 
   10600         uint32_t finished = 0;
   10601 
   10602         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10603 
   10604         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10605         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10606         CuAssertIntEquals(tc, 0, finished);
   10607 }
   10608 
   10609 void test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest *tc) {
   10610 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10611 			"(", "pirqcon", "1", "dne", ")", NULL};
   10612 
   10613         struct cil_tree *test_tree;
   10614         gen_test_tree(&test_tree, line);
   10615 
   10616         struct cil_db *test_db;
   10617         cil_db_init(&test_db);
   10618 
   10619 	uint32_t changed = CIL_FALSE;
   10620 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10621 
   10622         uint32_t finished = 0;
   10623 
   10624         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10625 
   10626         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10627         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10628         CuAssertIntEquals(tc, 0, finished);
   10629 }
   10630 
   10631 void test_cil_resolve_ast_node_helper_iomemcon(CuTest *tc) {
   10632 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10633 			"(", "iomemcon", "1", "con", ")", NULL};
   10634 
   10635 	struct cil_tree *test_tree;
   10636         gen_test_tree(&test_tree, line);
   10637 
   10638         struct cil_db *test_db;
   10639         cil_db_init(&test_db);
   10640 
   10641 	uint32_t changed = CIL_FALSE;
   10642 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10643 
   10644         uint32_t finished = 0;
   10645 
   10646         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10647 
   10648         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10649         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10650         CuAssertIntEquals(tc, 0, finished);
   10651 }
   10652 
   10653 void test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest *tc) {
   10654 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10655 			"(", "iomemcon", "1", "dne", ")", NULL};
   10656 
   10657         struct cil_tree *test_tree;
   10658         gen_test_tree(&test_tree, line);
   10659 
   10660         struct cil_db *test_db;
   10661         cil_db_init(&test_db);
   10662 
   10663 	uint32_t changed = CIL_FALSE;
   10664 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10665 
   10666         uint32_t finished = 0;
   10667 
   10668         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10669 
   10670         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10671         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10672         CuAssertIntEquals(tc, 0, finished);
   10673 }
   10674 
   10675 void test_cil_resolve_ast_node_helper_ioportcon(CuTest *tc) {
   10676 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10677 			"(", "ioportcon", "1", "con", ")", NULL};
   10678 
   10679 	struct cil_tree *test_tree;
   10680         gen_test_tree(&test_tree, line);
   10681 
   10682         struct cil_db *test_db;
   10683         cil_db_init(&test_db);
   10684 
   10685 	uint32_t changed = CIL_FALSE;
   10686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10687 
   10688         uint32_t finished = 0;
   10689 
   10690         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10691 
   10692         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10693         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10694         CuAssertIntEquals(tc, 0, finished);
   10695 }
   10696 
   10697 void test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest *tc) {
   10698 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10699 			"(", "ioportcon", "1", "dne", ")", NULL};
   10700 
   10701         struct cil_tree *test_tree;
   10702         gen_test_tree(&test_tree, line);
   10703 
   10704         struct cil_db *test_db;
   10705         cil_db_init(&test_db);
   10706 
   10707 	uint32_t changed = CIL_FALSE;
   10708 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10709 
   10710         uint32_t finished = 0;
   10711 
   10712         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10713 
   10714         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10715         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10716         CuAssertIntEquals(tc, 0, finished);
   10717 }
   10718 
   10719 void test_cil_resolve_ast_node_helper_pcidevicecon(CuTest *tc) {
   10720 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10721 			"(", "pcidevicecon", "1", "con", ")", NULL};
   10722 
   10723 	struct cil_tree *test_tree;
   10724         gen_test_tree(&test_tree, line);
   10725 
   10726         struct cil_db *test_db;
   10727         cil_db_init(&test_db);
   10728 
   10729 	uint32_t changed = CIL_FALSE;
   10730 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10731 
   10732         uint32_t finished = 0;
   10733 
   10734         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10735 
   10736         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10737         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10738         CuAssertIntEquals(tc, 0, finished);
   10739 }
   10740 
   10741 void test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest *tc) {
   10742 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10743 			"(", "pcidevicecon", "1", "dne", ")", NULL};
   10744 
   10745         struct cil_tree *test_tree;
   10746         gen_test_tree(&test_tree, line);
   10747 
   10748         struct cil_db *test_db;
   10749         cil_db_init(&test_db);
   10750 
   10751 	uint32_t changed = CIL_FALSE;
   10752 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10753 
   10754         uint32_t finished = 0;
   10755 
   10756         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10757 
   10758         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10759         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10760         CuAssertIntEquals(tc, 0, finished);
   10761 }
   10762 
   10763 void test_cil_resolve_ast_node_helper_fsuse(CuTest *tc) {
   10764 	char *line[] = {"(", "sensitivity", "s0", ")",
   10765 			"(", "category", "c0", ")",
   10766 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10767 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10769 			"(", "user", "system_u", ")",
   10770 			"(", "role", "object_r", ")",
   10771 			"(", "type", "netif_t", ")",
   10772 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
   10773 			"(", "fsuse", "xattr", "ext3", "con", ")", NULL};
   10774 
   10775 	struct cil_tree *test_tree;
   10776         gen_test_tree(&test_tree, line);
   10777 
   10778         struct cil_db *test_db;
   10779         cil_db_init(&test_db);
   10780 
   10781 	uint32_t changed = CIL_FALSE;
   10782 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10783 
   10784         uint32_t finished = 0;
   10785 
   10786         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10787 
   10788         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
   10789         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10790         CuAssertIntEquals(tc, 0, finished);
   10791 }
   10792 
   10793 void test_cil_resolve_ast_node_helper_fsuse_neg(CuTest *tc) {
   10794 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
   10795 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
   10796 
   10797         struct cil_tree *test_tree;
   10798         gen_test_tree(&test_tree, line);
   10799 
   10800         struct cil_db *test_db;
   10801         cil_db_init(&test_db);
   10802 
   10803 	uint32_t changed = CIL_FALSE;
   10804 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10805 
   10806         uint32_t finished = 0;
   10807 
   10808         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10809 
   10810         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10811         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10812         CuAssertIntEquals(tc, 0, finished);
   10813 }
   10814 
   10815 void test_cil_resolve_ast_node_helper_sidcontext(CuTest *tc) {
   10816 	char *line[] = {"(", "category", "c0", ")",
   10817 			"(", "categoryorder", "(", "c0", ")", ")",
   10818 			"(", "sensitivity", "s0", ")",
   10819 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10820 			"(", "type", "blah_t", ")",
   10821 			"(", "role", "blah_r", ")",
   10822 			"(", "user", "blah_u", ")",
   10823 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
   10824 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
   10825 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
   10826 
   10827 	struct cil_tree *test_tree;
   10828         gen_test_tree(&test_tree, line);
   10829 
   10830         struct cil_db *test_db;
   10831         cil_db_init(&test_db);
   10832 
   10833 	uint32_t changed = CIL_FALSE;
   10834 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10835 
   10836         uint32_t finished = 0;
   10837 
   10838         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10839 
   10840         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
   10841         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10842         CuAssertIntEquals(tc, 0, finished);
   10843 }
   10844 
   10845 void test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest *tc) {
   10846        	char *line[] = {"(", "category", "c0", ")",
   10847                         "(", "categoryorder", "(", "c0", ")", ")",
   10848                         "(", "sensitivity", "s0", ")",
   10849                         "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
   10850                         "(", "type", "blah_t", ")",
   10851                         "(", "role", "blah_r", ")",
   10852                         "(", "user", "blah_u", ")",
   10853                         "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
   10854 
   10855         struct cil_tree *test_tree;
   10856         gen_test_tree(&test_tree, line);
   10857 
   10858         struct cil_db *test_db;
   10859         cil_db_init(&test_db);
   10860 
   10861 	uint32_t changed = CIL_FALSE;
   10862 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10863 
   10864         uint32_t finished = 0;
   10865 
   10866         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10867 
   10868         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
   10869         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10870         CuAssertIntEquals(tc, 0, finished);
   10871 }
   10872 
   10873 void test_cil_resolve_ast_node_helper_blockinherit(CuTest *tc) {
   10874 	char *line[] = {"(", "block", "baz", "(", "type", "foo", ")", ")",
   10875 			"(", "block", "bar", "(", "type", "a", ")",
   10876 				"(", "blockinherit", "baz", ")", ")", NULL};
   10877 
   10878 	struct cil_tree *test_tree;
   10879         gen_test_tree(&test_tree, line);
   10880 
   10881         struct cil_db *test_db;
   10882         cil_db_init(&test_db);
   10883 
   10884 	uint32_t changed = CIL_FALSE;
   10885 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_BLKIN, &changed, NULL, NULL, NULL);
   10886 
   10887         uint32_t finished = 0;
   10888 
   10889         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10890 
   10891         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->cl_head->next, &finished, args);
   10892         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10893         CuAssertIntEquals(tc, 0, finished);
   10894 }
   10895 
   10896 void test_cil_resolve_ast_node_helper_classcommon(CuTest *tc) {
   10897 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
   10898 			"(", "common", "file", "(", "write", ")", ")",
   10899 			"(", "classcommon", "file", "file", ")", NULL};
   10900 
   10901 	struct cil_tree *test_tree;
   10902         gen_test_tree(&test_tree, line);
   10903 
   10904         struct cil_db *test_db;
   10905         cil_db_init(&test_db);
   10906 
   10907 	uint32_t changed = CIL_FALSE;
   10908 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   10909 
   10910         uint32_t finished = 0;
   10911 
   10912         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10913 
   10914         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   10915         CuAssertIntEquals(tc, SEPOL_OK, rc);
   10916         CuAssertIntEquals(tc, 0, finished);
   10917 }
   10918 
   10919 void test_cil_resolve_ast_node_helper_classcommon_neg(CuTest *tc) {
   10920 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
   10921 			"(", "classcommon", "file", "file", ")", NULL};
   10922 
   10923 	struct cil_tree *test_tree;
   10924         gen_test_tree(&test_tree, line);
   10925 
   10926         struct cil_db *test_db;
   10927         cil_db_init(&test_db);
   10928 
   10929 	uint32_t changed = CIL_FALSE;
   10930 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
   10931 
   10932         uint32_t finished = 0;
   10933 
   10934         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10935 
   10936         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10937         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10938         CuAssertIntEquals(tc, 0, finished);
   10939 }
   10940 
   10941 void test_cil_resolve_ast_node_helper_rolebounds(CuTest *tc) {
   10942 	char *line[] = {"(", "role", "role1", ")",
   10943 			"(", "role", "role2", ")",
   10944 			"(", "rolebounds", "role1", "role2", ")", NULL};
   10945 
   10946 	struct cil_tree *test_tree;
   10947 	gen_test_tree(&test_tree, line);
   10948 
   10949 	struct cil_db *test_db;
   10950 	cil_db_init(&test_db);
   10951 
   10952 	struct cil_tree_node *test_ast_node;
   10953 	cil_tree_node_init(&test_ast_node);
   10954 
   10955 	uint32_t finished = 0;
   10956 
   10957 	uint32_t changed = CIL_FALSE;
   10958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10959 
   10960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10961 
   10962 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   10963 	CuAssertIntEquals(tc, 0, finished);
   10964 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   10965 }
   10966 
   10967 void test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest *tc) {
   10968 	char *line[] = {"(", "role", "role1", ")",
   10969 			"(", "rolebounds", "role1", "role2", ")", NULL};
   10970 
   10971 	struct cil_tree *test_tree;
   10972 	gen_test_tree(&test_tree, line);
   10973 
   10974 	struct cil_db *test_db;
   10975 	cil_db_init(&test_db);
   10976 
   10977 	struct cil_tree_node *test_ast_node;
   10978 	cil_tree_node_init(&test_ast_node);
   10979 
   10980 	uint32_t finished = 0;
   10981 
   10982 	uint32_t changed = CIL_FALSE;
   10983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   10984 
   10985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   10986 
   10987 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   10988 	CuAssertIntEquals(tc, 0, finished);
   10989 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
   10990 }
   10991 
   10992 
   10993 void test_cil_resolve_ast_node_helper_callstack(CuTest *tc) {
   10994 	char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
   10995 
   10996 	struct cil_tree *test_tree;
   10997 	gen_test_tree(&test_tree, line);
   10998 
   10999 	struct cil_db *test_db;
   11000 	cil_db_init(&test_db);
   11001 
   11002 	struct cil_tree_node *test_ast_node;
   11003 	cil_tree_node_init(&test_ast_node);
   11004 
   11005 	struct cil_tree_node *test_ast_node_call;
   11006 	cil_tree_node_init(&test_ast_node_call);
   11007 	test_ast_node_call->flavor = CIL_CALL;
   11008 
   11009 	uint32_t finished = 0;
   11010 
   11011 	uint32_t changed = CIL_FALSE;
   11012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11013 
   11014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11015 
   11016 	__cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11017 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11018 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   11019 }
   11020 
   11021 void test_cil_resolve_ast_node_helper_call(CuTest *tc) {
   11022 	char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
   11023 
   11024 	struct cil_tree *test_tree;
   11025 	gen_test_tree(&test_tree, line);
   11026 
   11027 	struct cil_db *test_db;
   11028 	cil_db_init(&test_db);
   11029 
   11030 	struct cil_tree_node *test_ast_node;
   11031 	cil_tree_node_init(&test_ast_node);
   11032 
   11033 	struct cil_tree_node *test_ast_node_call;
   11034 	cil_tree_node_init(&test_ast_node_call);
   11035 	test_ast_node_call->flavor = CIL_CALL;
   11036 
   11037 	uint32_t finished = 0;
   11038 
   11039 	uint32_t changed = CIL_FALSE;
   11040 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11041 
   11042 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11043 
   11044 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11045 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   11046 }
   11047 
   11048 void test_cil_resolve_ast_node_helper_optional(CuTest *tc) {
   11049 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
   11050 
   11051 	struct cil_tree *test_tree;
   11052 	gen_test_tree(&test_tree, line);
   11053 
   11054 	struct cil_db *test_db;
   11055 	cil_db_init(&test_db);
   11056 
   11057 	struct cil_tree_node *test_ast_node;
   11058 	cil_tree_node_init(&test_ast_node);
   11059 
   11060 	struct cil_tree_node *test_ast_node_opt;
   11061 	cil_tree_node_init(&test_ast_node_opt);
   11062 	test_ast_node_opt->flavor = CIL_OPTIONAL;
   11063 
   11064 	uint32_t finished = 0;
   11065 
   11066 	uint32_t changed = CIL_FALSE;
   11067 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11068 
   11069 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11070 
   11071 	// set optional to disabled
   11072 	((struct cil_symtab_datum *)test_db->ast->root->cl_head->data)->state = CIL_STATE_DISABLED;
   11073 
   11074 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11075 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   11076 }
   11077 
   11078 void test_cil_resolve_ast_node_helper_macro(CuTest *tc) {
   11079 	char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   11080 				"(", "type", "b", ")",
   11081 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
   11082 
   11083 	struct cil_tree *test_tree;
   11084 	gen_test_tree(&test_tree, line);
   11085 
   11086 	struct cil_db *test_db;
   11087 	cil_db_init(&test_db);
   11088 
   11089 	struct cil_tree_node *test_ast_node;
   11090 	cil_tree_node_init(&test_ast_node);
   11091 
   11092 	uint32_t finished = 0;
   11093 
   11094 	uint32_t changed = CIL_FALSE;
   11095 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11096 
   11097 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11098 
   11099 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11100 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   11101 }
   11102 
   11103 void test_cil_resolve_ast_node_helper_optstack(CuTest *tc) {
   11104 	char *line[] = {"(", "class", "baz", "(", "read", ")", ")",
   11105 			"(", "type", "foo", ")",
   11106 			"(", "type", "bar", ")",
   11107 			"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
   11108 
   11109 	struct cil_tree *test_tree;
   11110 	gen_test_tree(&test_tree, line);
   11111 
   11112 	struct cil_db *test_db;
   11113 	cil_db_init(&test_db);
   11114 
   11115 	struct cil_tree_node *test_ast_node;
   11116 	cil_tree_node_init(&test_ast_node);
   11117 
   11118 	struct cil_tree_node *test_ast_node_opt;
   11119 	cil_tree_node_init(&test_ast_node_opt);
   11120 	test_ast_node_opt->flavor = CIL_OPTIONAL;
   11121 
   11122 	uint32_t finished = 0;
   11123 
   11124 	uint32_t changed = CIL_FALSE;
   11125 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11126 
   11127 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11128 
   11129 	__cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   11130 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
   11131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
   11132 }
   11133 
   11134 void test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest *tc) {
   11135 	char *line[] = {"(", "tunable", "foo", "true", ")", NULL};
   11136 
   11137 	struct cil_tree *test_tree;
   11138 	gen_test_tree(&test_tree, line);
   11139 
   11140 	struct cil_db *test_db;
   11141 	cil_db_init(&test_db);
   11142 
   11143 	struct cil_tree_node *test_ast_node_opt;
   11144 	cil_tree_node_init(&test_ast_node_opt);
   11145 	test_ast_node_opt->flavor = CIL_OPTIONAL;
   11146 
   11147 	uint32_t changed = CIL_FALSE;
   11148 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, test_ast_node_opt, NULL);
   11149 
   11150 	uint32_t finished = 0;
   11151 
   11152 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11153 
   11154 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
   11155 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11156 }
   11157 
   11158 void test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest *tc) {
   11159 	char *line[] = {"(", "type", "qaz", ")",
   11160 			"(", "class", "file", "(", "read", ")", ")",
   11161 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
   11162 				"(", "type", "b", ")",
   11163 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
   11164 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
   11165 
   11166 	struct cil_tree *test_tree;
   11167 	gen_test_tree(&test_tree, line);
   11168 
   11169 	struct cil_db *test_db;
   11170 	cil_db_init(&test_db);
   11171 
   11172 	struct cil_tree_node *test_ast_node_opt;
   11173 	cil_tree_node_init(&test_ast_node_opt);
   11174 	test_ast_node_opt->flavor = CIL_OPTIONAL;
   11175 
   11176 	uint32_t changed = CIL_FALSE;
   11177 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, test_ast_node_opt, NULL);
   11178 
   11179 	uint32_t finished = 0;
   11180 
   11181 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11182 
   11183 	cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
   11184 
   11185 	args->pass = CIL_PASS_CALL2;
   11186 
   11187 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   11188 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11189 	CuAssertIntEquals(tc, 0, finished);
   11190 }
   11191 
   11192 void test_cil_resolve_ast_node_helper_nodenull_neg(CuTest *tc) {
   11193 	char *line[] = {"(", "role",  "staff_r", ")",
   11194 			"(", "user", "staff_u", ")",
   11195 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   11196 
   11197 	struct cil_tree *test_tree;
   11198 	gen_test_tree(&test_tree, line);
   11199 
   11200 	struct cil_db *test_db;
   11201 	cil_db_init(&test_db);
   11202 
   11203 	struct cil_tree_node *test_ast_node;
   11204 	cil_tree_node_init(&test_ast_node);
   11205 
   11206 	uint32_t changed = CIL_FALSE;
   11207 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
   11208 
   11209 	uint32_t finished = 0;
   11210 
   11211 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11212 
   11213 	int rc = __cil_resolve_ast_node_helper(NULL, &finished, args);
   11214 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11215 }
   11216 
   11217 void test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest *tc) {
   11218 	char *line[] = {"(", "role",  "staff_r", ")",
   11219 			"(", "user", "staff_u", ")",
   11220 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   11221 
   11222 	struct cil_tree *test_tree;
   11223 	gen_test_tree(&test_tree, line);
   11224 
   11225 	struct cil_db *test_db;
   11226 	cil_db_init(&test_db);
   11227 
   11228 	struct cil_tree_node *test_ast_node;
   11229 	cil_tree_node_init(&test_ast_node);
   11230 
   11231 	uint32_t finished = 0;
   11232 
   11233 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11234 
   11235 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, NULL);
   11236 	CuAssertIntEquals(tc, 0, finished);
   11237 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11238 }
   11239 
   11240 void test_cil_resolve_ast_node_helper_dbflavor_neg(CuTest *tc) {
   11241 	char *line[] = {"(", "role",  "staff_r", ")",
   11242 			"(", "user", "staff_u", ")",
   11243 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   11244 
   11245 	struct cil_tree *test_tree;
   11246 	gen_test_tree(&test_tree, line);
   11247 
   11248 	struct cil_db *test_db;
   11249 	cil_db_init(&test_db);
   11250 
   11251 	struct cil_tree_node *test_ast_node;
   11252 	cil_tree_node_init(&test_ast_node);
   11253 
   11254 	uint32_t finished = 0;
   11255 
   11256 	uint32_t changed = CIL_FALSE;
   11257 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11258 
   11259 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11260 
   11261 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   11262 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11263 }
   11264 
   11265 void test_cil_resolve_ast_node_helper_pass_neg(CuTest *tc) {
   11266 	char *line[] = {"(", "role",  "staff_r", ")",
   11267 			"(", "user", "staff_u", ")",
   11268 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
   11269 
   11270 	struct cil_tree *test_tree;
   11271 	gen_test_tree(&test_tree, line);
   11272 
   11273 	struct cil_db *test_db;
   11274 	cil_db_init(&test_db);
   11275 
   11276 	struct cil_tree_node *test_ast_node;
   11277 	cil_tree_node_init(&test_ast_node);
   11278 
   11279 	uint32_t finished = 0;
   11280 
   11281 	uint32_t changed = CIL_FALSE;
   11282 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
   11283 
   11284 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11285 
   11286 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
   11287 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
   11288 }
   11289 
   11290 void test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest *tc) {
   11291 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
   11292 			"(", "classcommon", "file", "file", ")", NULL};
   11293 
   11294 	struct cil_tree *test_tree;
   11295         gen_test_tree(&test_tree, line);
   11296 
   11297         struct cil_db *test_db;
   11298         cil_db_init(&test_db);
   11299 
   11300 	struct cil_optional *opt;
   11301 	cil_optional_init(&opt);
   11302 
   11303 	struct cil_tree_node *test_ast_node_opt;
   11304 	cil_tree_node_init(&test_ast_node_opt);
   11305 	test_ast_node_opt->flavor = CIL_OPTIONAL;
   11306 	test_ast_node_opt->data = opt;
   11307 
   11308 	uint32_t changed = CIL_FALSE;
   11309 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, test_ast_node_opt, NULL);
   11310 
   11311         uint32_t finished = 0;
   11312 
   11313         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
   11314 
   11315         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
   11316         CuAssertIntEquals(tc, SEPOL_OK, rc);
   11317         CuAssertIntEquals(tc, 0, finished);
   11318 }
   11319 
   11320