1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <sepol/policydb/policydb.h> 31 32 #include "CuTest.h" 33 #include "CilTest.h" 34 35 #include "../../src/cil_build_ast.h" 36 #include "../../src/cil_resolve_ast.h" 37 #include "../../src/cil_verify.h" 38 #include "../../src/cil_internal.h" 39 40 /* this all needs to be moved to a private header file */ 41 int __cil_resolve_ast_node_helper(struct cil_tree_node *, uint32_t *, void *); 42 int __cil_disable_children_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *); 43 44 struct cil_args_resolve { 45 struct cil_db *db; 46 enum cil_pass pass; 47 uint32_t *changed; 48 struct cil_tree_node *callstack; 49 struct cil_tree_node *optstack; 50 struct cil_tree_node *macro; 51 }; 52 53 struct cil_args_resolve *gen_resolve_args(struct cil_db *db, enum cil_pass pass, uint32_t *changed, struct cil_tree_node *calls, struct cil_tree_node *opts, struct cil_tree_node *macro) 54 { 55 struct cil_args_resolve *args = cil_malloc(sizeof(*args)); 56 args->db = db; 57 args->pass = pass; 58 args->changed = changed; 59 args->callstack = calls; 60 args->optstack = opts; 61 args->macro = macro; 62 63 return args; 64 } 65 66 void test_cil_resolve_name(CuTest *tc) { 67 char *line[] = { "(", "block", "foo", 68 "(", "typealias", "test", "type_t", ")", 69 "(", "type", "test", ")", ")", NULL}; 70 71 struct cil_tree *test_tree; 72 gen_test_tree(&test_tree, line); 73 74 struct cil_db *test_db; 75 cil_db_init(&test_db); 76 77 uint32_t changed = CIL_FALSE; 78 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 79 80 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 81 82 struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head; 83 struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data; 84 struct cil_tree_node *type_node = NULL; 85 86 int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node); 87 CuAssertIntEquals(tc, SEPOL_OK, rc); 88 } 89 90 void test_cil_resolve_name_invalid_type_neg(CuTest *tc) { 91 char *line[] = { "(", "block", "foo", 92 "(", "typealias", "foo.test2", "type_t", ")", 93 "(", "type", "test", ")", ")", NULL}; 94 95 struct cil_tree *test_tree; 96 gen_test_tree(&test_tree, line); 97 98 struct cil_db *test_db; 99 cil_db_init(&test_db); 100 101 uint32_t changed = CIL_FALSE; 102 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 103 104 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 105 106 struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head; 107 struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data; 108 struct cil_tree_node *type_node = NULL; 109 110 int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node); 111 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 112 } 113 114 void test_cil_resolve_ast_curr_null_neg(CuTest *tc) { 115 struct cil_db *test_db; 116 cil_db_init(&test_db); 117 118 test_db->ast->root = NULL; 119 120 int rc = cil_resolve_ast(test_db, test_db->ast->root); 121 CuAssertIntEquals(tc, SEPOL_ERR, rc); 122 } 123 124 125 /* 126 cil_resolve test cases 127 */ 128 129 void test_cil_resolve_roleallow(CuTest *tc) { 130 char *line[] = {"(", "role", "foo", ")", \ 131 "(", "role", "bar", ")", \ 132 "(", "roleallow", "foo", "bar", ")", NULL}; 133 134 struct cil_tree *test_tree; 135 gen_test_tree(&test_tree, line); 136 137 struct cil_db *test_db; 138 cil_db_init(&test_db); 139 140 uint32_t changed = CIL_FALSE; 141 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 142 143 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 144 145 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next->next, args); 146 CuAssertIntEquals(tc, SEPOL_OK, rc); 147 } 148 149 void test_cil_resolve_roleallow_srcdecl_neg(CuTest *tc) { 150 char *line[] = {"(", "role", "bar", ")", \ 151 "(", "roleallow", "foo", "bar", ")", NULL}; 152 153 struct cil_tree *test_tree; 154 gen_test_tree(&test_tree, line); 155 156 struct cil_db *test_db; 157 cil_db_init(&test_db); 158 159 uint32_t changed = CIL_FALSE; 160 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 161 162 int rc1=cil_build_ast(test_db, test_tree->root, test_db->ast->root); 163 rc1 = rc1; 164 165 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args); 166 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 167 } 168 169 void test_cil_resolve_roleallow_tgtdecl_neg(CuTest *tc) { 170 char *line[] = {"(", "role", "foo", ")", \ 171 "(", "roleallow", "foo", "bar", ")", NULL}; 172 173 struct cil_tree *test_tree; 174 gen_test_tree(&test_tree, line); 175 176 struct cil_db *test_db; 177 cil_db_init(&test_db); 178 179 uint32_t changed = CIL_FALSE; 180 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 181 182 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 183 184 int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args); 185 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 186 } 187 188 void test_cil_resolve_classmapping_anon(CuTest *tc) { 189 char *line[] = {"(", "class", "file", "(", "open", ")", ")", 190 "(", "classmap", "files", "(", "read", ")", ")", 191 "(", "classmapping", "files", "read", "(", "file", "(", "open", ")", ")", ")", NULL}; 192 193 struct cil_tree *test_tree; 194 gen_test_tree(&test_tree, line); 195 196 struct cil_db *test_db; 197 cil_db_init(&test_db); 198 199 uint32_t changed = CIL_FALSE; 200 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 201 202 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 203 204 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args); 205 CuAssertIntEquals(tc, SEPOL_OK, rc); 206 } 207 208 void test_cil_resolve_classmapping_anon_inmacro(CuTest *tc) { 209 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 210 "(", "class", "file", "(", "open", ")", ")", 211 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")", 212 "(", "classmapping", "files", "read", "a", ")", ")", 213 "(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL}; 214 215 struct cil_tree *test_tree; 216 gen_test_tree(&test_tree, line); 217 218 struct cil_db *test_db; 219 cil_db_init(&test_db); 220 221 uint32_t changed = CIL_FALSE; 222 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 223 224 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 225 226 args->pass = CIL_PASS_CALL1; 227 228 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 229 230 args->pass = CIL_PASS_CALL2; 231 232 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args); 233 234 args->pass = CIL_PASS_MISC3; 235 args->callstack = test_db->ast->root->cl_head->next->next->next; 236 237 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args); 238 CuAssertIntEquals(tc, SEPOL_OK, rc); 239 CuAssertIntEquals(tc, SEPOL_OK, rc2); 240 CuAssertIntEquals(tc, SEPOL_OK, rc3); 241 } 242 243 void test_cil_resolve_classmapping_anon_inmacro_neg(CuTest *tc) { 244 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 245 "(", "class", "file", "(", "open", ")", ")", 246 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")", 247 "(", "classmapping", "files", "read", "a", ")", ")", 248 "(", "call", "mm", "(", "(", "DNE", "(", "open", ")", ")", ")", ")", NULL}; 249 250 struct cil_tree *test_tree; 251 gen_test_tree(&test_tree, line); 252 253 struct cil_db *test_db; 254 cil_db_init(&test_db); 255 256 uint32_t changed = CIL_FALSE; 257 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 258 259 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 260 261 args->pass = CIL_PASS_CALL1; 262 263 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 264 265 args->pass = CIL_PASS_CALL2; 266 267 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args); 268 269 args->pass = CIL_PASS_MISC3; 270 args->callstack = test_db->ast->root->cl_head->next->next->next; 271 272 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args); 273 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 274 CuAssertIntEquals(tc, SEPOL_OK, rc2); 275 CuAssertIntEquals(tc, SEPOL_OK, rc3); 276 } 277 278 void test_cil_resolve_classmapping_named(CuTest *tc) { 279 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 280 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")", 281 "(", "classmapping", "files", "read", "char_w", ")", NULL}; 282 283 struct cil_tree *test_tree; 284 gen_test_tree(&test_tree, line); 285 286 struct cil_db *test_db; 287 cil_db_init(&test_db); 288 289 uint32_t changed = CIL_FALSE; 290 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 291 292 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 293 294 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args); 295 CuAssertIntEquals(tc, SEPOL_OK, rc); 296 } 297 298 void test_cil_resolve_classmapping_named_classmapname_neg(CuTest *tc) { 299 char *line[] = {"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")", 300 "(", "classmap", "files", "(", "read", ")", ")", 301 "(", "classmapping", "files", "read", "foo", ")", NULL}; 302 303 struct cil_tree *test_tree; 304 gen_test_tree(&test_tree, line); 305 306 struct cil_db *test_db; 307 cil_db_init(&test_db); 308 309 uint32_t changed = CIL_FALSE; 310 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 311 312 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 313 314 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args); 315 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 316 } 317 318 void test_cil_resolve_classmapping_anon_classmapname_neg(CuTest *tc) { 319 char *line[] = {"(", "class", "file", "(", "open", ")", ")", 320 "(", "classmap", "files", "(", "read", ")", ")", 321 "(", "classmapping", "dne", "read", "(", "file", "(", "open", ")", ")", ")", NULL}; 322 323 struct cil_tree *test_tree; 324 gen_test_tree(&test_tree, line); 325 326 struct cil_db *test_db; 327 cil_db_init(&test_db); 328 329 uint32_t changed = CIL_FALSE; 330 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 331 332 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 333 334 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args); 335 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 336 } 337 338 void test_cil_resolve_classmapping_anon_permset_neg(CuTest *tc) { 339 char *line[] = {"(", "class", "file", "(", "open", ")", ")", 340 "(", "classmap", "files", "(", "read", ")", ")", 341 "(", "classmapping", "files", "read", "(", "dne", "(", "open", ")", ")", ")", NULL}; 342 343 struct cil_tree *test_tree; 344 gen_test_tree(&test_tree, line); 345 346 struct cil_db *test_db; 347 cil_db_init(&test_db); 348 349 uint32_t changed = CIL_FALSE; 350 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 351 352 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 353 354 int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args); 355 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 356 } 357 358 void test_cil_resolve_rolebounds(CuTest *tc) { 359 char *line[] = {"(", "role", "role1", ")", 360 "(", "role", "role2", ")", 361 "(", "rolebounds", "role1", "role2", ")", NULL}; 362 363 struct cil_tree *test_tree; 364 gen_test_tree(&test_tree, line); 365 366 struct cil_db *test_db; 367 cil_db_init(&test_db); 368 369 uint32_t changed = CIL_FALSE; 370 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 371 372 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 373 374 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args); 375 CuAssertIntEquals(tc, SEPOL_OK, rc); 376 } 377 378 void test_cil_resolve_rolebounds_exists_neg(CuTest *tc) { 379 char *line[] = {"(", "role", "role1", ")", 380 "(", "role", "role2", ")", 381 "(", "rolebounds", "role1", "role2", ")", NULL}; 382 383 struct cil_tree *test_tree; 384 gen_test_tree(&test_tree, line); 385 386 struct cil_db *test_db; 387 cil_db_init(&test_db); 388 389 uint32_t changed = CIL_FALSE; 390 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 391 392 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 393 394 cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args); 395 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args); 396 CuAssertIntEquals(tc, SEPOL_ERR, rc); 397 } 398 399 void test_cil_resolve_rolebounds_role1_neg(CuTest *tc) { 400 char *line[] = {"(", "role", "role1", ")", 401 "(", "role", "role2", ")", 402 "(", "rolebounds", "role_DNE", "role2", ")", NULL}; 403 404 struct cil_tree *test_tree; 405 gen_test_tree(&test_tree, line); 406 407 struct cil_db *test_db; 408 cil_db_init(&test_db); 409 410 uint32_t changed = CIL_FALSE; 411 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 412 413 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 414 415 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args); 416 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 417 } 418 419 void test_cil_resolve_rolebounds_role2_neg(CuTest *tc) { 420 char *line[] = {"(", "role", "role1", ")", 421 "(", "role", "role2", ")", 422 "(", "rolebounds", "role1", "role_DNE", ")", NULL}; 423 424 struct cil_tree *test_tree; 425 gen_test_tree(&test_tree, line); 426 427 struct cil_db *test_db; 428 cil_db_init(&test_db); 429 430 uint32_t changed = CIL_FALSE; 431 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 432 433 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 434 435 int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args); 436 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 437 } 438 439 void test_cil_resolve_sensalias(CuTest *tc) { 440 char *line[] = {"(", "sensitivity", "s0", ")", 441 "(", "sensitivityalias", "s0", "alias", ")", NULL}; 442 443 struct cil_tree *test_tree; 444 gen_test_tree(&test_tree, line); 445 446 struct cil_db *test_db; 447 cil_db_init(&test_db); 448 449 uint32_t changed = CIL_FALSE; 450 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 451 452 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 453 454 int rc = cil_resolve_sensalias(test_db->ast->root->cl_head->next, args); 455 CuAssertIntEquals(tc, SEPOL_OK, rc); 456 } 457 458 void test_cil_resolve_sensalias_sensdecl_neg(CuTest *tc) { 459 char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL}; 460 461 struct cil_tree *test_tree; 462 gen_test_tree(&test_tree, line); 463 464 struct cil_db *test_db; 465 cil_db_init(&test_db); 466 467 uint32_t changed = CIL_FALSE; 468 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 469 470 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 471 472 int rc = cil_resolve_sensalias(test_db->ast->root->cl_head, args); 473 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 474 } 475 476 void test_cil_resolve_catalias(CuTest *tc) { 477 char *line[] = {"(", "category", "c0", ")", 478 "(", "categoryalias", "c0", "red", ")", NULL}; 479 480 struct cil_tree *test_tree; 481 gen_test_tree(&test_tree, line); 482 483 struct cil_db *test_db; 484 cil_db_init(&test_db); 485 486 uint32_t changed = CIL_FALSE; 487 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 488 489 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 490 491 int rc = cil_resolve_catalias(test_db->ast->root->cl_head->next, args); 492 CuAssertIntEquals(tc, SEPOL_OK, rc); 493 } 494 495 void test_cil_resolve_catalias_catdecl_neg(CuTest *tc) { 496 char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL}; 497 498 struct cil_tree *test_tree; 499 gen_test_tree(&test_tree, line); 500 501 struct cil_db *test_db; 502 cil_db_init(&test_db); 503 504 uint32_t changed = CIL_FALSE; 505 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 506 507 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 508 509 int rc = cil_resolve_catalias(test_db->ast->root->cl_head, args); 510 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 511 } 512 513 void test_cil_resolve_catorder(CuTest *tc) { 514 char *line[] = {"(", "category", "c0", ")", 515 "(", "category", "c3", ")", 516 "(", "categoryorder", "(", "c0", "c3", ")", NULL}; 517 518 struct cil_tree *test_tree; 519 gen_test_tree(&test_tree, line); 520 521 struct cil_db *test_db; 522 cil_db_init(&test_db); 523 524 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 525 526 uint32_t changed = CIL_FALSE; 527 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 528 529 int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 530 int rc2 = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 531 CuAssertIntEquals(tc, SEPOL_OK, rc); 532 CuAssertIntEquals(tc, SEPOL_OK, rc2); 533 } 534 535 void test_cil_resolve_catorder_neg(CuTest *tc) { 536 char *line[] = {"(", "category", "c0", ")", 537 "(", "category", "c3", ")", 538 "(", "categoryorder", "(", "c5", ")", ")", NULL}; 539 540 struct cil_tree *test_tree; 541 gen_test_tree(&test_tree, line); 542 543 struct cil_db *test_db; 544 cil_db_init(&test_db); 545 546 uint32_t changed = CIL_FALSE; 547 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 548 549 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 550 551 int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 552 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 553 } 554 555 void test_cil_resolve_dominance(CuTest *tc) { 556 char *line[] = {"(", "sensitivity", "s0", ")", 557 "(", "sensitivity", "s1", ")", 558 "(", "sensitivity", "s2", ")", 559 "(", "dominance", "(", "s0", "s1", ")", NULL}; 560 561 struct cil_tree *test_tree; 562 gen_test_tree(&test_tree, line); 563 564 struct cil_db *test_db; 565 cil_db_init(&test_db); 566 567 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 568 569 uint32_t changed = CIL_FALSE; 570 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 571 572 int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args); 573 int rc2 = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args); 574 CuAssertIntEquals(tc, SEPOL_OK, rc); 575 CuAssertIntEquals(tc, SEPOL_OK, rc2); 576 } 577 578 void test_cil_resolve_dominance_neg(CuTest *tc) { 579 char *line[] = {"(", "sensitivity", "s0", ")", 580 "(", "sensitivity", "s1", ")", 581 "(", "sensitivity", "s2", ")", 582 "(", "dominance", "(", "s6", ")", ")", NULL}; 583 584 struct cil_tree *test_tree; 585 gen_test_tree(&test_tree, line); 586 587 struct cil_db *test_db; 588 cil_db_init(&test_db); 589 590 uint32_t changed = CIL_FALSE; 591 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 592 593 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 594 595 int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args); 596 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 597 } 598 599 void test_cil_resolve_cat_list(CuTest *tc) { 600 char *line[] = {"(", "category", "c0", ")", 601 "(", "category", "c1", ")", 602 "(", "category", "c2", ")", 603 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL}; 604 605 struct cil_tree *test_tree; 606 gen_test_tree(&test_tree, line); 607 608 struct cil_db *test_db; 609 cil_db_init(&test_db); 610 611 uint32_t changed = CIL_FALSE; 612 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 613 614 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 615 616 struct cil_list *test_cat_list; 617 cil_list_init(&test_cat_list); 618 619 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data; 620 621 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args); 622 CuAssertIntEquals(tc, SEPOL_OK, rc); 623 } 624 625 void test_cil_resolve_cat_list_catlistnull_neg(CuTest *tc) { 626 char *line[] = {"(", "category", "c0", ")", 627 "(", "category", "c1", ")", 628 "(", "category", "c2", ")", 629 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL}; 630 631 struct cil_tree *test_tree; 632 gen_test_tree(&test_tree, line); 633 634 struct cil_db *test_db; 635 cil_db_init(&test_db); 636 637 uint32_t changed = CIL_FALSE; 638 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 639 640 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 641 642 struct cil_list *test_cat_list; 643 cil_list_init(&test_cat_list); 644 645 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data; 646 test_catset->cat_list_str = NULL; 647 648 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args); 649 CuAssertIntEquals(tc, SEPOL_ERR, rc); 650 } 651 652 void test_cil_resolve_cat_list_rescatlistnull_neg(CuTest *tc) { 653 char *line[] = {"(", "category", "c0", ")", 654 "(", "category", "c1", ")", 655 "(", "category", "c2", ")", 656 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL}; 657 658 struct cil_tree *test_tree; 659 gen_test_tree(&test_tree, line); 660 661 struct cil_db *test_db; 662 cil_db_init(&test_db); 663 664 uint32_t changed = CIL_FALSE; 665 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 666 667 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 668 669 struct cil_list *test_cat_list = NULL; 670 671 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data; 672 673 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args); 674 CuAssertIntEquals(tc, SEPOL_ERR, rc); 675 } 676 677 void test_cil_resolve_cat_list_catrange(CuTest *tc) { 678 char *line[] = {"(", "category", "c0", ")", 679 "(", "category", "c1", ")", 680 "(", "category", "c2", ")", 681 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")", 682 "(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL}; 683 684 struct cil_tree *test_tree; 685 gen_test_tree(&test_tree, line); 686 687 struct cil_db *test_db; 688 cil_db_init(&test_db); 689 690 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 691 692 uint32_t changed = CIL_FALSE; 693 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 694 695 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args); 696 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 697 698 struct cil_list *test_cat_list; 699 cil_list_init(&test_cat_list); 700 701 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data; 702 703 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args); 704 CuAssertIntEquals(tc, SEPOL_OK, rc); 705 } 706 707 void test_cil_resolve_cat_list_catrange_neg(CuTest *tc) { 708 char *line[] = {"(", "category", "c0", ")", 709 "(", "category", "c1", ")", 710 "(", "category", "c2", ")", 711 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")", 712 "(", "categoryset", "somecats", "(", "c0", "(", "c2", "c1", ")", ")", ")", NULL}; 713 714 struct cil_tree *test_tree; 715 gen_test_tree(&test_tree, line); 716 717 struct cil_db *test_db; 718 cil_db_init(&test_db); 719 720 uint32_t changed = CIL_FALSE; 721 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 722 723 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 724 725 struct cil_list *test_cat_list; 726 cil_list_init(&test_cat_list); 727 728 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args); 729 730 args->pass = CIL_PASS_MLS; 731 732 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data; 733 734 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args); 735 CuAssertIntEquals(tc, SEPOL_ERR, rc); 736 } 737 738 void test_cil_resolve_cat_list_catname_neg(CuTest *tc) { 739 char *line[] = {"(", "category", "c5", ")", 740 "(", "category", "c6", ")", 741 "(", "category", "c7", ")", 742 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")", 743 "(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL}; 744 745 struct cil_tree *test_tree; 746 gen_test_tree(&test_tree, line); 747 748 struct cil_db *test_db; 749 cil_db_init(&test_db); 750 751 uint32_t changed = CIL_FALSE; 752 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 753 754 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 755 756 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args); 757 758 args->pass = CIL_PASS_MLS; 759 struct cil_list *test_cat_list; 760 cil_list_init(&test_cat_list); 761 762 struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data; 763 764 int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args); 765 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 766 } 767 768 void test_cil_resolve_catset(CuTest *tc) { 769 char *line[] = {"(", "category", "c0", ")", 770 "(", "category", "c1", ")", 771 "(", "category", "c2", ")", 772 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL}; 773 774 struct cil_tree *test_tree; 775 gen_test_tree(&test_tree, line); 776 777 struct cil_db *test_db; 778 cil_db_init(&test_db); 779 780 uint32_t changed = CIL_FALSE; 781 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 782 783 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 784 785 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data; 786 787 int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args); 788 CuAssertIntEquals(tc, SEPOL_OK, rc); 789 } 790 791 void test_cil_resolve_catset_catlist_neg(CuTest *tc) { 792 char *line[] = {"(", "category", "c0", ")", 793 "(", "category", "c1", ")", 794 "(", "category", "c2", ")", 795 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", "c4", ")", ")", NULL}; 796 797 struct cil_tree *test_tree; 798 gen_test_tree(&test_tree, line); 799 800 struct cil_db *test_db; 801 cil_db_init(&test_db); 802 803 uint32_t changed = CIL_FALSE; 804 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 805 806 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 807 808 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data; 809 810 int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args); 811 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 812 } 813 814 void test_cil_resolve_catrange(CuTest *tc) { 815 char *line[] = {"(", "category", "c0", ")", 816 "(", "category", "c255", ")", 817 "(", "categoryorder", "(", "c0", "c255", ")", ")", 818 "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL}; 819 820 struct cil_tree *test_tree; 821 gen_test_tree(&test_tree, line); 822 823 struct cil_db *test_db; 824 cil_db_init(&test_db); 825 826 uint32_t changed = CIL_FALSE; 827 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 828 829 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 830 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 831 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 832 833 args->pass = CIL_PASS_MLS; 834 835 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args); 836 CuAssertIntEquals(tc, SEPOL_OK, rc); 837 } 838 839 void test_cil_resolve_catrange_catloworder_neg(CuTest *tc) { 840 char *line[] = {"(", "category", "c0", ")", 841 "(", "category", "c255", ")", 842 "(", "categoryorder", "(", "c0", "c255", ")", ")", 843 "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL}; 844 845 struct cil_tree *test_tree; 846 gen_test_tree(&test_tree, line); 847 848 struct cil_db *test_db; 849 cil_db_init(&test_db); 850 851 uint32_t changed = CIL_FALSE; 852 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 853 854 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 855 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 856 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 857 858 test_db->catorder->head = test_db->catorder->head->next; 859 test_db->catorder->head->next = NULL; 860 861 args->pass = CIL_PASS_MLS; 862 863 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args); 864 CuAssertIntEquals(tc, SEPOL_ERR, rc); 865 } 866 867 void test_cil_resolve_catrange_cathighorder_neg(CuTest *tc) { 868 char *line[] = {"(", "category", "c0", ")", 869 "(", "category", "c255", ")", 870 "(", "categoryorder", "(", "c0", "c255", ")", ")", 871 "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL}; 872 873 struct cil_tree *test_tree; 874 gen_test_tree(&test_tree, line); 875 876 struct cil_db *test_db; 877 cil_db_init(&test_db); 878 879 uint32_t changed = CIL_FALSE; 880 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 881 882 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 883 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 884 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 885 886 args->pass = CIL_PASS_MLS; 887 888 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args); 889 CuAssertIntEquals(tc, SEPOL_ERR, rc); 890 } 891 892 void test_cil_resolve_catrange_cat1_neg(CuTest *tc) { 893 char *line[] = {"(", "category", "c0", ")", 894 "(", "category", "c255", ")", 895 "(", "categoryorder", "(", "c0", "c255", ")", ")", 896 "(", "categoryrange", "range", "(", "c12", "c255", ")", ")", NULL}; 897 898 struct cil_tree *test_tree; 899 gen_test_tree(&test_tree, line); 900 901 struct cil_db *test_db; 902 cil_db_init(&test_db); 903 904 uint32_t changed = CIL_FALSE; 905 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 906 907 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 908 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 909 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 910 911 args->pass = CIL_PASS_MLS; 912 913 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args); 914 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 915 } 916 917 void test_cil_resolve_catrange_cat2_neg(CuTest *tc) { 918 char *line[] = {"(", "category", "c0", ")", 919 "(", "category", "c255", ")", 920 "(", "categoryorder", "(", "c0", "c255", ")", ")", 921 "(", "categoryrange", "range", "(", "c0", "c23", ")", ")", NULL}; 922 923 struct cil_tree *test_tree; 924 gen_test_tree(&test_tree, line); 925 926 struct cil_db *test_db; 927 cil_db_init(&test_db); 928 929 uint32_t changed = CIL_FALSE; 930 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 931 932 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 933 cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args); 934 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 935 936 args->pass = CIL_PASS_MLS; 937 938 int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args); 939 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 940 } 941 942 void test_cil_resolve_senscat(CuTest *tc) { 943 char *line[] = {"(", "sensitivity", "s0", ")", 944 "(", "sensitivity", "s1", ")", 945 "(", "dominance", "(", "s0", "s1", ")", ")", 946 "(", "category", "c0", ")", 947 "(", "category", "c255", ")", 948 "(", "categoryorder", "(", "c0", "c255", ")", ")", 949 "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL}; 950 951 struct cil_tree *test_tree; 952 gen_test_tree(&test_tree, line); 953 954 struct cil_db *test_db; 955 cil_db_init(&test_db); 956 957 uint32_t changed = CIL_FALSE; 958 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 959 960 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 961 962 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 963 CuAssertIntEquals(tc, SEPOL_OK, rc); 964 } 965 966 void test_cil_resolve_senscat_catrange_neg(CuTest *tc) { 967 char *line[] = {"(", "sensitivity", "s0", ")", 968 "(", "sensitivity", "s1", ")", 969 "(", "dominance", "(", "s0", "s1", ")", ")", 970 "(", "category", "c0", ")", 971 "(", "category", "c255", ")", 972 "(", "category", "c500", ")", 973 "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")", 974 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c255", "c5", ")", ")", ")", NULL}; 975 976 struct cil_tree *test_tree; 977 gen_test_tree(&test_tree, line); 978 979 struct cil_db *test_db; 980 cil_db_init(&test_db); 981 982 uint32_t changed = CIL_FALSE; 983 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 984 985 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 986 987 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 988 989 args->pass = CIL_PASS_MLS; 990 991 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 992 CuAssertIntEquals(tc, SEPOL_ERR, rc); 993 } 994 995 void test_cil_resolve_senscat_catsetname(CuTest *tc) { 996 char *line[] = {"(", "sensitivity", "s0", ")", 997 "(", "sensitivity", "s1", ")", 998 "(", "category", "c0", ")", 999 "(", "category", "c255", ")", 1000 "(", "category", "c500", ")", 1001 "(", "categoryset", "foo", "(", "c0", "c255", "c500", ")", ")", 1002 "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")", 1003 "(", "sensitivitycategory", "s1", "foo", ")", NULL}; 1004 1005 struct cil_tree *test_tree; 1006 gen_test_tree(&test_tree, line); 1007 1008 struct cil_db *test_db; 1009 cil_db_init(&test_db); 1010 1011 uint32_t changed = CIL_FALSE; 1012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 1013 1014 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1015 1016 struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->next->next->data; 1017 cil_resolve_catset(test_db->ast->root->cl_head->next->next->next->next->next, test_catset, args); 1018 1019 args->pass = CIL_PASS_MISC2; 1020 1021 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 1022 CuAssertIntEquals(tc, SEPOL_OK, rc); 1023 } 1024 1025 void test_cil_resolve_senscat_catsetname_neg(CuTest *tc) { 1026 char *line[] = {"(", "sensitivity", "s0", ")", 1027 "(", "sensitivity", "s1", ")", 1028 "(", "category", "c0", ")", 1029 "(", "category", "c255", ")", 1030 "(", "category", "c500", ")", 1031 "(", "sensitivitycategory", "s1", "foo", ")", NULL}; 1032 1033 struct cil_tree *test_tree; 1034 gen_test_tree(&test_tree, line); 1035 1036 struct cil_db *test_db; 1037 cil_db_init(&test_db); 1038 1039 uint32_t changed = CIL_FALSE; 1040 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1041 1042 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1043 1044 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 1045 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1046 } 1047 1048 void test_cil_resolve_senscat_sublist(CuTest *tc) { 1049 char *line[] = {"(", "sensitivity", "s0", ")", 1050 "(", "sensitivity", "s1", ")", 1051 "(", "dominance", "(", "s0", "s1", ")", ")", 1052 "(", "category", "c0", ")", 1053 "(", "category", "c1", ")", 1054 "(", "category", "c255", ")", 1055 "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")", 1056 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL}; 1057 1058 struct cil_tree *test_tree; 1059 gen_test_tree(&test_tree, line); 1060 1061 struct cil_db *test_db; 1062 cil_db_init(&test_db); 1063 1064 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1065 1066 uint32_t changed = CIL_FALSE; 1067 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 1068 1069 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args); 1070 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 1071 1072 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 1073 CuAssertIntEquals(tc, SEPOL_OK, rc); 1074 } 1075 1076 void test_cil_resolve_senscat_missingsens_neg(CuTest *tc) { 1077 char *line[] = {"(", "sensitivity", "s0", ")", 1078 "(", "dominance", "(", "s0", "s1", ")", ")", 1079 "(", "category", "c0", ")", 1080 "(", "category", "c255", ")", 1081 "(", "categoryorder", "(", "c0", "c255", ")", ")", 1082 "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL}; 1083 1084 struct cil_tree *test_tree; 1085 gen_test_tree(&test_tree, line); 1086 1087 struct cil_db *test_db; 1088 cil_db_init(&test_db); 1089 1090 uint32_t changed = CIL_FALSE; 1091 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 1092 1093 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1094 1095 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 1096 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1097 } 1098 1099 void test_cil_resolve_senscat_category_neg(CuTest *tc) { 1100 char *line[] = {"(", "sensitivity", "s0", ")", 1101 "(", "sensitivity", "s1", ")", 1102 "(", "dominance", "(", "s0", "s1", ")", ")", 1103 "(", "category", "c0", ")", 1104 "(", "category", "c255", ")", 1105 "(", "categoryorder", "(", "c0", "c255", ")", ")", 1106 "(", "sensitivitycategory", "s1", "(", "c5", "c255", ")", ")", NULL}; 1107 1108 struct cil_tree *test_tree; 1109 gen_test_tree(&test_tree, line); 1110 1111 struct cil_db *test_db; 1112 cil_db_init(&test_db); 1113 1114 uint32_t changed = CIL_FALSE; 1115 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL); 1116 1117 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1118 1119 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 1120 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1121 } 1122 1123 void test_cil_resolve_senscat_currrangecat(CuTest *tc) { 1124 char *line[] = {"(", "sensitivity", "s0", ")", 1125 "(", "sensitivity", "s1", ")", 1126 "(", "dominance", "(", "s0", "s1", ")", ")", 1127 "(", "category", "c0", ")", 1128 "(", "category", "c1", ")", 1129 "(", "category", "c255", ")", 1130 "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")", 1131 "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL}; 1132 1133 struct cil_tree *test_tree; 1134 gen_test_tree(&test_tree, line); 1135 1136 struct cil_db *test_db; 1137 cil_db_init(&test_db); 1138 1139 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1140 1141 uint32_t changed = CIL_FALSE; 1142 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 1143 1144 cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args); 1145 __cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT); 1146 __cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS); 1147 1148 args->pass = CIL_PASS_MISC2; 1149 1150 int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 1151 CuAssertIntEquals(tc, SEPOL_OK, rc); 1152 } 1153 1154 void test_cil_resolve_level(CuTest *tc) { 1155 char *line[] = {"(", "category", "c0", ")", 1156 "(", "categoryorder", "(", "c0", ")", ")", 1157 "(", "sensitivity", "s0", ")", 1158 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1159 "(", "type", "blah_t", ")", 1160 "(", "role", "blah_r", ")", 1161 "(", "user", "blah_u", ")", 1162 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1163 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1164 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1165 1166 struct cil_tree *test_tree; 1167 gen_test_tree(&test_tree, line); 1168 1169 struct cil_db *test_db; 1170 cil_db_init(&test_db); 1171 1172 uint32_t changed = CIL_FALSE; 1173 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1174 1175 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1176 1177 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 1178 1179 args->pass = CIL_PASS_MISC3; 1180 1181 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 1182 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1183 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args); 1184 CuAssertIntEquals(tc, SEPOL_OK, rc); 1185 CuAssertIntEquals(tc, SEPOL_OK, rc2); 1186 } 1187 1188 void test_cil_resolve_level_catlist(CuTest *tc) { 1189 char *line[] = {"(", "category", "c0", ")", 1190 "(", "category", "c1", ")", 1191 "(", "categoryorder", "(", "c0", "c1", ")", ")", 1192 "(", "sensitivity", "s0", ")", 1193 "(", "sensitivitycategory", "s0", "(", "c0", "c1", ")", ")", 1194 "(", "type", "blah_t", ")", 1195 "(", "role", "blah_r", ")", 1196 "(", "user", "blah_u", ")", 1197 "(", "level", "low", "(", "s0", "(", "c0", "c1", ")", ")", ")", 1198 "(", "level", "high", "(", "s0", "(", "c0", "c1", ")", ")", ")", 1199 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1200 1201 struct cil_tree *test_tree; 1202 gen_test_tree(&test_tree, line); 1203 1204 struct cil_db *test_db; 1205 cil_db_init(&test_db); 1206 1207 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1208 1209 uint32_t changed = CIL_FALSE; 1210 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1211 1212 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next, args); 1213 1214 args->pass = CIL_PASS_MISC3; 1215 1216 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 1217 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1218 CuAssertIntEquals(tc, SEPOL_OK, rc); 1219 rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1220 CuAssertIntEquals(tc, SEPOL_OK, rc); 1221 } 1222 1223 void test_cil_resolve_level_catset(CuTest *tc) { 1224 char *line[] = {"(", "category", "c0", ")", 1225 "(", "category", "c1", ")", 1226 "(", "category", "c2", ")", 1227 "(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")", 1228 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")", 1229 "(", "sensitivity", "s0", ")", 1230 "(", "sensitivitycategory", "s0", "cats", ")", 1231 "(", "type", "blah_t", ")", 1232 "(", "role", "blah_r", ")", 1233 "(", "user", "blah_u", ")", 1234 "(", "level", "low", "(", "s0", "cats", ")", ")", 1235 "(", "level", "high", "(", "s0", "(", "cats", ")", ")", ")", 1236 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1237 1238 struct cil_tree *test_tree; 1239 gen_test_tree(&test_tree, line); 1240 1241 struct cil_db *test_db; 1242 cil_db_init(&test_db); 1243 1244 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1245 1246 uint32_t changed = CIL_FALSE; 1247 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 1248 1249 struct cil_catset *cs = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data; 1250 1251 cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next, args); 1252 1253 args->pass = CIL_PASS_MLS; 1254 1255 cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, cs, args); 1256 1257 args->pass = CIL_PASS_MISC2; 1258 1259 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 1260 1261 args->pass = CIL_PASS_MISC3; 1262 1263 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next; 1264 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1265 CuAssertIntEquals(tc, SEPOL_OK, rc); 1266 } 1267 1268 void test_cil_resolve_level_catset_name_neg(CuTest *tc) { 1269 char *line[] = {"(", "category", "c0", ")", 1270 "(", "category", "c1", ")", 1271 "(", "category", "c2", ")", 1272 "(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")", 1273 "(", "categoryorder", "(", "c0", "c1", "c2", ")", ")", 1274 "(", "sensitivity", "s0", ")", 1275 "(", "sensitivitycategory", "s0", "cats", ")", 1276 "(", "type", "blah_t", ")", 1277 "(", "role", "blah_r", ")", 1278 "(", "user", "blah_u", ")", 1279 "(", "level", "low", "(", "s0", "dne", ")", ")", 1280 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1281 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1282 1283 struct cil_tree *test_tree; 1284 gen_test_tree(&test_tree, line); 1285 1286 struct cil_db *test_db; 1287 cil_db_init(&test_db); 1288 1289 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1290 1291 uint32_t changed = CIL_FALSE; 1292 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1293 1294 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 1295 1296 args->pass = CIL_PASS_MISC3; 1297 1298 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next; 1299 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1300 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1301 } 1302 1303 void test_cil_resolve_level_sens_neg(CuTest *tc) { 1304 char *line[] = {"(", "category", "c0", ")", 1305 "(", "categoryorder", "(", "c0", ")", ")", 1306 "(", "sensitivity", "s0", ")", 1307 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1308 "(", "type", "blah_t", ")", 1309 "(", "role", "blah_r", ")", 1310 "(", "user", "blah_u", ")", 1311 "(", "level", "low", "(", "s1", "(", "c0", ")", ")", ")", 1312 "(", "level", "high", "(", "s1", "(", "c0", ")", ")", ")", 1313 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1314 1315 struct cil_tree *test_tree; 1316 gen_test_tree(&test_tree, line); 1317 1318 struct cil_db *test_db; 1319 cil_db_init(&test_db); 1320 1321 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1322 1323 uint32_t changed = CIL_FALSE; 1324 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1325 1326 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 1327 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 1328 1329 args->pass = CIL_PASS_MISC3; 1330 1331 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1332 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args); 1333 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1334 CuAssertIntEquals(tc, SEPOL_ENOENT, rc2); 1335 } 1336 1337 void test_cil_resolve_level_cat_neg(CuTest *tc) { 1338 char *line[] = {"(", "category", "c0", ")", 1339 "(", "categoryorder", "(", "c0", ")", ")", 1340 "(", "sensitivity", "s0", ")", 1341 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1342 "(", "type", "blah_t", ")", 1343 "(", "role", "blah_r", ")", 1344 "(", "user", "blah_u", ")", 1345 "(", "level", "low", "(", "s0", "(", "c1", ")", ")", ")", 1346 "(", "level", "high", "(", "s0", "(", "c1", ")", ")", ")", 1347 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1348 1349 struct cil_tree *test_tree; 1350 gen_test_tree(&test_tree, line); 1351 1352 struct cil_db *test_db; 1353 cil_db_init(&test_db); 1354 1355 uint32_t changed = CIL_FALSE; 1356 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1357 1358 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1359 1360 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 1361 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 1362 1363 args->pass = CIL_PASS_MISC3; 1364 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1365 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args); 1366 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1367 CuAssertIntEquals(tc, SEPOL_ENOENT, rc2); 1368 } 1369 1370 void test_cil_resolve_level_senscat_neg(CuTest *tc) { 1371 char *line[] = {"(", "category", "c0", ")", 1372 "(", "categoryorder", "(", "c0", ")", ")", 1373 "(", "sensitivity", "s0", ")", 1374 "(", "sensitivitycategory", "s1", "(", "c0", ")", ")", 1375 "(", "type", "blah_t", ")", 1376 "(", "role", "blah_r", ")", 1377 "(", "user", "blah_u", ")", 1378 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1379 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1380 "(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 1381 1382 struct cil_tree *test_tree; 1383 gen_test_tree(&test_tree, line); 1384 1385 struct cil_db *test_db; 1386 cil_db_init(&test_db); 1387 1388 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1389 1390 uint32_t changed = CIL_FALSE; 1391 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1392 1393 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 1394 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 1395 1396 args->pass = CIL_PASS_MISC3; 1397 int rc = cil_resolve_level(level, (struct cil_level*)level->data, args); 1398 int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args); 1399 CuAssertIntEquals(tc, SEPOL_ERR, rc); 1400 CuAssertIntEquals(tc, SEPOL_ERR, rc2); 1401 } 1402 1403 void test_cil_resolve_levelrange_namedlvl(CuTest *tc) { 1404 char *line[] = {"(", "category", "c0", ")", 1405 "(", "sensitivity", "s0", ")", 1406 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1407 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1408 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1409 "(", "levelrange", "range", "(", "low", "high", ")", ")", NULL}; 1410 1411 struct cil_tree *test_tree; 1412 gen_test_tree(&test_tree, line); 1413 1414 struct cil_db *test_db; 1415 cil_db_init(&test_db); 1416 1417 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1418 1419 uint32_t changed = CIL_FALSE; 1420 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1421 1422 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1423 1424 args->pass = CIL_PASS_MISC3; 1425 1426 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data; 1427 1428 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args); 1429 CuAssertIntEquals(tc, SEPOL_OK, rc); 1430 } 1431 1432 void test_cil_resolve_levelrange_namedlvl_low_neg(CuTest *tc) { 1433 char *line[] = {"(", "category", "c0", ")", 1434 "(", "sensitivity", "s0", ")", 1435 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1436 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1437 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1438 "(", "levelrange", "range", "(", "DNE", "high", ")", ")", NULL}; 1439 1440 struct cil_tree *test_tree; 1441 gen_test_tree(&test_tree, line); 1442 1443 struct cil_db *test_db; 1444 cil_db_init(&test_db); 1445 1446 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1447 1448 uint32_t changed = CIL_FALSE; 1449 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1450 1451 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1452 1453 args->pass = CIL_PASS_MISC3; 1454 1455 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data; 1456 1457 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args); 1458 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1459 } 1460 1461 void test_cil_resolve_levelrange_namedlvl_high_neg(CuTest *tc) { 1462 char *line[] = {"(", "category", "c0", ")", 1463 "(", "sensitivity", "s0", ")", 1464 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1465 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1466 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1467 "(", "levelrange", "range", "(", "low", "DNE", ")", ")", NULL}; 1468 1469 struct cil_tree *test_tree; 1470 gen_test_tree(&test_tree, line); 1471 1472 struct cil_db *test_db; 1473 cil_db_init(&test_db); 1474 1475 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1476 1477 uint32_t changed = CIL_FALSE; 1478 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1479 1480 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1481 1482 args->pass = CIL_PASS_MISC3; 1483 1484 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data; 1485 1486 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args); 1487 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1488 } 1489 1490 void test_cil_resolve_levelrange_anonlvl(CuTest *tc) { 1491 char *line[] = {"(", "category", "c0", ")", 1492 "(", "sensitivity", "s0", ")", 1493 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1494 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 1495 1496 struct cil_tree *test_tree; 1497 gen_test_tree(&test_tree, line); 1498 1499 struct cil_db *test_db; 1500 cil_db_init(&test_db); 1501 1502 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1503 1504 uint32_t changed = CIL_FALSE; 1505 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1506 1507 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1508 1509 args->pass = CIL_PASS_MISC3; 1510 1511 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data; 1512 1513 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args); 1514 CuAssertIntEquals(tc, SEPOL_OK, rc); 1515 } 1516 1517 void test_cil_resolve_levelrange_anonlvl_low_neg(CuTest *tc) { 1518 char *line[] = {"(", "category", "c0", ")", 1519 "(", "sensitivity", "s0", ")", 1520 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1521 "(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 1522 1523 struct cil_tree *test_tree; 1524 gen_test_tree(&test_tree, line); 1525 1526 struct cil_db *test_db; 1527 cil_db_init(&test_db); 1528 1529 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1530 1531 uint32_t changed = CIL_FALSE; 1532 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1533 1534 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1535 1536 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data; 1537 1538 args->pass = CIL_PASS_MISC3; 1539 1540 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args); 1541 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1542 } 1543 1544 void test_cil_resolve_levelrange_anonlvl_high_neg(CuTest *tc) { 1545 char *line[] = {"(", "category", "c0", ")", 1546 "(", "sensitivity", "s0", ")", 1547 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1548 "(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "dne", "(", "c0", ")", ")", ")", ")", NULL}; 1549 1550 struct cil_tree *test_tree; 1551 gen_test_tree(&test_tree, line); 1552 1553 struct cil_db *test_db; 1554 cil_db_init(&test_db); 1555 1556 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1557 1558 uint32_t changed = CIL_FALSE; 1559 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1560 1561 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1562 1563 struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data; 1564 1565 args->pass = CIL_PASS_MISC3; 1566 1567 int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args); 1568 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1569 } 1570 1571 void test_cil_resolve_constrain(CuTest *tc) { 1572 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")", 1573 "(", "class", "dir", "(", "create", "relabelto", ")", ")", 1574 "(", "sensitivity", "s0", ")", 1575 "(", "category", "c1", ")", 1576 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")", 1577 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")", 1578 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL}; 1579 1580 struct cil_tree *test_tree; 1581 gen_test_tree(&test_tree, line); 1582 1583 struct cil_db *test_db; 1584 cil_db_init(&test_db); 1585 1586 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1587 1588 uint32_t changed = CIL_FALSE; 1589 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1590 1591 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 1592 CuAssertIntEquals(tc, SEPOL_OK, rc); 1593 } 1594 1595 void test_cil_resolve_constrain_class_neg(CuTest *tc) { 1596 char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")", 1597 "(", "sensitivity", "s0", ")", 1598 "(", "category", "c1", ")", 1599 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")", 1600 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")", 1601 "(", "mlsconstrain", "(", "foo", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL}; 1602 1603 struct cil_tree *test_tree; 1604 gen_test_tree(&test_tree, line); 1605 1606 struct cil_db *test_db; 1607 cil_db_init(&test_db); 1608 1609 uint32_t changed = CIL_FALSE; 1610 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1611 1612 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1613 1614 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next, args); 1615 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1616 } 1617 1618 void test_cil_resolve_constrain_perm_neg(CuTest *tc) { 1619 char *line[] = {"(", "class", "file", "(", "create", ")", ")", 1620 "(", "class", "dir", "(", "create", "relabelto", ")", ")", 1621 "(", "sensitivity", "s0", ")", 1622 "(", "category", "c1", ")", 1623 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")", 1624 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")", 1625 "(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL}; 1626 1627 struct cil_tree *test_tree; 1628 gen_test_tree(&test_tree, line); 1629 1630 struct cil_db *test_db; 1631 cil_db_init(&test_db); 1632 1633 uint32_t changed = CIL_FALSE; 1634 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1635 1636 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1637 1638 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 1639 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1640 } 1641 1642 void test_cil_resolve_constrain_perm_resolve_neg(CuTest *tc) { 1643 char *line[] = {"(", "sensitivity", "s0", ")", 1644 "(", "category", "c1", ")", 1645 "(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")", 1646 "(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")", 1647 "(", "mlsconstrain", "(", "file", "(", "foo", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL}; 1648 1649 struct cil_tree *test_tree; 1650 gen_test_tree(&test_tree, line); 1651 1652 struct cil_db *test_db; 1653 cil_db_init(&test_db); 1654 1655 uint32_t changed = CIL_FALSE; 1656 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1657 1658 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1659 1660 int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next, args); 1661 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1662 } 1663 1664 void test_cil_resolve_context(CuTest *tc) { 1665 char *line[] = {"(", "sensitivity", "s0", ")", 1666 "(", "category", "c0", ")", 1667 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1668 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1669 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1670 "(", "user", "system_u", ")", 1671 "(", "role", "object_r", ")", 1672 "(", "type", "netif_t", ")", 1673 "(", "context", "con", 1674 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 1675 1676 struct cil_tree *test_tree; 1677 gen_test_tree(&test_tree, line); 1678 1679 struct cil_db *test_db; 1680 cil_db_init(&test_db); 1681 1682 uint32_t changed = CIL_FALSE; 1683 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1684 1685 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1686 1687 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data; 1688 1689 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args); 1690 CuAssertIntEquals(tc, SEPOL_OK, rc); 1691 } 1692 1693 void test_cil_resolve_context_macro(CuTest *tc) { 1694 char *line[] = {"(", "sensitivity", "s0", ")", 1695 "(", "category", "c0", ")", 1696 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1697 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1698 "(", "user", "system_u", ")", 1699 "(", "role", "object_r", ")", 1700 "(", "type", "netif_t", ")", 1701 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")", 1702 "(", "context", "con", 1703 "(", "system_u", "object_r", "netif_t", "range", ")", ")", ")", 1704 "(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL}; 1705 1706 struct cil_tree *test_tree; 1707 gen_test_tree(&test_tree, line); 1708 1709 struct cil_db *test_db; 1710 cil_db_init(&test_db); 1711 1712 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1713 1714 uint32_t changed = CIL_FALSE; 1715 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 1716 1717 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data; 1718 1719 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 1720 1721 args->pass = CIL_PASS_CALL2; 1722 1723 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 1724 1725 args->pass = CIL_PASS_MISC2; 1726 1727 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1728 1729 args->pass = CIL_PASS_MISC3; 1730 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 1731 1732 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args); 1733 CuAssertIntEquals(tc, SEPOL_OK, rc); 1734 CuAssertIntEquals(tc, SEPOL_OK, rc2); 1735 CuAssertIntEquals(tc, SEPOL_OK, rc3); 1736 } 1737 1738 void test_cil_resolve_context_macro_neg(CuTest *tc) { 1739 char *line[] = {"(", "sensitivity", "s0", ")", 1740 "(", "category", "c0", ")", 1741 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1742 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1743 "(", "user", "system_u", ")", 1744 "(", "role", "object_r", ")", 1745 "(", "type", "netif_t", ")", 1746 "(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")", 1747 "(", "context", "con", 1748 "(", "system_u", "object_r", "netif_t", "range", ")", ")", ")", 1749 "(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "DNE", ")", ")", ")", ")", NULL}; 1750 1751 struct cil_tree *test_tree; 1752 gen_test_tree(&test_tree, line); 1753 1754 struct cil_db *test_db; 1755 cil_db_init(&test_db); 1756 1757 uint32_t changed = CIL_FALSE; 1758 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 1759 1760 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1761 1762 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data; 1763 1764 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 1765 1766 args->pass = CIL_PASS_CALL2; 1767 1768 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 1769 1770 args->pass = CIL_PASS_CALL2; 1771 1772 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1773 1774 args->pass = CIL_PASS_MISC3; 1775 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 1776 1777 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args); 1778 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1779 CuAssertIntEquals(tc, SEPOL_OK, rc2); 1780 CuAssertIntEquals(tc, SEPOL_OK, rc3); 1781 } 1782 1783 void test_cil_resolve_context_namedrange(CuTest *tc) { 1784 char *line[] = {"(", "sensitivity", "s0", ")", 1785 "(", "category", "c0", ")", 1786 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1787 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1788 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1789 "(", "levelrange", "range", "(", "low", "high", ")", ")", 1790 "(", "user", "system_u", ")", 1791 "(", "role", "object_r", ")", 1792 "(", "type", "netif_t", ")", 1793 "(", "context", "con", 1794 "(", "system_u", "object_r", "netif_t", "range", ")", ")", NULL}; 1795 1796 struct cil_tree *test_tree; 1797 gen_test_tree(&test_tree, line); 1798 1799 struct cil_db *test_db; 1800 cil_db_init(&test_db); 1801 1802 uint32_t changed = CIL_FALSE; 1803 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1804 1805 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1806 1807 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data; 1808 1809 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args); 1810 CuAssertIntEquals(tc, SEPOL_OK, rc); 1811 } 1812 1813 void test_cil_resolve_context_namedrange_neg(CuTest *tc) { 1814 char *line[] = {"(", "sensitivity", "s0", ")", 1815 "(", "category", "c0", ")", 1816 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1817 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1818 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1819 "(", "levelrange", "range", "(", "low", "high", ")", ")", 1820 "(", "user", "system_u", ")", 1821 "(", "role", "object_r", ")", 1822 "(", "type", "netif_t", ")", 1823 "(", "context", "con", 1824 "(", "system_u", "object_r", "netif_t", "DNE", ")", ")", NULL}; 1825 1826 struct cil_tree *test_tree; 1827 gen_test_tree(&test_tree, line); 1828 1829 struct cil_db *test_db; 1830 cil_db_init(&test_db); 1831 1832 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1833 1834 uint32_t changed = CIL_FALSE; 1835 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1836 1837 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data; 1838 1839 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args); 1840 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1841 } 1842 1843 void test_cil_resolve_context_user_neg(CuTest *tc) { 1844 char *line[] = {"(", "sensitivity", "s0", ")", 1845 "(", "category", "c0", ")", 1846 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1847 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1848 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1849 "(", "role", "object_r", ")", 1850 "(", "type", "netif_t", ")", 1851 "(", "context", "con", 1852 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 1853 1854 struct cil_tree *test_tree; 1855 gen_test_tree(&test_tree, line); 1856 1857 struct cil_db *test_db; 1858 cil_db_init(&test_db); 1859 1860 uint32_t changed = CIL_FALSE; 1861 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1862 1863 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1864 1865 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data; 1866 1867 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args); 1868 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1869 } 1870 1871 void test_cil_resolve_context_role_neg(CuTest *tc) { 1872 char *line[] = {"(", "sensitivity", "s0", ")", 1873 "(", "category", "c0", ")", 1874 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1875 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1876 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1877 "(", "user", "system_u", ")", 1878 "(", "type", "netif_t", ")", 1879 "(", "context", "con", 1880 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 1881 1882 struct cil_tree *test_tree; 1883 gen_test_tree(&test_tree, line); 1884 1885 struct cil_db *test_db; 1886 cil_db_init(&test_db); 1887 1888 uint32_t changed = CIL_FALSE; 1889 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1890 1891 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1892 1893 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data; 1894 1895 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args); 1896 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1897 } 1898 1899 void test_cil_resolve_context_type_neg(CuTest *tc) { 1900 char *line[] = {"(", "sensitivity", "s0", ")", 1901 "(", "category", "c0", ")", 1902 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1903 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1904 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1905 "(", "user", "system_u", ")", 1906 "(", "role", "object_r", ")", 1907 "(", "context", "con", 1908 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 1909 1910 struct cil_tree *test_tree; 1911 gen_test_tree(&test_tree, line); 1912 1913 struct cil_db *test_db; 1914 cil_db_init(&test_db); 1915 1916 uint32_t changed = CIL_FALSE; 1917 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1918 1919 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1920 1921 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data; 1922 1923 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args); 1924 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1925 } 1926 1927 void test_cil_resolve_context_anon_level_neg(CuTest *tc) { 1928 char *line[] = {"(", "sensitivity", "s0", ")", 1929 "(", "category", "c0", ")", 1930 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 1931 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 1932 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 1933 "(", "user", "system_u", ")", 1934 "(", "role", "object_r", ")", 1935 "(", "type", "netif_t", ")", 1936 "(", "context", "con", 1937 "(", "system_u", "object_r", "netif_t", "(", "DNE", "high", ")", ")", ")", NULL}; 1938 1939 struct cil_tree *test_tree; 1940 gen_test_tree(&test_tree, line); 1941 1942 struct cil_db *test_db; 1943 cil_db_init(&test_db); 1944 1945 uint32_t changed = CIL_FALSE; 1946 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 1947 1948 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1949 1950 cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args); 1951 1952 args->pass = CIL_PASS_MISC3; 1953 1954 struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data; 1955 1956 int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args); 1957 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 1958 } 1959 1960 void test_cil_resolve_roletransition(CuTest *tc) { 1961 char *line[] = {"(", "role", "foo_r", ")", 1962 "(", "type", "bar_t", ")", 1963 "(", "role", "foobar_r", ")", 1964 "(", "class", "process", "(", "transition", ")", ")", 1965 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL}; 1966 1967 struct cil_tree *test_tree; 1968 gen_test_tree(&test_tree, line); 1969 1970 struct cil_db *test_db; 1971 cil_db_init(&test_db); 1972 1973 uint32_t changed = CIL_FALSE; 1974 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1975 1976 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1977 1978 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next->next, args); 1979 CuAssertIntEquals(tc, SEPOL_OK, rc); 1980 } 1981 1982 void test_cil_resolve_roletransition_srcdecl_neg(CuTest *tc) { 1983 char *line[] = {"(", "type", "bar_t", ")", 1984 "(", "role", "foobar_r", ")", 1985 "(", "class", "process", "(", "transition", ")", ")", 1986 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL}; 1987 1988 struct cil_tree *test_tree; 1989 gen_test_tree(&test_tree, line); 1990 1991 struct cil_db *test_db; 1992 cil_db_init(&test_db); 1993 1994 uint32_t changed = CIL_FALSE; 1995 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 1996 1997 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 1998 1999 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args); 2000 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2001 } 2002 2003 void test_cil_resolve_roletransition_tgtdecl_neg(CuTest *tc) { 2004 char *line[] = {"(", "role", "foo_r", ")", 2005 "(", "role", "foobar_r", ")", 2006 "(", "class", "process", "(", "transition", ")", ")", 2007 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL}; 2008 2009 struct cil_tree *test_tree; 2010 gen_test_tree(&test_tree, line); 2011 2012 struct cil_db *test_db; 2013 cil_db_init(&test_db); 2014 2015 uint32_t changed = CIL_FALSE; 2016 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2017 2018 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2019 2020 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args); 2021 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2022 } 2023 2024 void test_cil_resolve_roletransition_resultdecl_neg(CuTest *tc) { 2025 char *line[] = {"(", "role", "foo_r", ")", 2026 "(", "type", "bar_t", ")", 2027 "(", "class", "process", "(", "transition", ")", ")", 2028 "(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL}; 2029 2030 struct cil_tree *test_tree; 2031 gen_test_tree(&test_tree, line); 2032 2033 struct cil_db *test_db; 2034 cil_db_init(&test_db); 2035 2036 uint32_t changed = CIL_FALSE; 2037 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2038 2039 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2040 2041 int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args); 2042 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2043 } 2044 2045 void test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest *tc) { 2046 char *line[] = {"(", "typeattribute", "attrs", ")", 2047 "(", "typeattribute", "attrs2", ")", 2048 "(", "type", "type_t", ")", 2049 "(", "typeattributeset", "attrs2", "type_t", ")", 2050 "(", "typeattributeset", "attrs", "type_t", ")", NULL}; 2051 2052 struct cil_tree *test_tree; 2053 gen_test_tree(&test_tree, line); 2054 2055 struct cil_db *test_db; 2056 cil_db_init(&test_db); 2057 2058 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2059 2060 uint32_t changed = CIL_FALSE; 2061 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2062 2063 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next, args); 2064 int rc2 = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args); 2065 CuAssertIntEquals(tc, SEPOL_OK, rc); 2066 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2067 } 2068 2069 void test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest *tc) { 2070 char *line[] = {"(", "typeattribute", "attrs", ")", 2071 "(", "typeattribute", "attrs2", ")", 2072 "(", "type", "type_t", ")", 2073 "(", "type", "type_b", ")", 2074 "(", "type", "type_a", ")", 2075 "(", "typeattributeset", "attrs", "(", "and", "type_a", "type_b", ")", ")", 2076 "(", "typeattributeset", "attrs2", "(", "not", "attrs", ")", ")", NULL}; 2077 2078 struct cil_tree *test_tree; 2079 gen_test_tree(&test_tree, line); 2080 2081 struct cil_db *test_db; 2082 cil_db_init(&test_db); 2083 2084 uint32_t changed = CIL_FALSE; 2085 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2086 2087 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2088 2089 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 2090 CuAssertIntEquals(tc, SEPOL_OK, rc); 2091 } 2092 2093 void test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest *tc) { 2094 char *line[] = {"(", "typeattribute", "attrs", ")", 2095 "(", "type", "type_t", ")", 2096 "(", "type", "type_tt", ")", 2097 "(", "typeattributeset", "attrs", "(", "and", "type_t", "type_tt", ")", ")", NULL}; 2098 2099 struct cil_tree *test_tree; 2100 gen_test_tree(&test_tree, line); 2101 2102 struct cil_db *test_db; 2103 cil_db_init(&test_db); 2104 2105 uint32_t changed = CIL_FALSE; 2106 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2107 2108 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2109 2110 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args); 2111 CuAssertIntEquals(tc, SEPOL_OK, rc); 2112 } 2113 2114 void test_cil_resolve_typeattributeset_using_attr(CuTest *tc) { 2115 char *line[] = {"(", "typeattribute", "attrs", ")", 2116 "(", "typeattribute", "attr_a", ")", 2117 "(", "typeattributeset", "attrs", "attr_a", ")", NULL}; 2118 2119 struct cil_tree *test_tree; 2120 gen_test_tree(&test_tree, line); 2121 2122 struct cil_db *test_db; 2123 cil_db_init(&test_db); 2124 2125 uint32_t changed = CIL_FALSE; 2126 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2127 2128 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2129 2130 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args); 2131 CuAssertIntEquals(tc, SEPOL_OK, rc); 2132 } 2133 2134 void test_cil_resolve_typeattributeset_name_neg(CuTest *tc) { 2135 char *line[] = {"(", "type", "type_t", ")", 2136 "(", "typeattributeset", "attrs", "type_t", ")", NULL}; 2137 2138 struct cil_tree *test_tree; 2139 gen_test_tree(&test_tree, line); 2140 2141 struct cil_db *test_db; 2142 cil_db_init(&test_db); 2143 2144 uint32_t changed = CIL_FALSE; 2145 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2146 2147 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2148 2149 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args); 2150 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2151 } 2152 2153 void test_cil_resolve_typeattributeset_undef_type_neg(CuTest *tc) { 2154 char *line[] = {"(", "typeattribute", "attrs", ")", 2155 "(", "typeattributeset", "attrs", "type_t", ")", NULL}; 2156 2157 struct cil_tree *test_tree; 2158 gen_test_tree(&test_tree, line); 2159 2160 struct cil_db *test_db; 2161 cil_db_init(&test_db); 2162 2163 uint32_t changed = CIL_FALSE; 2164 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2165 2166 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2167 2168 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args); 2169 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2170 } 2171 2172 void test_cil_resolve_typeattributeset_not(CuTest *tc) { 2173 char *line[] = {"(", "typeattribute", "attrs", ")", 2174 "(", "type", "type_t", ")", 2175 "(", "type", "t_t", ")", 2176 "(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL}; 2177 2178 struct cil_tree *test_tree; 2179 gen_test_tree(&test_tree, line); 2180 2181 struct cil_db *test_db; 2182 cil_db_init(&test_db); 2183 2184 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2185 2186 uint32_t changed = CIL_FALSE; 2187 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2188 2189 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args); 2190 CuAssertIntEquals(tc, SEPOL_OK, rc); 2191 } 2192 2193 void test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest *tc) { 2194 char *line[] = {"(", "typeattribute", "attrs", ")", 2195 "(", "type", "type_t", ")", 2196 "(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL}; 2197 2198 struct cil_tree *test_tree; 2199 gen_test_tree(&test_tree, line); 2200 2201 struct cil_db *test_db; 2202 cil_db_init(&test_db); 2203 2204 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2205 2206 uint32_t changed = CIL_FALSE; 2207 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2208 2209 int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args); 2210 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2211 } 2212 2213 void test_cil_resolve_typealias(CuTest *tc) { 2214 char *line[] = {"(", "block", "foo", 2215 "(", "typealias", ".foo.test", "type_t", ")", 2216 "(", "type", "test", ")", ")", NULL}; 2217 2218 struct cil_tree *test_tree; 2219 gen_test_tree(&test_tree, line); 2220 2221 struct cil_db *test_db; 2222 cil_db_init(&test_db); 2223 2224 uint32_t changed = CIL_FALSE; 2225 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 2226 2227 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2228 2229 int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args); 2230 CuAssertIntEquals(tc, SEPOL_OK, rc); 2231 } 2232 2233 void test_cil_resolve_typealias_neg(CuTest *tc) { 2234 char *line[] = {"(", "block", "foo", 2235 "(", "typealias", ".foo", "apache_alias", ")", ")", NULL}; 2236 2237 struct cil_tree *test_tree; 2238 gen_test_tree(&test_tree, line); 2239 2240 struct cil_db *test_db; 2241 cil_db_init(&test_db); 2242 2243 uint32_t changed = CIL_FALSE; 2244 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 2245 2246 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2247 2248 int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args); 2249 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2250 } 2251 2252 void test_cil_resolve_typebounds(CuTest *tc) { 2253 char *line[] = {"(", "type", "type_a", ")", 2254 "(", "type", "type_b", ")", 2255 "(", "typebounds", "type_a", "type_b", ")", NULL}; 2256 2257 struct cil_tree *test_tree; 2258 gen_test_tree(&test_tree, line); 2259 2260 struct cil_db *test_db; 2261 cil_db_init(&test_db); 2262 2263 uint32_t changed = CIL_FALSE; 2264 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2265 2266 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2267 2268 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args); 2269 CuAssertIntEquals(tc, SEPOL_OK, rc); 2270 } 2271 2272 void test_cil_resolve_typebounds_repeatbind_neg(CuTest *tc) { 2273 char *line[] = {"(", "type", "type_a", ")", 2274 "(", "type", "type_b", ")", 2275 "(", "typebounds", "type_a", "type_b", ")", 2276 "(", "typebounds", "type_a", "type_b", ")", NULL}; 2277 2278 struct cil_tree *test_tree; 2279 gen_test_tree(&test_tree, line); 2280 2281 struct cil_db *test_db; 2282 cil_db_init(&test_db); 2283 2284 uint32_t changed = CIL_FALSE; 2285 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2286 2287 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2288 2289 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args); 2290 int rc2 = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next->next, args); 2291 CuAssertIntEquals(tc, SEPOL_OK, rc); 2292 CuAssertIntEquals(tc, SEPOL_ERR, rc2); 2293 } 2294 2295 void test_cil_resolve_typebounds_type1_neg(CuTest *tc) { 2296 char *line[] = {"(", "type", "type_b", ")", 2297 "(", "typebounds", "type_a", "type_b", ")", NULL}; 2298 2299 struct cil_tree *test_tree; 2300 gen_test_tree(&test_tree, line); 2301 2302 struct cil_db *test_db; 2303 cil_db_init(&test_db); 2304 2305 uint32_t changed = CIL_FALSE; 2306 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2307 2308 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2309 2310 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args); 2311 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2312 } 2313 2314 void test_cil_resolve_typebounds_type2_neg(CuTest *tc) { 2315 char *line[] = {"(", "type", "type_a", ")", 2316 "(", "typebounds", "type_a", "type_b", ")", NULL}; 2317 2318 struct cil_tree *test_tree; 2319 gen_test_tree(&test_tree, line); 2320 2321 struct cil_db *test_db; 2322 cil_db_init(&test_db); 2323 2324 uint32_t changed = CIL_FALSE; 2325 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2326 2327 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2328 2329 int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args); 2330 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2331 } 2332 2333 void test_cil_resolve_typepermissive(CuTest *tc) { 2334 char *line[] = {"(", "type", "type_a", ")", 2335 "(", "typepermissive", "type_a", ")", NULL}; 2336 2337 struct cil_tree *test_tree; 2338 gen_test_tree(&test_tree, line); 2339 2340 struct cil_db *test_db; 2341 cil_db_init(&test_db); 2342 2343 uint32_t changed = CIL_FALSE; 2344 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL); 2345 2346 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2347 2348 int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args); 2349 CuAssertIntEquals(tc, SEPOL_OK, rc); 2350 } 2351 2352 void test_cil_resolve_typepermissive_neg(CuTest *tc) { 2353 char *line[] = {"(", "type", "type_a", ")", 2354 "(", "typepermissive", "type_b", ")", NULL}; 2355 2356 struct cil_tree *test_tree; 2357 gen_test_tree(&test_tree, line); 2358 2359 struct cil_db *test_db; 2360 cil_db_init(&test_db); 2361 2362 uint32_t changed = CIL_FALSE; 2363 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2364 2365 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2366 2367 int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args); 2368 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2369 } 2370 2371 void test_cil_resolve_nametypetransition(CuTest *tc) { 2372 char *line[] = {"(", "type", "foo", ")", 2373 "(", "type", "bar", ")", 2374 "(", "class", "file", "(", "read", ")", ")", 2375 "(", "type", "foobar", ")", 2376 "(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL}; 2377 2378 struct cil_tree *test_tree; 2379 gen_test_tree(&test_tree, line); 2380 2381 struct cil_db *test_db; 2382 cil_db_init(&test_db); 2383 2384 uint32_t changed = CIL_FALSE; 2385 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2386 2387 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2388 2389 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args); 2390 CuAssertIntEquals(tc, SEPOL_OK, rc); 2391 } 2392 2393 void test_cil_resolve_nametypetransition_src_neg(CuTest *tc) { 2394 char *line[] = {"(", "type", "foo", ")", 2395 "(", "type", "bar", ")", 2396 "(", "class", "file", "(", "read", ")", ")", 2397 "(", "type", "foobar", ")", 2398 "(", "nametypetransition", "str", "wrong", "bar", "file", "foobar", ")", NULL}; 2399 2400 struct cil_tree *test_tree; 2401 gen_test_tree(&test_tree, line); 2402 2403 struct cil_db *test_db; 2404 cil_db_init(&test_db); 2405 2406 uint32_t changed = CIL_FALSE; 2407 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2408 2409 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2410 2411 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args); 2412 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2413 } 2414 2415 void test_cil_resolve_nametypetransition_tgt_neg(CuTest *tc) { 2416 char *line[] = {"(", "type", "foo", ")", 2417 "(", "type", "bar", ")", 2418 "(", "class", "file", "(", "read", ")", ")", 2419 "(", "type", "foobar", ")", 2420 "(", "nametypetransition", "str", "foo", "wrong", "file", "foobar", ")", NULL}; 2421 2422 struct cil_tree *test_tree; 2423 gen_test_tree(&test_tree, line); 2424 2425 struct cil_db *test_db; 2426 cil_db_init(&test_db); 2427 2428 uint32_t changed = CIL_FALSE; 2429 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2430 2431 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2432 2433 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args); 2434 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2435 } 2436 2437 void test_cil_resolve_nametypetransition_class_neg(CuTest *tc) { 2438 char *line[] = {"(", "type", "foo", ")", 2439 "(", "type", "bar", ")", 2440 "(", "class", "file", "(", "read", ")", ")", 2441 "(", "type", "foobar", ")", 2442 "(", "nametypetransition", "str", "foo", "bar", "wrong", "foobar", ")", NULL}; 2443 2444 struct cil_tree *test_tree; 2445 gen_test_tree(&test_tree, line); 2446 2447 struct cil_db *test_db; 2448 cil_db_init(&test_db); 2449 2450 uint32_t changed = CIL_FALSE; 2451 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2452 2453 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2454 2455 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args); 2456 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2457 } 2458 2459 void test_cil_resolve_nametypetransition_dest_neg(CuTest *tc) { 2460 char *line[] = {"(", "type", "foo", ")", 2461 "(", "type", "bar", ")", 2462 "(", "class", "file", "(", "read", ")", ")", 2463 "(", "type", "foobar", ")", 2464 "(", "nametypetransition", "str", "foo", "bar", "file", "wrong", ")", NULL}; 2465 2466 struct cil_tree *test_tree; 2467 gen_test_tree(&test_tree, line); 2468 2469 struct cil_db *test_db; 2470 cil_db_init(&test_db); 2471 2472 uint32_t changed = CIL_FALSE; 2473 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2474 2475 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2476 2477 int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args); 2478 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2479 } 2480 2481 void test_cil_resolve_rangetransition(CuTest *tc) { 2482 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2483 "(", "type", "type_a", ")", 2484 "(", "type", "type_b", ")", 2485 "(", "sensitivity", "s0", ")", 2486 "(", "category", "c0", ")", 2487 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2488 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2489 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL}; 2490 2491 struct cil_tree *test_tree; 2492 gen_test_tree(&test_tree, line); 2493 2494 struct cil_db *test_db; 2495 cil_db_init(&test_db); 2496 2497 uint32_t changed = CIL_FALSE; 2498 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2499 2500 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2501 2502 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2503 CuAssertIntEquals(tc, SEPOL_OK, rc); 2504 } 2505 2506 void test_cil_resolve_rangetransition_namedrange_anon(CuTest *tc) { 2507 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2508 "(", "type", "type_a", ")", 2509 "(", "type", "type_b", ")", 2510 "(", "sensitivity", "s0", ")", 2511 "(", "category", "c0", ")", 2512 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2513 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2514 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2515 "(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")", 2516 "(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")", 2517 "(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL}; 2518 2519 struct cil_tree *test_tree; 2520 gen_test_tree(&test_tree, line); 2521 2522 struct cil_db *test_db; 2523 cil_db_init(&test_db); 2524 2525 uint32_t changed = CIL_FALSE; 2526 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2527 2528 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2529 2530 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 2531 2532 args->pass = CIL_PASS_CALL2; 2533 2534 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 2535 2536 args->pass = CIL_PASS_MISC2; 2537 2538 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 2539 2540 args->pass = CIL_PASS_MISC3; 2541 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next; 2542 2543 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args); 2544 CuAssertIntEquals(tc, SEPOL_OK, rc); 2545 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2546 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2547 } 2548 2549 void test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest *tc) { 2550 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2551 "(", "type", "type_a", ")", 2552 "(", "type", "type_b", ")", 2553 "(", "sensitivity", "s0", ")", 2554 "(", "category", "c0", ")", 2555 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2556 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2557 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2558 "(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")", 2559 "(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")", 2560 "(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL}; 2561 2562 struct cil_tree *test_tree; 2563 gen_test_tree(&test_tree, line); 2564 2565 struct cil_db *test_db; 2566 cil_db_init(&test_db); 2567 2568 uint32_t changed = CIL_FALSE; 2569 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2570 2571 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2572 2573 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 2574 2575 args->pass = CIL_PASS_CALL2; 2576 2577 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 2578 2579 args->pass = CIL_PASS_MISC2; 2580 2581 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 2582 2583 args->pass = CIL_PASS_MISC3; 2584 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next; 2585 2586 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args); 2587 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2588 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2589 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2590 } 2591 2592 void test_cil_resolve_rangetransition_namedrange(CuTest *tc) { 2593 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2594 "(", "type", "type_a", ")", 2595 "(", "type", "type_b", ")", 2596 "(", "sensitivity", "s0", ")", 2597 "(", "category", "c0", ")", 2598 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2599 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2600 "(", "levelrange", "foo_range", "(", "low", "high", ")", ")", 2601 "(", "rangetransition", "type_a", "type_b", "class_", "foo_range", ")", NULL}; 2602 2603 struct cil_tree *test_tree; 2604 gen_test_tree(&test_tree, line); 2605 2606 struct cil_db *test_db; 2607 cil_db_init(&test_db); 2608 2609 uint32_t changed = CIL_FALSE; 2610 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2611 2612 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2613 2614 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2615 CuAssertIntEquals(tc, SEPOL_OK, rc); 2616 } 2617 2618 void test_cil_resolve_rangetransition_namedrange_neg(CuTest *tc) { 2619 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2620 "(", "type", "type_a", ")", 2621 "(", "type", "type_b", ")", 2622 "(", "sensitivity", "s0", ")", 2623 "(", "category", "c0", ")", 2624 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2625 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2626 "(", "levelrange", "foo_range", "(", "low", "high", ")", ")", 2627 "(", "rangetransition", "type_a", "type_b", "class_", "DNE", ")", NULL}; 2628 2629 struct cil_tree *test_tree; 2630 gen_test_tree(&test_tree, line); 2631 2632 struct cil_db *test_db; 2633 cil_db_init(&test_db); 2634 2635 uint32_t changed = CIL_FALSE; 2636 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2637 2638 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2639 2640 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2641 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2642 } 2643 2644 void test_cil_resolve_rangetransition_type1_neg(CuTest *tc) { 2645 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2646 "(", "type", "type_a", ")", 2647 "(", "type", "type_b", ")", 2648 "(", "sensitivity", "s0", ")", 2649 "(", "category", "c0", ")", 2650 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2651 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2652 "(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL}; 2653 2654 struct cil_tree *test_tree; 2655 gen_test_tree(&test_tree, line); 2656 2657 struct cil_db *test_db; 2658 cil_db_init(&test_db); 2659 2660 uint32_t changed = CIL_FALSE; 2661 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2662 2663 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2664 2665 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2666 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2667 } 2668 2669 void test_cil_resolve_rangetransition_type2_neg(CuTest *tc) { 2670 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2671 "(", "type", "type_a", ")", 2672 "(", "type", "type_b", ")", 2673 "(", "sensitivity", "s0", ")", 2674 "(", "category", "c0", ")", 2675 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2676 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2677 "(", "rangetransition", "type_a", "type_DNE", "class_", "(", "low", "high", ")", ")", NULL}; 2678 2679 struct cil_tree *test_tree; 2680 gen_test_tree(&test_tree, line); 2681 2682 struct cil_db *test_db; 2683 cil_db_init(&test_db); 2684 2685 uint32_t changed = CIL_FALSE; 2686 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2687 2688 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2689 2690 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2691 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2692 } 2693 2694 void test_cil_resolve_rangetransition_class_neg(CuTest *tc) { 2695 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2696 "(", "type", "type_a", ")", 2697 "(", "type", "type_b", ")", 2698 "(", "sensitivity", "s0", ")", 2699 "(", "category", "c0", ")", 2700 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2701 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2702 "(", "rangetransition", "type_a", "type_b", "class_DNE", "(", "low", "high", ")", ")", NULL}; 2703 2704 struct cil_tree *test_tree; 2705 gen_test_tree(&test_tree, line); 2706 2707 struct cil_db *test_db; 2708 cil_db_init(&test_db); 2709 2710 uint32_t changed = CIL_FALSE; 2711 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2712 2713 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2714 2715 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2716 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2717 } 2718 2719 void test_cil_resolve_rangetransition_call_level_l_anon(CuTest *tc) { 2720 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2721 "(", "type", "type_a", ")", 2722 "(", "type", "type_b", ")", 2723 "(", "sensitivity", "s0", ")", 2724 "(", "category", "c0", ")", 2725 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2726 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2727 "(", "macro", "mm", "(", "(", "level", "l", ")", ")", 2728 "(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")", 2729 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 2730 2731 struct cil_tree *test_tree; 2732 gen_test_tree(&test_tree, line); 2733 2734 struct cil_db *test_db; 2735 cil_db_init(&test_db); 2736 2737 uint32_t changed = CIL_FALSE; 2738 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2739 2740 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2741 2742 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2743 2744 args->pass = CIL_PASS_CALL2; 2745 2746 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2747 2748 args->pass = CIL_PASS_MISC2; 2749 2750 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2751 2752 args->pass = CIL_PASS_MISC3; 2753 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 2754 2755 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args); 2756 CuAssertIntEquals(tc, SEPOL_OK, rc); 2757 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2758 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2759 } 2760 2761 void test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest *tc) { 2762 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2763 "(", "type", "type_a", ")", 2764 "(", "type", "type_b", ")", 2765 "(", "sensitivity", "s0", ")", 2766 "(", "category", "c0", ")", 2767 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2768 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2769 "(", "macro", "mm", "(", "(", "level", "l", ")", ")", 2770 "(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")", 2771 "(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL}; 2772 2773 struct cil_tree *test_tree; 2774 gen_test_tree(&test_tree, line); 2775 2776 struct cil_db *test_db; 2777 cil_db_init(&test_db); 2778 2779 uint32_t changed = CIL_FALSE; 2780 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2781 2782 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2783 2784 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2785 2786 args->pass = CIL_PASS_CALL2; 2787 2788 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2789 2790 args->pass = CIL_PASS_MISC2; 2791 2792 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2793 2794 args->pass = CIL_PASS_MISC3; 2795 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 2796 2797 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args); 2798 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2799 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2800 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2801 } 2802 2803 void test_cil_resolve_rangetransition_call_level_h_anon(CuTest *tc) { 2804 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2805 "(", "type", "type_a", ")", 2806 "(", "type", "type_b", ")", 2807 "(", "sensitivity", "s0", ")", 2808 "(", "category", "c0", ")", 2809 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2810 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2811 "(", "macro", "mm", "(", "(", "level", "h", ")", ")", 2812 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")", 2813 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 2814 2815 struct cil_tree *test_tree; 2816 gen_test_tree(&test_tree, line); 2817 2818 struct cil_db *test_db; 2819 cil_db_init(&test_db); 2820 2821 uint32_t changed = CIL_FALSE; 2822 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2823 2824 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2825 2826 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2827 2828 args->pass = CIL_PASS_CALL2; 2829 2830 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2831 2832 args->pass = CIL_PASS_MISC2; 2833 2834 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2835 2836 args->pass = CIL_PASS_MISC3; 2837 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 2838 2839 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args); 2840 CuAssertIntEquals(tc, SEPOL_OK, rc); 2841 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2842 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2843 } 2844 2845 void test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest *tc) { 2846 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2847 "(", "type", "type_a", ")", 2848 "(", "type", "type_b", ")", 2849 "(", "sensitivity", "s0", ")", 2850 "(", "category", "c0", ")", 2851 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2852 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2853 "(", "macro", "mm", "(", "(", "level", "h", ")", ")", 2854 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")", 2855 "(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL}; 2856 2857 struct cil_tree *test_tree; 2858 gen_test_tree(&test_tree, line); 2859 2860 struct cil_db *test_db; 2861 cil_db_init(&test_db); 2862 2863 uint32_t changed = CIL_FALSE; 2864 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 2865 2866 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2867 2868 int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2869 2870 args->pass = CIL_PASS_CALL2; 2871 2872 int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 2873 2874 args->pass = CIL_PASS_MISC2; 2875 2876 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2877 2878 args->pass = CIL_PASS_MISC3; 2879 args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next; 2880 2881 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args); 2882 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2883 CuAssertIntEquals(tc, SEPOL_OK, rc2); 2884 CuAssertIntEquals(tc, SEPOL_OK, rc3); 2885 } 2886 2887 void test_cil_resolve_rangetransition_level_l_neg(CuTest *tc) { 2888 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2889 "(", "type", "type_a", ")", 2890 "(", "type", "type_b", ")", 2891 "(", "sensitivity", "s0", ")", 2892 "(", "category", "c0", ")", 2893 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2894 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2895 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low_DNE", "high", ")", ")", NULL}; 2896 2897 struct cil_tree *test_tree; 2898 gen_test_tree(&test_tree, line); 2899 2900 struct cil_db *test_db; 2901 cil_db_init(&test_db); 2902 2903 uint32_t changed = CIL_FALSE; 2904 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2905 2906 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2907 2908 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2909 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2910 } 2911 2912 void test_cil_resolve_rangetransition_level_h_neg(CuTest *tc) { 2913 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2914 "(", "type", "type_a", ")", 2915 "(", "type", "type_b", ")", 2916 "(", "sensitivity", "s0", ")", 2917 "(", "category", "c0", ")", 2918 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 2919 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2920 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high_DNE", ")", ")", NULL}; 2921 2922 struct cil_tree *test_tree; 2923 gen_test_tree(&test_tree, line); 2924 2925 struct cil_db *test_db; 2926 cil_db_init(&test_db); 2927 2928 uint32_t changed = CIL_FALSE; 2929 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 2930 2931 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2932 2933 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2934 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2935 } 2936 2937 void test_cil_resolve_rangetransition_anon_level_l(CuTest *tc) { 2938 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2939 "(", "type", "type_a", ")", 2940 "(", "type", "type_b", ")", 2941 "(", "sensitivity", "s0", ")", 2942 "(", "category", "c0", ")", 2943 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2944 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2945 "(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c0", ")", ")", "high", ")", ")", NULL}; 2946 2947 struct cil_tree *test_tree; 2948 gen_test_tree(&test_tree, line); 2949 2950 struct cil_db *test_db; 2951 cil_db_init(&test_db); 2952 2953 uint32_t changed = CIL_FALSE; 2954 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 2955 2956 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2957 2958 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2959 2960 args->pass = CIL_PASS_MISC3; 2961 2962 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2963 CuAssertIntEquals(tc, SEPOL_OK, rc); 2964 } 2965 2966 void test_cil_resolve_rangetransition_anon_level_l_neg(CuTest *tc) { 2967 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2968 "(", "type", "type_a", ")", 2969 "(", "type", "type_b", ")", 2970 "(", "sensitivity", "s0", ")", 2971 "(", "category", "c0", ")", 2972 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 2973 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 2974 "(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c_DNE", ")", ")", "high", ")", ")", NULL}; 2975 2976 struct cil_tree *test_tree; 2977 gen_test_tree(&test_tree, line); 2978 2979 struct cil_db *test_db; 2980 cil_db_init(&test_db); 2981 2982 uint32_t changed = CIL_FALSE; 2983 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 2984 2985 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 2986 2987 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 2988 2989 args->pass = CIL_PASS_MISC3; 2990 2991 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 2992 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 2993 } 2994 2995 void test_cil_resolve_rangetransition_anon_level_h(CuTest *tc) { 2996 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 2997 "(", "type", "type_a", ")", 2998 "(", "type", "type_b", ")", 2999 "(", "sensitivity", "s0", ")", 3000 "(", "category", "c0", ")", 3001 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 3002 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3003 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 3004 3005 struct cil_tree *test_tree; 3006 gen_test_tree(&test_tree, line); 3007 3008 struct cil_db *test_db; 3009 cil_db_init(&test_db); 3010 3011 uint32_t changed = CIL_FALSE; 3012 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 3013 3014 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3015 3016 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 3017 3018 args->pass = CIL_PASS_MISC3; 3019 3020 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 3021 CuAssertIntEquals(tc, SEPOL_OK, rc); 3022 } 3023 3024 void test_cil_resolve_rangetransition_anon_level_h_neg(CuTest *tc) { 3025 char *line[] = {"(", "class", "class_", "(", "read", ")", ")", 3026 "(", "type", "type_a", ")", 3027 "(", "type", "type_b", ")", 3028 "(", "sensitivity", "s0", ")", 3029 "(", "category", "c0", ")", 3030 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 3031 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3032 "(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s_DNE", "(", "c0", ")", ")", ")", NULL}; 3033 3034 struct cil_tree *test_tree; 3035 gen_test_tree(&test_tree, line); 3036 3037 struct cil_db *test_db; 3038 cil_db_init(&test_db); 3039 3040 uint32_t changed = CIL_FALSE; 3041 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 3042 3043 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3044 3045 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 3046 3047 args->pass = CIL_PASS_MISC3; 3048 3049 int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 3050 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3051 } 3052 3053 void test_cil_resolve_classcommon(CuTest *tc) { 3054 char *line[] = {"(", "class", "file", "(", "read", ")", ")", 3055 "(", "common", "file", "(", "write", ")", ")", 3056 "(", "classcommon", "file", "file", ")", NULL}; 3057 3058 struct cil_tree *test_tree; 3059 gen_test_tree(&test_tree, line); 3060 3061 struct cil_db *test_db; 3062 cil_db_init(&test_db); 3063 3064 uint32_t changed = CIL_FALSE; 3065 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 3066 3067 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3068 3069 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next->next, args); 3070 CuAssertIntEquals(tc, SEPOL_OK, rc); 3071 } 3072 3073 void test_cil_resolve_classcommon_no_class_neg(CuTest *tc) { 3074 char *line[] = {"(", "class", "foo", "(", "read", ")", ")", 3075 "(", "classcommon", "foo", "foo", ")", NULL}; 3076 3077 struct cil_tree *test_tree; 3078 gen_test_tree(&test_tree, line); 3079 3080 struct cil_db *test_db; 3081 cil_db_init(&test_db); 3082 3083 uint32_t changed = CIL_FALSE; 3084 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 3085 3086 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3087 3088 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args); 3089 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3090 } 3091 3092 void test_cil_resolve_classcommon_no_common_neg(CuTest *tc) { 3093 char *line[] = {"(", "common", "foo", "(", "read", ")", ")", 3094 "(", "classcommon", "foo", "foo", ")", NULL}; 3095 3096 struct cil_tree *test_tree; 3097 gen_test_tree(&test_tree, line); 3098 3099 struct cil_db *test_db; 3100 cil_db_init(&test_db); 3101 3102 uint32_t changed = CIL_FALSE; 3103 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 3104 3105 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3106 3107 int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args); 3108 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3109 } 3110 3111 void test_cil_resolve_classpermset_named(CuTest *tc) { 3112 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3113 "(", "class", "char", "(", "read", ")", ")", 3114 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")", 3115 "(", "classmapping", "files", "read", "char_w", ")", NULL}; 3116 3117 struct cil_tree *test_tree; 3118 gen_test_tree(&test_tree, line); 3119 3120 struct cil_db *test_db; 3121 cil_db_init(&test_db); 3122 3123 uint32_t changed = CIL_FALSE; 3124 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3125 3126 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3127 3128 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data; 3129 3130 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args); 3131 CuAssertIntEquals(tc, SEPOL_OK, rc); 3132 } 3133 3134 void test_cil_resolve_classpermset_named_namedpermlist(CuTest *tc) { 3135 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3136 "(", "class", "char", "(", "read", ")", ")", 3137 "(", "classpermissionset", "char_w", "(", "char", "baz", ")", ")", 3138 "(", "permissionset", "baz", "(", "read", ")", ")", 3139 "(", "classmapping", "files", "read", "char_w", ")", NULL}; 3140 3141 struct cil_tree *test_tree; 3142 gen_test_tree(&test_tree, line); 3143 3144 struct cil_db *test_db; 3145 cil_db_init(&test_db); 3146 3147 uint32_t changed = CIL_FALSE; 3148 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3149 3150 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3151 3152 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data; 3153 3154 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args); 3155 CuAssertIntEquals(tc, SEPOL_OK, rc); 3156 } 3157 3158 void test_cil_resolve_classpermset_named_permlist_neg(CuTest *tc) { 3159 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3160 "(", "class", "char", "(", "read", ")", ")", 3161 "(", "classpermissionset", "char_w", "(", "dne", "(", "read", ")", ")", ")", 3162 "(", "classmapping", "files", "read", "char_w", ")", NULL}; 3163 3164 struct cil_tree *test_tree; 3165 gen_test_tree(&test_tree, line); 3166 3167 struct cil_db *test_db; 3168 cil_db_init(&test_db); 3169 3170 uint32_t changed = CIL_FALSE; 3171 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3172 3173 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3174 3175 struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data; 3176 3177 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args); 3178 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3179 } 3180 3181 void test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest *tc) { 3182 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3183 "(", "class", "char", "(", "read", ")", ")", 3184 "(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")", 3185 "(", "classmapping", "files", "read", "char_w", ")", NULL}; 3186 3187 struct cil_tree *test_tree; 3188 gen_test_tree(&test_tree, line); 3189 3190 struct cil_db *test_db; 3191 cil_db_init(&test_db); 3192 3193 uint32_t changed = CIL_FALSE; 3194 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3195 3196 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3197 3198 struct cil_classpermset *cps; 3199 cil_classpermset_init(&cps); 3200 3201 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args); 3202 CuAssertIntEquals(tc, SEPOL_ERR, rc); 3203 } 3204 3205 void test_cil_resolve_classpermset_anon(CuTest *tc) { 3206 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3207 "(", "classmapping", "files", "read", "(", "char", "(", "read", ")", ")", ")", 3208 "(", "class", "char", "(", "read", ")", ")", NULL}; 3209 3210 struct cil_tree *test_tree; 3211 gen_test_tree(&test_tree, line); 3212 3213 struct cil_db *test_db; 3214 cil_db_init(&test_db); 3215 3216 uint32_t changed = CIL_FALSE; 3217 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3218 3219 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3220 3221 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data; 3222 3223 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args); 3224 CuAssertIntEquals(tc, SEPOL_OK, rc); 3225 } 3226 3227 void test_cil_resolve_classpermset_anon_namedpermlist(CuTest *tc) { 3228 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3229 "(", "classmapping", "files", "read", "(", "char", "baz", ")", ")", 3230 "(", "permissionset", "baz", "(", "read", ")", ")", 3231 "(", "class", "char", "(", "read", ")", ")", NULL}; 3232 3233 struct cil_tree *test_tree; 3234 gen_test_tree(&test_tree, line); 3235 3236 struct cil_db *test_db; 3237 cil_db_init(&test_db); 3238 3239 uint32_t changed = CIL_FALSE; 3240 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3241 3242 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3243 3244 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data; 3245 3246 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args); 3247 CuAssertIntEquals(tc, SEPOL_OK, rc); 3248 } 3249 3250 void test_cil_resolve_classpermset_anon_permlist_neg(CuTest *tc) { 3251 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 3252 "(", "classmapping", "files", "read", "(", "char", "(", "dne", ")", ")", ")", 3253 "(", "class", "char", "(", "read", ")", ")", NULL}; 3254 3255 struct cil_tree *test_tree; 3256 gen_test_tree(&test_tree, line); 3257 3258 struct cil_db *test_db; 3259 cil_db_init(&test_db); 3260 3261 uint32_t changed = CIL_FALSE; 3262 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3263 3264 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3265 3266 struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data; 3267 3268 int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args); 3269 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3270 } 3271 3272 void test_cil_resolve_avrule(CuTest *tc) { 3273 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3274 "(", "type", "test", ")", 3275 "(", "type", "foo", ")", 3276 "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL}; 3277 3278 struct cil_tree *test_tree; 3279 gen_test_tree(&test_tree, line); 3280 3281 struct cil_db *test_db; 3282 cil_db_init(&test_db); 3283 3284 uint32_t changed = CIL_FALSE; 3285 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3286 3287 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3288 3289 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args); 3290 CuAssertIntEquals(tc, SEPOL_OK, rc); 3291 } 3292 3293 void test_cil_resolve_avrule_permset(CuTest *tc) { 3294 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3295 "(", "type", "test", ")", 3296 "(", "type", "foo", ")", 3297 "(", "permissionset", "baz", "(", "open", "write", ")", ")", 3298 "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL}; 3299 3300 struct cil_tree *test_tree; 3301 gen_test_tree(&test_tree, line); 3302 3303 struct cil_db *test_db; 3304 cil_db_init(&test_db); 3305 3306 uint32_t changed = CIL_FALSE; 3307 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3308 3309 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3310 3311 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args); 3312 CuAssertIntEquals(tc, SEPOL_OK, rc); 3313 } 3314 3315 void test_cil_resolve_avrule_permset_neg(CuTest *tc) { 3316 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3317 "(", "type", "test", ")", 3318 "(", "type", "foo", ")", 3319 "(", "permissionset", "baz", "(", "open", "close", ")", ")", 3320 "(", "allow", "test", "foo", "(", "bar", "dne", ")", ")", NULL}; 3321 3322 struct cil_tree *test_tree; 3323 gen_test_tree(&test_tree, line); 3324 3325 struct cil_db *test_db; 3326 cil_db_init(&test_db); 3327 3328 uint32_t changed = CIL_FALSE; 3329 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3330 3331 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3332 3333 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args); 3334 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3335 } 3336 3337 void test_cil_resolve_avrule_permset_permdne_neg(CuTest *tc) { 3338 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3339 "(", "type", "test", ")", 3340 "(", "type", "foo", ")", 3341 "(", "permissionset", "baz", "(", "open", "dne", ")", ")", 3342 "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL}; 3343 3344 struct cil_tree *test_tree; 3345 gen_test_tree(&test_tree, line); 3346 3347 struct cil_db *test_db; 3348 cil_db_init(&test_db); 3349 3350 uint32_t changed = CIL_FALSE; 3351 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3352 3353 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3354 3355 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args); 3356 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3357 } 3358 3359 void test_cil_resolve_avrule_firsttype_neg(CuTest *tc) { 3360 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3361 "(", "type", "test", ")", 3362 "(", "type", "foo", ")", 3363 "(", "allow", "fail1", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL}; 3364 3365 struct cil_tree *test_tree; 3366 gen_test_tree(&test_tree, line); 3367 3368 struct cil_db *test_db; 3369 cil_db_init(&test_db); 3370 3371 uint32_t changed = CIL_FALSE; 3372 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3373 3374 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3375 3376 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args); 3377 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3378 } 3379 3380 void test_cil_resolve_avrule_secondtype_neg(CuTest *tc) { 3381 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3382 "(", "type", "test", ")", 3383 "(", "type", "foo", ")", 3384 "(", "allow", "test", "fail2", "(", "bar", "(", "read", "write", ")", ")", ")", NULL}; 3385 3386 struct cil_tree *test_tree; 3387 gen_test_tree(&test_tree, line); 3388 3389 struct cil_db *test_db; 3390 cil_db_init(&test_db); 3391 3392 uint32_t changed = CIL_FALSE; 3393 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3394 3395 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3396 3397 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args); 3398 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3399 } 3400 3401 void test_cil_resolve_avrule_class_neg(CuTest *tc) { 3402 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3403 "(", "type", "test", ")", 3404 "(", "type", "foo", ")", 3405 "(", "allow", "test", "foo", "(", "fail3", "(", "read", "write", ")", ")", ")", NULL}; 3406 3407 struct cil_tree *test_tree; 3408 gen_test_tree(&test_tree, line); 3409 3410 struct cil_db *test_db; 3411 cil_db_init(&test_db); 3412 3413 uint32_t changed = CIL_FALSE; 3414 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3415 3416 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3417 3418 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args); 3419 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3420 } 3421 3422 void test_cil_resolve_avrule_perm_neg(CuTest *tc) { 3423 char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")", 3424 "(", "type", "test", ")", 3425 "(", "type", "foo", ")", 3426 "(", "allow", "test", "foo", "(", "bar", "(", "execute", ")", ")", ")", NULL}; 3427 3428 struct cil_tree *test_tree; 3429 gen_test_tree(&test_tree, line); 3430 3431 struct cil_db *test_db; 3432 cil_db_init(&test_db); 3433 3434 uint32_t changed = CIL_FALSE; 3435 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3436 3437 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3438 3439 int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args); 3440 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3441 } 3442 3443 void test_cil_resolve_type_rule_transition(CuTest *tc) { 3444 char *line[] = {"(", "type", "foo", ")", 3445 "(", "type", "bar", ")", 3446 "(", "class", "file", "(", "write", ")", ")", 3447 "(", "type", "foobar", ")", 3448 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL}; 3449 3450 struct cil_tree *test_tree; 3451 gen_test_tree(&test_tree, line); 3452 3453 struct cil_db *test_db; 3454 cil_db_init(&test_db); 3455 3456 uint32_t changed = CIL_FALSE; 3457 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3458 3459 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3460 3461 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args); 3462 CuAssertIntEquals(tc, SEPOL_OK, rc); 3463 } 3464 3465 void test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest *tc) { 3466 char *line[] = {"(", "type", "bar", ")", 3467 "(", "class", "file", "(", "write", ")", ")", 3468 "(", "type", "foobar", ")", 3469 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL}; 3470 3471 struct cil_tree *test_tree; 3472 gen_test_tree(&test_tree, line); 3473 3474 struct cil_db *test_db; 3475 cil_db_init(&test_db); 3476 3477 uint32_t changed = CIL_FALSE; 3478 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3479 3480 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3481 3482 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3483 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3484 } 3485 3486 void test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest *tc) { 3487 char *line[] = {"(", "type", "foo", ")", 3488 "(", "class", "file", "(", "write", ")", ")", 3489 "(", "type", "foobar", ")", 3490 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL}; 3491 3492 struct cil_tree *test_tree; 3493 gen_test_tree(&test_tree, line); 3494 3495 struct cil_db *test_db; 3496 cil_db_init(&test_db); 3497 3498 uint32_t changed = CIL_FALSE; 3499 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3500 3501 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3502 3503 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3504 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3505 } 3506 3507 void test_cil_resolve_type_rule_transition_objdecl_neg(CuTest *tc) { 3508 char *line[] = {"(", "type", "foo", ")", 3509 "(", "type", "bar", ")", 3510 "(", "type", "foobar", ")", 3511 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL}; 3512 3513 struct cil_tree *test_tree; 3514 gen_test_tree(&test_tree, line); 3515 3516 struct cil_db *test_db; 3517 cil_db_init(&test_db); 3518 3519 uint32_t changed = CIL_FALSE; 3520 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3521 3522 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3523 3524 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3525 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3526 } 3527 3528 void test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest *tc) { 3529 char *line[] = {"(", "type", "foo", ")", 3530 "(", "type", "bar", ")", 3531 "(", "class", "file", "(", "write", ")", ")", 3532 "(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL}; 3533 3534 struct cil_tree *test_tree; 3535 gen_test_tree(&test_tree, line); 3536 3537 struct cil_db *test_db; 3538 cil_db_init(&test_db); 3539 3540 uint32_t changed = CIL_FALSE; 3541 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3542 3543 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3544 3545 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3546 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3547 } 3548 3549 void test_cil_resolve_type_rule_change(CuTest *tc) { 3550 char *line[] = {"(", "type", "foo", ")", 3551 "(", "type", "bar", ")", 3552 "(", "class", "file", "(", "write", ")", ")", 3553 "(", "type", "foobar", ")", 3554 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL}; 3555 3556 struct cil_tree *test_tree; 3557 gen_test_tree(&test_tree, line); 3558 3559 struct cil_db *test_db; 3560 cil_db_init(&test_db); 3561 3562 uint32_t changed = CIL_FALSE; 3563 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3564 3565 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3566 3567 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args); 3568 CuAssertIntEquals(tc, SEPOL_OK, rc); 3569 } 3570 3571 void test_cil_resolve_type_rule_change_srcdecl_neg(CuTest *tc) { 3572 char *line[] = {"(", "type", "bar", ")", 3573 "(", "class", "file", "(", "write", ")", ")", 3574 "(", "type", "foobar", ")", 3575 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL}; 3576 3577 struct cil_tree *test_tree; 3578 gen_test_tree(&test_tree, line); 3579 3580 struct cil_db *test_db; 3581 cil_db_init(&test_db); 3582 3583 uint32_t changed = CIL_FALSE; 3584 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3585 3586 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3587 3588 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3589 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3590 } 3591 3592 void test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest *tc) { 3593 char *line[] = {"(", "type", "foo", ")", 3594 "(", "class", "file", "(", "write", ")", ")", 3595 "(", "type", "foobar", ")", 3596 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL}; 3597 3598 struct cil_tree *test_tree; 3599 gen_test_tree(&test_tree, line); 3600 3601 struct cil_db *test_db; 3602 cil_db_init(&test_db); 3603 3604 uint32_t changed = CIL_FALSE; 3605 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3606 3607 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3608 3609 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3610 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3611 } 3612 3613 void test_cil_resolve_type_rule_change_objdecl_neg(CuTest *tc) { 3614 char *line[] = {"(", "type", "foo", ")", 3615 "(", "type", "bar", ")", 3616 "(", "type", "foobar", ")", 3617 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL}; 3618 3619 struct cil_tree *test_tree; 3620 gen_test_tree(&test_tree, line); 3621 3622 struct cil_db *test_db; 3623 cil_db_init(&test_db); 3624 3625 uint32_t changed = CIL_FALSE; 3626 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3627 3628 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3629 3630 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3631 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3632 } 3633 3634 void test_cil_resolve_type_rule_change_resultdecl_neg(CuTest *tc) { 3635 char *line[] = {"(", "type", "foo", ")", 3636 "(", "type", "bar", ")", 3637 "(", "class", "file", "(", "write", ")", ")", 3638 "(", "typechange", "foo", "bar", "file", "foobar", ")", NULL}; 3639 3640 struct cil_tree *test_tree; 3641 gen_test_tree(&test_tree, line); 3642 3643 struct cil_db *test_db; 3644 cil_db_init(&test_db); 3645 3646 uint32_t changed = CIL_FALSE; 3647 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3648 3649 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3650 3651 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3652 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3653 } 3654 3655 void test_cil_resolve_type_rule_member(CuTest *tc) { 3656 char *line[] = {"(", "type", "foo", ")", 3657 "(", "type", "bar", ")", 3658 "(", "class", "file", "(", "write", ")", ")", 3659 "(", "type", "foobar", ")", 3660 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL}; 3661 3662 struct cil_tree *test_tree; 3663 gen_test_tree(&test_tree, line); 3664 3665 struct cil_db *test_db; 3666 cil_db_init(&test_db); 3667 3668 uint32_t changed = CIL_FALSE; 3669 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3670 3671 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3672 3673 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args); 3674 CuAssertIntEquals(tc, SEPOL_OK, rc); 3675 } 3676 3677 void test_cil_resolve_type_rule_member_srcdecl_neg(CuTest *tc) { 3678 char *line[] = {"(", "type", "bar", ")", 3679 "(", "class", "file", "(", "write", ")", ")", 3680 "(", "type", "foobar", ")", 3681 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL}; 3682 3683 struct cil_tree *test_tree; 3684 gen_test_tree(&test_tree, line); 3685 3686 struct cil_db *test_db; 3687 cil_db_init(&test_db); 3688 3689 uint32_t changed = CIL_FALSE; 3690 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3691 3692 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3693 3694 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3695 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3696 } 3697 3698 void test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest *tc) { 3699 char *line[] = {"(", "type", "foo", ")", 3700 "(", "class", "file", "(", "write", ")", ")", 3701 "(", "type", "foobar", ")", 3702 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL}; 3703 3704 struct cil_tree *test_tree; 3705 gen_test_tree(&test_tree, line); 3706 3707 struct cil_db *test_db; 3708 cil_db_init(&test_db); 3709 3710 uint32_t changed = CIL_FALSE; 3711 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3712 3713 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3714 3715 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3716 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3717 } 3718 3719 void test_cil_resolve_type_rule_member_objdecl_neg(CuTest *tc) { 3720 char *line[] = {"(", "type", "foo", ")", 3721 "(", "type", "bar", ")", 3722 "(", "type", "foobar", ")", 3723 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL}; 3724 3725 struct cil_tree *test_tree; 3726 gen_test_tree(&test_tree, line); 3727 3728 struct cil_db *test_db; 3729 cil_db_init(&test_db); 3730 3731 uint32_t changed = CIL_FALSE; 3732 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3733 3734 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3735 3736 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3737 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3738 } 3739 3740 void test_cil_resolve_type_rule_member_resultdecl_neg(CuTest *tc) { 3741 char *line[] = {"(", "type", "foo", ")", 3742 "(", "type", "bar", ")", 3743 "(", "class", "file", "(", "write", ")", ")", 3744 "(", "typemember", "foo", "bar", "file", "foobar", ")", NULL}; 3745 3746 struct cil_tree *test_tree; 3747 gen_test_tree(&test_tree, line); 3748 3749 struct cil_db *test_db; 3750 cil_db_init(&test_db); 3751 3752 uint32_t changed = CIL_FALSE; 3753 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3754 3755 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3756 3757 int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args); 3758 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3759 } 3760 3761 void test_cil_resolve_filecon(CuTest *tc) { 3762 char *line[] = {"(", "user", "user_u", ")", 3763 "(", "role", "role_r", ")", 3764 "(", "type", "type_t", ")", 3765 "(", "category", "c0", ")", 3766 "(", "sensitivity", "s0", ")", 3767 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3768 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3769 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3770 "(", "filecon", "root", "path", "file", "con", ")", NULL}; 3771 3772 struct cil_tree *test_tree; 3773 gen_test_tree(&test_tree, line); 3774 3775 struct cil_db *test_db; 3776 cil_db_init(&test_db); 3777 3778 uint32_t changed = CIL_FALSE; 3779 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3780 3781 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3782 3783 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 3784 CuAssertIntEquals(tc, SEPOL_OK, rc); 3785 } 3786 3787 void test_cil_resolve_filecon_neg(CuTest *tc) { 3788 char *line[] = {"(", "user", "user_u", ")", 3789 "(", "role", "role_r", ")", 3790 "(", "type", "type_t", ")", 3791 "(", "category", "c0", ")", 3792 "(", "sensitivity", "s0", ")", 3793 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3794 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3795 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3796 "(", "filecon", "root", "path", "file", "conn", ")", NULL}; 3797 3798 struct cil_tree *test_tree; 3799 gen_test_tree(&test_tree, line); 3800 3801 struct cil_db *test_db; 3802 cil_db_init(&test_db); 3803 3804 uint32_t changed = CIL_FALSE; 3805 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3806 3807 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3808 3809 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 3810 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3811 } 3812 3813 void test_cil_resolve_filecon_anon_context(CuTest *tc) { 3814 char *line[] = {"(", "user", "user_u", ")", 3815 "(", "role", "role_r", ")", 3816 "(", "type", "type_t", ")", 3817 "(", "category", "c0", ")", 3818 "(", "sensitivity", "s0", ")", 3819 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3820 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3821 "(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 3822 3823 struct cil_tree *test_tree; 3824 gen_test_tree(&test_tree, line); 3825 3826 struct cil_db *test_db; 3827 cil_db_init(&test_db); 3828 3829 uint32_t changed = CIL_FALSE; 3830 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3831 3832 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3833 3834 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 3835 CuAssertIntEquals(tc, SEPOL_OK, rc); 3836 } 3837 3838 void test_cil_resolve_filecon_anon_context_neg(CuTest *tc) { 3839 char *line[] = {"(", "user", "system_u", ")", 3840 "(", "type", "type_t", ")", 3841 "(", "category", "c0", ")", 3842 "(", "sensitivity", "s0", ")", 3843 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3844 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3845 "(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 3846 3847 struct cil_tree *test_tree; 3848 gen_test_tree(&test_tree, line); 3849 3850 struct cil_db *test_db; 3851 cil_db_init(&test_db); 3852 3853 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3854 3855 uint32_t changed = CIL_FALSE; 3856 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3857 3858 int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 3859 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3860 } 3861 3862 void test_cil_resolve_portcon(CuTest *tc) { 3863 char *line[] = {"(", "user", "user_u", ")", 3864 "(", "role", "role_r", ")", 3865 "(", "type", "type_t", ")", 3866 "(", "category", "c0", ")", 3867 "(", "sensitivity", "s0", ")", 3868 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3869 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3870 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3871 "(", "portcon", "udp", "25", "con", ")", NULL}; 3872 3873 struct cil_tree *test_tree; 3874 gen_test_tree(&test_tree, line); 3875 3876 struct cil_db *test_db; 3877 cil_db_init(&test_db); 3878 3879 uint32_t changed = CIL_FALSE; 3880 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3881 3882 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3883 3884 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 3885 CuAssertIntEquals(tc, SEPOL_OK, rc); 3886 } 3887 3888 void test_cil_resolve_portcon_neg(CuTest *tc) { 3889 char *line[] = {"(", "user", "user_u", ")", 3890 "(", "role", "role_r", ")", 3891 "(", "type", "type_t", ")", 3892 "(", "category", "c0", ")", 3893 "(", "sensitivity", "s0", ")", 3894 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3895 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3896 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3897 "(", "portcon", "udp", "25", "conn", ")", NULL}; 3898 3899 struct cil_tree *test_tree; 3900 gen_test_tree(&test_tree, line); 3901 3902 struct cil_db *test_db; 3903 cil_db_init(&test_db); 3904 3905 uint32_t changed = CIL_FALSE; 3906 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3907 3908 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3909 3910 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 3911 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3912 } 3913 3914 void test_cil_resolve_portcon_anon_context(CuTest *tc) { 3915 char *line[] = {"(", "user", "user_u", ")", 3916 "(", "role", "role_r", ")", 3917 "(", "type", "type_t", ")", 3918 "(", "category", "c0", ")", 3919 "(", "sensitivity", "s0", ")", 3920 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3921 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3922 "(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 3923 3924 struct cil_tree *test_tree; 3925 gen_test_tree(&test_tree, line); 3926 3927 struct cil_db *test_db; 3928 cil_db_init(&test_db); 3929 3930 uint32_t changed = CIL_FALSE; 3931 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3932 3933 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3934 3935 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 3936 CuAssertIntEquals(tc, SEPOL_OK, rc); 3937 } 3938 3939 void test_cil_resolve_portcon_anon_context_neg(CuTest *tc) { 3940 char *line[] = {"(", "user", "system_u", ")", 3941 "(", "type", "type_t", ")", 3942 "(", "category", "c0", ")", 3943 "(", "sensitivity", "s0", ")", 3944 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3945 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3946 "(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 3947 3948 struct cil_tree *test_tree; 3949 gen_test_tree(&test_tree, line); 3950 3951 struct cil_db *test_db; 3952 cil_db_init(&test_db); 3953 3954 uint32_t changed = CIL_FALSE; 3955 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3956 3957 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3958 3959 int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 3960 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 3961 } 3962 3963 void test_cil_resolve_genfscon(CuTest *tc) { 3964 char *line[] = {"(", "user", "user_u", ")", 3965 "(", "role", "role_r", ")", 3966 "(", "type", "type_t", ")", 3967 "(", "category", "c0", ")", 3968 "(", "sensitivity", "s0", ")", 3969 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3970 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3971 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3972 "(", "genfscon", "type", "path", "con", ")", NULL}; 3973 3974 struct cil_tree *test_tree; 3975 gen_test_tree(&test_tree, line); 3976 3977 struct cil_db *test_db; 3978 cil_db_init(&test_db); 3979 3980 uint32_t changed = CIL_FALSE; 3981 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 3982 3983 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 3984 3985 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 3986 CuAssertIntEquals(tc, SEPOL_OK, rc); 3987 } 3988 3989 void test_cil_resolve_genfscon_neg(CuTest *tc) { 3990 char *line[] = {"(", "user", "user_u", ")", 3991 "(", "role", "role_r", ")", 3992 "(", "type", "type_t", ")", 3993 "(", "category", "c0", ")", 3994 "(", "sensitivity", "s0", ")", 3995 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 3996 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 3997 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 3998 "(", "genfscon", "type", "path", "conn", ")", NULL}; 3999 4000 struct cil_tree *test_tree; 4001 gen_test_tree(&test_tree, line); 4002 4003 struct cil_db *test_db; 4004 cil_db_init(&test_db); 4005 4006 uint32_t changed = CIL_FALSE; 4007 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4008 4009 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4010 4011 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4012 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4013 } 4014 4015 void test_cil_resolve_genfscon_anon_context(CuTest *tc) { 4016 char *line[] = {"(", "user", "user_u", ")", 4017 "(", "role", "role_r", ")", 4018 "(", "type", "type_t", ")", 4019 "(", "category", "c0", ")", 4020 "(", "sensitivity", "s0", ")", 4021 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4022 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4023 "(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 4024 4025 struct cil_tree *test_tree; 4026 gen_test_tree(&test_tree, line); 4027 4028 struct cil_db *test_db; 4029 cil_db_init(&test_db); 4030 4031 uint32_t changed = CIL_FALSE; 4032 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4033 4034 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4035 4036 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 4037 CuAssertIntEquals(tc, SEPOL_OK, rc); 4038 } 4039 4040 void test_cil_resolve_genfscon_anon_context_neg(CuTest *tc) { 4041 char *line[] = {"(", "user", "system_u", ")", 4042 "(", "type", "type_t", ")", 4043 "(", "category", "c0", ")", 4044 "(", "sensitivity", "s0", ")", 4045 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4046 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4047 "(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 4048 4049 struct cil_tree *test_tree; 4050 gen_test_tree(&test_tree, line); 4051 4052 struct cil_db *test_db; 4053 cil_db_init(&test_db); 4054 4055 uint32_t changed = CIL_FALSE; 4056 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4057 4058 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4059 4060 int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 4061 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4062 } 4063 4064 void test_cil_resolve_nodecon_ipv4(CuTest *tc) { 4065 char *line[] = {"(", "user", "user_u", ")", 4066 "(", "role", "role_r", ")", 4067 "(", "type", "type_t", ")", 4068 "(", "category", "c0", ")", 4069 "(", "sensitivity", "s0", ")", 4070 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4071 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4072 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4073 "(", "ipaddr", "ip", "192.168.1.1", ")", 4074 "(", "ipaddr", "netmask", "192.168.1.1", ")", 4075 "(", "nodecon", "ip", "netmask", "con", ")", NULL}; 4076 4077 struct cil_tree *test_tree; 4078 gen_test_tree(&test_tree, line); 4079 4080 struct cil_db *test_db; 4081 cil_db_init(&test_db); 4082 4083 uint32_t changed = CIL_FALSE; 4084 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4085 4086 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4087 4088 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 4089 CuAssertIntEquals(tc, SEPOL_OK, rc); 4090 } 4091 4092 void test_cil_resolve_nodecon_ipv6(CuTest *tc) { 4093 char *line[] = {"(", "user", "user_u", ")", 4094 "(", "role", "role_r", ")", 4095 "(", "type", "type_t", ")", 4096 "(", "category", "c0", ")", 4097 "(", "sensitivity", "s0", ")", 4098 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4099 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4100 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4101 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")", 4102 "(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")", 4103 "(", "nodecon", "ip", "netmask", "con", ")", NULL}; 4104 4105 struct cil_tree *test_tree; 4106 gen_test_tree(&test_tree, line); 4107 4108 struct cil_db *test_db; 4109 cil_db_init(&test_db); 4110 4111 uint32_t changed = CIL_FALSE; 4112 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4113 4114 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4115 4116 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 4117 CuAssertIntEquals(tc, SEPOL_OK, rc); 4118 } 4119 4120 void test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest *tc) { 4121 char *line[] = {"(", "user", "user_u", ")", 4122 "(", "role", "role_r", ")", 4123 "(", "type", "type_t", ")", 4124 "(", "category", "c0", ")", 4125 "(", "sensitivity", "s0", ")", 4126 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4127 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4128 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4129 "(", "ipaddr", "netmask", "192.168.1.1", ")", 4130 "(", "nodecon", "(", "192.168.1.1", ")", "netmask", "con", ")", NULL}; 4131 4132 struct cil_tree *test_tree; 4133 gen_test_tree(&test_tree, line); 4134 4135 struct cil_db *test_db; 4136 cil_db_init(&test_db); 4137 4138 uint32_t changed = CIL_FALSE; 4139 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4140 4141 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4142 4143 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4144 CuAssertIntEquals(tc, SEPOL_OK, rc); 4145 } 4146 4147 void test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest *tc) { 4148 char *line[] = {"(", "user", "user_u", ")", 4149 "(", "role", "role_r", ")", 4150 "(", "type", "type_t", ")", 4151 "(", "category", "c0", ")", 4152 "(", "sensitivity", "s0", ")", 4153 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4154 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4155 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4156 "(", "ipaddr", "ip", "192.168.1.1", ")", 4157 "(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL}; 4158 4159 struct cil_tree *test_tree; 4160 gen_test_tree(&test_tree, line); 4161 4162 struct cil_db *test_db; 4163 cil_db_init(&test_db); 4164 4165 uint32_t changed = CIL_FALSE; 4166 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4167 4168 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4169 4170 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4171 CuAssertIntEquals(tc, SEPOL_OK, rc); 4172 } 4173 4174 void test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest *tc) { 4175 char *line[] = {"(", "user", "user_u", ")", 4176 "(", "role", "role_r", ")", 4177 "(", "type", "type_t", ")", 4178 "(", "category", "c0", ")", 4179 "(", "sensitivity", "s0", ")", 4180 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4181 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4182 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4183 "(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")", 4184 "(", "nodecon", "(", "2001:0DB8:AC10:FE01::", ")", "netmask", "con", ")", NULL}; 4185 4186 struct cil_tree *test_tree; 4187 gen_test_tree(&test_tree, line); 4188 4189 struct cil_db *test_db; 4190 cil_db_init(&test_db); 4191 4192 uint32_t changed = CIL_FALSE; 4193 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4194 4195 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4196 4197 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4198 CuAssertIntEquals(tc, SEPOL_OK, rc); 4199 } 4200 4201 void test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest *tc) { 4202 char *line[] = {"(", "user", "user_u", ")", 4203 "(", "role", "role_r", ")", 4204 "(", "type", "type_t", ")", 4205 "(", "category", "c0", ")", 4206 "(", "sensitivity", "s0", ")", 4207 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4208 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4209 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4210 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")", 4211 "(", "nodecon", "ip", "(", "2001:0DB8:AC10:FE01::", ")", "con", ")", NULL}; 4212 4213 struct cil_tree *test_tree; 4214 gen_test_tree(&test_tree, line); 4215 4216 struct cil_db *test_db; 4217 cil_db_init(&test_db); 4218 4219 uint32_t changed = CIL_FALSE; 4220 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4221 4222 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4223 4224 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4225 CuAssertIntEquals(tc, SEPOL_OK, rc); 4226 } 4227 4228 void test_cil_resolve_nodecon_diffipfam_neg(CuTest *tc) { 4229 char *line[] = {"(", "user", "user_u", ")", 4230 "(", "role", "role_r", ")", 4231 "(", "type", "type_t", ")", 4232 "(", "category", "c0", ")", 4233 "(", "sensitivity", "s0", ")", 4234 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4235 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4236 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4237 "(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")", 4238 "(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL}; 4239 4240 struct cil_tree *test_tree; 4241 gen_test_tree(&test_tree, line); 4242 4243 struct cil_db *test_db; 4244 cil_db_init(&test_db); 4245 4246 uint32_t changed = CIL_FALSE; 4247 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4248 4249 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4250 4251 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4252 CuAssertIntEquals(tc, SEPOL_ERR, rc); 4253 } 4254 4255 void test_cil_resolve_nodecon_context_neg(CuTest *tc) { 4256 char *line[] = {"(", "user", "user_u", ")", 4257 "(", "role", "role_r", ")", 4258 "(", "type", "type_t", ")", 4259 "(", "category", "c0", ")", 4260 "(", "sensitivity", "s0", ")", 4261 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4262 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4263 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4264 "(", "ipaddr", "ip", "192.168.1.1", ")", 4265 "(", "ipaddr", "netmask", "192.168.1.1", ")", 4266 "(", "nodecon", "n", "netmask", "con", ")", NULL}; 4267 4268 struct cil_tree *test_tree; 4269 gen_test_tree(&test_tree, line); 4270 4271 struct cil_db *test_db; 4272 cil_db_init(&test_db); 4273 4274 uint32_t changed = CIL_FALSE; 4275 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4276 4277 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4278 4279 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 4280 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4281 } 4282 4283 void test_cil_resolve_nodecon_ipaddr_neg(CuTest *tc) { 4284 char *line[] = {"(", "user", "user_u", ")", 4285 "(", "role", "role_r", ")", 4286 "(", "type", "type_t", ")", 4287 "(", "category", "c0", ")", 4288 "(", "sensitivity", "s0", ")", 4289 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4290 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4291 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4292 "(", "ipaddr", "ip", "192.168.1.1", ")", 4293 "(", "ipaddr", "netmask", "192.168.1.1", ")", 4294 "(", "nodecon", "ip", "n", "con", ")", NULL}; 4295 4296 struct cil_tree *test_tree; 4297 gen_test_tree(&test_tree, line); 4298 4299 struct cil_db *test_db; 4300 cil_db_init(&test_db); 4301 4302 uint32_t changed = CIL_FALSE; 4303 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4304 4305 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4306 4307 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 4308 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4309 } 4310 4311 void test_cil_resolve_nodecon_netmask_neg(CuTest *tc) { 4312 char *line[] = {"(", "user", "user_u", ")", 4313 "(", "role", "role_r", ")", 4314 "(", "type", "type_t", ")", 4315 "(", "category", "c0", ")", 4316 "(", "sensitivity", "s0", ")", 4317 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4318 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4319 "(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", 4320 "(", "ipaddr", "ip", "192.168.1.1", ")", 4321 "(", "nodecon", "ip", "ip", "conn", ")", NULL}; 4322 4323 struct cil_tree *test_tree; 4324 gen_test_tree(&test_tree, line); 4325 4326 struct cil_db *test_db; 4327 cil_db_init(&test_db); 4328 4329 uint32_t changed = CIL_FALSE; 4330 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4331 4332 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4333 4334 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4335 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4336 } 4337 4338 void test_cil_resolve_nodecon_anon_context(CuTest *tc) { 4339 char *line[] = {"(", "user", "user_u", ")", 4340 "(", "role", "role_r", ")", 4341 "(", "type", "type_t", ")", 4342 "(", "category", "c0", ")", 4343 "(", "sensitivity", "s0", ")", 4344 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4345 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4346 "(", "ipaddr", "ip", "192.168.1.1", ")", 4347 "(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 4348 4349 struct cil_tree *test_tree; 4350 gen_test_tree(&test_tree, line); 4351 4352 struct cil_db *test_db; 4353 cil_db_init(&test_db); 4354 4355 uint32_t changed = CIL_FALSE; 4356 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4357 4358 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4359 4360 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4361 CuAssertIntEquals(tc, SEPOL_OK, rc); 4362 } 4363 4364 void test_cil_resolve_nodecon_anon_context_neg(CuTest *tc) { 4365 char *line[] = {"(", "user", "system_u", ")", 4366 "(", "type", "type_t", ")", 4367 "(", "category", "c0", ")", 4368 "(", "sensitivity", "s0", ")", 4369 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4370 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4371 "(", "ipaddr", "ip", "192.168.1.1", ")", 4372 "(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL}; 4373 4374 struct cil_tree *test_tree; 4375 gen_test_tree(&test_tree, line); 4376 4377 struct cil_db *test_db; 4378 cil_db_init(&test_db); 4379 4380 uint32_t changed = CIL_FALSE; 4381 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4382 4383 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4384 4385 int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 4386 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4387 } 4388 4389 void test_cil_resolve_netifcon(CuTest *tc) { 4390 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4391 "(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4392 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL}; 4393 4394 struct cil_tree *test_tree; 4395 gen_test_tree(&test_tree, line); 4396 4397 struct cil_db *test_db; 4398 cil_db_init(&test_db); 4399 4400 uint32_t changed = CIL_FALSE; 4401 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4402 4403 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4404 4405 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next, args); 4406 CuAssertIntEquals(tc, SEPOL_OK, rc); 4407 } 4408 4409 void test_cil_resolve_netifcon_otf_neg(CuTest *tc) { 4410 char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4411 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL}; 4412 4413 struct cil_tree *test_tree; 4414 gen_test_tree(&test_tree, line); 4415 4416 struct cil_db *test_db; 4417 cil_db_init(&test_db); 4418 4419 uint32_t changed = CIL_FALSE; 4420 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4421 4422 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4423 4424 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args); 4425 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4426 } 4427 4428 void test_cil_resolve_netifcon_interface_neg(CuTest *tc) { 4429 char *line[] = {"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4430 "(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL}; 4431 4432 struct cil_tree *test_tree; 4433 gen_test_tree(&test_tree, line); 4434 4435 struct cil_db *test_db; 4436 cil_db_init(&test_db); 4437 4438 uint32_t changed = CIL_FALSE; 4439 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4440 4441 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4442 4443 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args); 4444 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4445 } 4446 4447 void test_cil_resolve_netifcon_unnamed(CuTest *tc) { 4448 char *line[] = {"(", "sensitivity", "s0", ")", 4449 "(", "category", "c0", ")", 4450 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4451 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4452 "(", "user", "system_u", ")", 4453 "(", "role", "object_r", ")", 4454 "(", "type", "netif_t", ")", 4455 "(", "netifcon", "eth1", 4456 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", 4457 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 4458 4459 struct cil_tree *test_tree; 4460 gen_test_tree(&test_tree, line); 4461 4462 struct cil_db *test_db; 4463 cil_db_init(&test_db); 4464 4465 uint32_t changed = CIL_FALSE; 4466 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4467 4468 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4469 4470 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 4471 CuAssertIntEquals(tc, SEPOL_OK, rc); 4472 } 4473 4474 void test_cil_resolve_netifcon_unnamed_packet_neg(CuTest *tc) { 4475 char *line[] = {"(", "sensitivity", "s0", ")", 4476 "(", "category", "c0", ")", 4477 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4478 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4479 "(", "role", "object_r", ")", 4480 "(", "type", "netif_t", ")", 4481 "(", "netifcon", "eth1", 4482 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", 4483 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 4484 4485 struct cil_tree *test_tree; 4486 gen_test_tree(&test_tree, line); 4487 4488 struct cil_db *test_db; 4489 cil_db_init(&test_db); 4490 4491 uint32_t changed = CIL_FALSE; 4492 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4493 4494 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4495 4496 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args); 4497 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4498 } 4499 4500 void test_cil_resolve_netifcon_unnamed_otf_neg(CuTest *tc) { 4501 char *line[] = {"(", "sensitivity", "s0", ")", 4502 "(", "category", "c0", ")", 4503 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4504 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4505 "(", "user", "system_u", ")", 4506 "(", "role", "object_r", ")", 4507 "(", "type", "netif_t", ")", 4508 "(", "netifcon", "eth1", 4509 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", 4510 "(", "system_u", "foo_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 4511 4512 struct cil_tree *test_tree; 4513 gen_test_tree(&test_tree, line); 4514 4515 struct cil_db *test_db; 4516 cil_db_init(&test_db); 4517 4518 uint32_t changed = CIL_FALSE; 4519 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4520 4521 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4522 4523 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args); 4524 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4525 } 4526 4527 void test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest *tc) { 4528 char *line[] = {"(", "netifcon", "eth1", 4529 "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 4530 4531 struct cil_tree *test_tree; 4532 gen_test_tree(&test_tree, line); 4533 4534 struct cil_db *test_db; 4535 cil_db_init(&test_db); 4536 4537 uint32_t changed = CIL_FALSE; 4538 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4539 4540 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4541 4542 int rc = cil_resolve_netifcon(test_db->ast->root->cl_head, args); 4543 CuAssertIntEquals(tc, SEPOL_OK, rc); 4544 } 4545 4546 void test_cil_resolve_pirqcon(CuTest *tc) { 4547 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4548 "(", "pirqcon", "1", "con", ")", NULL}; 4549 4550 struct cil_tree *test_tree; 4551 gen_test_tree(&test_tree, line); 4552 4553 struct cil_db *test_db; 4554 cil_db_init(&test_db); 4555 4556 uint32_t changed = CIL_FALSE; 4557 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4558 4559 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4560 4561 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args); 4562 CuAssertIntEquals(tc, SEPOL_OK, rc); 4563 } 4564 4565 void test_cil_resolve_pirqcon_context_neg(CuTest *tc) { 4566 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4567 "(", "pirqcon", "1", "dne", ")", NULL}; 4568 4569 struct cil_tree *test_tree; 4570 gen_test_tree(&test_tree, line); 4571 4572 struct cil_db *test_db; 4573 cil_db_init(&test_db); 4574 4575 uint32_t changed = CIL_FALSE; 4576 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4577 4578 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4579 4580 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args); 4581 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4582 } 4583 4584 void test_cil_resolve_pirqcon_anon_context(CuTest *tc) { 4585 char *line[] = {"(", "user", "system_u", ")", 4586 "(", "role", "object_r", ")", 4587 "(", "type", "etc_t", ")", 4588 "(", "sensitivity", "s0", ")", 4589 "(", "category", "c0", ")", 4590 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4591 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4592 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4593 "(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4594 4595 struct cil_tree *test_tree; 4596 gen_test_tree(&test_tree, line); 4597 4598 struct cil_db *test_db; 4599 cil_db_init(&test_db); 4600 4601 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4602 4603 uint32_t changed = CIL_FALSE; 4604 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 4605 4606 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 4607 4608 args->pass = CIL_PASS_MISC3; 4609 4610 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4611 CuAssertIntEquals(tc, SEPOL_OK, rc); 4612 } 4613 4614 void test_cil_resolve_pirqcon_anon_context_neg(CuTest *tc) { 4615 char *line[] = {"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4616 4617 struct cil_tree *test_tree; 4618 gen_test_tree(&test_tree, line); 4619 4620 struct cil_db *test_db; 4621 cil_db_init(&test_db); 4622 4623 uint32_t changed = CIL_FALSE; 4624 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4625 4626 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4627 4628 int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head, args); 4629 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4630 } 4631 4632 void test_cil_resolve_iomemcon(CuTest *tc) { 4633 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4634 "(", "iomemcon", "1", "con", ")", NULL}; 4635 4636 struct cil_tree *test_tree; 4637 gen_test_tree(&test_tree, line); 4638 4639 struct cil_db *test_db; 4640 cil_db_init(&test_db); 4641 4642 uint32_t changed = CIL_FALSE; 4643 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4644 4645 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4646 4647 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args); 4648 CuAssertIntEquals(tc, SEPOL_OK, rc); 4649 } 4650 4651 void test_cil_resolve_iomemcon_context_neg(CuTest *tc) { 4652 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4653 "(", "iomemcon", "1", "dne", ")", NULL}; 4654 4655 struct cil_tree *test_tree; 4656 gen_test_tree(&test_tree, line); 4657 4658 struct cil_db *test_db; 4659 cil_db_init(&test_db); 4660 4661 uint32_t changed = CIL_FALSE; 4662 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4663 4664 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4665 4666 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args); 4667 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4668 } 4669 4670 void test_cil_resolve_iomemcon_anon_context(CuTest *tc) { 4671 char *line[] = {"(", "user", "system_u", ")", 4672 "(", "role", "object_r", ")", 4673 "(", "type", "etc_t", ")", 4674 "(", "sensitivity", "s0", ")", 4675 "(", "category", "c0", ")", 4676 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4677 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4678 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4679 "(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4680 4681 struct cil_tree *test_tree; 4682 gen_test_tree(&test_tree, line); 4683 4684 struct cil_db *test_db; 4685 cil_db_init(&test_db); 4686 4687 uint32_t changed = CIL_FALSE; 4688 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 4689 4690 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4691 4692 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 4693 4694 args->pass = CIL_PASS_MISC3; 4695 4696 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4697 CuAssertIntEquals(tc, SEPOL_OK, rc); 4698 } 4699 4700 void test_cil_resolve_iomemcon_anon_context_neg(CuTest *tc) { 4701 char *line[] = {"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4702 4703 struct cil_tree *test_tree; 4704 gen_test_tree(&test_tree, line); 4705 4706 struct cil_db *test_db; 4707 cil_db_init(&test_db); 4708 4709 uint32_t changed = CIL_FALSE; 4710 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4711 4712 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4713 4714 int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head, args); 4715 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4716 } 4717 4718 void test_cil_resolve_ioportcon(CuTest *tc) { 4719 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4720 "(", "ioportcon", "1", "con", ")", NULL}; 4721 4722 struct cil_tree *test_tree; 4723 gen_test_tree(&test_tree, line); 4724 4725 struct cil_db *test_db; 4726 cil_db_init(&test_db); 4727 4728 uint32_t changed = CIL_FALSE; 4729 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4730 4731 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4732 4733 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args); 4734 CuAssertIntEquals(tc, SEPOL_OK, rc); 4735 } 4736 4737 void test_cil_resolve_ioportcon_context_neg(CuTest *tc) { 4738 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4739 "(", "ioportcon", "1", "dne", ")", NULL}; 4740 4741 struct cil_tree *test_tree; 4742 gen_test_tree(&test_tree, line); 4743 4744 struct cil_db *test_db; 4745 cil_db_init(&test_db); 4746 4747 uint32_t changed = CIL_FALSE; 4748 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4749 4750 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4751 4752 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args); 4753 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4754 } 4755 4756 void test_cil_resolve_ioportcon_anon_context(CuTest *tc) { 4757 char *line[] = {"(", "user", "system_u", ")", 4758 "(", "role", "object_r", ")", 4759 "(", "type", "etc_t", ")", 4760 "(", "sensitivity", "s0", ")", 4761 "(", "category", "c0", ")", 4762 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4763 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4764 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4765 "(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4766 4767 struct cil_tree *test_tree; 4768 gen_test_tree(&test_tree, line); 4769 4770 struct cil_db *test_db; 4771 cil_db_init(&test_db); 4772 4773 uint32_t changed = CIL_FALSE; 4774 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 4775 4776 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4777 4778 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 4779 4780 args->pass = CIL_PASS_MISC3; 4781 4782 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4783 CuAssertIntEquals(tc, SEPOL_OK, rc); 4784 } 4785 4786 void test_cil_resolve_ioportcon_anon_context_neg(CuTest *tc) { 4787 char *line[] = {"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4788 4789 struct cil_tree *test_tree; 4790 gen_test_tree(&test_tree, line); 4791 4792 struct cil_db *test_db; 4793 cil_db_init(&test_db); 4794 4795 uint32_t changed = CIL_FALSE; 4796 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4797 4798 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4799 4800 int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head, args); 4801 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4802 } 4803 4804 void test_cil_resolve_pcidevicecon(CuTest *tc) { 4805 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4806 "(", "pcidevicecon", "1", "con", ")", NULL}; 4807 4808 struct cil_tree *test_tree; 4809 gen_test_tree(&test_tree, line); 4810 4811 struct cil_db *test_db; 4812 cil_db_init(&test_db); 4813 4814 uint32_t changed = CIL_FALSE; 4815 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4816 4817 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4818 4819 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args); 4820 CuAssertIntEquals(tc, SEPOL_OK, rc); 4821 } 4822 4823 void test_cil_resolve_pcidevicecon_context_neg(CuTest *tc) { 4824 char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", 4825 "(", "pcidevicecon", "1", "dne", ")", NULL}; 4826 4827 struct cil_tree *test_tree; 4828 gen_test_tree(&test_tree, line); 4829 4830 struct cil_db *test_db; 4831 cil_db_init(&test_db); 4832 4833 uint32_t changed = CIL_FALSE; 4834 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4835 4836 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4837 4838 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args); 4839 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4840 } 4841 4842 void test_cil_resolve_pcidevicecon_anon_context(CuTest *tc) { 4843 char *line[] = {"(", "user", "system_u", ")", 4844 "(", "role", "object_r", ")", 4845 "(", "type", "etc_t", ")", 4846 "(", "sensitivity", "s0", ")", 4847 "(", "category", "c0", ")", 4848 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4849 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4850 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4851 "(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4852 4853 struct cil_tree *test_tree; 4854 gen_test_tree(&test_tree, line); 4855 4856 struct cil_db *test_db; 4857 cil_db_init(&test_db); 4858 4859 uint32_t changed = CIL_FALSE; 4860 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 4861 4862 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4863 4864 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args); 4865 4866 args->pass = CIL_PASS_MISC3; 4867 4868 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4869 CuAssertIntEquals(tc, SEPOL_OK, rc); 4870 } 4871 4872 void test_cil_resolve_pcidevicecon_anon_context_neg(CuTest *tc) { 4873 char *line[] = {"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL}; 4874 4875 struct cil_tree *test_tree; 4876 gen_test_tree(&test_tree, line); 4877 4878 struct cil_db *test_db; 4879 cil_db_init(&test_db); 4880 4881 uint32_t changed = CIL_FALSE; 4882 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4883 4884 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4885 4886 int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head, args); 4887 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4888 } 4889 4890 void test_cil_resolve_fsuse(CuTest *tc) { 4891 char *line[] = {"(", "sensitivity", "s0", ")", 4892 "(", "category", "c0", ")", 4893 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4894 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4895 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4896 "(", "user", "system_u", ")", 4897 "(", "role", "object_r", ")", 4898 "(", "type", "netif_t", ")", 4899 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", 4900 "(", "fsuse", "xattr", "ext3", "con", ")", NULL}; 4901 4902 struct cil_tree *test_tree; 4903 gen_test_tree(&test_tree, line); 4904 4905 struct cil_db *test_db; 4906 cil_db_init(&test_db); 4907 4908 uint32_t changed = CIL_FALSE; 4909 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4910 4911 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4912 4913 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4914 CuAssertIntEquals(tc, SEPOL_OK, rc); 4915 } 4916 4917 void test_cil_resolve_fsuse_nocontext_neg(CuTest *tc) { 4918 char *line[] = {"(", "sensitivity", "s0", ")", 4919 "(", "category", "c0", ")", 4920 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4921 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4922 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4923 "(", "user", "system_u", ")", 4924 "(", "role", "object_r", ")", 4925 "(", "type", "netif_t", ")", 4926 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", 4927 "(", "fsuse", "xattr", "ext3", "(", ")", ")", NULL}; 4928 4929 struct cil_tree *test_tree; 4930 gen_test_tree(&test_tree, line); 4931 4932 struct cil_db *test_db; 4933 cil_db_init(&test_db); 4934 4935 uint32_t changed = CIL_FALSE; 4936 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4937 4938 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4939 4940 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4941 CuAssertIntEquals(tc, SEPOL_ERR, rc); 4942 } 4943 4944 void test_cil_resolve_fsuse_neg(CuTest *tc) { 4945 char *line[] = {"(", "sensitivity", "s0", ")", 4946 "(", "category", "c0", ")", 4947 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4948 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4949 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4950 "(", "user", "system_u", ")", 4951 "(", "role", "object_r", ")", 4952 "(", "type", "netif_t", ")", 4953 "(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", 4954 "(", "fsuse", "xattr", "ext3", "conn", ")", NULL}; 4955 4956 struct cil_tree *test_tree; 4957 gen_test_tree(&test_tree, line); 4958 4959 struct cil_db *test_db; 4960 cil_db_init(&test_db); 4961 4962 uint32_t changed = CIL_FALSE; 4963 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4964 4965 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4966 4967 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 4968 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 4969 } 4970 4971 void test_cil_resolve_fsuse_anon(CuTest *tc) { 4972 char *line[] = {"(", "sensitivity", "s0", ")", 4973 "(", "category", "c0", ")", 4974 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 4975 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 4976 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 4977 "(", "user", "system_u", ")", 4978 "(", "role", "object_r", ")", 4979 "(", "type", "netif_t", ")", 4980 "(", "fsuse", "xattr", "ext3", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 4981 4982 struct cil_tree *test_tree; 4983 gen_test_tree(&test_tree, line); 4984 4985 struct cil_db *test_db; 4986 cil_db_init(&test_db); 4987 4988 uint32_t changed = CIL_FALSE; 4989 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 4990 4991 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 4992 4993 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 4994 CuAssertIntEquals(tc, SEPOL_OK, rc); 4995 } 4996 4997 void test_cil_resolve_fsuse_anon_neg(CuTest *tc) { 4998 char *line[] = {"(", "sensitivity", "s0", ")", 4999 "(", "category", "c0", ")", 5000 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5001 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 5002 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 5003 "(", "user", "system_u", ")", 5004 "(", "role", "object_r", ")", 5005 "(", "type", "netif_t", ")", 5006 "(", "fsuse", "xattr", "ext3", "(", "system_uu", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL}; 5007 5008 struct cil_tree *test_tree; 5009 gen_test_tree(&test_tree, line); 5010 5011 struct cil_db *test_db; 5012 cil_db_init(&test_db); 5013 5014 uint32_t changed = CIL_FALSE; 5015 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL); 5016 5017 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5018 5019 int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5020 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 5021 } 5022 5023 void test_cil_resolve_sidcontext(CuTest *tc) { 5024 char *line[] = {"(", "category", "c0", ")", 5025 "(", "categoryorder", "(", "c0", ")", ")", 5026 "(", "sensitivity", "s0", ")", 5027 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5028 "(", "type", "blah_t", ")", 5029 "(", "role", "blah_r", ")", 5030 "(", "user", "blah_u", ")", 5031 "(", "sid", "test", ")", 5032 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL}; 5033 5034 struct cil_tree *test_tree; 5035 gen_test_tree(&test_tree, line); 5036 5037 struct cil_db *test_db; 5038 cil_db_init(&test_db); 5039 5040 uint32_t changed = CIL_FALSE; 5041 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 5042 5043 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5044 5045 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 5046 5047 args->pass = CIL_PASS_MISC3; 5048 5049 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5050 CuAssertIntEquals(tc, SEPOL_OK, rc); 5051 } 5052 5053 void test_cil_resolve_sidcontext_named_levels(CuTest *tc) { 5054 char *line[] = {"(", "category", "c0", ")", 5055 "(", "categoryorder", "(", "c0", ")", ")", 5056 "(", "sensitivity", "s0", ")", 5057 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5058 "(", "type", "blah_t", ")", 5059 "(", "role", "blah_r", ")", 5060 "(", "user", "blah_u", ")", 5061 "(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")", 5062 "(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", 5063 "(", "sid", "test", ")", 5064 "(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL}; 5065 5066 struct cil_tree *test_tree; 5067 gen_test_tree(&test_tree, line); 5068 5069 struct cil_db *test_db; 5070 cil_db_init(&test_db); 5071 5072 uint32_t changed = CIL_FALSE; 5073 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 5074 5075 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5076 5077 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 5078 5079 args->pass = CIL_PASS_MISC3; 5080 5081 struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 5082 cil_resolve_level(level, (struct cil_level*)level->data, args); 5083 cil_resolve_level(level->next, (struct cil_level*)level->next->data, args); 5084 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 5085 CuAssertIntEquals(tc, SEPOL_OK, rc); 5086 } 5087 5088 void test_cil_resolve_sidcontext_named_context(CuTest *tc) { 5089 char *line[] = {"(", "category", "c0", ")", 5090 "(", "categoryorder", "(", "c0", ")", ")", 5091 "(", "sensitivity", "s0", ")", 5092 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5093 "(", "type", "blah_t", ")", 5094 "(", "role", "blah_r", ")", 5095 "(", "user", "blah_u", ")", 5096 "(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", 5097 "(", "sid", "test", ")", 5098 "(", "sidcontext", "test", "con", ")", NULL}; 5099 5100 struct cil_tree *test_tree; 5101 gen_test_tree(&test_tree, line); 5102 5103 struct cil_db *test_db; 5104 cil_db_init(&test_db); 5105 5106 uint32_t changed = CIL_FALSE; 5107 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 5108 5109 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5110 5111 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 5112 5113 args->pass = CIL_PASS_MISC3; 5114 5115 struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 5116 cil_resolve_context(context, (struct cil_context*)context->data, args); 5117 5118 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 5119 CuAssertIntEquals(tc, SEPOL_OK, rc); 5120 } 5121 5122 void test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest *tc) { 5123 char *line[] = {"(", "category", "c0", ")", 5124 "(", "categoryorder", "(", "c0", ")", ")", 5125 "(", "sensitivity", "s0", ")", 5126 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5127 "(", "type", "blah_t", ")", 5128 "(", "role", "blah_r", ")", 5129 "(", "user", "blah_u", ")", 5130 "(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", 5131 "(", "sid", "test", ")", 5132 "(", "sidcontext", "test", "foo", ")", NULL}; 5133 5134 struct cil_tree *test_tree; 5135 gen_test_tree(&test_tree, line); 5136 5137 struct cil_db *test_db; 5138 cil_db_init(&test_db); 5139 5140 uint32_t changed = CIL_FALSE; 5141 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 5142 5143 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5144 5145 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 5146 5147 args->pass = CIL_PASS_MISC3; 5148 5149 struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next; 5150 cil_resolve_context(context, (struct cil_context*)context->data, args); 5151 5152 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args); 5153 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 5154 } 5155 5156 void test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest *tc) { 5157 char *line[] = {"(", "category", "c0", ")", 5158 "(", "categoryorder", "(", "c0", ")", ")", 5159 "(", "sensitivity", "s0", ")", 5160 "(", "sensitivitycategory", "s0", "(", "c0", ")", ")", 5161 "(", "type", "blah_t", ")", 5162 "(", "role", "blah_r", ")", 5163 "(", "user", "blah_u", ")", 5164 "(", "sid", "test", ")", 5165 "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL}; 5166 5167 struct cil_tree *test_tree; 5168 gen_test_tree(&test_tree, line); 5169 5170 struct cil_db *test_db; 5171 cil_db_init(&test_db); 5172 5173 uint32_t changed = CIL_FALSE; 5174 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL); 5175 5176 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5177 5178 cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args); 5179 5180 int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5181 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 5182 } 5183 5184 void test_cil_resolve_blockinherit(CuTest *tc) { 5185 char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")", 5186 "(", "block", "foo", "(", "type", "a", ")", 5187 "(", "blockinherit", "baz", ")", ")", NULL}; 5188 5189 struct cil_tree *test_tree; 5190 gen_test_tree(&test_tree, line); 5191 5192 struct cil_db *test_db; 5193 cil_db_init(&test_db); 5194 5195 uint32_t changed = CIL_FALSE; 5196 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5197 5198 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5199 5200 int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args); 5201 CuAssertIntEquals(tc, SEPOL_OK, rc); 5202 } 5203 5204 void test_cil_resolve_blockinherit_blockstrdne_neg(CuTest *tc) { 5205 char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")", 5206 "(", "block", "foo", "(", "type", "a", ")", 5207 "(", "blockinherit", "dne", ")", ")", NULL}; 5208 5209 struct cil_tree *test_tree; 5210 gen_test_tree(&test_tree, line); 5211 5212 struct cil_db *test_db; 5213 cil_db_init(&test_db); 5214 5215 uint32_t changed = CIL_FALSE; 5216 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5217 5218 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5219 5220 int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args); 5221 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 5222 } 5223 5224 void test_cil_resolve_in_block(CuTest *tc) { 5225 char *line[] = {"(", "class", "char", "(", "read", ")", ")", 5226 "(", "block", "foo", "(", "type", "a", ")", ")", 5227 "(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL}; 5228 5229 struct cil_tree *test_tree; 5230 gen_test_tree(&test_tree, line); 5231 5232 struct cil_db *test_db; 5233 cil_db_init(&test_db); 5234 5235 uint32_t changed = CIL_FALSE; 5236 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5237 5238 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5239 5240 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args); 5241 CuAssertIntEquals(tc, SEPOL_OK, rc); 5242 } 5243 5244 void test_cil_resolve_in_blockstrdne_neg(CuTest *tc) { 5245 char *line[] = {"(", "class", "char", "(", "read", ")", ")", 5246 "(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL}; 5247 5248 struct cil_tree *test_tree; 5249 gen_test_tree(&test_tree, line); 5250 5251 struct cil_db *test_db; 5252 cil_db_init(&test_db); 5253 5254 uint32_t changed = CIL_FALSE; 5255 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5256 5257 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5258 5259 int rc = cil_resolve_in(test_db->ast->root->cl_head->next, args); 5260 CuAssertIntEquals(tc, SEPOL_ENOENT, rc); 5261 } 5262 5263 void test_cil_resolve_in_macro(CuTest *tc) { 5264 char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")", 5265 "(", "macro", "mm", "(", "(", "class", "a", ")", ")", 5266 "(", "allow", "foo", "bar", "(", "file", "(", "write", ")", ")", ")", ")", 5267 "(", "in", "mm", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL}; 5268 5269 struct cil_tree *test_tree; 5270 gen_test_tree(&test_tree, line); 5271 5272 struct cil_db *test_db; 5273 cil_db_init(&test_db); 5274 5275 uint32_t changed = CIL_FALSE; 5276 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5277 5278 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5279 5280 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args); 5281 CuAssertIntEquals(tc, SEPOL_OK, rc); 5282 } 5283 5284 void test_cil_resolve_in_optional(CuTest *tc) { 5285 char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")", 5286 "(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", 5287 "(", "in", "opt", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL}; 5288 5289 struct cil_tree *test_tree; 5290 gen_test_tree(&test_tree, line); 5291 5292 struct cil_db *test_db; 5293 cil_db_init(&test_db); 5294 5295 uint32_t changed = CIL_FALSE; 5296 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5297 5298 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5299 5300 int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args); 5301 CuAssertIntEquals(tc, SEPOL_OK, rc); 5302 } 5303 5304 void test_cil_resolve_call1_noparam(CuTest *tc) { 5305 char *line[] = {"(", "type", "qaz", ")", 5306 "(", "class", "file", "(", "read", ")", ")", 5307 "(", "macro", "mm", "(", "(", "type", ")", ")", 5308 "(", "type", "b", ")", 5309 "(", "allow", "qaz", "b", "file", "(", "read", ")", ")", ")", 5310 "(", "call", "mm", "(", ")", ")", NULL}; 5311 5312 struct cil_tree *test_tree; 5313 gen_test_tree(&test_tree, line); 5314 5315 struct cil_db *test_db; 5316 cil_db_init(&test_db); 5317 5318 uint32_t changed = CIL_FALSE; 5319 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5320 5321 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5322 5323 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5324 CuAssertIntEquals(tc, SEPOL_OK, rc); 5325 } 5326 5327 void test_cil_resolve_call1_type(CuTest *tc) { 5328 char *line[] = {"(", "type", "qaz", ")", 5329 "(", "class", "file", "(", "read", ")", ")", 5330 "(", "macro", "mm", "(", "(", "type", "a", ")", ")", 5331 "(", "type", "b", ")", 5332 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5333 "(", "call", "mm", "(", "qaz", ")", ")", NULL}; 5334 5335 struct cil_tree *test_tree; 5336 gen_test_tree(&test_tree, line); 5337 5338 struct cil_db *test_db; 5339 cil_db_init(&test_db); 5340 5341 uint32_t changed = CIL_FALSE; 5342 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5343 5344 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5345 5346 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5347 CuAssertIntEquals(tc, SEPOL_OK, rc); 5348 } 5349 5350 void test_cil_resolve_call1_role(CuTest *tc) { 5351 char *line[] = {"(", "role", "role_r", ")", 5352 "(", "class", "file", "(", "read", ")", ")", 5353 "(", "macro", "mm", "(", "(", "role", "a", ")", ")", 5354 "(", "role", "b", ")", 5355 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5356 "(", "call", "mm", "(", "role_r", ")", ")", NULL}; 5357 5358 struct cil_tree *test_tree; 5359 gen_test_tree(&test_tree, line); 5360 5361 struct cil_db *test_db; 5362 cil_db_init(&test_db); 5363 5364 uint32_t changed = CIL_FALSE; 5365 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5366 5367 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5368 5369 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5370 CuAssertIntEquals(tc, SEPOL_OK, rc); 5371 } 5372 5373 void test_cil_resolve_call1_user(CuTest *tc) { 5374 char *line[] = {"(", "user", "user_u", ")", 5375 "(", "class", "file", "(", "read", ")", ")", 5376 "(", "macro", "mm", "(", "(", "user", "a", ")", ")", 5377 "(", "user", "b", ")", 5378 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5379 "(", "call", "mm", "(", "user_u", ")", ")", NULL}; 5380 5381 struct cil_tree *test_tree; 5382 gen_test_tree(&test_tree, line); 5383 5384 struct cil_db *test_db; 5385 cil_db_init(&test_db); 5386 5387 uint32_t changed = CIL_FALSE; 5388 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5389 5390 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5391 5392 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5393 CuAssertIntEquals(tc, SEPOL_OK, rc); 5394 } 5395 5396 void test_cil_resolve_call1_sens(CuTest *tc) { 5397 char *line[] = {"(", "sensitivity", "sens", ")", 5398 "(", "class", "file", "(", "read", ")", ")", 5399 "(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")", 5400 "(", "sensitivity", "b", ")", 5401 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5402 "(", "call", "mm", "(", "sens", ")", ")", NULL}; 5403 5404 struct cil_tree *test_tree; 5405 gen_test_tree(&test_tree, line); 5406 5407 struct cil_db *test_db; 5408 cil_db_init(&test_db); 5409 5410 uint32_t changed = CIL_FALSE; 5411 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5412 5413 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5414 5415 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5416 CuAssertIntEquals(tc, SEPOL_OK, rc); 5417 } 5418 5419 void test_cil_resolve_call1_cat(CuTest *tc) { 5420 char *line[] = {"(", "category", "c0", ")", 5421 "(", "class", "file", "(", "read", ")", ")", 5422 "(", "macro", "mm", "(", "(", "category", "a", ")", ")", 5423 "(", "category", "b", ")", 5424 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5425 "(", "call", "mm", "(", "c0", ")", ")", NULL}; 5426 5427 struct cil_tree *test_tree; 5428 gen_test_tree(&test_tree, line); 5429 5430 struct cil_db *test_db; 5431 cil_db_init(&test_db); 5432 5433 uint32_t changed = CIL_FALSE; 5434 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5435 5436 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5437 5438 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5439 CuAssertIntEquals(tc, SEPOL_OK, rc); 5440 } 5441 5442 void test_cil_resolve_call1_catset(CuTest *tc) { 5443 char *line[] = {"(", "category", "c0", ")", 5444 "(", "category", "c1", ")", 5445 "(", "category", "c2", ")", 5446 "(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", 5447 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")", 5448 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")", 5449 "(", "call", "mm", "(", "somecats", ")", ")", NULL}; 5450 5451 struct cil_tree *test_tree; 5452 gen_test_tree(&test_tree, line); 5453 5454 struct cil_db *test_db; 5455 cil_db_init(&test_db); 5456 5457 uint32_t changed = CIL_FALSE; 5458 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5459 5460 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5461 5462 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args); 5463 CuAssertIntEquals(tc, SEPOL_OK, rc); 5464 } 5465 5466 void test_cil_resolve_call1_catset_anon(CuTest *tc) { 5467 char *line[] = {"(", "category", "c0", ")", 5468 "(", "category", "c1", ")", 5469 "(", "category", "c2", ")", 5470 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")", 5471 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")", 5472 "(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL}; 5473 5474 struct cil_tree *test_tree; 5475 gen_test_tree(&test_tree, line); 5476 5477 struct cil_db *test_db; 5478 cil_db_init(&test_db); 5479 5480 uint32_t changed = CIL_FALSE; 5481 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5482 5483 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5484 5485 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args); 5486 CuAssertIntEquals(tc, SEPOL_OK, rc); 5487 } 5488 5489 void test_cil_resolve_call1_catset_anon_neg(CuTest *tc) { 5490 char *line[] = {"(", "category", "c0", ")", 5491 "(", "category", "c1", ")", 5492 "(", "category", "c2", ")", 5493 "(", "macro", "mm", "(", "(", "categoryset", "foo", ")", ")", 5494 "(", "level", "bar", "(", "s0", "foo", ")", ")", ")", 5495 "(", "call", "mm", "(", "(", "c5", "(", "c2", ")", "c4", ")", ")", ")", NULL}; 5496 5497 struct cil_tree *test_tree; 5498 gen_test_tree(&test_tree, line); 5499 5500 struct cil_db *test_db; 5501 cil_db_init(&test_db); 5502 5503 uint32_t changed = CIL_FALSE; 5504 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5505 5506 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5507 5508 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args); 5509 CuAssertIntEquals(tc, SEPOL_ERR, rc); 5510 } 5511 5512 void test_cil_resolve_call1_level(CuTest *tc) { 5513 char *line[] = {"(", "category", "c0", ")", 5514 "(", "sensitivity", "s0", ")", 5515 "(", "user", "system_u", ")", 5516 "(", "role", "role_r", ")", 5517 "(", "type", "type_t", ")", 5518 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")", 5519 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")", 5520 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")", 5521 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")", 5522 "(", "call", "mm", "(", "l", "h", ")", ")", NULL}; 5523 5524 struct cil_tree *test_tree; 5525 gen_test_tree(&test_tree, line); 5526 5527 struct cil_db *test_db; 5528 cil_db_init(&test_db); 5529 5530 uint32_t changed = CIL_FALSE; 5531 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5532 5533 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5534 5535 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5536 CuAssertIntEquals(tc, SEPOL_OK, rc); 5537 } 5538 5539 void test_cil_resolve_call1_level_anon(CuTest *tc) { 5540 char *line[] = {"(", "category", "c0", ")", 5541 "(", "sensitivity", "s0", ")", 5542 "(", "user", "system_u", ")", 5543 "(", "role", "role_r", ")", 5544 "(", "type", "type_t", ")", 5545 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")", 5546 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")", 5547 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")", 5548 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")", 5549 "(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL}; 5550 5551 struct cil_tree *test_tree; 5552 gen_test_tree(&test_tree, line); 5553 5554 struct cil_db *test_db; 5555 cil_db_init(&test_db); 5556 5557 uint32_t changed = CIL_FALSE; 5558 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5559 5560 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5561 5562 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5563 CuAssertIntEquals(tc, SEPOL_OK, rc); 5564 } 5565 5566 void test_cil_resolve_call1_level_anon_neg(CuTest *tc) { 5567 char *line[] = {"(", "category", "c0", ")", 5568 "(", "sensitivity", "s0", ")", 5569 "(", "user", "system_u", ")", 5570 "(", "role", "role_r", ")", 5571 "(", "type", "type_t", ")", 5572 "(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")", 5573 "(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")", 5574 "(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")", 5575 "(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")", 5576 "(", "call", "mm", "(", "(", "s0", "(", "c0", "(", "c5", ")", ")", ")", ")", ")", NULL}; 5577 5578 struct cil_tree *test_tree; 5579 gen_test_tree(&test_tree, line); 5580 5581 struct cil_db *test_db; 5582 cil_db_init(&test_db); 5583 5584 uint32_t changed = CIL_FALSE; 5585 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5586 5587 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5588 5589 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args); 5590 CuAssertIntEquals(tc, SEPOL_ERR, rc); 5591 } 5592 5593 void test_cil_resolve_call1_ipaddr(CuTest *tc) { 5594 char *line[] = {"(", "category", "c0", ")", 5595 "(", "sensitivity", "s0", ")", 5596 "(", "user", "system_u", ")", 5597 "(", "role", "role_r", ")", 5598 "(", "type", "type_t", ")", 5599 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")", 5600 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")", 5601 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", 5602 "(", "ipaddr", "netmask", "192.168.0.1", ")", 5603 "(", "ipaddr", "ip", "192.168.0.1", ")", 5604 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")", 5605 "(", "nodecon", "addr", "netmask", "con", ")", ")", 5606 "(", "call", "mm", "(", "ip", ")", ")", NULL}; 5607 5608 struct cil_tree *test_tree; 5609 gen_test_tree(&test_tree, line); 5610 5611 struct cil_db *test_db; 5612 cil_db_init(&test_db); 5613 5614 uint32_t changed = CIL_FALSE; 5615 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5616 5617 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5618 5619 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args); 5620 CuAssertIntEquals(tc, SEPOL_OK, rc); 5621 } 5622 5623 void test_cil_resolve_call1_ipaddr_anon(CuTest *tc) { 5624 char *line[] = {"(", "category", "c0", ")", 5625 "(", "sensitivity", "s0", ")", 5626 "(", "user", "system_u", ")", 5627 "(", "role", "role_r", ")", 5628 "(", "type", "type_t", ")", 5629 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")", 5630 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")", 5631 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", 5632 "(", "ipaddr", "netmask", "192.168.0.1", ")", 5633 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")", 5634 "(", "nodecon", "addr", "netmask", "con", ")", ")", 5635 "(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL}; 5636 5637 struct cil_tree *test_tree; 5638 gen_test_tree(&test_tree, line); 5639 5640 struct cil_db *test_db; 5641 cil_db_init(&test_db); 5642 5643 uint32_t changed = CIL_FALSE; 5644 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5645 5646 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5647 5648 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 5649 CuAssertIntEquals(tc, SEPOL_OK, rc); 5650 } 5651 5652 void test_cil_resolve_call1_ipaddr_anon_neg(CuTest *tc) { 5653 char *line[] = {"(", "category", "c0", ")", 5654 "(", "sensitivity", "s0", ")", 5655 "(", "user", "system_u", ")", 5656 "(", "role", "role_r", ")", 5657 "(", "type", "type_t", ")", 5658 "(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")", 5659 "(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")", 5660 "(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", 5661 "(", "ipaddr", "netmask", "192.168.0.1", ")", 5662 "(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")", 5663 "(", "nodecon", "addr", "netmask", "con", ")", ")", 5664 "(", "call", "mm", "(", "(", "192.1.1", ")", ")", ")", NULL}; 5665 5666 struct cil_tree *test_tree; 5667 gen_test_tree(&test_tree, line); 5668 5669 struct cil_db *test_db; 5670 cil_db_init(&test_db); 5671 5672 uint32_t changed = CIL_FALSE; 5673 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5674 5675 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5676 5677 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args); 5678 CuAssertIntEquals(tc, SEPOL_ERR, rc); 5679 } 5680 5681 void test_cil_resolve_call1_class(CuTest *tc) { 5682 char *line[] = {"(", "class", "foo", "(", "read", ")", ")", 5683 "(", "class", "file", "(", "read", ")", ")", 5684 "(", "macro", "mm", "(", "(", "class", "a", ")", ")", 5685 "(", "class", "b", "(", "read", ")", ")", 5686 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5687 "(", "call", "mm", "(", "foo", ")", ")", NULL}; 5688 5689 struct cil_tree *test_tree; 5690 gen_test_tree(&test_tree, line); 5691 5692 struct cil_db *test_db; 5693 cil_db_init(&test_db); 5694 5695 uint32_t changed = CIL_FALSE; 5696 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5697 5698 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5699 5700 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5701 CuAssertIntEquals(tc, SEPOL_OK, rc); 5702 } 5703 5704 void test_cil_resolve_call1_classmap(CuTest *tc) { 5705 char *line[] = {"(", "class", "file", "(", "open", ")", ")", 5706 "(", "macro", "mm", "(", "(", "classmap", "a", ")", ")", 5707 "(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")", 5708 "(", "call", "mm", "(", "(", "read", ")", ")", ")", NULL}; 5709 5710 struct cil_tree *test_tree; 5711 gen_test_tree(&test_tree, line); 5712 5713 struct cil_db *test_db; 5714 cil_db_init(&test_db); 5715 5716 uint32_t changed = CIL_FALSE; 5717 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5718 5719 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5720 5721 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next, args); 5722 CuAssertIntEquals(tc, SEPOL_OK, rc); 5723 } 5724 5725 void test_cil_resolve_call1_permset(CuTest *tc) { 5726 char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")", 5727 "(", "type", "dead", ")", 5728 "(", "type", "bar", ")", 5729 "(", "class", "baz", "(", "close", "read", "open", ")", ")", 5730 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")", 5731 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")", 5732 "(", "call", "mm", "(", "foo", ")", ")", NULL}; 5733 5734 struct cil_tree *test_tree; 5735 gen_test_tree(&test_tree, line); 5736 5737 struct cil_db *test_db; 5738 cil_db_init(&test_db); 5739 5740 uint32_t changed = CIL_FALSE; 5741 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5742 5743 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5744 5745 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args); 5746 CuAssertIntEquals(tc, SEPOL_OK, rc); 5747 } 5748 5749 void test_cil_resolve_call1_permset_anon(CuTest *tc) { 5750 char *line[] = {"(", "type", "dead", ")", 5751 "(", "type", "bar", ")", 5752 "(", "class", "baz", "(", "close", "read", "open", ")", ")", 5753 "(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")", 5754 "(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")", 5755 "(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL}; 5756 5757 struct cil_tree *test_tree; 5758 gen_test_tree(&test_tree, line); 5759 5760 struct cil_db *test_db; 5761 cil_db_init(&test_db); 5762 5763 uint32_t changed = CIL_FALSE; 5764 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5765 5766 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5767 5768 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args); 5769 CuAssertIntEquals(tc, SEPOL_OK, rc); 5770 } 5771 5772 void test_cil_resolve_call1_classpermset_named(CuTest *tc) { 5773 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 5774 "(", "class", "file", "(", "open", ")", ")", 5775 "(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")", 5776 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")", 5777 "(", "classmapping", "files", "read", "a", ")", ")", 5778 "(", "call", "mm", "(", "char_w", ")", ")", NULL}; 5779 5780 struct cil_tree *test_tree; 5781 gen_test_tree(&test_tree, line); 5782 5783 struct cil_db *test_db; 5784 cil_db_init(&test_db); 5785 5786 uint32_t changed = CIL_FALSE; 5787 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5788 5789 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5790 5791 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args); 5792 CuAssertIntEquals(tc, SEPOL_OK, rc); 5793 } 5794 5795 void test_cil_resolve_call1_classpermset_anon(CuTest *tc) { 5796 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 5797 "(", "class", "file", "(", "open", ")", ")", 5798 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")", 5799 "(", "classmapping", "files", "read", "a", ")", ")", 5800 "(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL}; 5801 5802 struct cil_tree *test_tree; 5803 gen_test_tree(&test_tree, line); 5804 5805 struct cil_db *test_db; 5806 cil_db_init(&test_db); 5807 5808 uint32_t changed = CIL_FALSE; 5809 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5810 5811 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5812 5813 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5814 CuAssertIntEquals(tc, SEPOL_OK, rc); 5815 } 5816 5817 void test_cil_resolve_call1_classpermset_anon_neg(CuTest *tc) { 5818 char *line[] = {"(", "classmap", "files", "(", "read", ")", ")", 5819 "(", "class", "file", "(", "open", ")", ")", 5820 "(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")", 5821 "(", "classmapping", "files", "read", "a", ")", ")", 5822 "(", "call", "mm", "(", "(", "file", "(", ")", ")", ")", ")", NULL}; 5823 5824 struct cil_tree *test_tree; 5825 gen_test_tree(&test_tree, line); 5826 5827 struct cil_db *test_db; 5828 cil_db_init(&test_db); 5829 5830 uint32_t changed = CIL_FALSE; 5831 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5832 5833 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5834 5835 int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args); 5836 CuAssertIntEquals(tc, SEPOL_ERR, rc); 5837 } 5838 5839 void test_cil_resolve_call1_unknown_neg(CuTest *tc) { 5840 char *line[] = {"(", "class", "foo", "(", "read", ")", ")", 5841 "(", "class", "file", "(", "read", ")", ")", 5842 "(", "macro", "mm", "(", "(", "class", "a", ")", ")", 5843 "(", "class", "b", "(", "read", ")", ")", 5844 "(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", 5845 "(", "call", "mm", "(", "foo", ")", ")", NULL}; 5846 5847 struct cil_tree *test_tree; 5848 gen_test_tree(&test_tree, line); 5849 5850 struct cil_db *test_db; 5851 cil_db_init(&test_db); 5852 5853 uint32_t changed = CIL_FALSE; 5854 struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL); 5855 5856 cil_build_ast(test_db, test_tree->root, test_db->ast->root); 5857 5858 struct cil_tree_node *macro_node = NULL; 5859 cil_resolve_name(test_db-&