Home | History | Annotate | Download | only in tests 
      1 /*
      2  * Authors: Chad Sellers <csellers (at) tresys.com>
      3  *          Joshua Brindle <jbrindle (at) tresys.com>
      4  *
      5  * Copyright (C) 2006 Tresys Technology, LLC
      6  *
      7  *  This library is free software; you can redistribute it and/or
      8  *  modify it under the terms of the GNU Lesser General Public
      9  *  License as published by the Free Software Foundation; either
     10  *  version 2.1 of the License, or (at your option) any later version.
     11  *
     12  *  This library is distributed in the hope that it will be useful,
     13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     15  *  Lesser General Public License for more details.
     16  *
     17  *  You should have received a copy of the GNU Lesser General Public
     18  *  License along with this library; if not, write to the Free Software
     19  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     20  */
     21 
     22 /* This is where the expander tests should go, including:
     23  * - check role, type, bool, user mapping
     24  * - add symbols declared in enabled optionals
     25  * - do not add symbols declared in disabled optionals
     26  * - add rules from enabled optionals
     27  * - do not add rules from disabled optionals
     28  * - verify attribute mapping
     29 
     30  * - check conditional expressions for correct mapping
     31  */
     32 
     33 #include "test-expander.h"
     34 #include "parse_util.h"
     35 #include "helpers.h"
     36 #include "test-common.h"
     37 #include "test-expander-users.h"
     38 #include "test-expander-roles.h"
     39 #include "test-expander-attr-map.h"
     40 
     41 #include <sepol/policydb/policydb.h>
     42 #include <sepol/policydb/expand.h>
     43 #include <sepol/policydb/link.h>
     44 #include <sepol/policydb/conditional.h>
     45 #include <limits.h>
     46 #include <stdlib.h>
     47 
     48 policydb_t role_expanded;
     49 policydb_t user_expanded;
     50 policydb_t base_expanded2;
     51 static policydb_t basemod;
     52 static policydb_t basemod2;
     53 static policydb_t mod2;
     54 static policydb_t base_expanded;
     55 static policydb_t base_only_mod;
     56 static policydb_t base_only_expanded;
     57 static policydb_t role_basemod;
     58 static policydb_t role_mod;
     59 static policydb_t user_basemod;
     60 static policydb_t user_mod;
     61 static policydb_t alias_basemod;
     62 static policydb_t alias_mod;
     63 static policydb_t alias_expanded;
     64 static uint32_t *typemap;
     65 extern int mls;
     66 
     67 /* Takes base, some number of modules, links them, and expands them
     68    reads source from myfiles array, which has the base string followed by
     69    each module string */
     70 int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, char **myfiles)
     71 {
     72 	char *filename[num_modules + 1];
     73 	int i;
     74 
     75 	for (i = 0; i < num_modules + 1; i++) {
     76 		filename[i] = calloc(PATH_MAX, sizeof(char));
     77 		if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
     78 			return -1;
     79 	}
     80 
     81 	if (policydb_init(mybase)) {
     82 		fprintf(stderr, "out of memory!\n");
     83 		return -1;
     84 	}
     85 
     86 	for (i = 0; i < num_modules; i++) {
     87 		if (policydb_init(mymodules[i])) {
     88 			fprintf(stderr, "out of memory!\n");
     89 			return -1;
     90 		}
     91 	}
     92 
     93 	if (policydb_init(myexpanded)) {
     94 		fprintf(stderr, "out of memory!\n");
     95 		return -1;
     96 	}
     97 
     98 	mybase->policy_type = POLICY_BASE;
     99 	mybase->mls = mls;
    100 
    101 	if (read_source_policy(mybase, filename[0], myfiles[0])) {
    102 		fprintf(stderr, "read source policy failed %s\n", filename[0]);
    103 		return -1;
    104 	}
    105 
    106 	for (i = 1; i < num_modules + 1; i++) {
    107 		mymodules[i - 1]->policy_type = POLICY_MOD;
    108 		mymodules[i - 1]->mls = mls;
    109 		if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
    110 			fprintf(stderr, "read source policy failed %s\n", filename[i]);
    111 			return -1;
    112 		}
    113 	}
    114 
    115 	if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
    116 		fprintf(stderr, "link modules failed\n");
    117 		return -1;
    118 	}
    119 
    120 	if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
    121 		fprintf(stderr, "expand modules failed\n");
    122 		return -1;
    123 	}
    124 
    125 	return 0;
    126 }
    127 
    128 int expander_test_init(void)
    129 {
    130 	char *small_base_file = "small-base.conf";
    131 	char *base_only_file = "base-base-only.conf";
    132 	int rc;
    133 	policydb_t *mymod2;
    134 	char *files2[] = { "small-base.conf", "module.conf" };
    135 	char *role_files[] = { "role-base.conf", "role-module.conf" };
    136 	char *user_files[] = { "user-base.conf", "user-module.conf" };
    137 	char *alias_files[] = { "alias-base.conf", "alias-module.conf" };
    138 
    139 	rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file);
    140 	if (rc != 0)
    141 		return rc;
    142 
    143 	mymod2 = &mod2;
    144 	rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2);
    145 	if (rc != 0)
    146 		return rc;
    147 
    148 	rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file);
    149 	if (rc != 0)
    150 		return rc;
    151 
    152 	mymod2 = &role_mod;
    153 	rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files);
    154 	if (rc != 0)
    155 		return rc;
    156 
    157 	/* Just init the base for now, until we figure out how to separate out
    158 	   mls and non-mls tests since users can't be used in mls module */
    159 	mymod2 = &user_mod;
    160 	rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files);
    161 	if (rc != 0)
    162 		return rc;
    163 
    164 	mymod2 = &alias_mod;
    165 	rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files);
    166 	if (rc != 0)
    167 		return rc;
    168 
    169 	return 0;
    170 }
    171 
    172 int expander_test_cleanup(void)
    173 {
    174 	policydb_destroy(&basemod);
    175 	policydb_destroy(&base_expanded);
    176 	free(typemap);
    177 
    178 	return 0;
    179 }
    180 
    181 static void test_expander_indexes(void)
    182 {
    183 	test_policydb_indexes(&base_expanded);
    184 }
    185 
    186 static void test_expander_alias(void)
    187 {
    188 	test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0);
    189 	test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0);
    190 	test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0);
    191 }
    192 
    193 int expander_add_tests(CU_pSuite suite)
    194 {
    195 	if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) {
    196 		CU_cleanup_registry();
    197 		return CU_get_error();
    198 	}
    199 
    200 	if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) {
    201 		CU_cleanup_registry();
    202 		return CU_get_error();
    203 	}
    204 
    205 	if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) {
    206 		CU_cleanup_registry();
    207 		return CU_get_error();
    208 	}
    209 	if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) {
    210 		CU_cleanup_registry();
    211 		return CU_get_error();
    212 	}
    213 	if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) {
    214 		CU_cleanup_registry();
    215 		return CU_get_error();
    216 	}
    217 	return 0;
    218 }
    219