Home | History | Annotate | Download | only in tests
      1 /*
      2  * Author: Joshua Brindle <jbrindle (at) tresys.com>
      3  *
      4  * Copyright (C) 2006 Tresys Technology, LLC
      5  *
      6  *  This library is free software; you can redistribute it and/or
      7  *  modify it under the terms of the GNU Lesser General Public
      8  *  License as published by the Free Software Foundation; either
      9  *  version 2.1 of the License, or (at your option) any later version.
     10  *
     11  *  This library is distributed in the hope that it will be useful,
     12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  *  Lesser General Public License for more details.
     15  *
     16  *  You should have received a copy of the GNU Lesser General Public
     17  *  License along with this library; if not, write to the Free Software
     18  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     19  */
     20 
     21 #include "parse_util.h"
     22 #include "helpers.h"
     23 #include "test-common.h"
     24 
     25 #include <sepol/policydb/policydb.h>
     26 #include <sepol/policydb/link.h>
     27 
     28 #include <CUnit/Basic.h>
     29 #include <stdlib.h>
     30 
     31 /* Tests for roles:
     32  * Test for each of these for
     33  * - role in appropriate symtab (global and decl)
     34  * - datum in the decl symtab has correct type_set
     35  * - scope datum has correct decl ids
     36  * - dominates bitmap is correct
     37  * Tests:
     38  * - role in base, no modules
     39  * - role in base optional, no modules
     40  * - role a in base, b in module
     41  * - role a in base and module (additive)
     42  * - role a in base and 2 module
     43  * - role a in base optional, b in module
     44  * - role a in base, b in module optional
     45  * - role a in base optional, b in module optional
     46  * - role a in base optional and module
     47  * - role a in base and module optional
     48  * - role a in base optional and module optional
     49  * - role a in base optional and 2 modules
     50  * - role a and b in base, b dom a, are types correct (TODO)
     51  */
     52 
     53 /* this simply tests whether the passed in role only has its own
     54  * value in its dominates ebitmap */
     55 static void only_dominates_self(policydb_t * p, role_datum_t * role)
     56 {
     57 	ebitmap_node_t *tnode;
     58 	unsigned int i;
     59 	int found = 0;
     60 
     61 	ebitmap_for_each_bit(&role->dominates, tnode, i) {
     62 		if (ebitmap_node_get_bit(tnode, i)) {
     63 			found++;
     64 			CU_ASSERT(i == role->s.value - 1);
     65 		}
     66 	}
     67 	CU_ASSERT(found == 1);
     68 }
     69 
     70 void base_role_tests(policydb_t * base)
     71 {
     72 	avrule_decl_t *decl;
     73 	role_datum_t *role;
     74 	unsigned int decls[2];
     75 	char *types[2];
     76 
     77 	/* These tests look at roles in the base only, the desire is to ensure that
     78 	 * roles are not destroyed or otherwise removed during the link process */
     79 
     80 	/**** test for g_b_role_1 in base and decl 1 (global) ****/
     81 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
     82 	test_sym_presence(base, "g_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
     83 	/* make sure it has the correct type set (g_b_type_1, no negset, no flags) */
     84 	types[0] = "g_b_type_1";
     85 	role = test_role_type_set(base, "g_b_role_1", NULL, types, 1, 0);
     86 	/* This role should only dominate itself */
     87 	only_dominates_self(base, role);
     88 
     89 	/**** test for o1_b_role_1 in optional (decl 2) ****/
     90 	decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
     91 	decls[0] = decl->decl_id;
     92 	test_sym_presence(base, "o1_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
     93 	/* make sure it has the correct type set (o1_b_type_1, no negset, no flags) */
     94 	types[0] = "o1_b_type_1";
     95 	role = test_role_type_set(base, "o1_b_role_1", decl, types, 1, 0);
     96 	/* and only dominates itself */
     97 	only_dominates_self(base, role);
     98 }
     99 
    100 void module_role_tests(policydb_t * base)
    101 {
    102 	role_datum_t *role;
    103 	avrule_decl_t *decl;
    104 	unsigned int decls[3];
    105 	char *types[3];
    106 
    107 	/* These tests are run when the base is linked with 2 modules,
    108 	 * They should test whether the roles get copied correctly from the
    109 	 * modules into the base */
    110 
    111 	/**** test for role in module 1 (global) ****/
    112 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
    113 	test_sym_presence(base, "g_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
    114 	/* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
    115 	types[0] = "g_m1_type_1";
    116 	role = test_role_type_set(base, "g_m1_role_1", NULL, types, 1, 0);
    117 	/* and only dominates itself */
    118 	only_dominates_self(base, role);
    119 
    120 	/**** test for role in module 1 (optional) ****/
    121 	decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
    122 	decls[0] = decl->decl_id;
    123 	test_sym_presence(base, "o1_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
    124 	/* make sure it has the correct type set (o1_m1_type_1, no negset, no flags) */
    125 	types[0] = "o1_m1_type_1";
    126 	role = test_role_type_set(base, "o1_m1_role_1", decl, types, 1, 0);
    127 	/* and only dominates itself */
    128 	only_dominates_self(base, role);
    129 
    130 	/* These test whether the type sets are copied to the right place and
    131 	 * correctly unioned when they should be */
    132 
    133 	/**** test for type added to base role in module 1 (global) ****/
    134 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
    135 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
    136 	test_sym_presence(base, "g_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2);
    137 	/* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
    138 	types[0] = "g_b_type_2";	/* added in base when declared */
    139 	types[1] = "g_m1_type_1";	/* added in module */
    140 	role = test_role_type_set(base, "g_b_role_2", NULL, types, 2, 0);
    141 	/* and only dominates itself */
    142 	only_dominates_self(base, role);
    143 
    144 	/**** test for type added to base role in module 1 & 2 (global) ****/
    145 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
    146 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
    147 	decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
    148 	test_sym_presence(base, "g_b_role_3", SYM_ROLES, SCOPE_DECL, decls, 3);
    149 	/* make sure it has the correct type set (g_b_type_2, g_m1_type_2, g_m2_type_2, no negset, no flags) */
    150 	types[0] = "g_b_type_2";	/* added in base when declared */
    151 	types[1] = "g_m1_type_2";	/* added in module 1 */
    152 	types[2] = "g_m2_type_2";	/* added in module 2 */
    153 	role = test_role_type_set(base, "g_b_role_3", NULL, types, 3, 0);
    154 	/* and only dominates itself */
    155 	only_dominates_self(base, role);
    156 
    157 	/**** test for role in base optional and module 1 (additive) ****/
    158 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id;
    159 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
    160 	test_sym_presence(base, "o1_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2);
    161 	/* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
    162 	types[0] = "g_m1_type_1";
    163 	role = test_role_type_set(base, "o1_b_role_2", NULL, types, 1, 0);
    164 	types[0] = "o1_b_type_1";
    165 	role = test_role_type_set(base, "o1_b_role_2", test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"), types, 1, 0);
    166 	/* and only dominates itself */
    167 	only_dominates_self(base, role);
    168 
    169 	/**** test for role in base and module 1 optional (additive) ****/
    170 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
    171 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"))->decl_id;
    172 	test_sym_presence(base, "g_b_role_4", SYM_ROLES, SCOPE_DECL, decls, 2);
    173 	/* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
    174 	types[0] = "g_b_type_2";
    175 	role = test_role_type_set(base, "g_b_role_4", NULL, types, 1, 0);
    176 	types[0] = "g_m1_type_2";
    177 	role = test_role_type_set(base, "g_b_role_4", test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"), types, 1, 0);
    178 	/* and only dominates itself */
    179 	only_dominates_self(base, role);
    180 
    181 	/**** test for role in base and module 1 optional (additive) ****/
    182 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"))->decl_id;
    183 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id;
    184 	test_sym_presence(base, "o3_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 2);
    185 	/* this one will have 2 type sets, one in the 3rd base optional and one in the 3rd module optional */
    186 	types[0] = "o3_b_type_1";
    187 	role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"), types, 1, 0);
    188 	types[0] = "o3_m1_type_1";
    189 	role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"), types, 1, 0);
    190 	/* and only dominates itself */
    191 	only_dominates_self(base, role);
    192 
    193 	/**** test for role in base and module 1 optional (additive) ****/
    194 	decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id;
    195 	decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
    196 	decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
    197 	test_sym_presence(base, "o4_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 3);
    198 	/* this one will have 2 type sets, one in the global symtab (with both module types) and one in the 4th optional of base */
    199 	types[0] = "g_m1_type_1";
    200 	role = test_role_type_set(base, "o4_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"), types, 1, 0);
    201 	types[0] = "g_m2_type_1";
    202 	types[1] = "g_m1_type_2";
    203 	role = test_role_type_set(base, "o4_b_role_1", NULL, types, 2, 0);
    204 	/* and only dominates itself */
    205 	only_dominates_self(base, role);
    206 }
    207