1 # Authors: Karl MacMillan <kmacmillan (at] mentalrootkit.com> 2 # 3 # Copyright (C) 2006 Red Hat 4 # see file 'COPYING' for use and warranty information 5 # 6 # This program is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU General Public License as 8 # published by the Free Software Foundation; version 2 only 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 # 19 20 import unittest 21 import sepolgen.refpolicy as refpolicy 22 import sepolgen.refparser as refparser 23 import sepolgen.policygen as policygen 24 import sepolgen.access as access 25 26 class TestAccessVector(unittest.TestCase): 27 def test_init(self): 28 # Default construction 29 a = access.AccessVector() 30 self.assertEqual(a.src_type, None) 31 self.assertEqual(a.tgt_type, None) 32 self.assertEqual(a.obj_class, None) 33 self.assertTrue(isinstance(a.perms, refpolicy.IdSet)) 34 self.assertTrue(isinstance(a.audit_msgs, type([]))) 35 self.assertEqual(len(a.audit_msgs), 0) 36 37 # Construction from a list 38 a = access.AccessVector() 39 a.src_type = "foo" 40 a.tgt_type = "bar" 41 a.obj_class = "file" 42 a.perms.update(["read", "write"]) 43 44 l = access.AccessVector(['foo', 'bar', 'file', 'read', 'write']) 45 self.assertEqual(a.src_type, l.src_type) 46 self.assertEqual(a.tgt_type, l.tgt_type) 47 self.assertEqual(a.obj_class, l.obj_class) 48 self.assertEqual(a.perms, l.perms) 49 50 def test_from_list(self): 51 a = access.AccessVector() 52 a.src_type = "foo" 53 a.tgt_type = "bar" 54 a.obj_class = "file" 55 a.perms.update(["read", "write"]) 56 57 l = access.AccessVector() 58 l.from_list(['foo', 'bar', 'file', 'read', 'write']) 59 self.assertEqual(a.src_type, l.src_type) 60 self.assertEqual(a.tgt_type, l.tgt_type) 61 self.assertEqual(a.obj_class, l.obj_class) 62 self.assertEqual(a.perms, l.perms) 63 64 def test_to_list(self): 65 a = access.AccessVector() 66 a.src_type = "foo" 67 a.tgt_type = "bar" 68 a.obj_class = "file" 69 a.perms.update(["read", "write"]) 70 71 l = a.to_list() 72 self.assertEqual(l[0], "foo") 73 self.assertEqual(l[1], "bar") 74 self.assertEqual(l[2], "file") 75 perms = l[3:] 76 perms.sort() 77 self.assertEqual(perms[0], "read") 78 self.assertEqual(perms[1], "write") 79 80 def test_to_string(self): 81 a = access.AccessVector() 82 a.src_type = "foo" 83 a.tgt_type = "bar" 84 a.obj_class = "file" 85 a.perms.update(["read", "write"]) 86 87 first, second = str(a).split(':') 88 self.assertEqual(first, "allow foo bar") 89 second = second.split(' ') 90 second.sort() 91 expected = "file { read write };".split(' ') 92 expected.sort() 93 self.assertEqual(second, expected) 94 95 first, second = a.to_string().split(':') 96 self.assertEqual(first, "allow foo bar") 97 second = second.split(' ') 98 second.sort() 99 expected = "file { read write };".split(' ') 100 expected.sort() 101 self.assertEqual(second, expected) 102 103 def test_cmp(self): 104 a = access.AccessVector() 105 a.src_type = "foo" 106 a.tgt_type = "bar" 107 a.obj_class = "file" 108 a.perms.update(["read", "write"]) 109 110 b = access.AccessVector() 111 b.src_type = "foo" 112 b.tgt_type = "bar" 113 b.obj_class = "file" 114 b.perms.update(["read", "write"]) 115 116 self.assertEqual(a, b) 117 118 # Source Type 119 b.src_type = "baz" 120 self.assertNotEqual(a, b) 121 self.assertTrue(a > b) 122 123 b.src_type = "gaz" 124 self.assertNotEqual(a, b) 125 self.assertTrue(a < b) 126 127 # Target Type 128 b.src_type = "foo" 129 b.tgt_type = "aar" 130 self.assertNotEqual(a, b) 131 self.assertTrue(a > b) 132 133 b.tgt_type = "gaz" 134 self.assertNotEqual(a, b) 135 self.assertTrue(a < b) 136 137 # Perms 138 b.tgt_type = "bar" 139 b.perms = refpolicy.IdSet(["read"]) 140 self.assertNotEqual(a, b) 141 self.assertTrue(a > b) 142 143 b.perms = refpolicy.IdSet(["read", "write", "append"]) 144 self.assertNotEqual(a, b) 145 146 b.perms = refpolicy.IdSet(["read", "append"]) 147 self.assertNotEqual(a, b) 148 149 class TestUtilFunctions(unittest.TestCase): 150 def test_is_idparam(self): 151 self.assertTrue(access.is_idparam("$1")) 152 self.assertTrue(access.is_idparam("$2")) 153 self.assertTrue(access.is_idparam("$123")) 154 self.assertFalse(access.is_idparam("$123.23")) 155 self.assertFalse(access.is_idparam("$A")) 156 157 def test_avrule_to_access_vectors(self): 158 rule = refpolicy.AVRule() 159 rule.src_types.add("foo") 160 rule.src_types.add("baz") 161 rule.tgt_types.add("bar") 162 rule.tgt_types.add("what") 163 rule.obj_classes.add("file") 164 rule.obj_classes.add("dir") 165 rule.perms.add("read") 166 rule.perms.add("write") 167 168 avs = access.avrule_to_access_vectors(rule) 169 self.assertEqual(len(avs), 8) 170 comps = [("foo", "what", "dir"), 171 ("foo", "what", "file"), 172 ("foo", "bar", "dir"), 173 ("foo", "bar", "file"), 174 ("baz", "what", "dir"), 175 ("baz", "what", "file"), 176 ("baz", "bar", "dir"), 177 ("baz", "bar", "file")] 178 status = [False] * 8 179 for av in access.avrule_to_access_vectors(rule): 180 self.assertEqual(av.perms, refpolicy.IdSet(["read", "write"])) 181 for i in range(len(comps)): 182 if comps[i][0] == av.src_type and \ 183 comps[i][1] == av.tgt_type and \ 184 comps[i][2] == av.obj_class: 185 status[i] = True 186 187 for s in status: 188 self.assertEqual(s, True) 189 190 191 class TestAccessVectorSet(unittest.TestCase): 192 def setUp(self): 193 rule = refpolicy.AVRule() 194 rule.src_types.add("foo") 195 rule.src_types.add("baz") 196 rule.tgt_types.add("bar") 197 rule.tgt_types.add("what") 198 rule.obj_classes.add("file") 199 rule.obj_classes.add("dir") 200 rule.perms.add("read") 201 rule.perms.add("write") 202 203 s = access.AccessVectorSet() 204 avs = access.avrule_to_access_vectors(rule) 205 for av in avs: 206 s.add_av(av) 207 self.s = s 208 209 def test_init(self): 210 a = access.AccessVectorSet() 211 212 def test_iter(self): 213 comps = [("foo", "what", "dir"), 214 ("foo", "what", "file"), 215 ("foo", "bar", "dir"), 216 ("foo", "bar", "file"), 217 ("baz", "what", "dir"), 218 ("baz", "what", "file"), 219 ("baz", "bar", "dir"), 220 ("baz", "bar", "file")] 221 status = [False] * 8 222 for av in self.s: 223 self.assertEqual(av.perms, refpolicy.IdSet(["read", "write"])) 224 for i in range(len(comps)): 225 if comps[i][0] == av.src_type and \ 226 comps[i][1] == av.tgt_type and \ 227 comps[i][2] == av.obj_class: 228 status[i] = True 229 230 for s in status: 231 self.assertEqual(s, True) 232 233 def test_len(self): 234 self.assertEqual(len(self.s), 8) 235 236 def test_list(self): 237 a = access.AccessVectorSet() 238 a.add("$1", "foo", "file", refpolicy.IdSet(["read", "write"])) 239 a.add("$1", "bar", "file", refpolicy.IdSet(["read", "write"])) 240 a.add("what", "bar", "file", refpolicy.IdSet(["read", "write"])) 241 242 avl = a.to_list() 243 avl.sort() 244 245 test_l = [['what','bar','file','read','write'], 246 ['$1','foo','file','read','write'], 247 ['$1','bar','file','read','write']] 248 test_l.sort() 249 250 for a,b in zip(test_l, avl): 251 self.assertEqual(len(a), len(b)) 252 for x,y in list(zip(a,b))[:3]: 253 self.assertEqual(x, y) 254 perms1 = a[3:] 255 perms2 = b[3:] 256 perms1.sort() 257 perms2.sort() 258 self.assertEqual(perms1, perms2) 259 260 b = access.AccessVectorSet() 261 b.from_list(avl) 262 self.assertEqual(len(b), 3) 263
