1 # Authors: Karl MacMillan <kmacmillan (at] mentalrootkit.com> 2 # 3 # Copyright (C) 2006 Red Hat 4 # see file 'COPYING' for use and warranty information 5 # 6 # This program is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU General Public License as 8 # published by the Free Software Foundation; version 2 only 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 # 19 20 import unittest 21 import sepolgen.matching as matching 22 import sepolgen.refparser as refparser 23 import sepolgen.interfaces as interfaces 24 import sepolgen.access as access 25 26 class TestMatch(unittest.TestCase): 27 def test(self): 28 a = matching.Match() 29 a.dist = 100 30 a.info_dir_change = True 31 32 b = matching.Match() 33 b.dist = 100 34 b.info_dir_change = True 35 36 self.assertEqual(a, b) 37 b.info_dir_change = False 38 self.assertTrue((a > b)) 39 self.assertTrue((b < a)) 40 41 b.dist = 200 42 43 self.assertTrue((a < b)) 44 self.assertTrue((b > a)) 45 46 class TestMatchList(unittest.TestCase): 47 def test_append(self): 48 ml = matching.MatchList() 49 ml.threshold = 100 50 51 a = matching.Match() 52 a.dist = 100 53 ml.append(a) 54 self.assertEqual(len(ml), 1) 55 56 a = matching.Match() 57 a.dist = 200 58 ml.append(a) 59 self.assertEqual(len(ml), 2) 60 self.assertEqual(len(ml.bastards), 1) 61 62 ml.allow_info_dir_change = False 63 a = matching.Match() 64 a.dist = 0 65 a.info_dir_change = True 66 ml.append(a) 67 self.assertEqual(len(ml), 3) 68 self.assertEqual(len(ml.bastards), 2) 69 70 def test_sort(self): 71 ml = matching.MatchList() 72 ml.threshold = 100 73 74 a = matching.Match() 75 a.dist = 100 76 ml.append(a) 77 78 b = matching.Match() 79 b.dist = 5 80 ml.append(b) 81 82 c = matching.Match() 83 c.dist = 0 84 ml.append(c) 85 86 l = [c, b, a] 87 88 ml.sort() 89 90 for x, y in zip(l, ml): 91 self.assertEqual(x, y) 92 93 self.assertEqual(ml.best(), c) 94 95 96 test_expansion = """ 97 interface(`foo',` 98 gen_require(` 99 type usr_t; 100 ') 101 allow $1 usr_t:dir { create add_name }; 102 allow $1 usr_t:file { read write }; 103 ') 104 105 interface(`map', ` 106 gen_require(` 107 type bar_t; 108 ') 109 allow $1 bar_t:file read; 110 allow $2 bar_t:file write; 111 112 foo($2) 113 ') 114 115 interface(`hard_map', ` 116 gen_require(` 117 type baz_t; 118 ') 119 allow $1 baz_t:file getattr; 120 allow $2 baz_t:file read; 121 allow $3 baz_t:file write; 122 123 map($1, $2) 124 map($2, $3) 125 126 # This should have no effect 127 foo($2) 128 ') 129 """ 130 131 class AccessMatcher(unittest.TestCase): 132 def test_search(self): 133 h = refparser.parse(test_expansion) 134 i = interfaces.InterfaceSet() 135 i.add_headers(h) 136 137 a = access.AccessVector(["foo_t", "usr_t", "dir", "create"]) 138 m = matching.AccessMatcher() 139 ml = matching.MatchList() 140 141 ans = m.search_ifs(i, a, ml) 142 143 144 pass 145