Home | History | Annotate | Download | only in tests 
      1 # Authors: Karl MacMillan <kmacmillan (at] mentalrootkit.com>
      2 #
      3 # Copyright (C) 2006 Red Hat 
      4 # see file 'COPYING' for use and warranty information
      5 #
      6 # This program is free software; you can redistribute it and/or
      7 # modify it under the terms of the GNU General Public License as
      8 # published by the Free Software Foundation; version 2 only
      9 #
     10 # This program is distributed in the hope that it will be useful,
     11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 # GNU General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU General Public License
     16 # along with this program; if not, write to the Free Software
     17 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
     18 #
     19 
     20 import unittest
     21 import sepolgen.refparser as refparser
     22 import sepolgen.refpolicy as refpolicy
     23 
     24 interface_example = """########################################
     25 ## <summary>
     26 ##	Search the content of /etc.
     27 ## </summary>
     28 ## <param name="domain">
     29 ##	<summary>
     30 ##	Domain allowed access.
     31 ##	</summary>
     32 ## </param>
     33 #
     34 interface(`files_search_usr',`
     35 	gen_require(`
     36 		type usr_t;
     37 	')
     38 
     39 	allow $1 usr_t:dir search;
     40         allow { domain $1 } { usr_t usr_home_t }:{ file dir } { read write getattr };
     41         typeattribute $1 file_type;
     42 
     43         if (foo) {
     44            allow $1 foo:bar baz;
     45         }
     46 
     47         if (bar) {
     48            allow $1 foo:bar baz;
     49         } else {
     50            allow $1 foo:bar baz;
     51         }
     52 ')
     53 
     54 ########################################
     55 ## <summary>
     56 ##	List the contents of generic
     57 ##	directories in /usr.
     58 ## </summary>
     59 ## <param name="domain">
     60 ##	<summary>
     61 ##	Domain allowed access.
     62 ##	</summary>
     63 ## </param>
     64 #
     65 interface(`files_list_usr',`
     66 	gen_require(`
     67 		type usr_t;
     68 	')
     69 
     70 	allow $1 usr_t:dir { read getattr };
     71 
     72         optional_policy(`
     73             search_usr($1)
     74         ')
     75 
     76         tunable_policy(`foo',`
     77             whatever($1)
     78         ')
     79 
     80 ')
     81 
     82 ########################################
     83 ## <summary>
     84 ##	Execute generic programs in /usr in the caller domain.
     85 ## </summary>
     86 ## <param name="domain">
     87 ##	<summary>
     88 ##	Domain allowed access.
     89 ##	</summary>
     90 ## </param>
     91 #
     92 interface(`files_exec_usr_files',`
     93 	gen_require(`
     94 		type usr_t;
     95 	')
     96 
     97 	allow $1 usr_t:dir read;
     98 	allow $1 usr_t:lnk_file { read getattr };
     99 	can_exec($1,usr_t)
    100         can_foo($1)
    101 
    102 ')
    103 """
    104 
    105 class TestParser(unittest.TestCase):
    106     def test_interface_parsing(self):
    107         h = refparser.parse(interface_example)
    108         #print ""
    109         #refpolicy.print_tree(h)
    110         #self.assertEqual(len(h.interfaces), 3)
    111 
    112         name = "files_search_usr"
    113         #i = h.interfaces[name]
    114         #self.assertEqual(i.name, name)
    115         #self.assertEqual(len(i.rules), 1)
    116         #rule = i.rules[0]
    117         #self.assertTrue(isinstance(rule, refpolicy.AVRule))
    118         
    119                         
    120         
    121