1 /* 2 * Authors: Chad Sellers <csellers (at) tresys.com> 3 * Joshua Brindle <jbrindle (at) tresys.com> 4 * 5 * Copyright (C) 2006 Tresys Technology, LLC 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 20 */ 21 22 /* This is where the expander tests should go, including: 23 * - check role, type, bool, user mapping 24 * - add symbols declared in enabled optionals 25 * - do not add symbols declared in disabled optionals 26 * - add rules from enabled optionals 27 * - do not add rules from disabled optionals 28 * - verify attribute mapping 29 30 * - check conditional expressions for correct mapping 31 */ 32 33 #include "test-expander.h" 34 #include "parse_util.h" 35 #include "helpers.h" 36 #include "test-common.h" 37 #include "test-expander-users.h" 38 #include "test-expander-roles.h" 39 #include "test-expander-attr-map.h" 40 41 #include <sepol/policydb/policydb.h> 42 #include <sepol/policydb/expand.h> 43 #include <sepol/policydb/link.h> 44 #include <sepol/policydb/conditional.h> 45 #include <limits.h> 46 #include <stdlib.h> 47 48 policydb_t role_expanded; 49 policydb_t user_expanded; 50 policydb_t base_expanded2; 51 static policydb_t basemod; 52 static policydb_t basemod2; 53 static policydb_t mod2; 54 static policydb_t base_expanded; 55 static policydb_t base_only_mod; 56 static policydb_t base_only_expanded; 57 static policydb_t role_basemod; 58 static policydb_t role_mod; 59 static policydb_t user_basemod; 60 static policydb_t user_mod; 61 static policydb_t alias_basemod; 62 static policydb_t alias_mod; 63 static policydb_t alias_expanded; 64 static uint32_t *typemap; 65 extern int mls; 66 67 /* Takes base, some number of modules, links them, and expands them 68 reads source from myfiles array, which has the base string followed by 69 each module string */ 70 int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, const char *const *myfiles) 71 { 72 char *filename[num_modules + 1]; 73 int i; 74 75 for (i = 0; i < num_modules + 1; i++) { 76 filename[i] = calloc(PATH_MAX, sizeof(char)); 77 if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0) 78 return -1; 79 } 80 81 if (policydb_init(mybase)) { 82 fprintf(stderr, "out of memory!\n"); 83 return -1; 84 } 85 86 for (i = 0; i < num_modules; i++) { 87 if (policydb_init(mymodules[i])) { 88 fprintf(stderr, "out of memory!\n"); 89 return -1; 90 } 91 } 92 93 if (policydb_init(myexpanded)) { 94 fprintf(stderr, "out of memory!\n"); 95 return -1; 96 } 97 98 mybase->policy_type = POLICY_BASE; 99 mybase->mls = mls; 100 101 if (read_source_policy(mybase, filename[0], myfiles[0])) { 102 fprintf(stderr, "read source policy failed %s\n", filename[0]); 103 return -1; 104 } 105 106 for (i = 1; i < num_modules + 1; i++) { 107 mymodules[i - 1]->policy_type = POLICY_MOD; 108 mymodules[i - 1]->mls = mls; 109 if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) { 110 fprintf(stderr, "read source policy failed %s\n", filename[i]); 111 return -1; 112 } 113 } 114 115 if (link_modules(NULL, mybase, mymodules, num_modules, 0)) { 116 fprintf(stderr, "link modules failed\n"); 117 return -1; 118 } 119 120 if (expand_module(NULL, mybase, myexpanded, 0, 0)) { 121 fprintf(stderr, "expand modules failed\n"); 122 return -1; 123 } 124 125 for (i = 0; i < num_modules + 1; i++) { 126 free(filename[i]); 127 } 128 return 0; 129 } 130 131 int expander_test_init(void) 132 { 133 const char *small_base_file = "small-base.conf"; 134 const char *base_only_file = "base-base-only.conf"; 135 int rc; 136 policydb_t *mymod2; 137 const char *files2[] = { "small-base.conf", "module.conf" }; 138 const char *role_files[] = { "role-base.conf", "role-module.conf" }; 139 const char *user_files[] = { "user-base.conf", "user-module.conf" }; 140 const char *alias_files[] = { "alias-base.conf", "alias-module.conf" }; 141 142 rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file); 143 if (rc != 0) 144 return rc; 145 146 mymod2 = &mod2; 147 rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2); 148 if (rc != 0) 149 return rc; 150 151 rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file); 152 if (rc != 0) 153 return rc; 154 155 mymod2 = &role_mod; 156 rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files); 157 if (rc != 0) 158 return rc; 159 160 /* Just init the base for now, until we figure out how to separate out 161 mls and non-mls tests since users can't be used in mls module */ 162 mymod2 = &user_mod; 163 rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files); 164 if (rc != 0) 165 return rc; 166 167 mymod2 = &alias_mod; 168 rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files); 169 if (rc != 0) 170 return rc; 171 172 return 0; 173 } 174 175 int expander_test_cleanup(void) 176 { 177 policydb_destroy(&basemod); 178 policydb_destroy(&base_expanded); 179 policydb_destroy(&basemod2); 180 policydb_destroy(&base_expanded2); 181 policydb_destroy(&mod2); 182 policydb_destroy(&base_only_mod); 183 policydb_destroy(&base_only_expanded); 184 policydb_destroy(&role_basemod); 185 policydb_destroy(&role_expanded); 186 policydb_destroy(&role_mod); 187 policydb_destroy(&user_basemod); 188 policydb_destroy(&user_expanded); 189 policydb_destroy(&user_mod); 190 policydb_destroy(&alias_basemod); 191 policydb_destroy(&alias_expanded); 192 policydb_destroy(&alias_mod); 193 free(typemap); 194 195 return 0; 196 } 197 198 static void test_expander_indexes(void) 199 { 200 test_policydb_indexes(&base_expanded); 201 } 202 203 static void test_expander_alias(void) 204 { 205 test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0); 206 test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0); 207 test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0); 208 } 209 210 int expander_add_tests(CU_pSuite suite) 211 { 212 if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) { 213 CU_cleanup_registry(); 214 return CU_get_error(); 215 } 216 217 if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) { 218 CU_cleanup_registry(); 219 return CU_get_error(); 220 } 221 222 if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) { 223 CU_cleanup_registry(); 224 return CU_get_error(); 225 } 226 if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) { 227 CU_cleanup_registry(); 228 return CU_get_error(); 229 } 230 if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) { 231 CU_cleanup_registry(); 232 return CU_get_error(); 233 } 234 return 0; 235 } 236
