Home | History | Annotate | Download | only in sepolicy
      1 import unittest
      2 import os
      3 import shutil
      4 from tempfile import mkdtemp
      5 from subprocess import Popen, PIPE
      6 
      7 
      8 class SepolicyTests(unittest.TestCase):
      9 
     10     def assertDenied(self, err):
     11         self.assert_('Permission denied' in err,
     12                      '"Permission denied" not found in %r' % err)
     13 
     14     def assertNotFound(self, err):
     15         self.assert_('not found' in err,
     16                      '"not found" not found in %r' % err)
     17 
     18     def assertFailure(self, status):
     19         self.assertNotEqual(status, 0,
     20                      'Succeeded when it should have failed')
     21 
     22     def assertSuccess(self, status, err):
     23         self.assertEqual(status, 0,
     24                      'sepolicy should have succeeded for this test %r' % err)
     25 
     26     def test_man_domain(self):
     27         "Verify sepolicy manpage -d works"
     28         p = Popen(['sepolicy', 'manpage', '-d', 'httpd_t'], stdout=PIPE)
     29         out, err = p.communicate()
     30         self.assertSuccess(p.returncode, err)
     31 
     32     def test_man_all(self):
     33         "Verify sepolicy manpage -a works"
     34         p = Popen(['sepolicy', 'manpage', '-a'], stdout=PIPE)
     35         out, err = p.communicate()
     36         self.assertSuccess(p.returncode, err)
     37 
     38     def test_network_l(self):
     39         "Verify sepolicy network -l works"
     40         p = Popen(['sepolicy', 'network', '-l'], stdout=PIPE)
     41         out, err = p.communicate()
     42         self.assertSuccess(p.returncode, err)
     43 
     44     def test_network_t(self):
     45         "Verify sepolicy network -t works"
     46         p = Popen(['sepolicy', 'network', '-t', 'http_port_t'], stdout=PIPE)
     47         out, err = p.communicate()
     48         self.assertSuccess(p.returncode, err)
     49 
     50     def test_network_p(self):
     51         "Verify sepolicy network -p works"
     52         p = Popen(['sepolicy', 'network', '-p', '80'], stdout=PIPE)
     53         out, err = p.communicate()
     54         self.assertSuccess(p.returncode, err)
     55 
     56     def test_network_d(self):
     57         "Verify sepolicy network -d works"
     58         p = Popen(['sepolicy', 'network', '-d', 'httpd_t'], stdout=PIPE)
     59         out, err = p.communicate()
     60         self.assertSuccess(p.returncode, err)
     61 
     62     def test_transition_s(self):
     63         "Verify sepolicy transition -l works"
     64         p = Popen(['sepolicy', 'transition', '-s', 'httpd_t'], stdout=PIPE)
     65         out, err = p.communicate()
     66         self.assertSuccess(p.returncode, err)
     67 
     68     def test_transition_t(self):
     69         "Verify sepolicy transition -t works"
     70         p = Popen(['sepolicy', 'transition', '-s', 'httpd_t', '-t', 'sendmail_t'], stdout=PIPE)
     71         out, err = p.communicate()
     72         self.assertSuccess(p.returncode, err)
     73 
     74     def test_booleans_a(self):
     75         "Verify sepolicy booleans -a works"
     76         p = Popen(['sepolicy', 'booleans', '-a'], stdout=PIPE)
     77         out, err = p.communicate()
     78         self.assertSuccess(p.returncode, err)
     79 
     80     def test_booleans_b_alias(self):
     81         "Verify sepolicy booleans -b works"
     82         p = Popen(['sepolicy', 'booleans', '-b', 'allow_ypbind'], stdout=PIPE)
     83         out, err = p.communicate()
     84         self.assertSuccess(p.returncode, err)
     85 
     86     def test_booleans_b(self):
     87         "Verify sepolicy booleans -b works"
     88         p = Popen(['sepolicy', 'booleans', '-b', 'nis_enabled'], stdout=PIPE)
     89         out, err = p.communicate()
     90         self.assertSuccess(p.returncode, err)
     91 
     92     def test_interface_l(self):
     93         "Verify sepolicy interface -l works"
     94         p = Popen(['sepolicy', 'interface', '-l'], stdout=PIPE)
     95         out, err = p.communicate()
     96         self.assertSuccess(p.returncode, err)
     97 
     98     def test_interface_a(self):
     99         "Verify sepolicy interface -a works"
    100         p = Popen(['sepolicy', 'interface', '-a'], stdout=PIPE)
    101         out, err = p.communicate()
    102         self.assertSuccess(p.returncode, err)
    103 
    104     def test_interface_p(self):
    105         "Verify sepolicy interface -u works"
    106         p = Popen(['sepolicy', 'interface', '-u'], stdout=PIPE)
    107         out, err = p.communicate()
    108         self.assertSuccess(p.returncode, err)
    109 
    110     def test_interface_ci(self):
    111         "Verify sepolicy interface -c -i works"
    112         p = Popen(['sepolicy', 'interface', '-c', '-i', 'apache_admin'], stdout=PIPE)
    113         out, err = p.communicate()
    114         self.assertSuccess(p.returncode, err)
    115 
    116 if __name__ == "__main__":
    117     import selinux
    118     if selinux.is_selinux_enabled() and selinux.security_getenforce() == 1:
    119         unittest.main()
    120     else:
    121         print("SELinux must be in enforcing mode for this test")
    122