RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-31 07:46:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
569 Commits 8 Branches 22 Tags 3.8 MiB
c56e01bc8c
Commit Graph

44 Commits

Author SHA1 Message Date
Chris PeBenito
c56e01bc8c Complete policy representation classes for extended permissions rules. 
Related to #73.
 2016-03-22 10:26:43 -04:00
Chris PeBenito
b092e94903 CommonTest/ObjClassTest: fix deprecated assertEquals usage 
There still is assertRegexpMatches usage, which is deprecated in Python
3.2+, but the replacement, assertRegex, does not exist in Python 2.7.
 2016-03-11 09:23:18 -05:00
Chris PeBenito
fcfba569cc qpol.i: throw exceptions when getting the conditional block on unconditional rules 
Standardize on AttributeError for the exception type.
 2016-03-11 09:14:32 -05:00
Chris PeBenito
d3b21a52ad TypeAttribute: fix exception on properties that should only work on types 
Make the exception a SymbolUseError, which is a child of AttributeError;
thus it makes more sense than TypeError.
 2016-02-17 16:17:19 -05:00
Chris PeBenito
eafaad4dde Revise rule type validators to operate on single object, not collections. 
* Return the parameter on success so it works like a lookup function too
* Remove RuletypeDescriptor and change over to CriteriaSetDescriptor
 2016-02-01 09:00:54 -05:00
Chris PeBenito
0bd9d931c4 Revise default_* objects, implement tests for default_* objects. 2016-02-01 08:56:07 -05:00
Chris PeBenito
6f4860dd7a SELinuxPolicyLoadError: create test suite for loading invalid policies 
Create a test case for testing user's default level not in the range,
#72 even though it is not yet fixed.
 2016-01-20 14:13:56 -05:00
Chris PeBenito
12b40d5e75 PolicyRule/BaseTERule/AVRule/TERule: add conditional block 
Returns True/False based on which conditional block/branch the rule is in.
Also updates rendering accordingly.
 2016-01-02 17:47:41 -05:00
Chris PeBenito
1406eb30c3 Implement InitialSIDTest. 2015-04-24 08:56:56 -04:00
Chris PeBenito
6de35b81f7 Implement CommonTest and ObjClassTest. 
Also fix bugs uncovered by testing.
 2015-04-23 11:04:37 -04:00
Chris PeBenito
7cb5762b4f TypeAttribute: add __contains__ 2015-04-23 09:00:07 -04:00
Chris PeBenito
970a905867 PolCapTest: add lookup test. 2015-04-23 08:53:19 -04:00
Chris PeBenito
df493bbb4a Fix PolCapTest. 2015-04-23 08:38:39 -04:00
Chris PeBenito
ae0e116567 Implement PolCapTest. 2015-04-22 18:01:22 -04:00
Chris PeBenito
f8a2023391 DomainTransitionAnalysis: implement Edge class and descriptors for graph access 
Includes policyrep changes to handle the deepcopy needed by NetworkX. The
SWIG objects are treated as immutable, since they are proxies of C pointers
to immutable objects (raw policydb).

Also fixes PolicySymbol.__hash__(), as returning NotImplemented would
raise a TypeError.
 2015-04-22 09:55:21 -04:00
Chris PeBenito
b1c2901e4f tests: fix iter() use in Mock objects 
By using return_value, there was only one instance of the iterator, which
would cause problems if it needed to be used again but had already been
consumed. Switch to lambdas that return a new instance of the iter().
 2015-04-18 10:47:42 -04:00
Chris PeBenito
cc7ee08f03 policyrep factories: short circuit if provided a constructed object. 
Change factory functions that support lookups to short circuit if they are
being provided an instance of the object they are meant to create.
 2015-04-16 14:07:18 -04:00
Chris PeBenito
05da568b15 Clean up unused imports in RBAC and TE rule tests. 2015-04-13 10:08:15 -04:00
Chris PeBenito
961680ee1e Implement MLSRuleTest 2015-04-13 10:06:04 -04:00
Chris PeBenito
f2064f7eac Implement RoleAllowTest and RoleTransitionTest. 2015-04-12 17:20:55 -04:00
Chris PeBenito
25a5c1adab Implement AVRuleTest and TERuleTest. 2015-04-12 10:51:58 -04:00
Chris PeBenito
09a5f5dca4 Implement TypeTest and TypeAttributeTest 2015-04-11 10:54:22 -04:00
Chris PeBenito
9c9d908754 Implement RoleTest. 2015-04-11 09:01:26 -04:00
Chris PeBenito
415a91d9a0 UserTest: fix copy/paste error in docstring 2015-04-11 08:37:54 -04:00
Chris PeBenito
26e0396290 Implement User unit tests. 2015-04-10 14:53:07 -04:00
Chris PeBenito
4e0b7d853b Thoroughly test MLS representations. 
Implement category and level decl. lookups along the way.
 2015-04-09 14:27:51 -04:00
Chris PeBenito
f3ca479a27 Address remaining pylint errors. 
Also implement some suggested changes.
 2015-04-06 09:51:32 -04:00
Chris PeBenito
9d51dcc7e3 Misc cleanups suggested by pylint 
* unnecessary parentheses on return
* variable shadowing
* unused variables
* classmethod variable naming
 2015-04-02 14:50:21 -04:00
Chris PeBenito
0745f8011c SELinuxPolicyTest: clean up temp binary policy in case of setUpClass error 
This should never be hit since the source policy already was complied
by checkpolicy.
 2015-04-01 13:26:48 -04:00
Chris PeBenito
c146f0ab47 Restructure exceptions across the entire project. 
Group all exception classes into a module for each package.  This is the
first step towards having all exceptions raised by setools libs be a child of
SEToolsException.
 2015-04-01 12:10:45 -04:00
Chris PeBenito
bb1734e9e5 RangeFactoryTest: add test for high end of range being invalid 2015-03-29 09:40:15 -04:00
Chris PeBenito
f2d334c691 LevelFactoryTest: add extra test for category range parse error. 
Such as: s0:c0.c2.c4
 2015-03-20 12:03:09 -04:00
Chris PeBenito
ed35d206d9 Change unit tests to use setUpClass for opening policies. 2015-03-18 09:44:16 -04:00
Chris PeBenito
f4b1b68195 Rename type attribute interfaces. 
Make sure they reflect that they are for type rather than role attributes.
 2015-03-16 10:38:43 -04:00
Chris PeBenito
46392c752b Add tests for MLS factory functions on MLS-disabled policy. 2015-03-15 15:01:46 -04:00
Chris PeBenito
1657d9d09e Change SELinuxPolicy unit test 001 to output notice to stderr. 
Qpol prints out a parse error to stderr.  Put the message about this being
expected on stderr too, to sync up the messages.
 2015-03-12 10:48:41 -04:00
Chris PeBenito
0aacb700da Fix alias handling for sensitivities and categories. 
If there are aliases, qpol includes those in the counts.
 2015-03-07 11:06:24 -05:00
Chris PeBenito
0b295755de Distinguish policy syntax errors from other OS errors, eg ENOENT. 
The policy parser does not set errno, so the libqpol code assumes the
errors from parser code are always invalid syntax, rather than something
else like out of memory.  This may not always be the case, but any other
kind of error is unlikely (and likely catastrophic)
 2015-03-06 10:44:32 -05:00
Chris PeBenito
ee6e4fa12f Add binary policy SELinuxPolicy tests. 2015-03-05 12:16:37 -05:00
Chris PeBenito
e6db6eaa90 Adjust SELinuxPolicy item count tests to remove overlaps. 
Eliminates the chance that the items are accidentally getting the right
answer by counting one of the overlapping items (e.g. by copy-paste error
in the code)
 2015-03-04 12:17:13 -05:00
Chris PeBenito
f7f0b96a6b Fix conditional rules in SELinuxPolicy test policy. 
Adjust so no optimization can be made (with a theoretical future
optimizing compiler)
 2015-03-04 12:16:50 -05:00
Chris PeBenito
af3c5b5e3e Add SELinuxPolicy test cases. 
Created a test policy with prime number counts of everything so there
should be no accidental correct answers.
 2015-03-03 13:18:29 -05:00
Chris PeBenito
f472d6c912 Break up tests in policrep/mls. 2015-02-28 10:59:53 -05:00
Chris PeBenito
a8d7f740b2 Change range constructor to use regular levels instead of semantic ones. 
This affords better error reporting since levels can be invalid for
several reasons.

* Fix memory leak in qpol_semantic_level
* Add unit tests
 2015-02-22 09:24:39 -05:00