mirror of
https://github.com/SELinuxProject/setools
synced 2025-04-21 06:35:37 +00:00
236 lines
10 KiB
Python
236 lines
10 KiB
Python
# Copyright 2014-2015, Tresys Technology, LLC
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
import pytest
|
|
import setools
|
|
|
|
|
|
@pytest.mark.obj_args("tests/library/userquery.conf")
|
|
class TestUserQuery:
|
|
|
|
def test_unset(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with no criteria."""
|
|
# query with no parameters gets all types.
|
|
allusers = sorted(compiled_policy.users())
|
|
|
|
q = setools.UserQuery(compiled_policy)
|
|
qusers = sorted(q.results())
|
|
|
|
assert allusers == qusers
|
|
|
|
def test_name_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with exact name match."""
|
|
q = setools.UserQuery(compiled_policy, name="test1_u")
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test1_u"] == users
|
|
|
|
def test_name_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with regex name match."""
|
|
q = setools.UserQuery(compiled_policy, name="test2_u(1|2)", name_regex=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test2_u1", "test2_u2"] == users
|
|
|
|
def test_role_intersect(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with role set intersection."""
|
|
q = setools.UserQuery(compiled_policy, roles=["test10a_r", "test10b_r"])
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test10_u1", "test10_u2", "test10_u3",
|
|
"test10_u4", "test10_u5", "test10_u6"] == users
|
|
|
|
def test_role_equality(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with role set equality."""
|
|
q = setools.UserQuery(
|
|
compiled_policy, roles=["test11a_r", "test11b_r"], roles_equal=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test11_u2"] == users
|
|
|
|
def test_role_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with role regex match."""
|
|
q = setools.UserQuery(compiled_policy, roles="test12(a|b)_r", roles_regex=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test12_u1", "test12_u2", "test12_u3",
|
|
"test12_u4", "test12_u5", "test12_u6"] == users
|
|
|
|
def test_level_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level equality."""
|
|
q = setools.UserQuery(compiled_policy, level="s3:c0,c4")
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test20"] == users
|
|
|
|
def test_level_dom1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level dominance."""
|
|
q = setools.UserQuery(compiled_policy, level="s2:c1,c2,c4", level_dom=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test21"] == users
|
|
|
|
def test_level_dom2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level dominance (equal)."""
|
|
q = setools.UserQuery(compiled_policy, level="s2:c1,c4", level_dom=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test21"] == users
|
|
|
|
def test_level_domby1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level dominated-by."""
|
|
q = setools.UserQuery(compiled_policy, level="s3:c2", level_domby=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test22"] == users
|
|
|
|
def test_level_domby2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level dominated-by (equal)."""
|
|
q = setools.UserQuery(compiled_policy, level="s3:c2,c4", level_domby=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test22"] == users
|
|
|
|
def test_level_incomp(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with default level icomparable."""
|
|
q = setools.UserQuery(compiled_policy, level="s5:c0.c5,c7", level_incomp=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test23"] == users
|
|
|
|
def test_range_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range exact match"""
|
|
q = setools.UserQuery(compiled_policy, range_="s0:c5 - s0:c0.c5")
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test40"] == users
|
|
|
|
def test_range_overlap1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range overlap match (equal)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s1:c5 - s1:c1.c3,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test41"] == users
|
|
|
|
def test_range_overlap2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range overlap match (subset)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s1:c2,c5 - s1:c2.c3,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test41"] == users
|
|
|
|
def test_range_overlap3(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range overlap match (superset)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s1 - s1:c0.c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test41"] == users
|
|
|
|
def test_range_overlap4(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range overlap match (overlap low level)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s1:c5 - s1:c2,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test41"] == users
|
|
|
|
def test_range_overlap5(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range overlap match (overlap high level)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s1:c5,c2 - s1:c1.c3,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test41"] == users
|
|
|
|
def test_range_subset1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range subset match"""
|
|
q = setools.UserQuery(compiled_policy, range_="s2:c2,c5 - s2:c2.c3,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test42"] == users
|
|
|
|
def test_range_subset2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range subset match (equal)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s2:c5 - s2:c1.c3,c5", range_overlap=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test42"] == users
|
|
|
|
def test_range_superset1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range superset match"""
|
|
q = setools.UserQuery(compiled_policy, range_="s3 - s3:c0.c6", range_superset=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test43"] == users
|
|
|
|
def test_range_superset2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range superset match (equal)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s3:c5 - s3:c1.c3,c5.c6",
|
|
range_superset=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test43"] == users
|
|
|
|
def test_range_proper_subset1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper subset match"""
|
|
q = setools.UserQuery(compiled_policy, range_="s4:c2,c5", range_subset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test44"] == users
|
|
|
|
def test_range_proper_subset2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper subset match (equal)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s4:c5 - s4:c1.c3,c5", range_subset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert [] == users
|
|
|
|
def test_range_proper_subset3(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper subset match (equal low)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s4:c5 - s4:c1.c2,c5", range_subset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test44"] == users
|
|
|
|
def test_range_proper_subset4(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper subset match (equal high)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s4:c1,c5 - s4:c1.c3,c5", range_subset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test44"] == users
|
|
|
|
def test_range_proper_superset1(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper superset match"""
|
|
q = setools.UserQuery(compiled_policy, range_="s5 - s5:c0.c5", range_superset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test45"] == users
|
|
|
|
def test_range_proper_superset2(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper superset match (equal)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s5:c5 - s5:c1.c3,c5", range_superset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert [] == users
|
|
|
|
def test_range_proper_superset3(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper superset match (equal low)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s5:c5 - s5:c1.c5", range_superset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test45"] == users
|
|
|
|
def test_range_proper_superset4(self, compiled_policy: setools.SELinuxPolicy) -> None:
|
|
"""User query with range proper superset match (equal high)"""
|
|
q = setools.UserQuery(compiled_policy, range_="s5 - s5:c1.c3,c5", range_superset=True,
|
|
range_proper=True)
|
|
|
|
users = sorted(str(u) for u in q.results())
|
|
assert ["test45"] == users
|