2008-08-19 19:30:36 +00:00
|
|
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2006 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License as
|
|
|
|
# published by the Free Software Foundation; version 2 only
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
#
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
import sepolgen.matching as matching
|
|
|
|
import sepolgen.refparser as refparser
|
|
|
|
import sepolgen.interfaces as interfaces
|
|
|
|
import sepolgen.access as access
|
|
|
|
|
|
|
|
class TestMatch(unittest.TestCase):
|
|
|
|
def test(self):
|
|
|
|
a = matching.Match()
|
|
|
|
a.dist = 100
|
|
|
|
a.info_dir_change = True
|
|
|
|
|
|
|
|
b = matching.Match()
|
|
|
|
b.dist = 100
|
|
|
|
b.info_dir_change = True
|
|
|
|
|
2015-07-16 11:48:11 +00:00
|
|
|
self.assertEqual(a, b)
|
2008-08-19 19:30:36 +00:00
|
|
|
b.info_dir_change = False
|
2015-07-16 11:48:11 +00:00
|
|
|
self.assertTrue((a > b))
|
|
|
|
self.assertTrue((b < a))
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
b.dist = 200
|
|
|
|
|
2015-07-16 11:48:11 +00:00
|
|
|
self.assertTrue((a < b))
|
|
|
|
self.assertTrue((b > a))
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
class TestMatchList(unittest.TestCase):
|
|
|
|
def test_append(self):
|
|
|
|
ml = matching.MatchList()
|
|
|
|
ml.threshold = 100
|
|
|
|
|
|
|
|
a = matching.Match()
|
|
|
|
a.dist = 100
|
|
|
|
ml.append(a)
|
2013-10-25 16:54:04 +00:00
|
|
|
self.assertEqual(len(ml), 1)
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
a = matching.Match()
|
|
|
|
a.dist = 200
|
|
|
|
ml.append(a)
|
2013-10-09 21:02:44 +00:00
|
|
|
self.assertEqual(len(ml), 2)
|
2008-08-19 19:30:36 +00:00
|
|
|
self.assertEqual(len(ml.bastards), 1)
|
|
|
|
|
|
|
|
ml.allow_info_dir_change = False
|
|
|
|
a = matching.Match()
|
|
|
|
a.dist = 0
|
|
|
|
a.info_dir_change = True
|
|
|
|
ml.append(a)
|
2013-10-09 21:02:44 +00:00
|
|
|
self.assertEqual(len(ml), 3)
|
2008-08-19 19:30:36 +00:00
|
|
|
self.assertEqual(len(ml.bastards), 2)
|
|
|
|
|
|
|
|
def test_sort(self):
|
|
|
|
ml = matching.MatchList()
|
|
|
|
ml.threshold = 100
|
|
|
|
|
|
|
|
a = matching.Match()
|
|
|
|
a.dist = 100
|
|
|
|
ml.append(a)
|
|
|
|
|
|
|
|
b = matching.Match()
|
|
|
|
b.dist = 5
|
|
|
|
ml.append(b)
|
|
|
|
|
|
|
|
c = matching.Match()
|
|
|
|
c.dist = 0
|
|
|
|
ml.append(c)
|
|
|
|
|
|
|
|
l = [c, b, a]
|
|
|
|
|
|
|
|
ml.sort()
|
|
|
|
|
|
|
|
for x, y in zip(l, ml):
|
|
|
|
self.assertEqual(x, y)
|
|
|
|
|
2015-07-16 11:48:11 +00:00
|
|
|
self.assertEqual(ml.best(), c)
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
test_expansion = """
|
|
|
|
interface(`foo',`
|
|
|
|
gen_require(`
|
|
|
|
type usr_t;
|
|
|
|
')
|
2010-03-24 17:08:23 +00:00
|
|
|
allow $1 usr_t:dir { create add_name };
|
|
|
|
allow $1 usr_t:file { read write };
|
2008-08-19 19:30:36 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
interface(`map', `
|
|
|
|
gen_require(`
|
|
|
|
type bar_t;
|
|
|
|
')
|
2010-03-24 17:08:23 +00:00
|
|
|
allow $1 bar_t:file read;
|
|
|
|
allow $2 bar_t:file write;
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
foo($2)
|
|
|
|
')
|
|
|
|
|
|
|
|
interface(`hard_map', `
|
|
|
|
gen_require(`
|
|
|
|
type baz_t;
|
|
|
|
')
|
2010-03-24 17:08:23 +00:00
|
|
|
allow $1 baz_t:file getattr;
|
|
|
|
allow $2 baz_t:file read;
|
|
|
|
allow $3 baz_t:file write;
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
map($1, $2)
|
|
|
|
map($2, $3)
|
|
|
|
|
|
|
|
# This should have no effect
|
|
|
|
foo($2)
|
|
|
|
')
|
|
|
|
"""
|
|
|
|
|
|
|
|
class AccessMatcher(unittest.TestCase):
|
|
|
|
def test_search(self):
|
|
|
|
h = refparser.parse(test_expansion)
|
|
|
|
i = interfaces.InterfaceSet()
|
|
|
|
i.add_headers(h)
|
|
|
|
|
|
|
|
a = access.AccessVector(["foo_t", "usr_t", "dir", "create"])
|
|
|
|
m = matching.AccessMatcher()
|
|
|
|
ml = matching.MatchList()
|
|
|
|
|
|
|
|
ans = m.search_ifs(i, a, ml)
|
|
|
|
|
|
|
|
|
|
|
|
pass
|