selinux/python/sepolgen/tests/test_matching.py

145 lines
3.3 KiB
Python
Raw Normal View History

# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2006 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import unittest
import sepolgen.matching as matching
import sepolgen.refparser as refparser
import sepolgen.interfaces as interfaces
import sepolgen.access as access
class TestMatch(unittest.TestCase):
def test(self):
a = matching.Match()
a.dist = 100
a.info_dir_change = True
b = matching.Match()
b.dist = 100
b.info_dir_change = True
self.assertEqual(a, b)
b.info_dir_change = False
self.assertTrue((a > b))
self.assertTrue((b < a))
b.dist = 200
self.assertTrue((a < b))
self.assertTrue((b > a))
class TestMatchList(unittest.TestCase):
def test_append(self):
ml = matching.MatchList()
ml.threshold = 100
a = matching.Match()
a.dist = 100
ml.append(a)
self.assertEqual(len(ml), 1)
a = matching.Match()
a.dist = 200
ml.append(a)
self.assertEqual(len(ml), 2)
self.assertEqual(len(ml.bastards), 1)
ml.allow_info_dir_change = False
a = matching.Match()
a.dist = 0
a.info_dir_change = True
ml.append(a)
self.assertEqual(len(ml), 3)
self.assertEqual(len(ml.bastards), 2)
def test_sort(self):
ml = matching.MatchList()
ml.threshold = 100
a = matching.Match()
a.dist = 100
ml.append(a)
b = matching.Match()
b.dist = 5
ml.append(b)
c = matching.Match()
c.dist = 0
ml.append(c)
l = [c, b, a]
ml.sort()
for x, y in zip(l, ml):
self.assertEqual(x, y)
self.assertEqual(ml.best(), c)
test_expansion = """
interface(`foo',`
gen_require(`
type usr_t;
')
allow $1 usr_t:dir { create add_name };
allow $1 usr_t:file { read write };
')
interface(`map', `
gen_require(`
type bar_t;
')
allow $1 bar_t:file read;
allow $2 bar_t:file write;
foo($2)
')
interface(`hard_map', `
gen_require(`
type baz_t;
')
allow $1 baz_t:file getattr;
allow $2 baz_t:file read;
allow $3 baz_t:file write;
map($1, $2)
map($2, $3)
# This should have no effect
foo($2)
')
"""
class AccessMatcher(unittest.TestCase):
def test_search(self):
h = refparser.parse(test_expansion)
i = interfaces.InterfaceSet()
i.add_headers(h)
a = access.AccessVector(["foo_t", "usr_t", "dir", "create"])
m = matching.AccessMatcher()
ml = matching.MatchList()
ans = m.search_ifs(i, a, ml)
pass