1046 lines
27 KiB
C
1046 lines
27 KiB
C
/*
|
|
* Authors: Jan Zarsky <jzarsky@redhat.com>
|
|
*
|
|
* Copyright (C) 2019 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#include "utilities.h"
|
|
#include "test_fcontext.h"
|
|
|
|
char FCONTEXTS[] =
|
|
"/etc/selinux(/.*) -s system_u:object_r:first_t:s0\n"
|
|
"/etc/selinux/targeted -- system_u:object_r:second_t:s0\n"
|
|
"/etc/selinux(/.*) -b system_u:object_r:third_t:s0\n";
|
|
unsigned int FCONTEXTS_LEN = sizeof(FCONTEXTS);
|
|
|
|
#define FCONTEXTS_COUNT 3
|
|
|
|
#define FCONTEXT1_EXPR "/etc/selinux(/.*)"
|
|
#define FCONTEXT1_TYPE SEMANAGE_FCONTEXT_SOCK
|
|
#define FCONTEXT1_CON "system_u:object_r:first_t:s0"
|
|
|
|
#define FCONTEXT2_EXPR "/etc/selinux/targeted"
|
|
#define FCONTEXT2_TYPE SEMANAGE_FCONTEXT_REG
|
|
#define FCONTEXT2_CON "system_u:object_r:second_t:s0"
|
|
|
|
#define FCONTEXT3_EXPR "/etc/selinux(/.*)"
|
|
#define FCONTEXT3_TYPE SEMANAGE_FCONTEXT_BLOCK
|
|
#define FCONTEXT3_CON "system_u:object_r:third_t:s0"
|
|
|
|
#define FCONTEXT_NONEXISTENT_EXPR "/asdf"
|
|
#define FCONTEXT_NONEXISTENT_TYPE SEMANAGE_FCONTEXT_ALL
|
|
|
|
/* fcontext_record.h */
|
|
void test_fcontext_compare(void);
|
|
void test_fcontext_compare2(void);
|
|
void test_fcontext_key_create(void);
|
|
void test_fcontext_key_extract(void);
|
|
void test_fcontext_get_set_expr(void);
|
|
void test_fcontext_get_set_type(void);
|
|
void test_fcontext_get_type_str(void);
|
|
void test_fcontext_get_set_con(void);
|
|
void test_fcontext_create(void);
|
|
void test_fcontext_clone(void);
|
|
|
|
/* fcontext_policy.h */
|
|
void test_fcontext_query(void);
|
|
void test_fcontext_exists(void);
|
|
void test_fcontext_count(void);
|
|
void test_fcontext_iterate(void);
|
|
void test_fcontext_list(void);
|
|
|
|
/* fcontext_local.h */
|
|
void test_fcontext_modify_del_local(void);
|
|
void test_fcontext_query_local(void);
|
|
void test_fcontext_exists_local(void);
|
|
void test_fcontext_count_local(void);
|
|
void test_fcontext_iterate_local(void);
|
|
void test_fcontext_list_local(void);
|
|
|
|
extern semanage_handle_t *sh;
|
|
|
|
int get_type(char *t)
|
|
{
|
|
if (strcmp(t, "--") == 0)
|
|
return SEMANAGE_FCONTEXT_ALL;
|
|
else if (strcmp(t, "-f") == 0)
|
|
return SEMANAGE_FCONTEXT_REG;
|
|
else if (strcmp(t, "-d") == 0)
|
|
return SEMANAGE_FCONTEXT_DIR;
|
|
else if (strcmp(t, "-c") == 0)
|
|
return SEMANAGE_FCONTEXT_CHAR;
|
|
else if (strcmp(t, "-b") == 0)
|
|
return SEMANAGE_FCONTEXT_BLOCK;
|
|
else if (strcmp(t, "-s") == 0)
|
|
return SEMANAGE_FCONTEXT_SOCK;
|
|
else if (strcmp(t, "-l") == 0)
|
|
return SEMANAGE_FCONTEXT_LINK;
|
|
else if (strcmp(t, "-p") == 0)
|
|
return SEMANAGE_FCONTEXT_PIPE;
|
|
else
|
|
return -1;
|
|
}
|
|
|
|
int write_file_contexts(const char *data, unsigned int data_len)
|
|
{
|
|
FILE *fptr = fopen("test-policy/store/active/file_contexts", "w+");
|
|
|
|
if (!fptr) {
|
|
perror("fopen");
|
|
return -1;
|
|
}
|
|
|
|
if (fwrite(data, data_len, 1, fptr) != 1) {
|
|
perror("fwrite");
|
|
fclose(fptr);
|
|
return -1;
|
|
}
|
|
|
|
fclose(fptr);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int fcontext_test_init(void)
|
|
{
|
|
if (create_test_store() < 0) {
|
|
fprintf(stderr, "Could not create test store\n");
|
|
return 1;
|
|
}
|
|
|
|
if (write_test_policy_from_file("test_fcontext.policy") < 0) {
|
|
fprintf(stderr, "Could not write test policy\n");
|
|
return 1;
|
|
}
|
|
|
|
if (write_file_contexts(FCONTEXTS, FCONTEXTS_LEN) < 0) {
|
|
fprintf(stderr, "Could not write file contexts\n");
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int fcontext_test_cleanup(void)
|
|
{
|
|
if (destroy_test_store() < 0) {
|
|
fprintf(stderr, "Could not destroy test store\n");
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int fcontext_add_tests(CU_pSuite suite)
|
|
{
|
|
CU_add_test(suite, "test_fcontext_compare", test_fcontext_compare);
|
|
CU_add_test(suite, "test_fcontext_compare2", test_fcontext_compare2);
|
|
CU_add_test(suite, "test_fcontext_key_create",
|
|
test_fcontext_key_create);
|
|
CU_add_test(suite, "test_fcontext_key_extract",
|
|
test_fcontext_key_extract);
|
|
CU_add_test(suite, "test_fcontext_get_set_expr",
|
|
test_fcontext_get_set_expr);
|
|
CU_add_test(suite, "test_fcontext_get_set_type",
|
|
test_fcontext_get_set_type);
|
|
CU_add_test(suite, "test_fcontext_get_type_str",
|
|
test_fcontext_get_type_str);
|
|
CU_add_test(suite, "test_fcontext_get_set_con",
|
|
test_fcontext_get_set_con);
|
|
CU_add_test(suite, "test_fcontext_create", test_fcontext_create);
|
|
CU_add_test(suite, "test_fcontext_clone", test_fcontext_clone);
|
|
|
|
CU_add_test(suite, "test_fcontext_query", test_fcontext_query);
|
|
CU_add_test(suite, "test_fcontext_exists", test_fcontext_exists);
|
|
CU_add_test(suite, "test_fcontext_count", test_fcontext_count);
|
|
CU_add_test(suite, "test_fcontext_iterate", test_fcontext_iterate);
|
|
CU_add_test(suite, "test_fcontext_list", test_fcontext_list);
|
|
CU_add_test(suite, "test_fcontext_modify_del_local",
|
|
test_fcontext_modify_del_local);
|
|
CU_add_test(suite, "test_fcontext_query_local",
|
|
test_fcontext_query_local);
|
|
CU_add_test(suite, "test_fcontext_exists_local",
|
|
test_fcontext_exists_local);
|
|
CU_add_test(suite, "test_fcontext_count_local",
|
|
test_fcontext_count_local);
|
|
CU_add_test(suite, "test_fcontext_iterate_local",
|
|
test_fcontext_iterate_local);
|
|
CU_add_test(suite, "test_fcontext_list_local",
|
|
test_fcontext_list_local);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* Helpers */
|
|
|
|
semanage_fcontext_t *get_fcontext_new(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_create(sh, &fcontext) >= 0);
|
|
|
|
return fcontext;
|
|
}
|
|
|
|
semanage_fcontext_t *get_fcontext_nth(int idx)
|
|
{
|
|
semanage_fcontext_t **records;
|
|
semanage_fcontext_t *fcontext;
|
|
unsigned int count;
|
|
|
|
if (idx == I_NULL)
|
|
return NULL;
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_list(sh, &records, &count) >= 0);
|
|
CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
|
|
|
|
fcontext = records[idx];
|
|
|
|
for (unsigned int i = 0; i < count; i++)
|
|
if (i != (unsigned int) idx)
|
|
semanage_fcontext_free(records[i]);
|
|
|
|
return fcontext;
|
|
}
|
|
|
|
semanage_fcontext_key_t *get_fcontext_key_nth(int idx)
|
|
{
|
|
semanage_fcontext_key_t *key;
|
|
semanage_fcontext_t *fcontext;
|
|
|
|
if (idx == I_NULL)
|
|
return NULL;
|
|
|
|
fcontext = get_fcontext_nth(idx);
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL_FATAL(key);
|
|
|
|
return key;
|
|
}
|
|
|
|
void add_local_fcontext(int fcontext_idx)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_key_t *key = NULL;
|
|
|
|
CU_ASSERT_FATAL(fcontext_idx != I_NULL);
|
|
|
|
fcontext = get_fcontext_nth(fcontext_idx);
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL_FATAL(key);
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_modify_local(sh, key, fcontext) >= 0);
|
|
}
|
|
|
|
void delete_local_fcontext(int fcontext_idx)
|
|
{
|
|
semanage_fcontext_key_t *key = NULL;
|
|
|
|
CU_ASSERT_FATAL(fcontext_idx != I_NULL);
|
|
|
|
key = get_fcontext_key_nth(fcontext_idx);
|
|
|
|
CU_ASSERT_FATAL(semanage_fcontext_del_local(sh, key) >= 0);
|
|
}
|
|
|
|
semanage_fcontext_key_t *get_fcontext_key_from_str(const char *str, int type)
|
|
{
|
|
semanage_fcontext_key_t *key;
|
|
int res;
|
|
|
|
if (str == NULL)
|
|
return NULL;
|
|
|
|
res = semanage_fcontext_key_create(sh, str, type, &key);
|
|
|
|
CU_ASSERT_FATAL(res >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL_FATAL(key);
|
|
|
|
return key;
|
|
}
|
|
|
|
/* Function semanage_fcontext_compare */
|
|
void test_fcontext_compare(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_key_t *key1;
|
|
semanage_fcontext_key_t *key2;
|
|
semanage_fcontext_key_t *key3;
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
fcontext = get_fcontext_nth(I_FIRST);
|
|
|
|
key1 = get_fcontext_key_nth(I_FIRST);
|
|
key2 = get_fcontext_key_nth(I_SECOND);
|
|
key3 = get_fcontext_key_nth(I_THIRD);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_compare(fcontext, key1) == 0);
|
|
CU_ASSERT(semanage_fcontext_compare(fcontext, key2) < 0);
|
|
CU_ASSERT(semanage_fcontext_compare(fcontext, key3) > 0);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
semanage_fcontext_key_free(key1);
|
|
semanage_fcontext_key_free(key2);
|
|
semanage_fcontext_key_free(key3);
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_compare2 */
|
|
void test_fcontext_compare2(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_t *fcontext1;
|
|
semanage_fcontext_t *fcontext2;
|
|
semanage_fcontext_t *fcontext3;
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
fcontext = get_fcontext_nth(I_FIRST);
|
|
fcontext1 = get_fcontext_nth(I_FIRST);
|
|
fcontext2 = get_fcontext_nth(I_SECOND);
|
|
fcontext3 = get_fcontext_nth(I_THIRD);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext1) == 0);
|
|
CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext2) < 0);
|
|
CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext3) > 0);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
semanage_fcontext_free(fcontext1);
|
|
semanage_fcontext_free(fcontext2);
|
|
semanage_fcontext_free(fcontext3);
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_key_create */
|
|
void test_fcontext_key_create(void)
|
|
{
|
|
semanage_fcontext_key_t *key = NULL;
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_key_create(sh, "", SEMANAGE_FCONTEXT_ALL,
|
|
&key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(key);
|
|
|
|
semanage_fcontext_key_free(key);
|
|
|
|
key = NULL;
|
|
|
|
CU_ASSERT(semanage_fcontext_key_create(sh, "testfcontext",
|
|
SEMANAGE_FCONTEXT_ALL, &key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(key);
|
|
|
|
semanage_fcontext_key_free(key);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_key_extract */
|
|
void test_fcontext_key_extract(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_key_t *key;
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
fcontext = get_fcontext_nth(I_FIRST);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(key);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_key_free(key);
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_get_expr, semanage_fcontext_set_expr */
|
|
void test_fcontext_get_set_expr(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
const char *expr = NULL;
|
|
const char *expr_exp = "/asdf";
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
fcontext = get_fcontext_nth(I_FIRST);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_set_expr(sh, fcontext, expr_exp) >= 0);
|
|
expr = semanage_fcontext_get_expr(fcontext);
|
|
CU_ASSERT_PTR_NOT_NULL(expr);
|
|
assert(expr);
|
|
CU_ASSERT_STRING_EQUAL(expr, expr_exp);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_get_type, semanage_fcontext_set_type */
|
|
void test_fcontext_get_set_type(void)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
int type_exp = SEMANAGE_FCONTEXT_SOCK;
|
|
int type;
|
|
|
|
/* setup */
|
|
setup_handle(SH_CONNECT);
|
|
fcontext = get_fcontext_nth(I_FIRST);
|
|
|
|
/* test */
|
|
semanage_fcontext_set_type(fcontext, type_exp);
|
|
type = semanage_fcontext_get_type(fcontext);
|
|
CU_ASSERT(type == type_exp);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(SH_CONNECT);
|
|
}
|
|
|
|
/* Function semanage_fcontext_get_type_str */
|
|
void helper_fcontext_get_type_str(int type, const char *exp_str)
|
|
{
|
|
CU_ASSERT_STRING_EQUAL(semanage_fcontext_get_type_str(type), exp_str);
|
|
}
|
|
|
|
void test_fcontext_get_type_str(void)
|
|
{
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL, "all files");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_REG, "regular file");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_DIR, "directory");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_CHAR,
|
|
"character device");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_BLOCK, "block device");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_SOCK, "socket");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_LINK, "symbolic link");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE, "named pipe");
|
|
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL - 1, "????");
|
|
helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE + 1, "????");
|
|
}
|
|
|
|
/* Function semanage_fcontext_get_con, semanage_fcontext_set_con */
|
|
void helper_fcontext_get_set_con(level_t level, int fcontext_idx,
|
|
const char *con_str)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_context_t *con = NULL;
|
|
semanage_context_t *new_con = NULL;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
fcontext = get_fcontext_nth(fcontext_idx);
|
|
|
|
if (con_str != NULL) {
|
|
CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(con);
|
|
} else {
|
|
con = NULL;
|
|
}
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);
|
|
new_con = semanage_fcontext_get_con(fcontext);
|
|
|
|
if (con_str != NULL) {
|
|
CU_ASSERT_CONTEXT_EQUAL(con, new_con);
|
|
} else {
|
|
CU_ASSERT_PTR_NULL(new_con);
|
|
}
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_get_set_con(void)
|
|
{
|
|
helper_fcontext_get_set_con(SH_CONNECT, I_FIRST, NULL);
|
|
helper_fcontext_get_set_con(SH_CONNECT, I_FIRST,
|
|
"user_u:role_r:type_t:s0");
|
|
helper_fcontext_get_set_con(SH_CONNECT, I_SECOND,
|
|
"user_u:role_r:type_t:s0");
|
|
helper_fcontext_get_set_con(SH_TRANS, I_FIRST, NULL);
|
|
helper_fcontext_get_set_con(SH_TRANS, I_FIRST,
|
|
"user_u:role_r:type_t:s0");
|
|
helper_fcontext_get_set_con(SH_TRANS, I_SECOND,
|
|
"user_u:role_r:type_t:s0");
|
|
}
|
|
|
|
/* Function semanage_fcontext_create */
|
|
void helper_fcontext_create(level_t level)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_create(sh, &fcontext) >= 0);
|
|
CU_ASSERT_PTR_NULL(semanage_fcontext_get_expr(fcontext));
|
|
CU_ASSERT(semanage_fcontext_get_type(fcontext)
|
|
== SEMANAGE_FCONTEXT_ALL);
|
|
CU_ASSERT_PTR_NULL(semanage_fcontext_get_con(fcontext));
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_create(void)
|
|
{
|
|
helper_fcontext_create(SH_NULL);
|
|
helper_fcontext_create(SH_HANDLE);
|
|
helper_fcontext_create(SH_CONNECT);
|
|
helper_fcontext_create(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_clone */
|
|
void helper_fcontext_clone(level_t level, int fcontext_idx)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_t *fcontext_clone;
|
|
const char *expr;
|
|
const char *expr_clone;
|
|
int type;
|
|
int type_clone;
|
|
semanage_context_t *con;
|
|
semanage_context_t *con_clone;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
fcontext = get_fcontext_nth(fcontext_idx);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_clone(sh, fcontext, &fcontext_clone) >= 0);
|
|
|
|
expr = semanage_fcontext_get_expr(fcontext);
|
|
expr_clone = semanage_fcontext_get_expr(fcontext_clone);
|
|
CU_ASSERT_STRING_EQUAL(expr, expr_clone);
|
|
|
|
type = semanage_fcontext_get_type(fcontext);
|
|
type_clone = semanage_fcontext_get_type(fcontext_clone);
|
|
CU_ASSERT_EQUAL(type, type_clone);
|
|
|
|
con = semanage_fcontext_get_con(fcontext);
|
|
con_clone = semanage_fcontext_get_con(fcontext_clone);
|
|
CU_ASSERT_CONTEXT_EQUAL(con, con_clone);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_free(fcontext);
|
|
semanage_fcontext_free(fcontext_clone);
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_clone(void)
|
|
{
|
|
helper_fcontext_clone(SH_CONNECT, I_FIRST);
|
|
helper_fcontext_clone(SH_CONNECT, I_SECOND);
|
|
helper_fcontext_clone(SH_TRANS, I_FIRST);
|
|
helper_fcontext_clone(SH_TRANS, I_SECOND);
|
|
}
|
|
|
|
/* Function semanage_fcontext_query */
|
|
void helper_fcontext_query(level_t level, const char *fcontext_expr,
|
|
int fcontext_type, int exp_res)
|
|
{
|
|
semanage_fcontext_key_t *key;
|
|
semanage_fcontext_t *resp = (void *) 42;
|
|
int res;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);
|
|
|
|
/* test */
|
|
res = semanage_fcontext_query(sh, key, &resp);
|
|
|
|
if (exp_res >= 0) {
|
|
CU_ASSERT(res >= 0);
|
|
const char *expr = semanage_fcontext_get_expr(resp);
|
|
CU_ASSERT_STRING_EQUAL(expr, fcontext_expr);
|
|
} else {
|
|
CU_ASSERT(res < 0);
|
|
CU_ASSERT(resp == (void *) 42);
|
|
}
|
|
|
|
/* cleanup */
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_query(void)
|
|
{
|
|
helper_fcontext_query(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
|
|
FCONTEXT_NONEXISTENT_TYPE, -1);
|
|
helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
|
|
helper_fcontext_query(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
|
|
helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
|
|
helper_fcontext_query(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
|
|
FCONTEXT_NONEXISTENT_TYPE, -1);
|
|
helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
|
|
helper_fcontext_query(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
|
|
helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
|
|
}
|
|
|
|
/* Function semanage_fcontext_exists */
|
|
void helper_fcontext_exists(level_t level, const char *fcontext_expr,
|
|
int fcontext_type, int exp_resp)
|
|
{
|
|
semanage_fcontext_key_t *key;
|
|
int resp;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_exists(sh, key, &resp) >= 0);
|
|
CU_ASSERT(resp == exp_resp);
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_key_free(key);
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_exists(void)
|
|
{
|
|
helper_fcontext_exists(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
|
|
FCONTEXT_NONEXISTENT_TYPE, 0);
|
|
helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
|
|
helper_fcontext_exists(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
|
|
helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
|
|
helper_fcontext_exists(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
|
|
FCONTEXT_NONEXISTENT_TYPE, 0);
|
|
helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
|
|
helper_fcontext_exists(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
|
|
helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
|
|
}
|
|
|
|
/* Function semanage_fcontext_count */
|
|
void test_fcontext_count(void)
|
|
{
|
|
unsigned int resp;
|
|
|
|
/* handle */
|
|
setup_handle(SH_HANDLE);
|
|
CU_ASSERT(semanage_fcontext_count(sh, &resp) < 0);
|
|
CU_ASSERT(semanage_fcontext_count(sh, NULL) < 0);
|
|
cleanup_handle(SH_HANDLE);
|
|
|
|
/* connect */
|
|
resp = 0;
|
|
setup_handle(SH_CONNECT);
|
|
CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == FCONTEXTS_COUNT);
|
|
cleanup_handle(SH_CONNECT);
|
|
|
|
/* trans */
|
|
resp = 0;
|
|
setup_handle(SH_TRANS);
|
|
CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == FCONTEXTS_COUNT);
|
|
cleanup_handle(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_iterate */
|
|
unsigned int counter_fcontext_iterate = 0;
|
|
|
|
int handler_fcontext_iterate(const semanage_fcontext_t *record, void *varg)
|
|
{
|
|
CU_ASSERT_PTR_NOT_NULL(record);
|
|
counter_fcontext_iterate++;
|
|
return 0;
|
|
}
|
|
|
|
void helper_fcontext_iterate_invalid(void)
|
|
{
|
|
/* setup */
|
|
setup_handle(SH_HANDLE);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
|
|
NULL) < 0);
|
|
CU_ASSERT(semanage_fcontext_iterate(sh, NULL, NULL) < 0);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(SH_HANDLE);
|
|
}
|
|
|
|
void helper_fcontext_iterate(level_t level)
|
|
{
|
|
/* setup */
|
|
setup_handle(level);
|
|
counter_fcontext_iterate = 0;
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
|
|
NULL) >= 0);
|
|
CU_ASSERT(counter_fcontext_iterate == FCONTEXTS_COUNT);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_iterate(void)
|
|
{
|
|
helper_fcontext_iterate_invalid();
|
|
helper_fcontext_iterate(SH_CONNECT);
|
|
helper_fcontext_iterate(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_list */
|
|
void helper_fcontext_list_invalid(void)
|
|
{
|
|
semanage_fcontext_t **records;
|
|
unsigned int count;
|
|
|
|
/* setup */
|
|
setup_handle(SH_HANDLE);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_list(sh, &records, &count) < 0);
|
|
CU_ASSERT(semanage_fcontext_list(sh, NULL, &count) < 0);
|
|
CU_ASSERT(semanage_fcontext_list(sh, &records, NULL) < 0);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(SH_HANDLE);
|
|
}
|
|
|
|
void helper_fcontext_list(level_t level)
|
|
{
|
|
semanage_fcontext_t **records;
|
|
unsigned int count;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_list(sh, &records, &count) >= 0);
|
|
CU_ASSERT(count == FCONTEXTS_COUNT);
|
|
|
|
for (unsigned int i = 0; i < count; i++)
|
|
CU_ASSERT_PTR_NOT_NULL(records[i]);
|
|
|
|
for (unsigned int i = 0; i < count; i++)
|
|
semanage_fcontext_free(records[i]);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_list(void)
|
|
{
|
|
helper_fcontext_list_invalid();
|
|
helper_fcontext_list(SH_CONNECT);
|
|
helper_fcontext_list(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_modify_local, semanage_fcontext_del_local */
|
|
void helper_fcontext_modify_del_local(level_t level, int fcontext_idx,
|
|
const char *con_str, int exp_res)
|
|
{
|
|
semanage_fcontext_t *fcontext;
|
|
semanage_fcontext_t *fcontext_local;
|
|
semanage_fcontext_key_t *key = NULL;
|
|
semanage_context_t *con = NULL;
|
|
int res;
|
|
|
|
/* setup */
|
|
setup_handle(level);
|
|
fcontext = get_fcontext_nth(fcontext_idx);
|
|
CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(key);
|
|
|
|
if (con_str != NULL) {
|
|
CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(con);
|
|
} else {
|
|
con = NULL;
|
|
}
|
|
|
|
CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);
|
|
|
|
/* test */
|
|
res = semanage_fcontext_modify_local(sh, key, fcontext);
|
|
|
|
if (exp_res >= 0) {
|
|
CU_ASSERT(res >= 0);
|
|
|
|
if (level == SH_TRANS) {
|
|
helper_commit();
|
|
helper_begin_transaction();
|
|
}
|
|
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key,
|
|
&fcontext_local) >= 0);
|
|
CU_ASSERT(semanage_fcontext_compare2(fcontext_local,
|
|
fcontext) == 0);
|
|
CU_ASSERT(semanage_fcontext_del_local(sh, key) >= 0);
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key,
|
|
&fcontext_local) < 0);
|
|
} else {
|
|
CU_ASSERT(res < 0);
|
|
}
|
|
|
|
/* cleanup */
|
|
semanage_fcontext_key_free(key);
|
|
semanage_fcontext_free(fcontext);
|
|
cleanup_handle(level);
|
|
}
|
|
|
|
void test_fcontext_modify_del_local(void)
|
|
{
|
|
helper_fcontext_modify_del_local(SH_CONNECT, I_FIRST,
|
|
"system_u:object_r:tmp_t:s0", -1);
|
|
helper_fcontext_modify_del_local(SH_CONNECT, I_SECOND,
|
|
"system_u:object_r:tmp_t:s0", -1);
|
|
helper_fcontext_modify_del_local(SH_TRANS, I_FIRST,
|
|
"system_u:object_r:tmp_t:s0", 1);
|
|
helper_fcontext_modify_del_local(SH_TRANS, I_SECOND,
|
|
"system_u:object_r:tmp_t:s0", 1);
|
|
}
|
|
|
|
/* Function semanage_fcontext_query_local */
|
|
void test_fcontext_query_local(void)
|
|
{
|
|
semanage_fcontext_key_t *key = NULL;
|
|
semanage_fcontext_t *resp = NULL;
|
|
|
|
/* connect */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
key = get_fcontext_key_nth(I_FIRST);
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
|
|
CU_ASSERT_PTR_NULL(resp);
|
|
|
|
cleanup_handle(SH_CONNECT);
|
|
|
|
/* transaction */
|
|
setup_handle(SH_TRANS);
|
|
|
|
key = get_fcontext_key_nth(I_FIRST);
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
|
|
CU_ASSERT_PTR_NULL(resp);
|
|
|
|
add_local_fcontext(I_FIRST);
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(resp);
|
|
|
|
semanage_fcontext_key_free(key);
|
|
key = get_fcontext_key_nth(I_SECOND);
|
|
add_local_fcontext(I_SECOND);
|
|
CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
|
|
CU_ASSERT_PTR_NOT_NULL(resp);
|
|
|
|
/* cleanup */
|
|
delete_local_fcontext(I_FIRST);
|
|
delete_local_fcontext(I_SECOND);
|
|
cleanup_handle(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_exists_local */
|
|
void test_fcontext_exists_local(void)
|
|
{
|
|
int resp = -1;
|
|
semanage_fcontext_key_t *key;
|
|
|
|
/* setup */
|
|
setup_handle(SH_TRANS);
|
|
key = get_fcontext_key_nth(I_FIRST);
|
|
|
|
/* test */
|
|
CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
|
|
CU_ASSERT(resp == 0);
|
|
|
|
add_local_fcontext(I_FIRST);
|
|
resp = -1;
|
|
|
|
CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
|
|
CU_ASSERT(resp == 1);
|
|
|
|
delete_local_fcontext(I_FIRST);
|
|
resp = -1;
|
|
|
|
CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
|
|
CU_ASSERT(resp == 0);
|
|
|
|
resp = -1;
|
|
|
|
CU_ASSERT(semanage_fcontext_exists_local(sh, NULL, &resp) >= 0);
|
|
CU_ASSERT(resp == 0);
|
|
|
|
/* cleanup */
|
|
cleanup_handle(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_count_local */
|
|
void test_fcontext_count_local(void)
|
|
{
|
|
unsigned int resp;
|
|
|
|
/* handle */
|
|
setup_handle(SH_HANDLE);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) < 0);
|
|
cleanup_handle(SH_HANDLE);
|
|
|
|
/* connect */
|
|
setup_handle(SH_CONNECT);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == 0);
|
|
cleanup_handle(SH_CONNECT);
|
|
|
|
/* transaction */
|
|
setup_handle(SH_TRANS);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == 0);
|
|
|
|
add_local_fcontext(I_FIRST);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == 1);
|
|
|
|
add_local_fcontext(I_SECOND);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == 2);
|
|
|
|
delete_local_fcontext(I_SECOND);
|
|
CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
|
|
CU_ASSERT(resp == 1);
|
|
|
|
/* cleanup */
|
|
delete_local_fcontext(I_FIRST);
|
|
cleanup_handle(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_iterate_local */
|
|
unsigned int counter_fcontext_iterate_local = 0;
|
|
|
|
int handler_fcontext_iterate_local(const semanage_fcontext_t *record,
|
|
void *varg)
|
|
{
|
|
CU_ASSERT_PTR_NOT_NULL(record);
|
|
counter_fcontext_iterate_local++;
|
|
return 0;
|
|
}
|
|
|
|
void test_fcontext_iterate_local(void)
|
|
{
|
|
/* handle */
|
|
setup_handle(SH_HANDLE);
|
|
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh,
|
|
&handler_fcontext_iterate_local, NULL) < 0);
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) < 0);
|
|
|
|
cleanup_handle(SH_HANDLE);
|
|
|
|
/* connect */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
counter_fcontext_iterate_local = 0;
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh,
|
|
&handler_fcontext_iterate_local, NULL) >= 0);
|
|
CU_ASSERT(counter_fcontext_iterate_local == 0);
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) >= 0);
|
|
|
|
cleanup_handle(SH_CONNECT);
|
|
|
|
/* transaction */
|
|
setup_handle(SH_TRANS);
|
|
|
|
counter_fcontext_iterate_local = 0;
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh,
|
|
&handler_fcontext_iterate_local, NULL) >= 0);
|
|
CU_ASSERT(counter_fcontext_iterate_local == 0);
|
|
|
|
add_local_fcontext(I_FIRST);
|
|
counter_fcontext_iterate_local = 0;
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh,
|
|
&handler_fcontext_iterate_local, NULL) >= 0);
|
|
CU_ASSERT(counter_fcontext_iterate_local == 1);
|
|
|
|
add_local_fcontext(I_SECOND);
|
|
counter_fcontext_iterate_local = 0;
|
|
CU_ASSERT(semanage_fcontext_iterate_local(sh,
|
|
&handler_fcontext_iterate_local, NULL) >= 0);
|
|
CU_ASSERT(counter_fcontext_iterate_local == 2);
|
|
|
|
/* cleanup */
|
|
delete_local_fcontext(I_FIRST);
|
|
delete_local_fcontext(I_SECOND);
|
|
cleanup_handle(SH_TRANS);
|
|
}
|
|
|
|
/* Function semanage_fcontext_list_local */
|
|
void test_fcontext_list_local(void)
|
|
{
|
|
semanage_fcontext_t **records;
|
|
unsigned int count;
|
|
|
|
/* handle */
|
|
setup_handle(SH_HANDLE);
|
|
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) < 0);
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, NULL, &count) < 0);
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, NULL) < 0);
|
|
|
|
cleanup_handle(SH_HANDLE);
|
|
|
|
/* connect */
|
|
setup_handle(SH_CONNECT);
|
|
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
|
|
CU_ASSERT(count == 0);
|
|
|
|
cleanup_handle(SH_CONNECT);
|
|
|
|
/* transaction */
|
|
setup_handle(SH_TRANS);
|
|
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
|
|
CU_ASSERT(count == 0);
|
|
|
|
add_local_fcontext(I_FIRST);
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
|
|
CU_ASSERT(count == 1);
|
|
CU_ASSERT_PTR_NOT_NULL(records[0]);
|
|
|
|
add_local_fcontext(I_SECOND);
|
|
CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
|
|
CU_ASSERT(count == 2);
|
|
CU_ASSERT_PTR_NOT_NULL(records[0]);
|
|
CU_ASSERT_PTR_NOT_NULL(records[1]);
|
|
|
|
/* cleanup */
|
|
delete_local_fcontext(I_FIRST);
|
|
delete_local_fcontext(I_SECOND);
|
|
cleanup_handle(SH_TRANS);
|
|
}
|