setools/tests/policyrep/role.py

# Copyright 2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with SETools.  If not, see <http://www.gnu.org/licenses/>.
#
import unittest

try:
    from unittest.mock import Mock
except ImportError:
    from mock import Mock

from setools import SELinuxPolicy
from setools.policyrep import qpol
from setools.policyrep.exception import InvalidRole
from setools.policyrep.role import role_factory


class RoleTest(unittest.TestCase):

    @classmethod
    def setUpClass(cls):
        cls.p = SELinuxPolicy("tests/policyrep/role.conf")

    def mock_role_factory(self, name, types):
        """Factory function for Role objects, using a mock qpol object."""
        mock_role = Mock(qpol.qpol_role_t)
        mock_role.name.return_value = name
        mock_role.type_iter.return_value = iter(types)

        return role_factory(self.p.policy, mock_role)

    def test_001_lookup(self):
        """Role factory policy lookup."""
        role = role_factory(self.p.policy, "role20_r")
        self.assertEqual("role20_r", role.qpol_symbol.name(self.p.policy))

    def test_002_lookup_invalid(self):
        """Role factory policy invalid lookup."""
        with self.assertRaises(InvalidRole):
            role_factory(self.p.policy, "INVALID")

    def test_003_lookup_object(self):
        """Role factory policy lookup of Role object."""
        role1 = role_factory(self.p.policy, "role20_r")
        role2 = role_factory(self.p.policy, role1)
        self.assertIs(role2, role1)

    def test_010_string(self):
        """Role basic string rendering."""
        role = self.mock_role_factory("rolename10", ['type1'])
        self.assertEqual("rolename10", str(role))

    def test_020_statement_type(self):
        """Role statement, one type."""
        role = self.mock_role_factory("rolename20", ['type30'])
        self.assertEqual("role rolename20 types type30;", role.statement())

    def test_021_statement_two_types(self):
        """Role statement, two types."""
        role = self.mock_role_factory("rolename21", ['type31a', 'type31b'])
        self.assertEqual("role rolename21 types { type31a type31b };", role.statement())

    def test_022_statement_decl(self):
        """Role statement, no types."""
        # This is an unlikely corner case, where a role
        # has been declared but has no types.
        role = self.mock_role_factory("rolename22", [])
        self.assertEqual("role rolename22;", role.statement())

    def test_030_types(self):
        """Role types generator."""
        role = self.mock_role_factory("rolename", ['type31b', 'type31c'])
        self.assertEqual(['type31b', 'type31c'], sorted(role.types()))

    def test_040_expand(self):
        """Role expansion"""
        role = self.mock_role_factory("rolename", ['type31a', 'type31b', 'type31c'])
        expanded = list(role.expand())
        self.assertEqual(1, len(expanded))
        self.assertIs(role, expanded[0])
Implement RoleTest. 2015-04-11 13:01:26 +00:00			`# Copyright 2015, Tresys Technology, LLC`
			`#`
			`# This file is part of SETools.`
			`#`
			`# SETools is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# SETools is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with SETools. If not, see <http://www.gnu.org/licenses/>.`
			`#`
			`import unittest`

			`try:`
			`from unittest.mock import Mock`
			`except ImportError:`
			`from mock import Mock`

			`from setools import SELinuxPolicy`
			`from setools.policyrep import qpol`
			`from setools.policyrep.exception import InvalidRole`
			`from setools.policyrep.role import role_factory`


			`class RoleTest(unittest.TestCase):`

			`@classmethod`
			`def setUpClass(cls):`
			`cls.p = SELinuxPolicy("tests/policyrep/role.conf")`

			`def mock_role_factory(self, name, types):`
			`"""Factory function for Role objects, using a mock qpol object."""`
			`mock_role = Mock(qpol.qpol_role_t)`
			`mock_role.name.return_value = name`
			`mock_role.type_iter.return_value = iter(types)`

			`return role_factory(self.p.policy, mock_role)`

			`def test_001_lookup(self):`
			`"""Role factory policy lookup."""`
			`role = role_factory(self.p.policy, "role20_r")`
			`self.assertEqual("role20_r", role.qpol_symbol.name(self.p.policy))`

			`def test_002_lookup_invalid(self):`
			`"""Role factory policy invalid lookup."""`
			`with self.assertRaises(InvalidRole):`
			`role_factory(self.p.policy, "INVALID")`

policyrep factories: short circuit if provided a constructed object. Change factory functions that support lookups to short circuit if they are being provided an instance of the object they are meant to create. 2015-04-16 18:07:18 +00:00			`def test_003_lookup_object(self):`
			`"""Role factory policy lookup of Role object."""`
			`role1 = role_factory(self.p.policy, "role20_r")`
			`role2 = role_factory(self.p.policy, role1)`
			`self.assertIs(role2, role1)`

Implement RoleTest. 2015-04-11 13:01:26 +00:00			`def test_010_string(self):`
			`"""Role basic string rendering."""`
			`role = self.mock_role_factory("rolename10", ['type1'])`
			`self.assertEqual("rolename10", str(role))`

			`def test_020_statement_type(self):`
			`"""Role statement, one type."""`
			`role = self.mock_role_factory("rolename20", ['type30'])`
			`self.assertEqual("role rolename20 types type30;", role.statement())`

			`def test_021_statement_two_types(self):`
			`"""Role statement, two types."""`
			`role = self.mock_role_factory("rolename21", ['type31a', 'type31b'])`
			`self.assertEqual("role rolename21 types { type31a type31b };", role.statement())`

			`def test_022_statement_decl(self):`
			`"""Role statement, no types."""`
			`# This is an unlikely corner case, where a role`
			`# has been declared but has no types.`
			`role = self.mock_role_factory("rolename22", [])`
			`self.assertEqual("role rolename22;", role.statement())`

			`def test_030_types(self):`
			`"""Role types generator."""`
			`role = self.mock_role_factory("rolename", ['type31b', 'type31c'])`
			`self.assertEqual(['type31b', 'type31c'], sorted(role.types()))`

			`def test_040_expand(self):`
			`"""Role expansion"""`
			`role = self.mock_role_factory("rolename", ['type31a', 'type31b', 'type31c'])`
			`expanded = list(role.expand())`
			`self.assertEqual(1, len(expanded))`
			`self.assertIs(role, expanded[0])`