diff options
author | Miroslav Grepl <mgrepl@redhat.com> | 2014-04-11 09:37:53 +0200 |
---|---|---|
committer | Miroslav Grepl <mgrepl@redhat.com> | 2014-04-11 09:37:53 +0200 |
commit | 47be9ff57e72906660bb62a515222f482131e1fb (patch) | |
tree | 2cb0ef0ba48d73b1df7cc0915754a17e19464bb6 /libqpol/tests | |
download | setools-master.tar.gz setools-master.tar.xz setools-master.zip |
Create setools-3.3.7 git repomaster
Diffstat (limited to 'libqpol/tests')
-rw-r--r-- | libqpol/tests/Makefile.am | 17 | ||||
-rw-r--r-- | libqpol/tests/capabilities-tests.c | 542 | ||||
-rw-r--r-- | libqpol/tests/capabilities-tests.h | 35 | ||||
-rw-r--r-- | libqpol/tests/iterators-tests.c | 87 | ||||
-rw-r--r-- | libqpol/tests/iterators-tests.h | 35 | ||||
-rw-r--r-- | libqpol/tests/libqpol-tests.c | 57 | ||||
-rw-r--r-- | libqpol/tests/policy-features-tests.c | 145 | ||||
-rw-r--r-- | libqpol/tests/policy-features-tests.h | 35 |
8 files changed, 953 insertions, 0 deletions
diff --git a/libqpol/tests/Makefile.am b/libqpol/tests/Makefile.am new file mode 100644 index 0000000..bad0b82 --- /dev/null +++ b/libqpol/tests/Makefile.am @@ -0,0 +1,17 @@ +TESTS = libqpol-tests +check_PROGRAMS = libqpol-tests + +libqpol_tests_SOURCES = \ + capabilities-tests.c capabilities-tests.h \ + iterators-tests.c iterators-tests.h \ + policy-features-tests.c policy-features-tests.h \ + libqpol-tests.c + +AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ + @QPOL_CFLAGS@ + +AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ + +LDADD = @SELINUX_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ + +libqpol_tests_DEPENDENCIES = ../src/libqpol.so diff --git a/libqpol/tests/capabilities-tests.c b/libqpol/tests/capabilities-tests.c new file mode 100644 index 0000000..c428c71 --- /dev/null +++ b/libqpol/tests/capabilities-tests.c @@ -0,0 +1,542 @@ +/** + * @file + * + * Test policy loading capabilities that were introduced in SETools + * 3.2. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007-2008 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <CUnit/CUnit.h> +#include <qpol/policy.h> + +#include <stdbool.h> + +#define POLICY_ROOT TEST_POLICIES "/policy-versions" + +struct capability_answer +{ + const char *policy_name; + int policy_type; + unsigned int policy_version; + bool has_attributes; + bool has_syn_rules; + bool has_line_numbers; + bool has_conditionals; + bool has_mls; + bool has_polcaps; + bool has_source; + bool has_modules; + char *enforcing_type, *permissive_type; +}; + +static void capability_test(const struct capability_answer *ca) +{ + qpol_policy_t *q = NULL; + int policy_type = qpol_policy_open_from_file(ca->policy_name, &q, NULL, NULL, QPOL_POLICY_OPTION_NO_NEVERALLOWS); + CU_ASSERT_FATAL(policy_type >= 0); + CU_ASSERT_EQUAL(policy_type, ca->policy_type); + + unsigned policy_version; + int retval; + retval = qpol_policy_get_policy_version(q, &policy_version); + CU_ASSERT_EQUAL_FATAL(retval, 0); + CU_ASSERT_EQUAL(policy_version, ca->policy_version); + + bool cap; + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_ATTRIB_NAMES); + CU_ASSERT_EQUAL(cap, ca->has_attributes); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES); + CU_ASSERT_EQUAL(cap, ca->has_syn_rules); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_LINE_NUMBERS); + CU_ASSERT_EQUAL(cap, ca->has_line_numbers); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_CONDITIONALS); + CU_ASSERT_EQUAL(cap, ca->has_conditionals); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MLS); + CU_ASSERT_EQUAL(cap, ca->has_mls); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_POLCAPS); + CU_ASSERT_EQUAL(cap, ca->has_polcaps); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SOURCE); + CU_ASSERT_EQUAL(cap, ca->has_source); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MODULES); + CU_ASSERT_EQUAL(cap, ca->has_modules); + + unsigned char ispermissive; + const qpol_type_t *type; + + if (ca->enforcing_type != NULL) { + retval = qpol_policy_get_type_by_name(q, ca->enforcing_type, &type); + CU_ASSERT(retval == 0 && type != NULL); + retval = qpol_type_get_ispermissive(q, type, &ispermissive); + CU_ASSERT(retval == 0 && ispermissive == 0); + } + if (ca->permissive_type != NULL) { + retval = qpol_policy_get_type_by_name(q, ca->permissive_type, &type); + CU_ASSERT(retval == 0 && type != NULL); + retval = qpol_type_get_ispermissive(q, type, &ispermissive); + CU_ASSERT(retval == 0 && ispermissive == 1); + } + + qpol_policy_destroy(&q); +} + +static void capability_v12_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-12.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 12U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v15_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-15.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 15U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v15_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.15", + QPOL_POLICY_KERNEL_BINARY, // policy type + 15U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v16_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-16.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 16U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v16_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.16", + QPOL_POLICY_KERNEL_BINARY, // policy type + 16U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v17_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-17.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 17U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v17_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.17", + QPOL_POLICY_KERNEL_BINARY, // policy type + 17U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v18_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-18.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 18U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v18_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.18", + QPOL_POLICY_KERNEL_BINARY, // policy type + 18U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v19_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.19", + QPOL_POLICY_KERNEL_BINARY, // policy type + 19U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v19_binary_mls(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.19", + QPOL_POLICY_KERNEL_BINARY, // policy type + 19U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v20_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.20", + QPOL_POLICY_KERNEL_BINARY, // policy type + 20U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v20_binary_mls(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.20", + QPOL_POLICY_KERNEL_BINARY, // policy type + 20U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v21_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-21.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 21U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v21_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.21", + QPOL_POLICY_KERNEL_BINARY, // policy type + 21U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v22_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-22.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 22U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + true, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v22_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.22", + QPOL_POLICY_KERNEL_BINARY, // policy type + 22U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v23_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-23.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 23U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + true, // has source + false, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v23_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.23", + QPOL_POLICY_KERNEL_BINARY, // policy type + 23U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + false, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_modv6_base_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/base-6.pp", + QPOL_POLICY_MODULE_BINARY, // policy type + 6U, // policy version + true, // has attributes + true, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + true, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_modv8_base_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/base-8.pp", + QPOL_POLICY_MODULE_BINARY, // policy type + 8U, // policy version + true, // has attributes + true, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + true, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +CU_TestInfo capabilities_tests[] = { + {"v12, source", capability_v12_source}, + {"v15, source", capability_v15_source}, + {"v15, binary", capability_v15_binary}, + {"v16, source", capability_v16_source}, + {"v16, binary", capability_v16_binary}, + {"v17, source", capability_v17_source}, + {"v17, binary", capability_v17_binary}, + {"v18, source", capability_v18_source}, + {"v18, binary", capability_v18_binary}, + {"v19, binary", capability_v19_binary}, + {"v19, binary mls", capability_v19_binary_mls}, + {"v20, binary", capability_v20_binary}, + {"v20, binary mls", capability_v20_binary_mls}, + {"v21, source", capability_v21_source}, + {"v21, binary", capability_v21_binary}, + {"v22, source", capability_v22_source}, + {"v22, binary", capability_v22_binary}, + {"v23, source", capability_v23_source}, + {"v23, binary", capability_v23_binary}, + {"mod v6, base binary", capability_modv6_base_binary}, + {"mod v8, base binary", capability_modv8_base_binary}, + CU_TEST_INFO_NULL +}; + +int capabilities_init() +{ + return 0; +} + +int capabilities_cleanup() +{ + return 0; +} diff --git a/libqpol/tests/capabilities-tests.h b/libqpol/tests/capabilities-tests.h new file mode 100644 index 0000000..b305b77 --- /dev/null +++ b/libqpol/tests/capabilities-tests.h @@ -0,0 +1,35 @@ +/** + * @file + * + * Declarations for libqpol capabilities tests. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef CAPABILITES_TESTS_H +#define CAPABILITES_TESTS_H + +#include <CUnit/CUnit.h> + +extern CU_TestInfo capabilities_tests[]; +extern int capabilities_init(); +extern int capabilities_cleanup(); + +#endif diff --git a/libqpol/tests/iterators-tests.c b/libqpol/tests/iterators-tests.c new file mode 100644 index 0000000..384f878 --- /dev/null +++ b/libqpol/tests/iterators-tests.c @@ -0,0 +1,87 @@ +/** + * @file + * + * Test qpol iterators. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <CUnit/CUnit.h> +#include <qpol/policy.h> +#include <stdio.h> + +#define SOURCE_POLICY TEST_POLICIES "/snapshots/fc4_targeted.policy.conf" + +static qpol_policy_t *qp = NULL; + +static void iterators_alias(void) +{ + qpol_iterator_t *iter = NULL; + CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0); + while (!qpol_iterator_end(iter)) { + void *v; + CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0); + qpol_type_t *type = (qpol_type_t *) v; + + qpol_iterator_t *alias_iter = NULL; + size_t alias_size; + unsigned char isalias = 0; + CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0); + CU_ASSERT_FATAL(qpol_type_get_alias_iter(qp, type, &alias_iter) == 0); + CU_ASSERT_FATAL(qpol_iterator_get_size(alias_iter, &alias_size) == 0); + + if (alias_size > 0) { + /* isalias could be 0 or 1, depending upon if + type is a primary or an alias */ + CU_ASSERT(!qpol_iterator_end(alias_iter)); + } else { + /* impossible for isalias to be true if the + alias iterator is empty */ + CU_ASSERT(!isalias && qpol_iterator_end(alias_iter)); + } + + qpol_iterator_destroy(&alias_iter); + CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0); + } + qpol_iterator_destroy(&iter); +} + +CU_TestInfo iterators_tests[] = { + {"alias iterator", iterators_alias} + , + CU_TEST_INFO_NULL +}; + +int iterators_init() +{ + int policy_type = qpol_policy_open_from_file(SOURCE_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES); + if (policy_type < 0) { + return 1; + } + return 0; +} + +int iterators_cleanup() +{ + qpol_policy_destroy(&qp); + return 0; +} diff --git a/libqpol/tests/iterators-tests.h b/libqpol/tests/iterators-tests.h new file mode 100644 index 0000000..275f3a2 --- /dev/null +++ b/libqpol/tests/iterators-tests.h @@ -0,0 +1,35 @@ +/** + * @file + * + * Declarations for libqpol iterator tests. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef ITERATORS_TESTS_H +#define ITERATORS_TESTS_H + +#include <CUnit/CUnit.h> + +extern CU_TestInfo iterators_tests[]; +extern int iterators_init(); +extern int iterators_cleanup(); + +#endif diff --git a/libqpol/tests/libqpol-tests.c b/libqpol/tests/libqpol-tests.c new file mode 100644 index 0000000..eda58d6 --- /dev/null +++ b/libqpol/tests/libqpol-tests.c @@ -0,0 +1,57 @@ +/** + * @file + * + * CUnit testing framework for libqpol. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <CUnit/CUnit.h> +#include <CUnit/Basic.h> + +#include "capabilities-tests.h" +#include "iterators-tests.h" +#include "policy-features-tests.h" + +int main(void) +{ + if (CU_initialize_registry() != CUE_SUCCESS) { + return CU_get_error(); + } + + CU_SuiteInfo suites[] = { + {"Capabilities", capabilities_init, capabilities_cleanup, capabilities_tests} + , + {"Iterators", iterators_init, iterators_cleanup, iterators_tests} + , + {"Policy Featurens", policy_features_init, policy_features_cleanup, policy_features_tests} + , + CU_SUITE_INFO_NULL + }; + + CU_register_suites(suites); + CU_basic_set_mode(CU_BRM_VERBOSE); + CU_basic_run_tests(); + unsigned int num_failures = CU_get_number_of_failure_records(); + CU_cleanup_registry(); + return (int)num_failures; +} diff --git a/libqpol/tests/policy-features-tests.c b/libqpol/tests/policy-features-tests.c new file mode 100644 index 0000000..915dbaf --- /dev/null +++ b/libqpol/tests/policy-features-tests.c @@ -0,0 +1,145 @@ +/** + * @file + * + * Test qpol loading of special types of policies. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <CUnit/CUnit.h> +#include <qpol/policy.h> +#include "../src/qpol_internal.h" +#include <stdio.h> + +#define BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/broken-alias-mod.21" +#define NOT_BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/not-broken-alias-mod.21" +#define NOGENFS_POLICY TEST_POLICIES "/setools-3.3/policy-features/nogenfscon-policy.21" + +static void policy_features_alias_count(void *varg, const qpol_policy_t * policy + __attribute__ ((unused)), int level, const char *fmt, va_list va_args) +{ + if (level == QPOL_MSG_WARN) { + int *num_removed_aliases = (int *)varg; + (*num_removed_aliases)++; + } else if (level == QPOL_MSG_ERR) { + fprintf(stderr, "ERROR: "); + vfprintf(stderr, fmt, va_args); + fprintf(stderr, "\n"); + } +} + +/** + * If a module has any disabled aliases, test that libqpol removed them. + */ +static void policy_features_invalid_alias(void) +{ + qpol_policy_t *qp = NULL; + int policy_features_removed_aliases = 0; + void *v; + unsigned char isalias = 0; + const char *name; + + int policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count, + &policy_features_removed_aliases, QPOL_POLICY_OPTION_NO_RULES); + CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY); + CU_ASSERT(policy_features_removed_aliases == 0) + + qpol_iterator_t *iter = NULL; + CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0); + while (!qpol_iterator_end(iter)) { + CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0); + qpol_type_t *type = (qpol_type_t *) v; + CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0); + if (isalias) { + CU_ASSERT_FATAL(qpol_type_get_name(qp, type, &name) == 0); + CU_ASSERT_STRING_EQUAL(name, "fs_t"); + } + CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0); + } + qpol_iterator_destroy(&iter); + qpol_policy_destroy(&qp); + + policy_features_removed_aliases = 0; + policy_type = + qpol_policy_open_from_file(BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count, &policy_features_removed_aliases, + QPOL_POLICY_OPTION_NO_RULES); + CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY); + CU_ASSERT(policy_features_removed_aliases == 1) + + CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0); + while (!qpol_iterator_end(iter)) { + CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0); + qpol_type_t *type = (qpol_type_t *) v; + CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0); + CU_ASSERT(isalias == 0); + CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0); + } + qpol_iterator_destroy(&iter); + qpol_policy_destroy(&qp); +} + +/** Test that getting an iterator of genfscon statements does not + * fail if there are no genfscon statements. */ +static void policy_features_nogenfscon_iter(void) +{ + qpol_policy_t *qp = NULL; + + /* open a policy with no genfscon statements */ + int policy_type = qpol_policy_open_from_file(NOGENFS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES); + CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY); + + qpol_iterator_t *iter = NULL; + + /* iterator should be safe to request but should be at end */ + CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0); + CU_ASSERT(qpol_iterator_end(iter)); + qpol_iterator_destroy(&iter); + qpol_policy_destroy(&qp); + + /* open a policy with genfscon statements */ + policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES); + CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY); + + /* iterator should be safe to request and not at end */ + CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0); + CU_ASSERT(!qpol_iterator_end(iter)); + qpol_iterator_destroy(&iter); + qpol_policy_destroy(&qp); +} + +CU_TestInfo policy_features_tests[] = { + {"invalid alias", policy_features_invalid_alias} + , + {"No genfscon", policy_features_nogenfscon_iter} + , + CU_TEST_INFO_NULL +}; + +int policy_features_init() +{ + return 0; +} + +int policy_features_cleanup() +{ + return 0; +} diff --git a/libqpol/tests/policy-features-tests.h b/libqpol/tests/policy-features-tests.h new file mode 100644 index 0000000..71463dd --- /dev/null +++ b/libqpol/tests/policy-features-tests.h @@ -0,0 +1,35 @@ +/** + * @file + * + * Declarations for libqpol tests for reading special types of policies. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef POLICY_FEATURES_TESTS_H +#define POLICY_FEATURES_TESTS_H + +#include <CUnit/CUnit.h> + +extern CU_TestInfo policy_features_tests[]; +extern int policy_features_init(); +extern int policy_features_cleanup(); + +#endif |