diff options
Diffstat (limited to 'libqpol/tests/capabilities-tests.c')
-rw-r--r-- | libqpol/tests/capabilities-tests.c | 542 |
1 files changed, 542 insertions, 0 deletions
diff --git a/libqpol/tests/capabilities-tests.c b/libqpol/tests/capabilities-tests.c new file mode 100644 index 0000000..c428c71 --- /dev/null +++ b/libqpol/tests/capabilities-tests.c @@ -0,0 +1,542 @@ +/** + * @file + * + * Test policy loading capabilities that were introduced in SETools + * 3.2. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007-2008 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <CUnit/CUnit.h> +#include <qpol/policy.h> + +#include <stdbool.h> + +#define POLICY_ROOT TEST_POLICIES "/policy-versions" + +struct capability_answer +{ + const char *policy_name; + int policy_type; + unsigned int policy_version; + bool has_attributes; + bool has_syn_rules; + bool has_line_numbers; + bool has_conditionals; + bool has_mls; + bool has_polcaps; + bool has_source; + bool has_modules; + char *enforcing_type, *permissive_type; +}; + +static void capability_test(const struct capability_answer *ca) +{ + qpol_policy_t *q = NULL; + int policy_type = qpol_policy_open_from_file(ca->policy_name, &q, NULL, NULL, QPOL_POLICY_OPTION_NO_NEVERALLOWS); + CU_ASSERT_FATAL(policy_type >= 0); + CU_ASSERT_EQUAL(policy_type, ca->policy_type); + + unsigned policy_version; + int retval; + retval = qpol_policy_get_policy_version(q, &policy_version); + CU_ASSERT_EQUAL_FATAL(retval, 0); + CU_ASSERT_EQUAL(policy_version, ca->policy_version); + + bool cap; + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_ATTRIB_NAMES); + CU_ASSERT_EQUAL(cap, ca->has_attributes); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES); + CU_ASSERT_EQUAL(cap, ca->has_syn_rules); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_LINE_NUMBERS); + CU_ASSERT_EQUAL(cap, ca->has_line_numbers); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_CONDITIONALS); + CU_ASSERT_EQUAL(cap, ca->has_conditionals); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MLS); + CU_ASSERT_EQUAL(cap, ca->has_mls); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_POLCAPS); + CU_ASSERT_EQUAL(cap, ca->has_polcaps); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SOURCE); + CU_ASSERT_EQUAL(cap, ca->has_source); + + cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MODULES); + CU_ASSERT_EQUAL(cap, ca->has_modules); + + unsigned char ispermissive; + const qpol_type_t *type; + + if (ca->enforcing_type != NULL) { + retval = qpol_policy_get_type_by_name(q, ca->enforcing_type, &type); + CU_ASSERT(retval == 0 && type != NULL); + retval = qpol_type_get_ispermissive(q, type, &ispermissive); + CU_ASSERT(retval == 0 && ispermissive == 0); + } + if (ca->permissive_type != NULL) { + retval = qpol_policy_get_type_by_name(q, ca->permissive_type, &type); + CU_ASSERT(retval == 0 && type != NULL); + retval = qpol_type_get_ispermissive(q, type, &ispermissive); + CU_ASSERT(retval == 0 && ispermissive == 1); + } + + qpol_policy_destroy(&q); +} + +static void capability_v12_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-12.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 12U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v15_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-15.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 15U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v15_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.15", + QPOL_POLICY_KERNEL_BINARY, // policy type + 15U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + false, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v16_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-16.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 16U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v16_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.16", + QPOL_POLICY_KERNEL_BINARY, // policy type + 16U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v17_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-17.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 17U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v17_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.17", + QPOL_POLICY_KERNEL_BINARY, // policy type + 17U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "fs_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v18_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-18.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 18U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v18_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.18", + QPOL_POLICY_KERNEL_BINARY, // policy type + 18U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v19_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.19", + QPOL_POLICY_KERNEL_BINARY, // policy type + 19U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v19_binary_mls(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.19", + QPOL_POLICY_KERNEL_BINARY, // policy type + 19U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v20_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy.20", + QPOL_POLICY_KERNEL_BINARY, // policy type + 20U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + false, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "wing_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v20_binary_mls(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.20", + QPOL_POLICY_KERNEL_BINARY, // policy type + 20U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v21_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-21.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 21U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + true, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v21_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.21", + QPOL_POLICY_KERNEL_BINARY, // policy type + 21U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v22_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-22.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 22U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + true, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v22_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.22", + QPOL_POLICY_KERNEL_BINARY, // policy type + 22U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + false, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v23_source(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls-23.conf", + QPOL_POLICY_KERNEL_SOURCE, // policy type + 23U, // policy version + true, // has attributes + true, // has syntactic rules + true, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + true, // has source + false, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_v23_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/policy-mls.23", + QPOL_POLICY_KERNEL_BINARY, // policy type + 23U, // policy version + false, // has attributes + false, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + false, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_modv6_base_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/base-6.pp", + QPOL_POLICY_MODULE_BINARY, // policy type + 6U, // policy version + true, // has attributes + true, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + false, // has policy capabilities + false, // has source + true, // has modules + "root_t", NULL // enforcing / permissive types + }; + capability_test(&cap); +} + +static void capability_modv8_base_binary(void) +{ + struct capability_answer cap = { + POLICY_ROOT "/base-8.pp", + QPOL_POLICY_MODULE_BINARY, // policy type + 8U, // policy version + true, // has attributes + true, // has syntactic rules + false, // has line numbers + true, // has conditionals + true, // has mls + true, // has policy capabilities + false, // has source + true, // has modules + "root_t", "system_t" // enforcing / permissive types + }; + capability_test(&cap); +} + +CU_TestInfo capabilities_tests[] = { + {"v12, source", capability_v12_source}, + {"v15, source", capability_v15_source}, + {"v15, binary", capability_v15_binary}, + {"v16, source", capability_v16_source}, + {"v16, binary", capability_v16_binary}, + {"v17, source", capability_v17_source}, + {"v17, binary", capability_v17_binary}, + {"v18, source", capability_v18_source}, + {"v18, binary", capability_v18_binary}, + {"v19, binary", capability_v19_binary}, + {"v19, binary mls", capability_v19_binary_mls}, + {"v20, binary", capability_v20_binary}, + {"v20, binary mls", capability_v20_binary_mls}, + {"v21, source", capability_v21_source}, + {"v21, binary", capability_v21_binary}, + {"v22, source", capability_v22_source}, + {"v22, binary", capability_v22_binary}, + {"v23, source", capability_v23_source}, + {"v23, binary", capability_v23_binary}, + {"mod v6, base binary", capability_modv6_base_binary}, + {"mod v8, base binary", capability_modv8_base_binary}, + CU_TEST_INFO_NULL +}; + +int capabilities_init() +{ + return 0; +} + +int capabilities_cleanup() +{ + return 0; +} |