1 files changed, 145 insertions, 0 deletions

diff --git a/libqpol/tests/policy-features-tests.c b/libqpol/tests/policy-features-tests.c
new file mode 100644
index 0000000..915dbaf
--- /dev/null
+++ b/libqpol/tests/policy-features-tests.c
@@ -0,0 +1,145 @@
+/**
+ *  @file
+ *
+ *  Test qpol loading of special types of policies.
+ *
+ *  @author Jeremy A. Mowery jmowery@tresys.com
+ *  @author Jason Tang jtang@tresys.com
+ *
+ *  Copyright (C) 2007 Tresys Technology, LLC
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#include <config.h>
+
+#include <CUnit/CUnit.h>
+#include <qpol/policy.h>
+#include "../src/qpol_internal.h"
+#include <stdio.h>
+
+#define BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/broken-alias-mod.21"
+#define NOT_BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/not-broken-alias-mod.21"
+#define NOGENFS_POLICY TEST_POLICIES "/setools-3.3/policy-features/nogenfscon-policy.21"
+
+static void policy_features_alias_count(void *varg, const qpol_policy_t * policy
+					__attribute__ ((unused)), int level, const char *fmt, va_list va_args)
+{
+	if (level == QPOL_MSG_WARN) {
+		int *num_removed_aliases = (int *)varg;
+		(*num_removed_aliases)++;
+	} else if (level == QPOL_MSG_ERR) {
+		fprintf(stderr, "ERROR: ");
+		vfprintf(stderr, fmt, va_args);
+		fprintf(stderr, "\n");
+	}
+}
+
+/**
+ * If a module has any disabled aliases, test that libqpol removed them.
+ */
+static void policy_features_invalid_alias(void)
+{
+	qpol_policy_t *qp = NULL;
+	int policy_features_removed_aliases = 0;
+	void *v;
+	unsigned char isalias = 0;
+	const char *name;
+
+	int policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count,
+						     &policy_features_removed_aliases, QPOL_POLICY_OPTION_NO_RULES);
+	CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+	CU_ASSERT(policy_features_removed_aliases == 0)
+
+	qpol_iterator_t *iter = NULL;
+	CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0);
+	while (!qpol_iterator_end(iter)) {
+		CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0);
+		qpol_type_t *type = (qpol_type_t *) v;
+		CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0);
+		if (isalias) {
+			CU_ASSERT_FATAL(qpol_type_get_name(qp, type, &name) == 0);
+			CU_ASSERT_STRING_EQUAL(name, "fs_t");
+		}
+		CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0);
+	}
+	qpol_iterator_destroy(&iter);
+	qpol_policy_destroy(&qp);
+
+	policy_features_removed_aliases = 0;
+	policy_type =
+		qpol_policy_open_from_file(BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count, &policy_features_removed_aliases,
+					   QPOL_POLICY_OPTION_NO_RULES);
+	CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+	CU_ASSERT(policy_features_removed_aliases == 1)
+
+		CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0);
+	while (!qpol_iterator_end(iter)) {
+		CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0);
+		qpol_type_t *type = (qpol_type_t *) v;
+		CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0);
+		CU_ASSERT(isalias == 0);
+		CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0);
+	}
+	qpol_iterator_destroy(&iter);
+	qpol_policy_destroy(&qp);
+}
+
+/** Test that getting an iterator of genfscon statements does not
+ *  fail if there are no genfscon statements. */
+static void policy_features_nogenfscon_iter(void)
+{
+	qpol_policy_t *qp = NULL;
+
+	/* open a policy with no genfscon statements */
+	int policy_type = qpol_policy_open_from_file(NOGENFS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES);
+	CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+
+	qpol_iterator_t *iter = NULL;
+
+	/* iterator should be safe to request but should be at end */
+	CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0);
+	CU_ASSERT(qpol_iterator_end(iter));
+	qpol_iterator_destroy(&iter);
+	qpol_policy_destroy(&qp);
+
+	/* open a policy with genfscon statements */
+	policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES);
+	CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+
+	/* iterator should be safe to request and not at end */
+	CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0);
+	CU_ASSERT(!qpol_iterator_end(iter));
+	qpol_iterator_destroy(&iter);
+	qpol_policy_destroy(&qp);
+}
+
+CU_TestInfo policy_features_tests[] = {
+	{"invalid alias", policy_features_invalid_alias}
+	,
+	{"No genfscon", policy_features_nogenfscon_iter}
+	,
+	CU_TEST_INFO_NULL
+};
+
+int policy_features_init()
+{
+	return 0;
+}
+
+int policy_features_cleanup()
+{
+	return 0;
+}