summaryrefslogtreecommitdiffstats
path: root/libqpol/tests
diff options
context:
space:
mode:
Diffstat (limited to 'libqpol/tests')
-rw-r--r--libqpol/tests/Makefile.am17
-rw-r--r--libqpol/tests/capabilities-tests.c542
-rw-r--r--libqpol/tests/capabilities-tests.h35
-rw-r--r--libqpol/tests/iterators-tests.c87
-rw-r--r--libqpol/tests/iterators-tests.h35
-rw-r--r--libqpol/tests/libqpol-tests.c57
-rw-r--r--libqpol/tests/policy-features-tests.c145
-rw-r--r--libqpol/tests/policy-features-tests.h35
8 files changed, 953 insertions, 0 deletions
diff --git a/libqpol/tests/Makefile.am b/libqpol/tests/Makefile.am
new file mode 100644
index 0000000..bad0b82
--- /dev/null
+++ b/libqpol/tests/Makefile.am
@@ -0,0 +1,17 @@
+TESTS = libqpol-tests
+check_PROGRAMS = libqpol-tests
+
+libqpol_tests_SOURCES = \
+ capabilities-tests.c capabilities-tests.h \
+ iterators-tests.c iterators-tests.h \
+ policy-features-tests.c policy-features-tests.h \
+ libqpol-tests.c
+
+AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
+ @QPOL_CFLAGS@
+
+AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
+
+LDADD = @SELINUX_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@
+
+libqpol_tests_DEPENDENCIES = ../src/libqpol.so
diff --git a/libqpol/tests/capabilities-tests.c b/libqpol/tests/capabilities-tests.c
new file mode 100644
index 0000000..c428c71
--- /dev/null
+++ b/libqpol/tests/capabilities-tests.c
@@ -0,0 +1,542 @@
+/**
+ * @file
+ *
+ * Test policy loading capabilities that were introduced in SETools
+ * 3.2.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007-2008 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h>
+
+#include <CUnit/CUnit.h>
+#include <qpol/policy.h>
+
+#include <stdbool.h>
+
+#define POLICY_ROOT TEST_POLICIES "/policy-versions"
+
+struct capability_answer
+{
+ const char *policy_name;
+ int policy_type;
+ unsigned int policy_version;
+ bool has_attributes;
+ bool has_syn_rules;
+ bool has_line_numbers;
+ bool has_conditionals;
+ bool has_mls;
+ bool has_polcaps;
+ bool has_source;
+ bool has_modules;
+ char *enforcing_type, *permissive_type;
+};
+
+static void capability_test(const struct capability_answer *ca)
+{
+ qpol_policy_t *q = NULL;
+ int policy_type = qpol_policy_open_from_file(ca->policy_name, &q, NULL, NULL, QPOL_POLICY_OPTION_NO_NEVERALLOWS);
+ CU_ASSERT_FATAL(policy_type >= 0);
+ CU_ASSERT_EQUAL(policy_type, ca->policy_type);
+
+ unsigned policy_version;
+ int retval;
+ retval = qpol_policy_get_policy_version(q, &policy_version);
+ CU_ASSERT_EQUAL_FATAL(retval, 0);
+ CU_ASSERT_EQUAL(policy_version, ca->policy_version);
+
+ bool cap;
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_ATTRIB_NAMES);
+ CU_ASSERT_EQUAL(cap, ca->has_attributes);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES);
+ CU_ASSERT_EQUAL(cap, ca->has_syn_rules);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_LINE_NUMBERS);
+ CU_ASSERT_EQUAL(cap, ca->has_line_numbers);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_CONDITIONALS);
+ CU_ASSERT_EQUAL(cap, ca->has_conditionals);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MLS);
+ CU_ASSERT_EQUAL(cap, ca->has_mls);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_POLCAPS);
+ CU_ASSERT_EQUAL(cap, ca->has_polcaps);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SOURCE);
+ CU_ASSERT_EQUAL(cap, ca->has_source);
+
+ cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MODULES);
+ CU_ASSERT_EQUAL(cap, ca->has_modules);
+
+ unsigned char ispermissive;
+ const qpol_type_t *type;
+
+ if (ca->enforcing_type != NULL) {
+ retval = qpol_policy_get_type_by_name(q, ca->enforcing_type, &type);
+ CU_ASSERT(retval == 0 && type != NULL);
+ retval = qpol_type_get_ispermissive(q, type, &ispermissive);
+ CU_ASSERT(retval == 0 && ispermissive == 0);
+ }
+ if (ca->permissive_type != NULL) {
+ retval = qpol_policy_get_type_by_name(q, ca->permissive_type, &type);
+ CU_ASSERT(retval == 0 && type != NULL);
+ retval = qpol_type_get_ispermissive(q, type, &ispermissive);
+ CU_ASSERT(retval == 0 && ispermissive == 1);
+ }
+
+ qpol_policy_destroy(&q);
+}
+
+static void capability_v12_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-12.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 12U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ false, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v15_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-15.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 15U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ false, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v15_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.15",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 15U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ false, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v16_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-16.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 16U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v16_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.16",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 16U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v17_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-17.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 17U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v17_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.17",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 17U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "fs_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v18_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-18.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 18U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "wing_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v18_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.18",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 18U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "wing_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v19_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.19",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 19U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "wing_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v19_binary_mls(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls.19",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 19U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v20_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy.20",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 20U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ false, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "wing_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v20_binary_mls(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls.20",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 20U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v21_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls-21.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 21U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ false, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v21_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls.21",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 21U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ false, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v22_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls-22.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 22U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ true, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v22_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls.22",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 22U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ true, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v23_source(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls-23.conf",
+ QPOL_POLICY_KERNEL_SOURCE, // policy type
+ 23U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ true, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ true, // has policy capabilities
+ true, // has source
+ false, // has modules
+ "root_t", "system_t" // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_v23_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/policy-mls.23",
+ QPOL_POLICY_KERNEL_BINARY, // policy type
+ 23U, // policy version
+ false, // has attributes
+ false, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ true, // has policy capabilities
+ false, // has source
+ false, // has modules
+ "root_t", "system_t" // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_modv6_base_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/base-6.pp",
+ QPOL_POLICY_MODULE_BINARY, // policy type
+ 6U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ false, // has policy capabilities
+ false, // has source
+ true, // has modules
+ "root_t", NULL // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+static void capability_modv8_base_binary(void)
+{
+ struct capability_answer cap = {
+ POLICY_ROOT "/base-8.pp",
+ QPOL_POLICY_MODULE_BINARY, // policy type
+ 8U, // policy version
+ true, // has attributes
+ true, // has syntactic rules
+ false, // has line numbers
+ true, // has conditionals
+ true, // has mls
+ true, // has policy capabilities
+ false, // has source
+ true, // has modules
+ "root_t", "system_t" // enforcing / permissive types
+ };
+ capability_test(&cap);
+}
+
+CU_TestInfo capabilities_tests[] = {
+ {"v12, source", capability_v12_source},
+ {"v15, source", capability_v15_source},
+ {"v15, binary", capability_v15_binary},
+ {"v16, source", capability_v16_source},
+ {"v16, binary", capability_v16_binary},
+ {"v17, source", capability_v17_source},
+ {"v17, binary", capability_v17_binary},
+ {"v18, source", capability_v18_source},
+ {"v18, binary", capability_v18_binary},
+ {"v19, binary", capability_v19_binary},
+ {"v19, binary mls", capability_v19_binary_mls},
+ {"v20, binary", capability_v20_binary},
+ {"v20, binary mls", capability_v20_binary_mls},
+ {"v21, source", capability_v21_source},
+ {"v21, binary", capability_v21_binary},
+ {"v22, source", capability_v22_source},
+ {"v22, binary", capability_v22_binary},
+ {"v23, source", capability_v23_source},
+ {"v23, binary", capability_v23_binary},
+ {"mod v6, base binary", capability_modv6_base_binary},
+ {"mod v8, base binary", capability_modv8_base_binary},
+ CU_TEST_INFO_NULL
+};
+
+int capabilities_init()
+{
+ return 0;
+}
+
+int capabilities_cleanup()
+{
+ return 0;
+}
diff --git a/libqpol/tests/capabilities-tests.h b/libqpol/tests/capabilities-tests.h
new file mode 100644
index 0000000..b305b77
--- /dev/null
+++ b/libqpol/tests/capabilities-tests.h
@@ -0,0 +1,35 @@
+/**
+ * @file
+ *
+ * Declarations for libqpol capabilities tests.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef CAPABILITES_TESTS_H
+#define CAPABILITES_TESTS_H
+
+#include <CUnit/CUnit.h>
+
+extern CU_TestInfo capabilities_tests[];
+extern int capabilities_init();
+extern int capabilities_cleanup();
+
+#endif
diff --git a/libqpol/tests/iterators-tests.c b/libqpol/tests/iterators-tests.c
new file mode 100644
index 0000000..384f878
--- /dev/null
+++ b/libqpol/tests/iterators-tests.c
@@ -0,0 +1,87 @@
+/**
+ * @file
+ *
+ * Test qpol iterators.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h>
+
+#include <CUnit/CUnit.h>
+#include <qpol/policy.h>
+#include <stdio.h>
+
+#define SOURCE_POLICY TEST_POLICIES "/snapshots/fc4_targeted.policy.conf"
+
+static qpol_policy_t *qp = NULL;
+
+static void iterators_alias(void)
+{
+ qpol_iterator_t *iter = NULL;
+ CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0);
+ while (!qpol_iterator_end(iter)) {
+ void *v;
+ CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0);
+ qpol_type_t *type = (qpol_type_t *) v;
+
+ qpol_iterator_t *alias_iter = NULL;
+ size_t alias_size;
+ unsigned char isalias = 0;
+ CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0);
+ CU_ASSERT_FATAL(qpol_type_get_alias_iter(qp, type, &alias_iter) == 0);
+ CU_ASSERT_FATAL(qpol_iterator_get_size(alias_iter, &alias_size) == 0);
+
+ if (alias_size > 0) {
+ /* isalias could be 0 or 1, depending upon if
+ type is a primary or an alias */
+ CU_ASSERT(!qpol_iterator_end(alias_iter));
+ } else {
+ /* impossible for isalias to be true if the
+ alias iterator is empty */
+ CU_ASSERT(!isalias && qpol_iterator_end(alias_iter));
+ }
+
+ qpol_iterator_destroy(&alias_iter);
+ CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0);
+ }
+ qpol_iterator_destroy(&iter);
+}
+
+CU_TestInfo iterators_tests[] = {
+ {"alias iterator", iterators_alias}
+ ,
+ CU_TEST_INFO_NULL
+};
+
+int iterators_init()
+{
+ int policy_type = qpol_policy_open_from_file(SOURCE_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES);
+ if (policy_type < 0) {
+ return 1;
+ }
+ return 0;
+}
+
+int iterators_cleanup()
+{
+ qpol_policy_destroy(&qp);
+ return 0;
+}
diff --git a/libqpol/tests/iterators-tests.h b/libqpol/tests/iterators-tests.h
new file mode 100644
index 0000000..275f3a2
--- /dev/null
+++ b/libqpol/tests/iterators-tests.h
@@ -0,0 +1,35 @@
+/**
+ * @file
+ *
+ * Declarations for libqpol iterator tests.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef ITERATORS_TESTS_H
+#define ITERATORS_TESTS_H
+
+#include <CUnit/CUnit.h>
+
+extern CU_TestInfo iterators_tests[];
+extern int iterators_init();
+extern int iterators_cleanup();
+
+#endif
diff --git a/libqpol/tests/libqpol-tests.c b/libqpol/tests/libqpol-tests.c
new file mode 100644
index 0000000..eda58d6
--- /dev/null
+++ b/libqpol/tests/libqpol-tests.c
@@ -0,0 +1,57 @@
+/**
+ * @file
+ *
+ * CUnit testing framework for libqpol.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h>
+
+#include <CUnit/CUnit.h>
+#include <CUnit/Basic.h>
+
+#include "capabilities-tests.h"
+#include "iterators-tests.h"
+#include "policy-features-tests.h"
+
+int main(void)
+{
+ if (CU_initialize_registry() != CUE_SUCCESS) {
+ return CU_get_error();
+ }
+
+ CU_SuiteInfo suites[] = {
+ {"Capabilities", capabilities_init, capabilities_cleanup, capabilities_tests}
+ ,
+ {"Iterators", iterators_init, iterators_cleanup, iterators_tests}
+ ,
+ {"Policy Featurens", policy_features_init, policy_features_cleanup, policy_features_tests}
+ ,
+ CU_SUITE_INFO_NULL
+ };
+
+ CU_register_suites(suites);
+ CU_basic_set_mode(CU_BRM_VERBOSE);
+ CU_basic_run_tests();
+ unsigned int num_failures = CU_get_number_of_failure_records();
+ CU_cleanup_registry();
+ return (int)num_failures;
+}
diff --git a/libqpol/tests/policy-features-tests.c b/libqpol/tests/policy-features-tests.c
new file mode 100644
index 0000000..915dbaf
--- /dev/null
+++ b/libqpol/tests/policy-features-tests.c
@@ -0,0 +1,145 @@
+/**
+ * @file
+ *
+ * Test qpol loading of special types of policies.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h>
+
+#include <CUnit/CUnit.h>
+#include <qpol/policy.h>
+#include "../src/qpol_internal.h"
+#include <stdio.h>
+
+#define BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/broken-alias-mod.21"
+#define NOT_BROKEN_ALIAS_POLICY TEST_POLICIES "/setools-3.3/policy-features/not-broken-alias-mod.21"
+#define NOGENFS_POLICY TEST_POLICIES "/setools-3.3/policy-features/nogenfscon-policy.21"
+
+static void policy_features_alias_count(void *varg, const qpol_policy_t * policy
+ __attribute__ ((unused)), int level, const char *fmt, va_list va_args)
+{
+ if (level == QPOL_MSG_WARN) {
+ int *num_removed_aliases = (int *)varg;
+ (*num_removed_aliases)++;
+ } else if (level == QPOL_MSG_ERR) {
+ fprintf(stderr, "ERROR: ");
+ vfprintf(stderr, fmt, va_args);
+ fprintf(stderr, "\n");
+ }
+}
+
+/**
+ * If a module has any disabled aliases, test that libqpol removed them.
+ */
+static void policy_features_invalid_alias(void)
+{
+ qpol_policy_t *qp = NULL;
+ int policy_features_removed_aliases = 0;
+ void *v;
+ unsigned char isalias = 0;
+ const char *name;
+
+ int policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count,
+ &policy_features_removed_aliases, QPOL_POLICY_OPTION_NO_RULES);
+ CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+ CU_ASSERT(policy_features_removed_aliases == 0)
+
+ qpol_iterator_t *iter = NULL;
+ CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0);
+ while (!qpol_iterator_end(iter)) {
+ CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0);
+ qpol_type_t *type = (qpol_type_t *) v;
+ CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0);
+ if (isalias) {
+ CU_ASSERT_FATAL(qpol_type_get_name(qp, type, &name) == 0);
+ CU_ASSERT_STRING_EQUAL(name, "fs_t");
+ }
+ CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0);
+ }
+ qpol_iterator_destroy(&iter);
+ qpol_policy_destroy(&qp);
+
+ policy_features_removed_aliases = 0;
+ policy_type =
+ qpol_policy_open_from_file(BROKEN_ALIAS_POLICY, &qp, policy_features_alias_count, &policy_features_removed_aliases,
+ QPOL_POLICY_OPTION_NO_RULES);
+ CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+ CU_ASSERT(policy_features_removed_aliases == 1)
+
+ CU_ASSERT_FATAL(qpol_policy_get_type_iter(qp, &iter) == 0);
+ while (!qpol_iterator_end(iter)) {
+ CU_ASSERT_FATAL(qpol_iterator_get_item(iter, &v) == 0);
+ qpol_type_t *type = (qpol_type_t *) v;
+ CU_ASSERT_FATAL(qpol_type_get_isalias(qp, type, &isalias) == 0);
+ CU_ASSERT(isalias == 0);
+ CU_ASSERT_FATAL(qpol_iterator_next(iter) == 0);
+ }
+ qpol_iterator_destroy(&iter);
+ qpol_policy_destroy(&qp);
+}
+
+/** Test that getting an iterator of genfscon statements does not
+ * fail if there are no genfscon statements. */
+static void policy_features_nogenfscon_iter(void)
+{
+ qpol_policy_t *qp = NULL;
+
+ /* open a policy with no genfscon statements */
+ int policy_type = qpol_policy_open_from_file(NOGENFS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES);
+ CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+
+ qpol_iterator_t *iter = NULL;
+
+ /* iterator should be safe to request but should be at end */
+ CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0);
+ CU_ASSERT(qpol_iterator_end(iter));
+ qpol_iterator_destroy(&iter);
+ qpol_policy_destroy(&qp);
+
+ /* open a policy with genfscon statements */
+ policy_type = qpol_policy_open_from_file(NOT_BROKEN_ALIAS_POLICY, &qp, NULL, NULL, QPOL_POLICY_OPTION_NO_RULES);
+ CU_ASSERT_FATAL(policy_type == QPOL_POLICY_KERNEL_BINARY);
+
+ /* iterator should be safe to request and not at end */
+ CU_ASSERT_FATAL(qpol_policy_get_genfscon_iter(qp, &iter) == 0);
+ CU_ASSERT(!qpol_iterator_end(iter));
+ qpol_iterator_destroy(&iter);
+ qpol_policy_destroy(&qp);
+}
+
+CU_TestInfo policy_features_tests[] = {
+ {"invalid alias", policy_features_invalid_alias}
+ ,
+ {"No genfscon", policy_features_nogenfscon_iter}
+ ,
+ CU_TEST_INFO_NULL
+};
+
+int policy_features_init()
+{
+ return 0;
+}
+
+int policy_features_cleanup()
+{
+ return 0;
+}
diff --git a/libqpol/tests/policy-features-tests.h b/libqpol/tests/policy-features-tests.h
new file mode 100644
index 0000000..71463dd
--- /dev/null
+++ b/libqpol/tests/policy-features-tests.h
@@ -0,0 +1,35 @@
+/**
+ * @file
+ *
+ * Declarations for libqpol tests for reading special types of policies.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef POLICY_FEATURES_TESTS_H
+#define POLICY_FEATURES_TESTS_H
+
+#include <CUnit/CUnit.h>
+
+extern CU_TestInfo policy_features_tests[];
+extern int policy_features_init();
+extern int policy_features_cleanup();
+
+#endif
generated by cgit (git 2.34.1) at 2024-04-28 17:47:31 +0000