1*2d543d20SAndroid Build Coastguard Workerimport unittest 2*2d543d20SAndroid Build Coastguard Workerimport sys 3*2d543d20SAndroid Build Coastguard Workerfrom subprocess import Popen, PIPE 4*2d543d20SAndroid Build Coastguard Worker 5*2d543d20SAndroid Build Coastguard Workerimport argparse 6*2d543d20SAndroid Build Coastguard Worker 7*2d543d20SAndroid Build Coastguard Workerobject_list = ['login', 'user', 'port', 'module', 'interface', 'node', 'fcontext', 'boolean', 'permissive', "dontaudit"] 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Worker 10*2d543d20SAndroid Build Coastguard Workerclass SemanageTests(unittest.TestCase): 11*2d543d20SAndroid Build Coastguard Worker 12*2d543d20SAndroid Build Coastguard Worker def assertDenied(self, err): 13*2d543d20SAndroid Build Coastguard Worker self.assertTrue('Permission denied' in err, 14*2d543d20SAndroid Build Coastguard Worker '"Permission denied" not found in %r' % err) 15*2d543d20SAndroid Build Coastguard Worker 16*2d543d20SAndroid Build Coastguard Worker def assertNotFound(self, err): 17*2d543d20SAndroid Build Coastguard Worker self.assertTrue('not found' in err, 18*2d543d20SAndroid Build Coastguard Worker '"not found" not found in %r' % err) 19*2d543d20SAndroid Build Coastguard Worker 20*2d543d20SAndroid Build Coastguard Worker def assertFailure(self, status): 21*2d543d20SAndroid Build Coastguard Worker self.assertTrue(status != 0, 22*2d543d20SAndroid Build Coastguard Worker '"semanage succeeded when it should have failed') 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker def assertSuccess(self, status, err): 25*2d543d20SAndroid Build Coastguard Worker self.assertTrue(status == 0, 26*2d543d20SAndroid Build Coastguard Worker '"semanage should have succeeded for this test %r' % err) 27*2d543d20SAndroid Build Coastguard Worker 28*2d543d20SAndroid Build Coastguard Worker def test_extract(self): 29*2d543d20SAndroid Build Coastguard Worker for object in object_list: 30*2d543d20SAndroid Build Coastguard Worker if object in ["dontaudit", "module", "permissive"]: 31*2d543d20SAndroid Build Coastguard Worker continue 32*2d543d20SAndroid Build Coastguard Worker "Verify semanage %s -E" % object 33*2d543d20SAndroid Build Coastguard Worker p = Popen(['semanage', object, '-E'], stdout=PIPE) 34*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 35*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 36*2d543d20SAndroid Build Coastguard Worker 37*2d543d20SAndroid Build Coastguard Worker def test_input_output(self): 38*2d543d20SAndroid Build Coastguard Worker print("Verify semanage export -f /tmp/out") 39*2d543d20SAndroid Build Coastguard Worker p = Popen(['semanage', "export", '-f', '/tmp/out'], stdout=PIPE) 40*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 41*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 42*2d543d20SAndroid Build Coastguard Worker print("Verify semanage export -S targeted -f -") 43*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "export", "-S", "targeted", "-f", "-"], stdout=PIPE) 44*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 45*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 46*2d543d20SAndroid Build Coastguard Worker print("Verify semanage -S targeted -o -") 47*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "-S", "targeted", "-o", "-"], stdout=PIPE) 48*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 49*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 50*2d543d20SAndroid Build Coastguard Worker print("Verify semanage import -f /tmp/out") 51*2d543d20SAndroid Build Coastguard Worker p = Popen(['semanage', "import", '-f', '/tmp/out'], stdout=PIPE) 52*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 53*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 54*2d543d20SAndroid Build Coastguard Worker print("Verify semanage import -S targeted -f /tmp/out") 55*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "import", "-S", "targeted", "-f", "/tmp/out"], stdout=PIPE) 56*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 57*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 58*2d543d20SAndroid Build Coastguard Worker print("Verify semanage -S targeted -i /tmp/out") 59*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "-S", "targeted", "-i", "/tmp/out"], stdout=PIPE) 60*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 61*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 62*2d543d20SAndroid Build Coastguard Worker 63*2d543d20SAndroid Build Coastguard Worker def test_list(self): 64*2d543d20SAndroid Build Coastguard Worker for object in object_list: 65*2d543d20SAndroid Build Coastguard Worker if object in ["dontaudit"]: 66*2d543d20SAndroid Build Coastguard Worker continue 67*2d543d20SAndroid Build Coastguard Worker "Verify semanage %s -l" % object 68*2d543d20SAndroid Build Coastguard Worker p = Popen(['semanage', object, '-l'], stdout=PIPE) 69*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 70*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 71*2d543d20SAndroid Build Coastguard Worker 72*2d543d20SAndroid Build Coastguard Worker def test_list_c(self): 73*2d543d20SAndroid Build Coastguard Worker for object in object_list: 74*2d543d20SAndroid Build Coastguard Worker if object in ["module", "permissive", "dontaudit"]: 75*2d543d20SAndroid Build Coastguard Worker continue 76*2d543d20SAndroid Build Coastguard Worker print("Verify semanage %s -l" % object) 77*2d543d20SAndroid Build Coastguard Worker p = Popen(['semanage', object, '-lC'], stdout=PIPE) 78*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 79*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 80*2d543d20SAndroid Build Coastguard Worker 81*2d543d20SAndroid Build Coastguard Worker def test_fcontext(self): 82*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-d", "/ha-web(/.*)?"], stderr=PIPE) 83*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 84*2d543d20SAndroid Build Coastguard Worker 85*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -a") 86*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-a", "-t", "httpd_sys_content_t", "/ha-web(/.*)?"], stdout=PIPE) 87*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 88*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 89*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -m") 90*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-m", "-t", "default_t", "/ha-web(/.*)?"], stdout=PIPE) 91*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 92*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 93*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -d") 94*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-d", "/ha-web(/.*)?"], stdout=PIPE) 95*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 96*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 97*2d543d20SAndroid Build Coastguard Worker 98*2d543d20SAndroid Build Coastguard Worker def test_fcontext_e(self): 99*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-d", "/myhome"], stderr=PIPE) 100*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 101*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-d", "/myhome1"], stderr=PIPE) 102*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 103*2d543d20SAndroid Build Coastguard Worker 104*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -a -e") 105*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-a", "-e", "/home", "/myhome"], stdout=PIPE) 106*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 107*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 108*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -m -e") 109*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-a", "-e", "/home", "/myhome1"], stdout=PIPE) 110*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 111*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 112*2d543d20SAndroid Build Coastguard Worker print("Verify semanage fcontext -d -e") 113*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "fcontext", "-d", "/myhome1"], stdout=PIPE) 114*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 115*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 116*2d543d20SAndroid Build Coastguard Worker 117*2d543d20SAndroid Build Coastguard Worker def test_port(self): 118*2d543d20SAndroid Build Coastguard Worker # Cleanup 119*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "port", "-d", "-p", "tcp", "55"], stdout=PIPE, stderr=PIPE) 120*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 121*2d543d20SAndroid Build Coastguard Worker 122*2d543d20SAndroid Build Coastguard Worker # test 123*2d543d20SAndroid Build Coastguard Worker print("Verify semanage port -a") 124*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "port", "-a", "-t", "ssh_port_t", "-p", "tcp", "55"], stdout=PIPE) 125*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 126*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 127*2d543d20SAndroid Build Coastguard Worker print("Verify semanage port -m") 128*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "port", "-m", "-t", "http_port_t", "-p", "tcp", "55"], stdout=PIPE) 129*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 130*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 131*2d543d20SAndroid Build Coastguard Worker print("Verify semanage port -d") 132*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "port", "-d", "-p", "tcp", "55"], stdout=PIPE) 133*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 134*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 135*2d543d20SAndroid Build Coastguard Worker 136*2d543d20SAndroid Build Coastguard Worker def test_login(self): 137*2d543d20SAndroid Build Coastguard Worker # Cleanup 138*2d543d20SAndroid Build Coastguard Worker p = Popen(["userdel", "-f", "-r", "testlogin"], stderr=PIPE, stdout=PIPE) 139*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 140*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-d", "testuser_u"], stderr=PIPE, stdout=PIPE) 141*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 142*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-d", "testlogin"], stderr=PIPE, stdout=PIPE) 143*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 144*2d543d20SAndroid Build Coastguard Worker 145*2d543d20SAndroid Build Coastguard Worker #test 146*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -a") 147*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-a", "-R", "staff_r", "-r", "s0-s0:c0.c1023", "testuser_u"], stdout=PIPE) 148*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 149*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 150*2d543d20SAndroid Build Coastguard Worker print("Verify useradd ") 151*2d543d20SAndroid Build Coastguard Worker p = Popen(["useradd", "testlogin"], stdout=PIPE) 152*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 153*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 154*2d543d20SAndroid Build Coastguard Worker print("Verify semanage login -a") 155*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-a", "-s", "testuser_u", "testlogin"], stdout=PIPE) 156*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 157*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 158*2d543d20SAndroid Build Coastguard Worker print("Verify semanage login -m -r") 159*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-m", "-r", "s0-s0:c1", "testlogin"], stdout=PIPE) 160*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 161*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 162*2d543d20SAndroid Build Coastguard Worker print("Verify semanage login -m -s") 163*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-m", "-s", "staff_u", "testlogin"], stdout=PIPE) 164*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 165*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 166*2d543d20SAndroid Build Coastguard Worker print("Verify semanage login -m -s -r") 167*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-m", "-s", "testuser_u", "-r", "s0", "testlogin"], stdout=PIPE) 168*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 169*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 170*2d543d20SAndroid Build Coastguard Worker print("Verify semanage login -d") 171*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "login", "-d", "testlogin"], stdout=PIPE) 172*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 173*2d543d20SAndroid Build Coastguard Worker print("Verify userdel ") 174*2d543d20SAndroid Build Coastguard Worker p = Popen(["userdel", "-f", "-r", "testlogin"], stderr=PIPE, stdout=PIPE) 175*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 176*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 177*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -d") 178*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-d", "testuser_u"], stdout=PIPE) 179*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 180*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 181*2d543d20SAndroid Build Coastguard Worker 182*2d543d20SAndroid Build Coastguard Worker def test_user(self): 183*2d543d20SAndroid Build Coastguard Worker # Cleanup 184*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-d", "testuser_u"], stderr=PIPE, stdout=PIPE) 185*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 186*2d543d20SAndroid Build Coastguard Worker 187*2d543d20SAndroid Build Coastguard Worker # test 188*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -a") 189*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-a", "-R", "staff_r", "-r", "s0-s0:c0.c1023", "testuser_u"], stdout=PIPE) 190*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 191*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 192*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -m -R") 193*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-m", "-R", "sysadm_r unconfined_r", "testuser_u"], stdout=PIPE) 194*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 195*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 196*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -m -r") 197*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-m", "-r", "s0-s0:c1", "testuser_u"], stdout=PIPE) 198*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 199*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 200*2d543d20SAndroid Build Coastguard Worker print("Verify semanage user -d") 201*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "user", "-d", "testuser_u"], stdout=PIPE) 202*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 203*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 204*2d543d20SAndroid Build Coastguard Worker 205*2d543d20SAndroid Build Coastguard Worker def test_boolean(self): 206*2d543d20SAndroid Build Coastguard Worker import selinux 207*2d543d20SAndroid Build Coastguard Worker boolean_status = {0: "--off", 1: "--on"} 208*2d543d20SAndroid Build Coastguard Worker boolean_state = selinux.security_get_boolean_active("httpd_anon_write") 209*2d543d20SAndroid Build Coastguard Worker # Test 210*2d543d20SAndroid Build Coastguard Worker print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[not boolean_state]) 211*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "boolean", "-m", boolean_status[(not boolean_state)], "httpd_anon_write"], stdout=PIPE) 212*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 213*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 214*2d543d20SAndroid Build Coastguard Worker print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[boolean_state]) 215*2d543d20SAndroid Build Coastguard Worker p = Popen(["semanage", "boolean", "-m", boolean_status[boolean_state], "httpd_anon_write"], stdout=PIPE) 216*2d543d20SAndroid Build Coastguard Worker out, err = p.communicate() 217*2d543d20SAndroid Build Coastguard Worker self.assertSuccess(p.returncode, err) 218*2d543d20SAndroid Build Coastguard Worker 219*2d543d20SAndroid Build Coastguard Worker 220*2d543d20SAndroid Build Coastguard Workerdef semanage_suite(): 221*2d543d20SAndroid Build Coastguard Worker semanage_suite = unittest.TestSuite() 222*2d543d20SAndroid Build Coastguard Worker semanage_suite.addTest(unittest.makeSuite(SemanageTests)) 223*2d543d20SAndroid Build Coastguard Worker 224*2d543d20SAndroid Build Coastguard Worker return semanage_suite 225*2d543d20SAndroid Build Coastguard Worker 226*2d543d20SAndroid Build Coastguard Worker 227*2d543d20SAndroid Build Coastguard Workerdef semanage_custom_suite(test_list): 228*2d543d20SAndroid Build Coastguard Worker suiteSemanage = unittest.TestSuite() 229*2d543d20SAndroid Build Coastguard Worker for t in test_list: 230*2d543d20SAndroid Build Coastguard Worker suiteSemanage.addTest(SemanageTests(t)) 231*2d543d20SAndroid Build Coastguard Worker 232*2d543d20SAndroid Build Coastguard Worker return suiteSemanage 233*2d543d20SAndroid Build Coastguard Worker 234*2d543d20SAndroid Build Coastguard Worker 235*2d543d20SAndroid Build Coastguard Workerdef semanage_run_test(suite): 236*2d543d20SAndroid Build Coastguard Worker return unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful() 237*2d543d20SAndroid Build Coastguard Worker 238*2d543d20SAndroid Build Coastguard Worker 239*2d543d20SAndroid Build Coastguard Workerclass CheckTest(argparse.Action): 240*2d543d20SAndroid Build Coastguard Worker 241*2d543d20SAndroid Build Coastguard Worker def __call__(self, parser, namespace, values, option_string=None): 242*2d543d20SAndroid Build Coastguard Worker newval = getattr(namespace, self.dest) 243*2d543d20SAndroid Build Coastguard Worker if not newval: 244*2d543d20SAndroid Build Coastguard Worker newval = [] 245*2d543d20SAndroid Build Coastguard Worker for v in values: 246*2d543d20SAndroid Build Coastguard Worker if v not in semanage_test_list: 247*2d543d20SAndroid Build Coastguard Worker raise ValueError("%s must be an unit test.\nValid tests: %s" % (v, ", ".join(semanage_test_list))) 248*2d543d20SAndroid Build Coastguard Worker newval.append(v) 249*2d543d20SAndroid Build Coastguard Worker setattr(namespace, self.dest, newval) 250*2d543d20SAndroid Build Coastguard Worker 251*2d543d20SAndroid Build Coastguard Worker 252*2d543d20SAndroid Build Coastguard Workerdef semanage_args(args): 253*2d543d20SAndroid Build Coastguard Worker if args.list: 254*2d543d20SAndroid Build Coastguard Worker print("You can run the following tests:") 255*2d543d20SAndroid Build Coastguard Worker for i in semanage_test_list: 256*2d543d20SAndroid Build Coastguard Worker print(i) 257*2d543d20SAndroid Build Coastguard Worker if args.all: 258*2d543d20SAndroid Build Coastguard Worker return semanage_run_test(semanage_suite()) 259*2d543d20SAndroid Build Coastguard Worker if args.test: 260*2d543d20SAndroid Build Coastguard Worker return semanage_run_test(semanage_custom_suite(args.test)) 261*2d543d20SAndroid Build Coastguard Worker 262*2d543d20SAndroid Build Coastguard Worker 263*2d543d20SAndroid Build Coastguard Workerdef gen_semanage_test_args(parser): 264*2d543d20SAndroid Build Coastguard Worker group = parser.add_mutually_exclusive_group(required=True) 265*2d543d20SAndroid Build Coastguard Worker group.add_argument('-a', "--all", dest="all", default=False, 266*2d543d20SAndroid Build Coastguard Worker action="store_true", 267*2d543d20SAndroid Build Coastguard Worker help=("Run all semanage unit tests")) 268*2d543d20SAndroid Build Coastguard Worker group.add_argument('-l', "--list", dest="list", default=False, 269*2d543d20SAndroid Build Coastguard Worker action="store_true", 270*2d543d20SAndroid Build Coastguard Worker help=("List all semanage unit tests")) 271*2d543d20SAndroid Build Coastguard Worker group.add_argument('-t', "--test", dest="test", default=[], 272*2d543d20SAndroid Build Coastguard Worker action=CheckTest, nargs="*", 273*2d543d20SAndroid Build Coastguard Worker help=("Run selected semanage unit test(s)")) 274*2d543d20SAndroid Build Coastguard Worker group.set_defaults(func=semanage_args) 275*2d543d20SAndroid Build Coastguard Worker 276*2d543d20SAndroid Build Coastguard Workerif __name__ == "__main__": 277*2d543d20SAndroid Build Coastguard Worker import selinux 278*2d543d20SAndroid Build Coastguard Worker semanage_test_list = [x for x in dir(SemanageTests) if x.startswith("test_")] 279*2d543d20SAndroid Build Coastguard Worker if selinux.is_selinux_enabled() and selinux.security_getenforce() == 1: 280*2d543d20SAndroid Build Coastguard Worker parser = argparse.ArgumentParser(description='Semanage unit test script') 281*2d543d20SAndroid Build Coastguard Worker gen_semanage_test_args(parser) 282*2d543d20SAndroid Build Coastguard Worker try: 283*2d543d20SAndroid Build Coastguard Worker args = parser.parse_args() 284*2d543d20SAndroid Build Coastguard Worker if args.func(args): 285*2d543d20SAndroid Build Coastguard Worker sys.exit(0) 286*2d543d20SAndroid Build Coastguard Worker else: 287*2d543d20SAndroid Build Coastguard Worker sys.exit(1) 288*2d543d20SAndroid Build Coastguard Worker except ValueError as e: 289*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 290*2d543d20SAndroid Build Coastguard Worker sys.exit(1) 291*2d543d20SAndroid Build Coastguard Worker except IOError as e: 292*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 293*2d543d20SAndroid Build Coastguard Worker sys.exit(1) 294*2d543d20SAndroid Build Coastguard Worker except KeyboardInterrupt: 295*2d543d20SAndroid Build Coastguard Worker sys.exit(0) 296*2d543d20SAndroid Build Coastguard Worker else: 297*2d543d20SAndroid Build Coastguard Worker print("SELinux must be in enforcing mode for this test") 298