1*2d543d20SAndroid Build Coastguard Worker# Authors: Karl MacMillan <[email protected]> 2*2d543d20SAndroid Build Coastguard Worker# 3*2d543d20SAndroid Build Coastguard Worker# Copyright (C) 2006 Red Hat 4*2d543d20SAndroid Build Coastguard Worker# see file 'COPYING' for use and warranty information 5*2d543d20SAndroid Build Coastguard Worker# 6*2d543d20SAndroid Build Coastguard Worker# This program is free software; you can redistribute it and/or 7*2d543d20SAndroid Build Coastguard Worker# modify it under the terms of the GNU General Public License as 8*2d543d20SAndroid Build Coastguard Worker# published by the Free Software Foundation; version 2 only 9*2d543d20SAndroid Build Coastguard Worker# 10*2d543d20SAndroid Build Coastguard Worker# This program is distributed in the hope that it will be useful, 11*2d543d20SAndroid Build Coastguard Worker# but WITHOUT ANY WARRANTY; without even the implied warranty of 12*2d543d20SAndroid Build Coastguard Worker# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13*2d543d20SAndroid Build Coastguard Worker# GNU General Public License for more details. 14*2d543d20SAndroid Build Coastguard Worker# 15*2d543d20SAndroid Build Coastguard Worker# You should have received a copy of the GNU General Public License 16*2d543d20SAndroid Build Coastguard Worker# along with this program; if not, write to the Free Software 17*2d543d20SAndroid Build Coastguard Worker# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18*2d543d20SAndroid Build Coastguard Worker# 19*2d543d20SAndroid Build Coastguard Worker 20*2d543d20SAndroid Build Coastguard Workerimport unittest 21*2d543d20SAndroid Build Coastguard Workerimport sepolgen.refpolicy as refpolicy 22*2d543d20SAndroid Build Coastguard Workerimport sepolgen.access as access 23*2d543d20SAndroid Build Coastguard Workerimport selinux 24*2d543d20SAndroid Build Coastguard Worker 25*2d543d20SAndroid Build Coastguard Workerclass TestIdSet(unittest.TestCase): 26*2d543d20SAndroid Build Coastguard Worker def test_set_to_str(self): 27*2d543d20SAndroid Build Coastguard Worker s = refpolicy.IdSet(["read", "write", "getattr"]) 28*2d543d20SAndroid Build Coastguard Worker s = s.to_space_str().split(' ') 29*2d543d20SAndroid Build Coastguard Worker s.sort() 30*2d543d20SAndroid Build Coastguard Worker expected = "{ read write getattr }".split(' ') 31*2d543d20SAndroid Build Coastguard Worker expected.sort() 32*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s, expected) 33*2d543d20SAndroid Build Coastguard Worker s = refpolicy.IdSet() 34*2d543d20SAndroid Build Coastguard Worker s.add("read") 35*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s.to_space_str(), "read") 36*2d543d20SAndroid Build Coastguard Worker 37*2d543d20SAndroid Build Coastguard Workerclass TestXpermSet(unittest.TestCase): 38*2d543d20SAndroid Build Coastguard Worker def test_init(self): 39*2d543d20SAndroid Build Coastguard Worker """ Test that all attributes are correctly initialized. """ 40*2d543d20SAndroid Build Coastguard Worker s1 = refpolicy.XpermSet() 41*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s1.complement, False) 42*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s1.ranges, []) 43*2d543d20SAndroid Build Coastguard Worker 44*2d543d20SAndroid Build Coastguard Worker s2 = refpolicy.XpermSet(True) 45*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s2.complement, True) 46*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s2.ranges, []) 47*2d543d20SAndroid Build Coastguard Worker 48*2d543d20SAndroid Build Coastguard Worker def test_normalize_ranges(self): 49*2d543d20SAndroid Build Coastguard Worker """ Test that ranges that are overlapping or neighboring are correctly 50*2d543d20SAndroid Build Coastguard Worker merged into one range. """ 51*2d543d20SAndroid Build Coastguard Worker s = refpolicy.XpermSet() 52*2d543d20SAndroid Build Coastguard Worker s.ranges = [(1, 7), (5, 10), (100, 110), (102, 107), (200, 205), 53*2d543d20SAndroid Build Coastguard Worker (205, 210), (300, 305), (306, 310), (400, 405), (407, 410), 54*2d543d20SAndroid Build Coastguard Worker (500, 502), (504, 508), (500, 510)] 55*2d543d20SAndroid Build Coastguard Worker s._XpermSet__normalize_ranges() 56*2d543d20SAndroid Build Coastguard Worker 57*2d543d20SAndroid Build Coastguard Worker i = 0 58*2d543d20SAndroid Build Coastguard Worker r = list(sorted(s.ranges)) 59*2d543d20SAndroid Build Coastguard Worker while i < len(r) - 1: 60*2d543d20SAndroid Build Coastguard Worker # check that range low bound is less than equal than the upper bound 61*2d543d20SAndroid Build Coastguard Worker self.assertLessEqual(r[i][0], r[i][1]) 62*2d543d20SAndroid Build Coastguard Worker # check that two ranges are not overlapping or neighboring 63*2d543d20SAndroid Build Coastguard Worker self.assertGreater(r[i + 1][0] - r[i][1], 1) 64*2d543d20SAndroid Build Coastguard Worker i += 1 65*2d543d20SAndroid Build Coastguard Worker 66*2d543d20SAndroid Build Coastguard Worker def test_add(self): 67*2d543d20SAndroid Build Coastguard Worker """ Test adding new values or ranges to the set. """ 68*2d543d20SAndroid Build Coastguard Worker s = refpolicy.XpermSet() 69*2d543d20SAndroid Build Coastguard Worker s.add(1, 7) 70*2d543d20SAndroid Build Coastguard Worker s.add(5, 10) 71*2d543d20SAndroid Build Coastguard Worker s.add(42) 72*2d543d20SAndroid Build Coastguard Worker self.assertEqual(s.ranges, [(1,10), (42,42)]) 73*2d543d20SAndroid Build Coastguard Worker 74*2d543d20SAndroid Build Coastguard Worker def test_extend(self): 75*2d543d20SAndroid Build Coastguard Worker """ Test adding ranges from another XpermSet object. """ 76*2d543d20SAndroid Build Coastguard Worker a = refpolicy.XpermSet() 77*2d543d20SAndroid Build Coastguard Worker a.add(1, 7) 78*2d543d20SAndroid Build Coastguard Worker 79*2d543d20SAndroid Build Coastguard Worker b = refpolicy.XpermSet() 80*2d543d20SAndroid Build Coastguard Worker b.add(5, 10) 81*2d543d20SAndroid Build Coastguard Worker 82*2d543d20SAndroid Build Coastguard Worker a.extend(b) 83*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.ranges, [(1,10)]) 84*2d543d20SAndroid Build Coastguard Worker 85*2d543d20SAndroid Build Coastguard Worker def test_to_string(self): 86*2d543d20SAndroid Build Coastguard Worker """ Test printing the values to a string. """ 87*2d543d20SAndroid Build Coastguard Worker a = refpolicy.XpermSet() 88*2d543d20SAndroid Build Coastguard Worker a.complement = False 89*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "") 90*2d543d20SAndroid Build Coastguard Worker a.complement = True 91*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "") 92*2d543d20SAndroid Build Coastguard Worker a.add(1234) 93*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "~ 0x4d2") 94*2d543d20SAndroid Build Coastguard Worker a.complement = False 95*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "0x4d2") 96*2d543d20SAndroid Build Coastguard Worker a.add(2345) 97*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }") 98*2d543d20SAndroid Build Coastguard Worker a.complement = True 99*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }") 100*2d543d20SAndroid Build Coastguard Worker a.add(42,64) 101*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }") 102*2d543d20SAndroid Build Coastguard Worker a.complement = False 103*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }") 104*2d543d20SAndroid Build Coastguard Worker 105*2d543d20SAndroid Build Coastguard Workerclass TestSecurityContext(unittest.TestCase): 106*2d543d20SAndroid Build Coastguard Worker def test_init(self): 107*2d543d20SAndroid Build Coastguard Worker sc = refpolicy.SecurityContext() 108*2d543d20SAndroid Build Coastguard Worker sc = refpolicy.SecurityContext("user_u:object_r:foo_t") 109*2d543d20SAndroid Build Coastguard Worker 110*2d543d20SAndroid Build Coastguard Worker def test_from_string(self): 111*2d543d20SAndroid Build Coastguard Worker context = "user_u:object_r:foo_t" 112*2d543d20SAndroid Build Coastguard Worker sc = refpolicy.SecurityContext() 113*2d543d20SAndroid Build Coastguard Worker sc.from_string(context) 114*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.user, "user_u") 115*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.role, "object_r") 116*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.type, "foo_t") 117*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.level, None) 118*2d543d20SAndroid Build Coastguard Worker if selinux.is_selinux_mls_enabled(): 119*2d543d20SAndroid Build Coastguard Worker self.assertEqual(str(sc), context + ":s0") 120*2d543d20SAndroid Build Coastguard Worker else: 121*2d543d20SAndroid Build Coastguard Worker self.assertEqual(str(sc), context) 122*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.to_string(default_level="s1"), context + ":s1") 123*2d543d20SAndroid Build Coastguard Worker 124*2d543d20SAndroid Build Coastguard Worker context = "user_u:object_r:foo_t:s0-s0:c0-c255" 125*2d543d20SAndroid Build Coastguard Worker sc = refpolicy.SecurityContext() 126*2d543d20SAndroid Build Coastguard Worker sc.from_string(context) 127*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.user, "user_u") 128*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.role, "object_r") 129*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.type, "foo_t") 130*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.level, "s0-s0:c0-c255") 131*2d543d20SAndroid Build Coastguard Worker self.assertEqual(str(sc), context) 132*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc.to_string(), context) 133*2d543d20SAndroid Build Coastguard Worker 134*2d543d20SAndroid Build Coastguard Worker sc = refpolicy.SecurityContext() 135*2d543d20SAndroid Build Coastguard Worker self.assertRaises(ValueError, sc.from_string, "abc") 136*2d543d20SAndroid Build Coastguard Worker 137*2d543d20SAndroid Build Coastguard Worker def test_equal(self): 138*2d543d20SAndroid Build Coastguard Worker sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t") 139*2d543d20SAndroid Build Coastguard Worker sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t") 140*2d543d20SAndroid Build Coastguard Worker sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0") 141*2d543d20SAndroid Build Coastguard Worker sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t") 142*2d543d20SAndroid Build Coastguard Worker 143*2d543d20SAndroid Build Coastguard Worker self.assertEqual(sc1, sc2) 144*2d543d20SAndroid Build Coastguard Worker self.assertNotEqual(sc1, sc3) 145*2d543d20SAndroid Build Coastguard Worker self.assertNotEqual(sc1, sc4) 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Workerclass TestObjectClass(unittest.TestCase): 148*2d543d20SAndroid Build Coastguard Worker def test_init(self): 149*2d543d20SAndroid Build Coastguard Worker o = refpolicy.ObjectClass(name="file") 150*2d543d20SAndroid Build Coastguard Worker self.assertEqual(o.name, "file") 151*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(o.perms, set)) 152*2d543d20SAndroid Build Coastguard Worker 153*2d543d20SAndroid Build Coastguard Workerclass TestAVRule(unittest.TestCase): 154*2d543d20SAndroid Build Coastguard Worker def test_init(self): 155*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVRule() 156*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.rule_type, a.ALLOW) 157*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.src_types, set)) 158*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.tgt_types, set)) 159*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.obj_classes, set)) 160*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.perms, set)) 161*2d543d20SAndroid Build Coastguard Worker 162*2d543d20SAndroid Build Coastguard Worker def test_to_string(self): 163*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVRule() 164*2d543d20SAndroid Build Coastguard Worker a.src_types.add("foo_t") 165*2d543d20SAndroid Build Coastguard Worker a.tgt_types.add("bar_t") 166*2d543d20SAndroid Build Coastguard Worker a.obj_classes.add("file") 167*2d543d20SAndroid Build Coastguard Worker a.perms.add("read") 168*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "allow foo_t bar_t:file read;") 169*2d543d20SAndroid Build Coastguard Worker 170*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.DONTAUDIT 171*2d543d20SAndroid Build Coastguard Worker a.src_types.add("user_t") 172*2d543d20SAndroid Build Coastguard Worker a.tgt_types.add("user_home_t") 173*2d543d20SAndroid Build Coastguard Worker a.obj_classes.add("lnk_file") 174*2d543d20SAndroid Build Coastguard Worker a.perms.add("write") 175*2d543d20SAndroid Build Coastguard Worker # This test might need to go because set ordering is not guaranteed 176*2d543d20SAndroid Build Coastguard Worker a = a.to_string().split(' ') 177*2d543d20SAndroid Build Coastguard Worker a.sort() 178*2d543d20SAndroid Build Coastguard Worker b = "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };".split(' ') 179*2d543d20SAndroid Build Coastguard Worker b.sort() 180*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a, b) 181*2d543d20SAndroid Build Coastguard Worker 182*2d543d20SAndroid Build Coastguard Workerclass TestAVExtRule(unittest.TestCase): 183*2d543d20SAndroid Build Coastguard Worker def test_init(self): 184*2d543d20SAndroid Build Coastguard Worker """ Test initialization of attributes """ 185*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVExtRule() 186*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.rule_type, a.ALLOWXPERM) 187*2d543d20SAndroid Build Coastguard Worker self.assertIsInstance(a.src_types, set) 188*2d543d20SAndroid Build Coastguard Worker self.assertIsInstance(a.tgt_types, set) 189*2d543d20SAndroid Build Coastguard Worker self.assertIsInstance(a.obj_classes, set) 190*2d543d20SAndroid Build Coastguard Worker self.assertIsNone(a.operation) 191*2d543d20SAndroid Build Coastguard Worker self.assertIsInstance(a.xperms, refpolicy.XpermSet) 192*2d543d20SAndroid Build Coastguard Worker 193*2d543d20SAndroid Build Coastguard Worker def test_rule_type_str(self): 194*2d543d20SAndroid Build Coastguard Worker """ Test strings returned by __rule_type_str() """ 195*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVExtRule() 196*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm") 197*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.ALLOWXPERM 198*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm") 199*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.DONTAUDITXPERM 200*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a._AVExtRule__rule_type_str(), "dontauditxperm") 201*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.NEVERALLOWXPERM 202*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a._AVExtRule__rule_type_str(), "neverallowxperm") 203*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.AUDITALLOWXPERM 204*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a._AVExtRule__rule_type_str(), "auditallowxperm") 205*2d543d20SAndroid Build Coastguard Worker a.rule_type = 42 206*2d543d20SAndroid Build Coastguard Worker self.assertIsNone(a._AVExtRule__rule_type_str()) 207*2d543d20SAndroid Build Coastguard Worker 208*2d543d20SAndroid Build Coastguard Worker def test_from_av(self): 209*2d543d20SAndroid Build Coastguard Worker """ Test creating the rule from an access vector. """ 210*2d543d20SAndroid Build Coastguard Worker av = access.AccessVector(["foo", "bar", "file", "ioctl"]) 211*2d543d20SAndroid Build Coastguard Worker xp = refpolicy.XpermSet() 212*2d543d20SAndroid Build Coastguard Worker av.xperms = { "ioctl": xp } 213*2d543d20SAndroid Build Coastguard Worker 214*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVExtRule() 215*2d543d20SAndroid Build Coastguard Worker 216*2d543d20SAndroid Build Coastguard Worker a.from_av(av, "ioctl") 217*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.src_types, {"foo"}) 218*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.tgt_types, {"bar"}) 219*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.obj_classes, {"file"}) 220*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.operation, "ioctl") 221*2d543d20SAndroid Build Coastguard Worker self.assertIs(a.xperms, xp) 222*2d543d20SAndroid Build Coastguard Worker 223*2d543d20SAndroid Build Coastguard Worker def test_from_av_self(self): 224*2d543d20SAndroid Build Coastguard Worker """ Test creating the rule from an access vector that has same 225*2d543d20SAndroid Build Coastguard Worker source and target context. """ 226*2d543d20SAndroid Build Coastguard Worker av = access.AccessVector(["foo", "foo", "file", "ioctl"]) 227*2d543d20SAndroid Build Coastguard Worker xp = refpolicy.XpermSet() 228*2d543d20SAndroid Build Coastguard Worker av.xperms = { "ioctl": xp } 229*2d543d20SAndroid Build Coastguard Worker 230*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVExtRule() 231*2d543d20SAndroid Build Coastguard Worker 232*2d543d20SAndroid Build Coastguard Worker a.from_av(av, "ioctl") 233*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.src_types, {"foo"}) 234*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.tgt_types, {"self"}) 235*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.obj_classes, {"file"}) 236*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.operation, "ioctl") 237*2d543d20SAndroid Build Coastguard Worker self.assertIs(a.xperms, xp) 238*2d543d20SAndroid Build Coastguard Worker 239*2d543d20SAndroid Build Coastguard Worker def test_to_string(self): 240*2d543d20SAndroid Build Coastguard Worker """ Test printing the rule to a string. """ 241*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVExtRule() 242*2d543d20SAndroid Build Coastguard Worker a._AVExtRule__rule_type_str = lambda: "first" 243*2d543d20SAndroid Build Coastguard Worker a.src_types.to_space_str = lambda: "second" 244*2d543d20SAndroid Build Coastguard Worker a.tgt_types.to_space_str = lambda: "third" 245*2d543d20SAndroid Build Coastguard Worker a.obj_classes.to_space_str = lambda: "fourth" 246*2d543d20SAndroid Build Coastguard Worker a.operation = "fifth" 247*2d543d20SAndroid Build Coastguard Worker a.xperms.to_string = lambda: "seventh" 248*2d543d20SAndroid Build Coastguard Worker 249*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), 250*2d543d20SAndroid Build Coastguard Worker "first second third:fourth fifth seventh;") 251*2d543d20SAndroid Build Coastguard Worker 252*2d543d20SAndroid Build Coastguard Workerclass TestTypeRule(unittest.TestCase): 253*2d543d20SAndroid Build Coastguard Worker def test_init(self): 254*2d543d20SAndroid Build Coastguard Worker a = refpolicy.TypeRule() 255*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.rule_type, a.TYPE_TRANSITION) 256*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.src_types, set)) 257*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.tgt_types, set)) 258*2d543d20SAndroid Build Coastguard Worker self.assertTrue(isinstance(a.obj_classes, set)) 259*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.dest_type, "") 260*2d543d20SAndroid Build Coastguard Worker 261*2d543d20SAndroid Build Coastguard Worker def test_to_string(self): 262*2d543d20SAndroid Build Coastguard Worker a = refpolicy.TypeRule() 263*2d543d20SAndroid Build Coastguard Worker a.src_types.add("foo_t") 264*2d543d20SAndroid Build Coastguard Worker a.tgt_types.add("bar_exec_t") 265*2d543d20SAndroid Build Coastguard Worker a.obj_classes.add("process") 266*2d543d20SAndroid Build Coastguard Worker a.dest_type = "bar_t" 267*2d543d20SAndroid Build Coastguard Worker self.assertEqual(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;") 268*2d543d20SAndroid Build Coastguard Worker 269*2d543d20SAndroid Build Coastguard Worker 270*2d543d20SAndroid Build Coastguard Workerclass TestParseNode(unittest.TestCase): 271*2d543d20SAndroid Build Coastguard Worker def test_walktree(self): 272*2d543d20SAndroid Build Coastguard Worker # Construct a small tree 273*2d543d20SAndroid Build Coastguard Worker h = refpolicy.Headers() 274*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVRule() 275*2d543d20SAndroid Build Coastguard Worker a.src_types.add("foo_t") 276*2d543d20SAndroid Build Coastguard Worker a.tgt_types.add("bar_t") 277*2d543d20SAndroid Build Coastguard Worker a.obj_classes.add("file") 278*2d543d20SAndroid Build Coastguard Worker a.perms.add("read") 279*2d543d20SAndroid Build Coastguard Worker 280*2d543d20SAndroid Build Coastguard Worker ifcall = refpolicy.InterfaceCall(ifname="allow_foobar") 281*2d543d20SAndroid Build Coastguard Worker ifcall.args.append("foo_t") 282*2d543d20SAndroid Build Coastguard Worker ifcall.args.append("{ file dir }") 283*2d543d20SAndroid Build Coastguard Worker 284*2d543d20SAndroid Build Coastguard Worker i = refpolicy.Interface(name="foo") 285*2d543d20SAndroid Build Coastguard Worker i.children.append(a) 286*2d543d20SAndroid Build Coastguard Worker i.children.append(ifcall) 287*2d543d20SAndroid Build Coastguard Worker h.children.append(i) 288*2d543d20SAndroid Build Coastguard Worker 289*2d543d20SAndroid Build Coastguard Worker a = refpolicy.AVRule() 290*2d543d20SAndroid Build Coastguard Worker a.rule_type = a.DONTAUDIT 291*2d543d20SAndroid Build Coastguard Worker a.src_types.add("user_t") 292*2d543d20SAndroid Build Coastguard Worker a.tgt_types.add("user_home_t") 293*2d543d20SAndroid Build Coastguard Worker a.obj_classes.add("lnk_file") 294*2d543d20SAndroid Build Coastguard Worker a.perms.add("write") 295*2d543d20SAndroid Build Coastguard Worker i = refpolicy.Interface(name="bar") 296*2d543d20SAndroid Build Coastguard Worker i.children.append(a) 297*2d543d20SAndroid Build Coastguard Worker h.children.append(i) 298*2d543d20SAndroid Build Coastguard Worker 299*2d543d20SAndroid Build Coastguard Workerclass TestHeaders(unittest.TestCase): 300*2d543d20SAndroid Build Coastguard Worker def test_iter(self): 301*2d543d20SAndroid Build Coastguard Worker h = refpolicy.Headers() 302*2d543d20SAndroid Build Coastguard Worker h.children.append(refpolicy.Interface(name="foo")) 303*2d543d20SAndroid Build Coastguard Worker h.children.append(refpolicy.Interface(name="bar")) 304*2d543d20SAndroid Build Coastguard Worker h.children.append(refpolicy.ClassMap("file", "read write")) 305*2d543d20SAndroid Build Coastguard Worker i = 0 306*2d543d20SAndroid Build Coastguard Worker for node in h: 307*2d543d20SAndroid Build Coastguard Worker i += 1 308*2d543d20SAndroid Build Coastguard Worker self.assertEqual(i, 3) 309*2d543d20SAndroid Build Coastguard Worker 310*2d543d20SAndroid Build Coastguard Worker i = 0 311*2d543d20SAndroid Build Coastguard Worker for node in h.interfaces(): 312*2d543d20SAndroid Build Coastguard Worker i += 1 313*2d543d20SAndroid Build Coastguard Worker self.assertEqual(i, 2) 314*2d543d20SAndroid Build Coastguard Worker 315