xref: /aosp_15_r20/external/selinux/python/sepolicy/test_sepolicy.py (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1*2d543d20SAndroid Build Coastguard Workerimport unittest
2*2d543d20SAndroid Build Coastguard Workerimport os
3*2d543d20SAndroid Build Coastguard Workerimport shutil
4*2d543d20SAndroid Build Coastguard Workerfrom tempfile import mkdtemp
5*2d543d20SAndroid Build Coastguard Workerfrom subprocess import Popen, PIPE
6*2d543d20SAndroid Build Coastguard Worker
7*2d543d20SAndroid Build Coastguard Worker
8*2d543d20SAndroid Build Coastguard Workerclass SepolicyTests(unittest.TestCase):
9*2d543d20SAndroid Build Coastguard Worker
10*2d543d20SAndroid Build Coastguard Worker    def assertDenied(self, err):
11*2d543d20SAndroid Build Coastguard Worker        self.assert_('Permission denied' in err,
12*2d543d20SAndroid Build Coastguard Worker                     '"Permission denied" not found in %r' % err)
13*2d543d20SAndroid Build Coastguard Worker
14*2d543d20SAndroid Build Coastguard Worker    def assertNotFound(self, err):
15*2d543d20SAndroid Build Coastguard Worker        self.assert_('not found' in err,
16*2d543d20SAndroid Build Coastguard Worker                     '"not found" not found in %r' % err)
17*2d543d20SAndroid Build Coastguard Worker
18*2d543d20SAndroid Build Coastguard Worker    def assertFailure(self, status):
19*2d543d20SAndroid Build Coastguard Worker        self.assertNotEqual(status, 0,
20*2d543d20SAndroid Build Coastguard Worker                     'Succeeded when it should have failed')
21*2d543d20SAndroid Build Coastguard Worker
22*2d543d20SAndroid Build Coastguard Worker    def assertSuccess(self, status, err):
23*2d543d20SAndroid Build Coastguard Worker        self.assertEqual(status, 0,
24*2d543d20SAndroid Build Coastguard Worker                     'sepolicy should have succeeded for this test %r' % err)
25*2d543d20SAndroid Build Coastguard Worker
26*2d543d20SAndroid Build Coastguard Worker    def test_man_domain(self):
27*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy manpage -d works"
28*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'manpage', '-d', 'httpd_t'], stdout=PIPE)
29*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
30*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
31*2d543d20SAndroid Build Coastguard Worker
32*2d543d20SAndroid Build Coastguard Worker    def test_man_all(self):
33*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy manpage -a works"
34*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'manpage', '-a'], stdout=PIPE)
35*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
36*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
37*2d543d20SAndroid Build Coastguard Worker
38*2d543d20SAndroid Build Coastguard Worker    def test_network_l(self):
39*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy network -l works"
40*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'network', '-l'], stdout=PIPE)
41*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
42*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
43*2d543d20SAndroid Build Coastguard Worker
44*2d543d20SAndroid Build Coastguard Worker    def test_network_t(self):
45*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy network -t works"
46*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'network', '-t', 'http_port_t'], stdout=PIPE)
47*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
48*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
49*2d543d20SAndroid Build Coastguard Worker
50*2d543d20SAndroid Build Coastguard Worker    def test_network_p(self):
51*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy network -p works"
52*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'network', '-p', '80'], stdout=PIPE)
53*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
54*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
55*2d543d20SAndroid Build Coastguard Worker
56*2d543d20SAndroid Build Coastguard Worker    def test_network_d(self):
57*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy network -d works"
58*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'network', '-d', 'httpd_t'], stdout=PIPE)
59*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
60*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
61*2d543d20SAndroid Build Coastguard Worker
62*2d543d20SAndroid Build Coastguard Worker    def test_transition_s(self):
63*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy transition -s works"
64*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'transition', '-s', 'httpd_t'], stdout=PIPE)
65*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
66*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
67*2d543d20SAndroid Build Coastguard Worker
68*2d543d20SAndroid Build Coastguard Worker    def test_transition_t(self):
69*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy transition -t works"
70*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'transition', '-s', 'httpd_t', '-t', 'sendmail_t'], stdout=PIPE)
71*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
72*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
73*2d543d20SAndroid Build Coastguard Worker
74*2d543d20SAndroid Build Coastguard Worker    def test_booleans_a(self):
75*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy booleans -a works"
76*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'booleans', '-a'], stdout=PIPE)
77*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
78*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
79*2d543d20SAndroid Build Coastguard Worker
80*2d543d20SAndroid Build Coastguard Worker    def test_booleans_b_alias(self):
81*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy booleans -b works"
82*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'booleans', '-b', 'allow_ypbind'], stdout=PIPE)
83*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
84*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
85*2d543d20SAndroid Build Coastguard Worker
86*2d543d20SAndroid Build Coastguard Worker    def test_booleans_b(self):
87*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy booleans -b works"
88*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'booleans', '-b', 'nis_enabled'], stdout=PIPE)
89*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
90*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
91*2d543d20SAndroid Build Coastguard Worker
92*2d543d20SAndroid Build Coastguard Worker    def test_interface_l(self):
93*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy interface -l works"
94*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'interface', '-l'], stdout=PIPE)
95*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
96*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
97*2d543d20SAndroid Build Coastguard Worker
98*2d543d20SAndroid Build Coastguard Worker    def test_interface_a(self):
99*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy interface -a works"
100*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'interface', '-a'], stdout=PIPE)
101*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
102*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
103*2d543d20SAndroid Build Coastguard Worker
104*2d543d20SAndroid Build Coastguard Worker    def test_interface_p(self):
105*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy interface -u works"
106*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'interface', '-u'], stdout=PIPE)
107*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
108*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
109*2d543d20SAndroid Build Coastguard Worker
110*2d543d20SAndroid Build Coastguard Worker    def test_interface_ci(self):
111*2d543d20SAndroid Build Coastguard Worker        "Verify sepolicy interface -c -i works"
112*2d543d20SAndroid Build Coastguard Worker        p = Popen(['sepolicy', 'interface', '-c', '-i', 'apache_admin'], stdout=PIPE)
113*2d543d20SAndroid Build Coastguard Worker        out, err = p.communicate()
114*2d543d20SAndroid Build Coastguard Worker        self.assertSuccess(p.returncode, err)
115*2d543d20SAndroid Build Coastguard Worker
116*2d543d20SAndroid Build Coastguard Workerif __name__ == "__main__":
117*2d543d20SAndroid Build Coastguard Worker    import selinux
118*2d543d20SAndroid Build Coastguard Worker    if selinux.is_selinux_enabled() and selinux.security_getenforce() == 1:
119*2d543d20SAndroid Build Coastguard Worker        unittest.main()
120*2d543d20SAndroid Build Coastguard Worker    else:
121*2d543d20SAndroid Build Coastguard Worker        print("SELinux must be in enforcing mode for this test")
122