def test_init(self): """ Test that all attributes are correctly initialized. """ s1 = refpolicy.XpermSet() self.assertEqual(s1.complement, False) self.assertEqual(s1.ranges, []) s2 = refpolicy.XpermSet(True) self.assertEqual(s2.complement, True) self.assertEqual(s2.ranges, [])
def test_extend(self): """ Test adding ranges from another XpermSet object. """ a = refpolicy.XpermSet() a.add(1, 7) b = refpolicy.XpermSet() b.add(5, 10) a.extend(b) self.assertEqual(a.ranges, [(1, 10)])
def test_add(self): """ Test adding new values or ranges to the set. """ s = refpolicy.XpermSet() s.add(1, 7) s.add(5, 10) s.add(42) self.assertEqual(s.ranges, [(1, 10), (42, 42)])
def test_merge_xperm_same_op(self): """Test merging two AVs that contain xperms with same operation""" a = access.AccessVector(["foo", "bar", "file", "read"]) xp1 = refpolicy.XpermSet() xp1.add(23) a.xperms = {"ioctl": xp1} b = access.AccessVector(["foo", "bar", "file", "read"]) xp2 = refpolicy.XpermSet() xp2.add(42) xp2.add(12345) b.xperms = {"ioctl": xp2} a.merge(b) self.assertEqual(list(a.perms), ["read"]) self.assertEqual(list(a.xperms.keys()), ["ioctl"]) self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
def test_merge_xperm_diff_op(self): """Test merging two AVs that contain xperms with different operation""" a = access.AccessVector(["foo", "bar", "file", "read"]) xp1 = refpolicy.XpermSet() xp1.add(23) a.xperms = {"asdf": xp1} b = access.AccessVector(["foo", "bar", "file", "read"]) xp2 = refpolicy.XpermSet() xp2.add(42) xp2.add(12345) b.xperms = {"ioctl": xp2} a.merge(b) self.assertEqual(list(a.perms), ["read"]) self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"]) self.assertEqual(a.xperms["asdf"].to_string(), "0x17") self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
def text_merge_xperm2(self): """Test merging AV that does not contain xperms with AV that does""" a = access.AccessVector(["foo", "bar", "file", "read"]) xp = refpolicy.XpermSet() xp.add(42) xp.add(12345) a.xperms = {"ioctl": xp} b = access.AccessVector(["foo", "bar", "file", "read"]) a.merge(b) self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"]) self.assertEqual(list(a.xperms.keys()), ["ioctl"]) self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
def test_from_av(self): """ Test creating the rule from an access vector. """ av = access.AccessVector(["foo", "bar", "file", "ioctl"]) xp = refpolicy.XpermSet() av.xperms = {"ioctl": xp} a = refpolicy.AVExtRule() a.from_av(av, "ioctl") self.assertEqual(a.src_types, {"foo"}) self.assertEqual(a.tgt_types, {"bar"}) self.assertEqual(a.obj_classes, {"file"}) self.assertEqual(a.operation, "ioctl") self.assertIs(a.xperms, xp)
def test_normalize_ranges(self): """ Test that ranges that are overlapping or neighboring are correctly merged into one range. """ s = refpolicy.XpermSet() s.ranges = [(1, 7), (5, 10), (100, 110), (102, 107), (200, 205), (205, 210), (300, 305), (306, 310), (400, 405), (407, 410), (500, 502), (504, 508), (500, 510)] s._XpermSet__normalize_ranges() i = 0 r = list(sorted(s.ranges)) while i < len(r) - 1: # check that range low bound is less than equal than the upper bound self.assertLessEqual(r[i][0], r[i][1]) # check that two ranges are not overlapping or neighboring self.assertGreater(r[i + 1][0] - r[i][1], 1) i += 1
def test_to_string(self): """ Test printing the values to a string. """ a = refpolicy.XpermSet() a.complement = False self.assertEqual(a.to_string(), "") a.complement = True self.assertEqual(a.to_string(), "") a.add(1234) self.assertEqual(a.to_string(), "~ 0x4d2") a.complement = False self.assertEqual(a.to_string(), "0x4d2") a.add(2345) self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }") a.complement = True self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }") a.add(42, 64) self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }") a.complement = False self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
def test_to_string(self): """ Test printing the values to a string. """ a = refpolicy.XpermSet() a.complement = False self.assertEqual(a.to_string(), "") a.complement = True self.assertEqual(a.to_string(), "") a.add(1234) self.assertEqual(a.to_string(), "~ 1234") a.complement = False self.assertEqual(a.to_string(), "1234") a.add(2345) self.assertEqual(a.to_string(), "{ 1234 2345 }") a.complement = True self.assertEqual(a.to_string(), "~ { 1234 2345 }") a.add(42, 64) self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }") a.complement = False self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
def test_ext_av_rules(self): """ Test generating of extended permission AV rules from access vectors. """ self.g.set_gen_xperms(True) av1 = access.AccessVector( ["test_src_t", "test_tgt_t", "file", "ioctl"]) av1.xperms['ioctl'] = refpolicy.XpermSet() av1.xperms['ioctl'].add(42) av2 = access.AccessVector( ["test_src_t", "test_tgt_t", "file", "ioctl"]) av2.xperms['ioctl'] = refpolicy.XpermSet() av2.xperms['ioctl'].add(1234) av3 = access.AccessVector(["test_src_t", "test_tgt_t", "dir", "ioctl"]) av3.xperms['ioctl'] = refpolicy.XpermSet() av3.xperms['ioctl'].add(2345) avs = access.AccessVectorSet() avs.add_av(av1) avs.add_av(av2) avs.add_av(av3) self.g.add_access(avs) self.assertEqual(len(self.g.module.children), 4) # we cannot sort the rules, so find all rules manually av_rule1 = av_rule2 = av_ext_rule1 = av_ext_rule2 = None for r in self.g.module.children: if isinstance(r, refpolicy.AVRule): if 'file' in r.obj_classes: av_rule1 = r else: av_rule2 = r elif isinstance(r, refpolicy.AVExtRule): if 'file' in r.obj_classes: av_ext_rule1 = r else: av_ext_rule2 = r else: self.fail("Unexpected rule type '%s'" % type(r)) # check that all rules are present self.assertNotIn(None, (av_rule1, av_rule2, av_ext_rule1, av_ext_rule2)) self.assertEqual(av_rule1.rule_type, av_rule1.ALLOW) self.assertEqual(av_rule1.src_types, {"test_src_t"}) self.assertEqual(av_rule1.tgt_types, {"test_tgt_t"}) self.assertEqual(av_rule1.obj_classes, {"file"}) self.assertEqual(av_rule1.perms, {"ioctl"}) self.assertEqual(av_ext_rule1.rule_type, av_ext_rule1.ALLOWXPERM) self.assertEqual(av_ext_rule1.src_types, {"test_src_t"}) self.assertEqual(av_ext_rule1.tgt_types, {"test_tgt_t"}) self.assertEqual(av_ext_rule1.obj_classes, {"file"}) self.assertEqual(av_ext_rule1.operation, "ioctl") xp1 = refpolicy.XpermSet() xp1.add(42) xp1.add(1234) self.assertEqual(av_ext_rule1.xperms.ranges, xp1.ranges) self.assertEqual(av_rule2.rule_type, av_rule2.ALLOW) self.assertEqual(av_rule2.src_types, {"test_src_t"}) self.assertEqual(av_rule2.tgt_types, {"test_tgt_t"}) self.assertEqual(av_rule2.obj_classes, {"dir"}) self.assertEqual(av_rule2.perms, {"ioctl"}) self.assertEqual(av_ext_rule2.rule_type, av_ext_rule2.ALLOWXPERM) self.assertEqual(av_ext_rule2.src_types, {"test_src_t"}) self.assertEqual(av_ext_rule2.tgt_types, {"test_tgt_t"}) self.assertEqual(av_ext_rule2.obj_classes, {"dir"}) self.assertEqual(av_ext_rule2.operation, "ioctl") xp2 = refpolicy.XpermSet() xp2.add(2345) self.assertEqual(av_ext_rule2.xperms.ranges, xp2.ranges)