class PolCapQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/permissivequery.conf")
def test_000_unset(self):
"""Policy capability query with no criteria"""
# query with no parameters gets all permissives
for numtypes, t in enumerate(self.p.permissives(), start=1):
pass
q = PermissiveQuery(self.p)
for q_numtypes, t in enumerate(q.results(), start=1):
pass
self.assertEqual(numtypes, q_numtypes)
def test_001_name_exact(self):
"""Permissive query with exact match"""
q = PermissiveQuery(self.p, name="test1", name_regex=False)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test1"], types)
def test_002_name_regex(self):
"""Permissive query query with regex match"""
q = PermissiveQuery(self.p, name="test2(a|b)$", name_regex=True)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test2a", "test2b"], types)
class PolCapQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/polcapquery.conf")
def test_000_unset(self):
"""Policy capability query with no criteria"""
# query with no parameters gets all capabilities.
allcaps = sorted(str(c) for c in self.p.polcaps())
q = PolCapQuery(self.p)
qcaps = sorted(str(c) for c in q.results())
self.assertListEqual(allcaps, qcaps)
def test_001_name_exact(self):
"""Policy capability query with exact match"""
q = PolCapQuery(self.p, name="open_perms", name_regex=False)
caps = sorted(str(c) for c in q.results())
self.assertListEqual(["open_perms"], caps)
def test_002_name_regex(self):
"""Policy capability query with regex match"""
q = PolCapQuery(self.p, name="pe?er", name_regex=True)
caps = sorted(str(c) for c in q.results())
self.assertListEqual(["network_peer_controls", "open_perms"], caps)
class RoleQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/rolequery.conf")
def test_000_unset(self):
"""Role query with no criteria."""
# query with no parameters gets all types.
for numroles, r in enumerate(self.p.roles(), start=1):
pass
q = RoleQuery(self.p)
for q_numroles, t in enumerate(q.results(), start=1):
pass
# numroles-1 as object_r is skipped from the role query
self.assertEqual(numroles - 1, q_numroles)
def test_001_name_exact(self):
"""Role query with exact name match."""
q = RoleQuery(self.p, name="test1")
roles = sorted(str(r) for r in q.results())
self.assertListEqual(["test1"], roles)
def test_002_name_regex(self):
"""Role query with regex name match."""
q = RoleQuery(self.p, name="test2(a|b)", name_regex=True)
roles = sorted(str(r) for r in q.results())
self.assertListEqual(["test2a", "test2b"], roles)
def test_010_type_intersect(self):
"""Role query with type set intersection."""
q = RoleQuery(self.p, types=["test10a", "test10b"])
roles = sorted(str(r) for r in q.results())
self.assertListEqual(["test10r1", "test10r2", "test10r3",
"test10r4", "test10r5", "test10r6"], roles)
def test_011_type_equality(self):
"""Role query with type set equality."""
q = RoleQuery(self.p, types=["test11a", "test11b"], types_equal=True)
roles = sorted(str(r) for r in q.results())
self.assertListEqual(["test11r2"], roles)
def test_012_type_regex(self):
"""Role query with type set match."""
q = RoleQuery(self.p, types="test12(a|b)", types_regex=True)
roles = sorted(str(r) for r in q.results())
self.assertListEqual(["test12r1", "test12r2", "test12r3",
"test12r4", "test12r5", "test12r6"], roles)
class UserQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/userquery.conf")
def test_000_unset(self):
"""User query with no criteria."""
# query with no parameters gets all types.
allusers = sorted(str(u) for u in self.p.users())
q = UserQuery(self.p)
qusers = sorted(str(u) for u in q.results())
self.assertListEqual(allusers, qusers)
def test_001_name_exact(self):
"""User query with exact name match."""
q = UserQuery(self.p, name="test1_u")
users = sorted(str(u) for u in q.results())
self.assertListEqual(["test1_u"], users)
def test_002_name_regex(self):
"""User query with regex name match."""
q = UserQuery(self.p, name="test2_u(1|2)", name_regex=True)
users = sorted(str(u) for u in q.results())
self.assertListEqual(["test2_u1", "test2_u2"], users)
def test_010_role_intersect(self):
"""User query with role set intersection."""
q = UserQuery(self.p, roles=["test10a_r", "test10b_r"])
users = sorted(str(u) for u in q.results())
self.assertListEqual(["test10_u1", "test10_u2", "test10_u3",
"test10_u4", "test10_u5", "test10_u6"], users)
def test_011_role_equality(self):
"""User query with role set equality."""
q = UserQuery(
self.p, roles=["test11a_r", "test11b_r"], roles_equal=True)
users = sorted(str(u) for u in q.results())
self.assertListEqual(["test11_u2"], users)
def test_012_role_regex(self):
"""User query with role regex match."""
q = UserQuery(self.p, roles="test12(a|b)_r", roles_regex=True)
users = sorted(str(u) for u in q.results())
self.assertListEqual(["test12_u1", "test12_u2", "test12_u3",
"test12_u4", "test12_u5", "test12_u6"], users)
class CommonQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/commonquery.conf")
def test_000_unset(self):
"""Common query with no criteria."""
# query with no parameters gets all types.
for numcommons, c in enumerate(self.p.commons(), start=1):
pass
q = CommonQuery(self.p)
for q_numcommons, u in enumerate(q.results(), start=1):
pass
self.assertEqual(numcommons, q_numcommons)
def test_001_name_exact(self):
"""Common query with exact name match."""
q = CommonQuery(self.p, name="test1")
commons = sorted(str(c) for c in q.results())
self.assertListEqual(["test1"], commons)
def test_002_name_regex(self):
"""Common query with regex name match."""
q = CommonQuery(self.p, name="test2(a|b)", name_regex=True)
commons = sorted(str(c) for c in q.results())
self.assertListEqual(["test2a", "test2b"], commons)
def test_010_perm_indirect_intersect(self):
"""Common query with intersect permission name patch."""
q = CommonQuery(self.p, perms=set(["null"]), perms_equal=False)
commons = sorted(str(c) for c in q.results())
self.assertListEqual(["test10a", "test10b"], commons)
def test_011_perm_indirect_equal(self):
"""Common query with equal permission name patch."""
q = CommonQuery(self.p, perms=set(["read", "write"]), perms_equal=True)
commons = sorted(str(c) for c in q.results())
self.assertListEqual(["test11a"], commons)
def test_012_perm_indirect_regex(self):
"""Common query with regex permission name patch."""
q = CommonQuery(self.p, perms="sig.+", perms_regex=True)
commons = sorted(str(c) for c in q.results())
self.assertListEqual(["test12a", "test12b"], commons)
class BoundsQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/boundsquery.conf")
def test_000_unset(self):
"""Bounds query with no criteria."""
# query with no parameters gets all bounds.
allbounds = sorted(self.p.bounds())
q = BoundsQuery(self.p)
qbounds = sorted(q.results())
self.assertListEqual(allbounds, qbounds)
def test_001_parent_exact(self):
"""Bounds query with exact parent match."""
q = BoundsQuery(self.p, parent="test1_parent", parent_regex=False)
qbounds = sorted(q.results())
self.assertEqual(1, len(qbounds))
b = qbounds[0]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test1_parent", b.parent)
self.assertEqual("test1_child", b.child)
def test_002_parent_regex(self):
"""Bounds query with regex parent match."""
q = BoundsQuery(self.p, parent="test2_parent?", parent_regex=True)
qbounds = sorted(q.results())
self.assertEqual(2, len(qbounds))
b = qbounds[0]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test2_parent1", b.parent)
self.assertEqual("test2_child2", b.child)
b = qbounds[1]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test2_parent2", b.parent)
self.assertEqual("test2_child1", b.child)
def test_010_child_exact(self):
"""Bounds query with exact child match."""
q = BoundsQuery(self.p, child="test10_child", child_regex=False)
qbounds = sorted(q.results())
self.assertEqual(1, len(qbounds))
b = qbounds[0]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test10_parent", b.parent)
self.assertEqual("test10_child", b.child)
def test_011_child_regex(self):
"""Bounds query with regex child match."""
q = BoundsQuery(self.p, child="test11_child?", child_regex=True)
qbounds = sorted(q.results())
self.assertEqual(2, len(qbounds))
b = qbounds[0]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test11_parent1", b.parent)
self.assertEqual("test11_child2", b.child)
b = qbounds[1]
self.assertEqual(BoundsRuletype.typebounds, b.ruletype)
self.assertEqual("test11_parent2", b.parent)
self.assertEqual("test11_child1", b.child)
class TERuleQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/terulequery.conf")
def test_000_unset(self):
"""TE rule query with no criteria."""
# query with no parameters gets all TE rules.
for numrules, r in enumerate(self.p.terules(), start=1):
pass
q = TERuleQuery(self.p)
for q_numrules, r in enumerate(q.results(), start=1):
pass
self.assertEqual(numrules, q_numrules)
def test_001_source_direct(self):
"""TE rule query with exact, direct, source match."""
q = TERuleQuery(
self.p, source="test1a", source_indirect=False, source_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test1a")
self.assertEqual(r[0].target, "test1t")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_002_source_indirect(self):
"""TE rule query with exact, indirect, source match."""
q = TERuleQuery(
self.p, source="test2s", source_indirect=True, source_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test2a")
self.assertEqual(r[0].target, "test2t")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_003_source_direct_regex(self):
"""TE rule query with regex, direct, source match."""
q = TERuleQuery(
self.p, source="test3a.*", source_indirect=False, source_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test3aS")
self.assertEqual(r[0].target, "test3t")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["low_r"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_004_source_indirect_regex(self):
"""TE rule query with regex, indirect, source match."""
q = TERuleQuery(
self.p, source="test4(s|t)", source_indirect=True, source_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test4a1")
self.assertEqual(r[0].target, "test4a1")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test4a2")
self.assertEqual(r[1].target, "test4a2")
self.assertEqual(r[1].tclass, "infoflow")
self.assertSetEqual(set(["low_r"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_005_target_direct(self):
"""TE rule query with exact, direct, target match."""
q = TERuleQuery(
self.p, target="test5a", target_indirect=False, target_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test5s")
self.assertEqual(r[0].target, "test5a")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_006_target_indirect(self):
"""TE rule query with exact, indirect, target match."""
q = TERuleQuery(
self.p, target="test6t", target_indirect=True, target_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test6s")
self.assertEqual(r[0].target, "test6a")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test6s")
self.assertEqual(r[1].target, "test6t")
self.assertEqual(r[1].tclass, "infoflow")
self.assertSetEqual(set(["low_r"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_007_target_direct_regex(self):
"""TE rule query with regex, direct, target match."""
q = TERuleQuery(
self.p, target="test7a.*", target_indirect=False, target_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test7s")
self.assertEqual(r[0].target, "test7aPASS")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["low_r"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_008_target_indirect_regex(self):
"""TE rule query with regex, indirect, target match."""
q = TERuleQuery(
self.p, target="test8(s|t)", target_indirect=True, target_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test8a1")
self.assertEqual(r[0].target, "test8a1")
self.assertEqual(r[0].tclass, "infoflow")
self.assertSetEqual(set(["hi_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test8a2")
self.assertEqual(r[1].target, "test8a2")
self.assertEqual(r[1].tclass, "infoflow")
self.assertSetEqual(set(["low_r"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_009_class(self):
"""TE rule query with exact object class match."""
q = TERuleQuery(self.p, tclass="infoflow2", tclass_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test9")
self.assertEqual(r[0].target, "test9")
self.assertEqual(r[0].tclass, "infoflow2")
self.assertSetEqual(set(["super_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_010_class_list(self):
"""TE rule query with object class list match."""
q = TERuleQuery(
self.p, tclass=["infoflow3", "infoflow4"], tclass_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test10")
self.assertEqual(r[0].target, "test10")
self.assertEqual(r[0].tclass, "infoflow3")
self.assertSetEqual(set(["null"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test10")
self.assertEqual(r[1].target, "test10")
self.assertEqual(r[1].tclass, "infoflow4")
self.assertSetEqual(set(["hi_w"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_011_class_regex(self):
"""TE rule query with object class regex match."""
q = TERuleQuery(self.p, tclass="infoflow(5|6)", tclass_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test11")
self.assertEqual(r[0].target, "test11")
self.assertEqual(r[0].tclass, "infoflow5")
self.assertSetEqual(set(["low_w"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test11")
self.assertEqual(r[1].target, "test11")
self.assertEqual(r[1].tclass, "infoflow6")
self.assertSetEqual(set(["med_r"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_012_perms_any(self):
"""TE rule query with permission set intersection."""
q = TERuleQuery(self.p, perms=["super_r"], perms_equal=False)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test12a")
self.assertEqual(r[0].target, "test12a")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertSetEqual(set(["super_r"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "allow")
self.assertEqual(r[1].source, "test12b")
self.assertEqual(r[1].target, "test12b")
self.assertEqual(r[1].tclass, "infoflow7")
self.assertSetEqual(set(["super_r", "super_none"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_013_perms_equal(self):
"""TE rule query with permission set equality."""
q = TERuleQuery(
self.p, perms=["super_w", "super_none", "super_both"], perms_equal=True)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test13c")
self.assertEqual(r[0].target, "test13c")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertSetEqual(
set(["super_w", "super_none", "super_both"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_014_ruletype(self):
"""TE rule query with rule type match."""
q = TERuleQuery(self.p, ruletype=["auditallow", "dontaudit"])
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "auditallow")
self.assertEqual(r[0].source, "test14")
self.assertEqual(r[0].target, "test14")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertSetEqual(set(["super_both"]), r[0].perms)
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "dontaudit")
self.assertEqual(r[1].source, "test14")
self.assertEqual(r[1].target, "test14")
self.assertEqual(r[1].tclass, "infoflow7")
self.assertSetEqual(set(["super_unmapped"]), r[1].perms)
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_100_default(self):
"""TE rule query with default type exact match."""
q = TERuleQuery(self.p, default="test100d", default_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "type_transition")
self.assertEqual(r[0].source, "test100")
self.assertEqual(r[0].target, "test100")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertEqual(r[0].default, "test100d")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_101_default_regex(self):
"""TE rule query with default type regex match."""
q = TERuleQuery(self.p, default="test101.", default_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
# verify first rule
self.assertEqual(r[0].ruletype, "type_transition")
self.assertEqual(r[0].source, "test101")
self.assertEqual(r[0].target, "test101d")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertEqual(r[0].default, "test101e")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
# verify second rule
self.assertEqual(r[1].ruletype, "type_transition")
self.assertEqual(r[1].source, "test101")
self.assertEqual(r[1].target, "test101e")
self.assertEqual(r[1].tclass, "infoflow7")
self.assertEqual(r[1].default, "test101d")
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def setUp(self):
self.p = SELinuxPolicy("tests/objclassquery.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/initsidquery.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/polcapquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/policyrep/typeattr.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/defaultquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/devicetreeconquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/infoflow.conf")
cls.m = PermissionMap("tests/perm_map")
cls.a = InfoFlowAnalysis(cls.p, cls.m)
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/ioportconquery.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/permissivequery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/polcapquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/dta.conf")
cls.a = DomainTransitionAnalysis(cls.p)
cls.a._build_graph()
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/policyrep/objclass.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/mlsrulequery.conf")
class InitialSIDQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/initsidquery.conf")
def test_000_unset(self):
"""Initial SID query with no criteria"""
# query with no parameters gets all SIDs.
for numrules, s in enumerate(self.p.initialsids(), start=1):
pass
q = InitialSIDQuery(self.p)
for q_numrules, s in enumerate(q.results(), start=1):
pass
self.assertEqual(numrules, q_numrules)
def test_001_name_exact(self):
"""Initial SID query with exact match"""
q = InitialSIDQuery(self.p, name="test1", name_regex=False)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test1"], sids)
def test_002_name_regex(self):
"""Initial SID query with regex match"""
q = InitialSIDQuery(self.p, name="test2(a|b)", name_regex=True)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test2a", "test2b"], sids)
def test_010_user_exact(self):
"""Initial SID query with context user exact match"""
q = InitialSIDQuery(self.p, user="******", user_regex=False)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test10"], sids)
def test_011_user_regex(self):
"""Initial SID query with context user regex match"""
q = InitialSIDQuery(self.p, user="******", user_regex=True)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test11a", "test11b"], sids)
def test_020_role_exact(self):
"""Initial SID query with context role exact match"""
q = InitialSIDQuery(self.p, role="role20_r", role_regex=False)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test20"], sids)
def test_021_role_regex(self):
"""Initial SID query with context role regex match"""
q = InitialSIDQuery(self.p, role="role21(a|c)_r", role_regex=True)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test21a", "test21c"], sids)
def test_030_type_exact(self):
"""Initial SID query with context type exact match"""
q = InitialSIDQuery(self.p, type_="type30", type_regex=False)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test30"], sids)
def test_031_type_regex(self):
"""Initial SID query with context type regex match"""
q = InitialSIDQuery(self.p, type_="type31(b|c)", type_regex=True)
sids = sorted(str(s) for s in q.results())
self.assertListEqual(["test31b", "test31c"], sids)
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/fsusequery.conf")
class ObjClassQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/objclassquery.conf")
def test_000_unset(self):
"""Class query with no criteria."""
# query with no parameters gets all types.
for numclasses, c in enumerate(self.p.classes(), start=1):
pass
q = ObjClassQuery(self.p)
for q_numclasses, u in enumerate(q.results(), start=1):
pass
self.assertEqual(numclasses, q_numclasses)
def test_001_name_exact(self):
"""Class query with exact name match."""
q = ObjClassQuery(self.p, name="infoflow")
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow"], classes)
def test_002_name_regex(self):
"""Class query with regex name match."""
q = ObjClassQuery(self.p, name="infoflow(2|3)", name_regex=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow2", "infoflow3"], classes)
def test_010_common_exact(self):
"""Class query with exact common name match."""
q = ObjClassQuery(self.p, common="infoflow")
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow", "infoflow2",
"infoflow4", "infoflow7"], classes)
def test_011_common_regex(self):
"""Class query with regex common name match."""
q = ObjClassQuery(self.p, common="com_[ab]", common_regex=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow5", "infoflow6"], classes)
def test_020_perm_indirect_intersect(self):
"""Class query with indirect, intersect permission name patch."""
q = ObjClassQuery(
self.p, perms=set(["send"]), perms_indirect=True, perms_equal=False)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow6"], classes)
def test_021_perm_direct_intersect(self):
"""Class query with direct, intersect permission name patch."""
q = ObjClassQuery(
self.p, perms=set(["super_r"]), perms_indirect=False, perms_equal=False)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow2", "infoflow4", "infoflow8"], classes)
def test_022_perm_indirect_equal(self):
"""Class query with indirect, equal permission name patch."""
q = ObjClassQuery(self.p, perms=set(
["low_w", "med_w", "hi_w", "low_r", "med_r", "hi_r", "unmapped"]), perms_indirect=True, perms_equal=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow7"], classes)
def test_023_perm_direct_equal(self):
"""Class query with direct, equal permission name patch."""
q = ObjClassQuery(self.p, perms=set(
["super_r", "super_w"]), perms_indirect=False, perms_equal=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow2", "infoflow8"], classes)
def test_024_perm_indirect_regex(self):
"""Class query with indirect, regex permission name patch."""
q = ObjClassQuery(
self.p, perms="(send|setattr)", perms_indirect=True, perms_regex=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow6", "infoflow9"], classes)
def test_025_perm_direct_regex(self):
"""Class query with direct, regex permission name patch."""
q = ObjClassQuery(
self.p, perms="(read|super_r)", perms_indirect=False, perms_regex=True)
classes = sorted(str(c) for c in q.results())
self.assertListEqual(["infoflow10", "infoflow2",
"infoflow4", "infoflow8"],
classes)
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/policyrep/initsid.conf")
class RBACRuleQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/rbacrulequery.conf")
def test_000_unset(self):
"""RBAC rule query with no criteria."""
# query with no parameters gets all RBAC rules.
for numrules, r in enumerate(self.p.rbacrules(), start=1):
pass
q = RBACRuleQuery(self.p)
for q_numrules, r in enumerate(q.results(), start=1):
pass
self.assertEqual(numrules, q_numrules)
def test_001_source_direct(self):
"""RBAC rule query with exact, direct, source match."""
q = RBACRuleQuery(
self.p, source="test1s", source_indirect=False, source_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 2)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test1s")
self.assertEqual(r[0].target, "test1t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
self.assertEqual(r[1].ruletype, "role_transition")
self.assertEqual(r[1].source, "test1s")
self.assertEqual(r[1].target, "system")
self.assertEqual(r[1].tclass, "infoflow")
self.assertEqual(r[1].default, "test1t")
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_002_source_direct_regex(self):
"""RBAC rule query with regex, direct, source match."""
q = RBACRuleQuery(
self.p, source="test2s(1|2)", source_indirect=False, source_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test2s1")
self.assertEqual(r[0].target, "test2t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_010_target_direct(self):
"""RBAC rule query with exact, direct, target match."""
q = RBACRuleQuery(
self.p, target="test10t", target_indirect=False, target_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test10s")
self.assertEqual(r[0].target, "test10t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_011_target_direct_regex(self):
"""RBAC rule query with regex, direct, target match."""
q = RBACRuleQuery(
self.p, target="test11t(1|3)", target_indirect=False, target_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test11s")
self.assertEqual(r[0].target, "test11t1")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_020_class(self):
"""RBAC rule query with exact object class match."""
q = RBACRuleQuery(self.p, tclass="infoflow2", tclass_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "role_transition")
self.assertEqual(r[0].source, "test20")
self.assertEqual(r[0].target, "system")
self.assertEqual(r[0].tclass, "infoflow2")
self.assertEqual(r[0].default, "test20d2")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_021_class_list(self):
"""RBAC rule query with object class list match."""
q = RBACRuleQuery(
self.p, tclass=["infoflow3", "infoflow4"], tclass_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 2)
self.assertEqual(r[0].ruletype, "role_transition")
self.assertEqual(r[0].source, "test21")
self.assertEqual(r[0].target, "system")
self.assertEqual(r[0].tclass, "infoflow3")
self.assertEqual(r[0].default, "test21d3")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
self.assertEqual(r[1].ruletype, "role_transition")
self.assertEqual(r[1].source, "test21")
self.assertEqual(r[1].target, "system")
self.assertEqual(r[1].tclass, "infoflow4")
self.assertEqual(r[1].default, "test21d2")
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_022_class_regex(self):
"""RBAC rule query with object class regex match."""
q = RBACRuleQuery(self.p, tclass="infoflow(5|6)", tclass_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
self.assertEqual(r[0].ruletype, "role_transition")
self.assertEqual(r[0].source, "test22")
self.assertEqual(r[0].target, "system")
self.assertEqual(r[0].tclass, "infoflow5")
self.assertEqual(r[0].default, "test22d2")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
self.assertEqual(r[1].ruletype, "role_transition")
self.assertEqual(r[1].source, "test22")
self.assertEqual(r[1].target, "system")
self.assertEqual(r[1].tclass, "infoflow6")
self.assertEqual(r[0].default, "test22d2")
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_030_default(self):
"""RBAC rule query with exact default match."""
q = RBACRuleQuery(
self.p, default="test30d", default_regex=False)
r = sorted(q.results())
self.assertEqual(len(r), 1)
self.assertEqual(r[0].ruletype, "role_transition")
self.assertEqual(r[0].source, "test30s")
self.assertEqual(r[0].target, "system")
self.assertEqual(r[0].tclass, "infoflow")
self.assertEqual(r[0].default, "test30d")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_031_default_regex(self):
"""RBAC rule query with regex default match."""
q = RBACRuleQuery(
self.p, default="test31d(2|3)", default_regex=True)
r = sorted(q.results())
self.assertEqual(len(r), 2)
self.assertEqual(r[0].ruletype, "role_transition")
self.assertEqual(r[0].source, "test31s")
self.assertEqual(r[0].target, "system")
self.assertEqual(r[0].tclass, "infoflow7")
self.assertEqual(r[0].default, "test31d3")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
self.assertEqual(r[1].ruletype, "role_transition")
self.assertEqual(r[1].source, "test31s")
self.assertEqual(r[1].target, "system")
self.assertEqual(r[1].tclass, "process")
self.assertEqual(r[1].default, "test31d2")
self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def test_040_ruletype(self):
"""RBAC rule query with rule type."""
q = RBACRuleQuery(self.p, ruletype=["allow"])
for num, r in enumerate(sorted(q.results()), start=1):
self.assertEqual(r.ruletype, "allow")
# this will have to be updated as number of
# role allows change in the test policy
self.assertEqual(num, 8)
class TypeQueryTest(unittest.TestCase):
def setUp(self):
self.p = SELinuxPolicy("tests/typequery.conf")
def test_000_unset(self):
"""Type query with no criteria."""
# query with no parameters gets all types.
alltypes = sorted(str(t) for t in self.p.types())
q = TypeQuery(self.p)
qtypes = sorted(str(t) for t in q.results())
self.assertListEqual(alltypes, qtypes)
def test_001_name_exact(self):
"""Type query with exact name match."""
q = TypeQuery(self.p, name="test1")
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test1"], types)
def test_002_name_regex(self):
"""Type query with regex name match."""
q = TypeQuery(self.p, name="test2(a|b)", name_regex=True)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test2a", "test2b"], types)
def test_010_attr_intersect(self):
"""Type query with attribute set intersection."""
q = TypeQuery(self.p, attrs=["test10a", "test10b"])
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test10t1", "test10t2", "test10t3",
"test10t4", "test10t5", "test10t6"], types)
def test_011_attr_equality(self):
"""Type query with attribute set equality."""
q = TypeQuery(self.p, attrs=["test11a", "test11b"], attrs_equal=True)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test11t2"], types)
def test_012_attr_regex(self):
"""Type query with attribute regex match."""
q = TypeQuery(self.p, attrs="test12(a|b)", attrs_regex=True)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test12t1", "test12t2", "test12t3",
"test12t4", "test12t5", "test12t6"], types)
def test_020_alias_exact(self):
"""Type query with exact alias match."""
q = TypeQuery(self.p, alias="test20a")
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test20t1"], types)
def test_021_alias_regex(self):
"""Type query with regex alias match."""
q = TypeQuery(self.p, alias="test21(a|b)", alias_regex=True)
types = sorted(str(t) for t in q.results())
self.assertListEqual(["test21t1", "test21t2"], types)
def setUp(self):
self.p = SELinuxPolicy("tests/terulequery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/policyrep/role.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/commonquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/nodeconquery.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/boundsquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/sensitivityquery.conf")
def setUp(self):
self.p = SELinuxPolicy("tests/userquery.conf")
def setUpClass(cls):
cls.p = SELinuxPolicy("tests/categoryquery.conf")
