def test_list(self): a = access.AccessVectorSet() a.add("$1", "foo", "file", refpolicy.IdSet(["read", "write"])) a.add("$1", "bar", "file", refpolicy.IdSet(["read", "write"])) a.add("what", "bar", "file", refpolicy.IdSet(["read", "write"])) avl = a.to_list() avl.sort() test_l = [['what', 'bar', 'file', 'read', 'write'], ['$1', 'foo', 'file', 'read', 'write'], ['$1', 'bar', 'file', 'read', 'write']] test_l.sort() for a, b in zip(test_l, avl): self.assertEqual(len(a), len(b)) for x, y in list(zip(a, b))[:3]: self.assertEqual(x, y) perms1 = a[3:] perms2 = b[3:] perms1.sort() perms2.sort() self.assertEqual(perms1, perms2) b = access.AccessVectorSet() b.from_list(avl) self.assertEqual(len(b), 3)
def test_add_av_first(self): """Test adding first AV to the AV set""" avs = access.AccessVectorSet() av = access.AccessVector(['foo', 'bar', 'file', 'read']) avs.add_av(av) self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read']])
def test_add_av_with_msg(self): """Test adding audit message""" avs = access.AccessVectorSet() av = access.AccessVector(['foo', 'bar', 'file', 'read']) avs.add_av(av, 'test message') self.assertEqual(avs.src['foo']['bar']['file', av.type].audit_msgs, ['test message'])
def test_add_av_second(self): """Test adding second AV to the AV set with same source and target context and class""" avs = access.AccessVectorSet() av1 = access.AccessVector(['foo', 'bar', 'file', 'read']) av2 = access.AccessVector(['foo', 'bar', 'file', 'write']) avs.add_av(av1) avs.add_av(av2) self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read', 'write']])
def setUp(self): rule = refpolicy.AVRule() rule.src_types.add("foo") rule.src_types.add("baz") rule.tgt_types.add("bar") rule.tgt_types.add("what") rule.obj_classes.add("file") rule.obj_classes.add("dir") rule.perms.add("read") rule.perms.add("write") s = access.AccessVectorSet() avs = access.avrule_to_access_vectors(rule) for av in avs: s.add_av(av) self.s = s
def compare_avsets(l, avs_b): avs_a = access.AccessVectorSet() avs_a.from_list(l) a = list(avs_a) b = list(avs_b) a.sort() b.sort() if len(a) != len(b): return False for av_a, av_b in zip(a, b): if av_a != av_b: return False return True
def test_av_rules(self): """ Test generating of AV rules from access vectors. """ av1 = access.AccessVector( ["test_src_t", "test_tgt_t", "file", "ioctl"]) av2 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "open"]) av3 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "read"]) avs = access.AccessVectorSet() avs.add_av(av1) avs.add_av(av2) avs.add_av(av3) self.g.add_access(avs) self.assertEqual(len(self.g.module.children), 1) r = self.g.module.children[0] self.assertIsInstance(r, refpolicy.AVRule) self.assertEqual( r.to_string(), "allow test_src_t test_tgt_t:file { ioctl open read };")
def test_add(self): """Test adding AV to the set""" s = access.AccessVectorSet() def test_add_av(av, audit_msg=None): self.assertEqual(av.src_type, 'foo') self.assertEqual(av.tgt_type, 'bar') self.assertEqual(av.obj_class, 'file') self.assertEqual(list(av.perms), ['read']) self.assertEqual(av.data, 'test data') self.assertEqual(av.type, 42) self.assertEqual(audit_msg, 'test message') s.add_av = test_add_av s.add("foo", "bar", "file", refpolicy.IdSet(["read"]), audit_msg='test message', avc_type=42, data='test data')
def test_ext_av_rules(self): """ Test generating of extended permission AV rules from access vectors. """ self.g.set_gen_xperms(True) av1 = access.AccessVector( ["test_src_t", "test_tgt_t", "file", "ioctl"]) av1.xperms['ioctl'] = refpolicy.XpermSet() av1.xperms['ioctl'].add(42) av2 = access.AccessVector( ["test_src_t", "test_tgt_t", "file", "ioctl"]) av2.xperms['ioctl'] = refpolicy.XpermSet() av2.xperms['ioctl'].add(1234) av3 = access.AccessVector(["test_src_t", "test_tgt_t", "dir", "ioctl"]) av3.xperms['ioctl'] = refpolicy.XpermSet() av3.xperms['ioctl'].add(2345) avs = access.AccessVectorSet() avs.add_av(av1) avs.add_av(av2) avs.add_av(av3) self.g.add_access(avs) self.assertEqual(len(self.g.module.children), 4) # we cannot sort the rules, so find all rules manually av_rule1 = av_rule2 = av_ext_rule1 = av_ext_rule2 = None for r in self.g.module.children: if isinstance(r, refpolicy.AVRule): if 'file' in r.obj_classes: av_rule1 = r else: av_rule2 = r elif isinstance(r, refpolicy.AVExtRule): if 'file' in r.obj_classes: av_ext_rule1 = r else: av_ext_rule2 = r else: self.fail("Unexpected rule type '%s'" % type(r)) # check that all rules are present self.assertNotIn(None, (av_rule1, av_rule2, av_ext_rule1, av_ext_rule2)) self.assertEqual(av_rule1.rule_type, av_rule1.ALLOW) self.assertEqual(av_rule1.src_types, {"test_src_t"}) self.assertEqual(av_rule1.tgt_types, {"test_tgt_t"}) self.assertEqual(av_rule1.obj_classes, {"file"}) self.assertEqual(av_rule1.perms, {"ioctl"}) self.assertEqual(av_ext_rule1.rule_type, av_ext_rule1.ALLOWXPERM) self.assertEqual(av_ext_rule1.src_types, {"test_src_t"}) self.assertEqual(av_ext_rule1.tgt_types, {"test_tgt_t"}) self.assertEqual(av_ext_rule1.obj_classes, {"file"}) self.assertEqual(av_ext_rule1.operation, "ioctl") xp1 = refpolicy.XpermSet() xp1.add(42) xp1.add(1234) self.assertEqual(av_ext_rule1.xperms.ranges, xp1.ranges) self.assertEqual(av_rule2.rule_type, av_rule2.ALLOW) self.assertEqual(av_rule2.src_types, {"test_src_t"}) self.assertEqual(av_rule2.tgt_types, {"test_tgt_t"}) self.assertEqual(av_rule2.obj_classes, {"dir"}) self.assertEqual(av_rule2.perms, {"ioctl"}) self.assertEqual(av_ext_rule2.rule_type, av_ext_rule2.ALLOWXPERM) self.assertEqual(av_ext_rule2.src_types, {"test_src_t"}) self.assertEqual(av_ext_rule2.tgt_types, {"test_tgt_t"}) self.assertEqual(av_ext_rule2.obj_classes, {"dir"}) self.assertEqual(av_ext_rule2.operation, "ioctl") xp2 = refpolicy.XpermSet() xp2.add(2345) self.assertEqual(av_ext_rule2.xperms.ranges, xp2.ranges)
def test_init(self): a = access.AccessVectorSet()