예제 #1
0
    def testGetAvcRuleComponent(self):
        #test against normal ('allow healthd healthd_exec:file ...)
        self.test_file.seek(26096)
        normal_src = {'flags': {'complement': False}, 'set': set(['healthd'])}
        normal_tgt = {
            'flags': {
                'complement': False
            },
            'set': set(['healthd_exec'])
        }
        normal_class = {'flags': {'complement': False}, 'set': set(['file'])}
        normal_perm = {
            'flags': {
                'complement': False
            },
            'set': set(['entrypoint', 'read', 'execute'])
        }
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == normal_src)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == normal_tgt)
        c = SELinux_CTS.advance_past_whitespace(self.test_file)
        if c == ':':
            self.test_file.read(1)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == normal_class)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == normal_perm)

        #test against 'hard' ('init {fs_type  ...' )
        self.test_file.seek(26838)
        hard_src = {'flags': {'complement': False}, 'set': set(['init'])}
        hard_tgt = {
            'flags': {
                'complement': False
            },
            'set': set(['fs_type', 'dev_type', 'file_type'])
        }
        hard_class = {
            'flags': {
                'complement': False
            },
            'set':
            set([
                'dir', 'chr_file', 'blk_file', 'file', 'lnk_file', 'sock_file',
                'fifo_file'
            ])
        }
        hard_perm = {'flags': {'complement': False}, 'set': set(['relabelto'])}
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == hard_src)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == hard_tgt)
        #mimic ':' check:
        c = SELinux_CTS.advance_past_whitespace(self.test_file)
        if c == ':':
            self.test_file.read(1)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == hard_class)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == hard_perm)

        #test against 'multi-line' ('init {fs_type  ...' )
        self.test_file.seek(26967)
        multi_src = {
            'flags': {
                'complement': False
            },
            'set': set(['appdomain', '-unconfineddomain'])
        }
        multi_tgt = {
            'flags': {
                'complement': False
            },
            'set':
            set([
                'audio_device', 'camera_device', 'dm_device', 'radio_device',
                'gps_device', 'rpmsg_device'
            ])
        }
        multi_class = {
            'flags': {
                'complement': False
            },
            'set': set(['chr_file'])
        }
        multi_perm = {
            'flags': {
                'complement': False
            },
            'set': set(['read', 'write'])
        }
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == multi_src)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == multi_tgt)
        c = SELinux_CTS.advance_past_whitespace(self.test_file)
        if c == ':':
            self.test_file.read(1)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == multi_class)
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == multi_perm)

        #test against 'complement'
        self.test_file.seek(26806)
        complement = {
            'flags': {
                'complement': True
            },
            'set': set(['entrypoint', 'relabelto'])
        }
        self.failUnless(
            SELinux_CTS.get_avc_rule_component(self.test_file) == complement)