def testGetAvcRuleComponent(self):
#test against normal ('allow healthd healthd_exec:file ...)
self.test_file.seek(26096)
normal_src = {'flags': {'complement': False}, 'set': set(['healthd'])}
normal_tgt = {
'flags': {
'complement': False
},
'set': set(['healthd_exec'])
}
normal_class = {'flags': {'complement': False}, 'set': set(['file'])}
normal_perm = {
'flags': {
'complement': False
},
'set': set(['entrypoint', 'read', 'execute'])
}
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == normal_src)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == normal_tgt)
c = SELinux_CTS.advance_past_whitespace(self.test_file)
if c == ':':
self.test_file.read(1)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == normal_class)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == normal_perm)
#test against 'hard' ('init {fs_type ...' )
self.test_file.seek(26838)
hard_src = {'flags': {'complement': False}, 'set': set(['init'])}
hard_tgt = {
'flags': {
'complement': False
},
'set': set(['fs_type', 'dev_type', 'file_type'])
}
hard_class = {
'flags': {
'complement': False
},
'set':
set([
'dir', 'chr_file', 'blk_file', 'file', 'lnk_file', 'sock_file',
'fifo_file'
])
}
hard_perm = {'flags': {'complement': False}, 'set': set(['relabelto'])}
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == hard_src)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == hard_tgt)
#mimic ':' check:
c = SELinux_CTS.advance_past_whitespace(self.test_file)
if c == ':':
self.test_file.read(1)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == hard_class)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == hard_perm)
#test against 'multi-line' ('init {fs_type ...' )
self.test_file.seek(26967)
multi_src = {
'flags': {
'complement': False
},
'set': set(['appdomain', '-unconfineddomain'])
}
multi_tgt = {
'flags': {
'complement': False
},
'set':
set([
'audio_device', 'camera_device', 'dm_device', 'radio_device',
'gps_device', 'rpmsg_device'
])
}
multi_class = {
'flags': {
'complement': False
},
'set': set(['chr_file'])
}
multi_perm = {
'flags': {
'complement': False
},
'set': set(['read', 'write'])
}
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == multi_src)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == multi_tgt)
c = SELinux_CTS.advance_past_whitespace(self.test_file)
if c == ':':
self.test_file.read(1)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == multi_class)
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == multi_perm)
#test against 'complement'
self.test_file.seek(26806)
complement = {
'flags': {
'complement': True
},
'set': set(['entrypoint', 'relabelto'])
}
self.failUnless(
SELinux_CTS.get_avc_rule_component(self.test_file) == complement)
