class PolCapQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/permissivequery.conf") def test_000_unset(self): """Policy capability query with no criteria""" # query with no parameters gets all permissives for numtypes, t in enumerate(self.p.permissives(), start=1): pass q = PermissiveQuery(self.p) for q_numtypes, t in enumerate(q.results(), start=1): pass self.assertEqual(numtypes, q_numtypes) def test_001_name_exact(self): """Permissive query with exact match""" q = PermissiveQuery(self.p, name="test1", name_regex=False) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test1"], types) def test_002_name_regex(self): """Permissive query query with regex match""" q = PermissiveQuery(self.p, name="test2(a|b)$", name_regex=True) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test2a", "test2b"], types)
class PolCapQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/polcapquery.conf") def test_000_unset(self): """Policy capability query with no criteria""" # query with no parameters gets all capabilities. allcaps = sorted(str(c) for c in self.p.polcaps()) q = PolCapQuery(self.p) qcaps = sorted(str(c) for c in q.results()) self.assertListEqual(allcaps, qcaps) def test_001_name_exact(self): """Policy capability query with exact match""" q = PolCapQuery(self.p, name="open_perms", name_regex=False) caps = sorted(str(c) for c in q.results()) self.assertListEqual(["open_perms"], caps) def test_002_name_regex(self): """Policy capability query with regex match""" q = PolCapQuery(self.p, name="pe?er", name_regex=True) caps = sorted(str(c) for c in q.results()) self.assertListEqual(["network_peer_controls", "open_perms"], caps)
class RoleQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/rolequery.conf") def test_000_unset(self): """Role query with no criteria.""" # query with no parameters gets all types. for numroles, r in enumerate(self.p.roles(), start=1): pass q = RoleQuery(self.p) for q_numroles, t in enumerate(q.results(), start=1): pass # numroles-1 as object_r is skipped from the role query self.assertEqual(numroles - 1, q_numroles) def test_001_name_exact(self): """Role query with exact name match.""" q = RoleQuery(self.p, name="test1") roles = sorted(str(r) for r in q.results()) self.assertListEqual(["test1"], roles) def test_002_name_regex(self): """Role query with regex name match.""" q = RoleQuery(self.p, name="test2(a|b)", name_regex=True) roles = sorted(str(r) for r in q.results()) self.assertListEqual(["test2a", "test2b"], roles) def test_010_type_intersect(self): """Role query with type set intersection.""" q = RoleQuery(self.p, types=["test10a", "test10b"]) roles = sorted(str(r) for r in q.results()) self.assertListEqual(["test10r1", "test10r2", "test10r3", "test10r4", "test10r5", "test10r6"], roles) def test_011_type_equality(self): """Role query with type set equality.""" q = RoleQuery(self.p, types=["test11a", "test11b"], types_equal=True) roles = sorted(str(r) for r in q.results()) self.assertListEqual(["test11r2"], roles) def test_012_type_regex(self): """Role query with type set match.""" q = RoleQuery(self.p, types="test12(a|b)", types_regex=True) roles = sorted(str(r) for r in q.results()) self.assertListEqual(["test12r1", "test12r2", "test12r3", "test12r4", "test12r5", "test12r6"], roles)
class UserQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/userquery.conf") def test_000_unset(self): """User query with no criteria.""" # query with no parameters gets all types. allusers = sorted(str(u) for u in self.p.users()) q = UserQuery(self.p) qusers = sorted(str(u) for u in q.results()) self.assertListEqual(allusers, qusers) def test_001_name_exact(self): """User query with exact name match.""" q = UserQuery(self.p, name="test1_u") users = sorted(str(u) for u in q.results()) self.assertListEqual(["test1_u"], users) def test_002_name_regex(self): """User query with regex name match.""" q = UserQuery(self.p, name="test2_u(1|2)", name_regex=True) users = sorted(str(u) for u in q.results()) self.assertListEqual(["test2_u1", "test2_u2"], users) def test_010_role_intersect(self): """User query with role set intersection.""" q = UserQuery(self.p, roles=["test10a_r", "test10b_r"]) users = sorted(str(u) for u in q.results()) self.assertListEqual(["test10_u1", "test10_u2", "test10_u3", "test10_u4", "test10_u5", "test10_u6"], users) def test_011_role_equality(self): """User query with role set equality.""" q = UserQuery( self.p, roles=["test11a_r", "test11b_r"], roles_equal=True) users = sorted(str(u) for u in q.results()) self.assertListEqual(["test11_u2"], users) def test_012_role_regex(self): """User query with role regex match.""" q = UserQuery(self.p, roles="test12(a|b)_r", roles_regex=True) users = sorted(str(u) for u in q.results()) self.assertListEqual(["test12_u1", "test12_u2", "test12_u3", "test12_u4", "test12_u5", "test12_u6"], users)
class CommonQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/commonquery.conf") def test_000_unset(self): """Common query with no criteria.""" # query with no parameters gets all types. for numcommons, c in enumerate(self.p.commons(), start=1): pass q = CommonQuery(self.p) for q_numcommons, u in enumerate(q.results(), start=1): pass self.assertEqual(numcommons, q_numcommons) def test_001_name_exact(self): """Common query with exact name match.""" q = CommonQuery(self.p, name="test1") commons = sorted(str(c) for c in q.results()) self.assertListEqual(["test1"], commons) def test_002_name_regex(self): """Common query with regex name match.""" q = CommonQuery(self.p, name="test2(a|b)", name_regex=True) commons = sorted(str(c) for c in q.results()) self.assertListEqual(["test2a", "test2b"], commons) def test_010_perm_indirect_intersect(self): """Common query with intersect permission name patch.""" q = CommonQuery(self.p, perms=set(["null"]), perms_equal=False) commons = sorted(str(c) for c in q.results()) self.assertListEqual(["test10a", "test10b"], commons) def test_011_perm_indirect_equal(self): """Common query with equal permission name patch.""" q = CommonQuery(self.p, perms=set(["read", "write"]), perms_equal=True) commons = sorted(str(c) for c in q.results()) self.assertListEqual(["test11a"], commons) def test_012_perm_indirect_regex(self): """Common query with regex permission name patch.""" q = CommonQuery(self.p, perms="sig.+", perms_regex=True) commons = sorted(str(c) for c in q.results()) self.assertListEqual(["test12a", "test12b"], commons)
class BoundsQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/boundsquery.conf") def test_000_unset(self): """Bounds query with no criteria.""" # query with no parameters gets all bounds. allbounds = sorted(self.p.bounds()) q = BoundsQuery(self.p) qbounds = sorted(q.results()) self.assertListEqual(allbounds, qbounds) def test_001_parent_exact(self): """Bounds query with exact parent match.""" q = BoundsQuery(self.p, parent="test1_parent", parent_regex=False) qbounds = sorted(q.results()) self.assertEqual(1, len(qbounds)) b = qbounds[0] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test1_parent", b.parent) self.assertEqual("test1_child", b.child) def test_002_parent_regex(self): """Bounds query with regex parent match.""" q = BoundsQuery(self.p, parent="test2_parent?", parent_regex=True) qbounds = sorted(q.results()) self.assertEqual(2, len(qbounds)) b = qbounds[0] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test2_parent1", b.parent) self.assertEqual("test2_child2", b.child) b = qbounds[1] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test2_parent2", b.parent) self.assertEqual("test2_child1", b.child) def test_010_child_exact(self): """Bounds query with exact child match.""" q = BoundsQuery(self.p, child="test10_child", child_regex=False) qbounds = sorted(q.results()) self.assertEqual(1, len(qbounds)) b = qbounds[0] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test10_parent", b.parent) self.assertEqual("test10_child", b.child) def test_011_child_regex(self): """Bounds query with regex child match.""" q = BoundsQuery(self.p, child="test11_child?", child_regex=True) qbounds = sorted(q.results()) self.assertEqual(2, len(qbounds)) b = qbounds[0] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test11_parent1", b.parent) self.assertEqual("test11_child2", b.child) b = qbounds[1] self.assertEqual(BoundsRuletype.typebounds, b.ruletype) self.assertEqual("test11_parent2", b.parent) self.assertEqual("test11_child1", b.child)
class TERuleQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/terulequery.conf") def test_000_unset(self): """TE rule query with no criteria.""" # query with no parameters gets all TE rules. for numrules, r in enumerate(self.p.terules(), start=1): pass q = TERuleQuery(self.p) for q_numrules, r in enumerate(q.results(), start=1): pass self.assertEqual(numrules, q_numrules) def test_001_source_direct(self): """TE rule query with exact, direct, source match.""" q = TERuleQuery( self.p, source="test1a", source_indirect=False, source_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test1a") self.assertEqual(r[0].target, "test1t") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_002_source_indirect(self): """TE rule query with exact, indirect, source match.""" q = TERuleQuery( self.p, source="test2s", source_indirect=True, source_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test2a") self.assertEqual(r[0].target, "test2t") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_003_source_direct_regex(self): """TE rule query with regex, direct, source match.""" q = TERuleQuery( self.p, source="test3a.*", source_indirect=False, source_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test3aS") self.assertEqual(r[0].target, "test3t") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["low_r"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_004_source_indirect_regex(self): """TE rule query with regex, indirect, source match.""" q = TERuleQuery( self.p, source="test4(s|t)", source_indirect=True, source_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test4a1") self.assertEqual(r[0].target, "test4a1") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test4a2") self.assertEqual(r[1].target, "test4a2") self.assertEqual(r[1].tclass, "infoflow") self.assertSetEqual(set(["low_r"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_005_target_direct(self): """TE rule query with exact, direct, target match.""" q = TERuleQuery( self.p, target="test5a", target_indirect=False, target_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test5s") self.assertEqual(r[0].target, "test5a") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_006_target_indirect(self): """TE rule query with exact, indirect, target match.""" q = TERuleQuery( self.p, target="test6t", target_indirect=True, target_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test6s") self.assertEqual(r[0].target, "test6a") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test6s") self.assertEqual(r[1].target, "test6t") self.assertEqual(r[1].tclass, "infoflow") self.assertSetEqual(set(["low_r"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_007_target_direct_regex(self): """TE rule query with regex, direct, target match.""" q = TERuleQuery( self.p, target="test7a.*", target_indirect=False, target_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test7s") self.assertEqual(r[0].target, "test7aPASS") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["low_r"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_008_target_indirect_regex(self): """TE rule query with regex, indirect, target match.""" q = TERuleQuery( self.p, target="test8(s|t)", target_indirect=True, target_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test8a1") self.assertEqual(r[0].target, "test8a1") self.assertEqual(r[0].tclass, "infoflow") self.assertSetEqual(set(["hi_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test8a2") self.assertEqual(r[1].target, "test8a2") self.assertEqual(r[1].tclass, "infoflow") self.assertSetEqual(set(["low_r"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_009_class(self): """TE rule query with exact object class match.""" q = TERuleQuery(self.p, tclass="infoflow2", tclass_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test9") self.assertEqual(r[0].target, "test9") self.assertEqual(r[0].tclass, "infoflow2") self.assertSetEqual(set(["super_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_010_class_list(self): """TE rule query with object class list match.""" q = TERuleQuery( self.p, tclass=["infoflow3", "infoflow4"], tclass_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test10") self.assertEqual(r[0].target, "test10") self.assertEqual(r[0].tclass, "infoflow3") self.assertSetEqual(set(["null"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test10") self.assertEqual(r[1].target, "test10") self.assertEqual(r[1].tclass, "infoflow4") self.assertSetEqual(set(["hi_w"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_011_class_regex(self): """TE rule query with object class regex match.""" q = TERuleQuery(self.p, tclass="infoflow(5|6)", tclass_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test11") self.assertEqual(r[0].target, "test11") self.assertEqual(r[0].tclass, "infoflow5") self.assertSetEqual(set(["low_w"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test11") self.assertEqual(r[1].target, "test11") self.assertEqual(r[1].tclass, "infoflow6") self.assertSetEqual(set(["med_r"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_012_perms_any(self): """TE rule query with permission set intersection.""" q = TERuleQuery(self.p, perms=["super_r"], perms_equal=False) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test12a") self.assertEqual(r[0].target, "test12a") self.assertEqual(r[0].tclass, "infoflow7") self.assertSetEqual(set(["super_r"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "allow") self.assertEqual(r[1].source, "test12b") self.assertEqual(r[1].target, "test12b") self.assertEqual(r[1].tclass, "infoflow7") self.assertSetEqual(set(["super_r", "super_none"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_013_perms_equal(self): """TE rule query with permission set equality.""" q = TERuleQuery( self.p, perms=["super_w", "super_none", "super_both"], perms_equal=True) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test13c") self.assertEqual(r[0].target, "test13c") self.assertEqual(r[0].tclass, "infoflow7") self.assertSetEqual( set(["super_w", "super_none", "super_both"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_014_ruletype(self): """TE rule query with rule type match.""" q = TERuleQuery(self.p, ruletype=["auditallow", "dontaudit"]) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "auditallow") self.assertEqual(r[0].source, "test14") self.assertEqual(r[0].target, "test14") self.assertEqual(r[0].tclass, "infoflow7") self.assertSetEqual(set(["super_both"]), r[0].perms) self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "dontaudit") self.assertEqual(r[1].source, "test14") self.assertEqual(r[1].target, "test14") self.assertEqual(r[1].tclass, "infoflow7") self.assertSetEqual(set(["super_unmapped"]), r[1].perms) self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_100_default(self): """TE rule query with default type exact match.""" q = TERuleQuery(self.p, default="test100d", default_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "type_transition") self.assertEqual(r[0].source, "test100") self.assertEqual(r[0].target, "test100") self.assertEqual(r[0].tclass, "infoflow7") self.assertEqual(r[0].default, "test100d") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_101_default_regex(self): """TE rule query with default type regex match.""" q = TERuleQuery(self.p, default="test101.", default_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) # verify first rule self.assertEqual(r[0].ruletype, "type_transition") self.assertEqual(r[0].source, "test101") self.assertEqual(r[0].target, "test101d") self.assertEqual(r[0].tclass, "infoflow7") self.assertEqual(r[0].default, "test101e") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") # verify second rule self.assertEqual(r[1].ruletype, "type_transition") self.assertEqual(r[1].source, "test101") self.assertEqual(r[1].target, "test101e") self.assertEqual(r[1].tclass, "infoflow7") self.assertEqual(r[1].default, "test101d") self.assertRaises(RuleNotConditional, getattr, r[1], "conditional")
def setUp(self): self.p = SELinuxPolicy("tests/objclassquery.conf")
def setUp(self): self.p = SELinuxPolicy("tests/initsidquery.conf")
def setUp(self): self.p = SELinuxPolicy("tests/polcapquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/policyrep/typeattr.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/defaultquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/devicetreeconquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/infoflow.conf") cls.m = PermissionMap("tests/perm_map") cls.a = InfoFlowAnalysis(cls.p, cls.m)
def setUpClass(cls): cls.p = SELinuxPolicy("tests/ioportconquery.conf")
def setUp(self): self.p = SELinuxPolicy("tests/permissivequery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/polcapquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/dta.conf") cls.a = DomainTransitionAnalysis(cls.p) cls.a._build_graph()
def setUpClass(cls): cls.p = SELinuxPolicy("tests/policyrep/objclass.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/mlsrulequery.conf")
class InitialSIDQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/initsidquery.conf") def test_000_unset(self): """Initial SID query with no criteria""" # query with no parameters gets all SIDs. for numrules, s in enumerate(self.p.initialsids(), start=1): pass q = InitialSIDQuery(self.p) for q_numrules, s in enumerate(q.results(), start=1): pass self.assertEqual(numrules, q_numrules) def test_001_name_exact(self): """Initial SID query with exact match""" q = InitialSIDQuery(self.p, name="test1", name_regex=False) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test1"], sids) def test_002_name_regex(self): """Initial SID query with regex match""" q = InitialSIDQuery(self.p, name="test2(a|b)", name_regex=True) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test2a", "test2b"], sids) def test_010_user_exact(self): """Initial SID query with context user exact match""" q = InitialSIDQuery(self.p, user="******", user_regex=False) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test10"], sids) def test_011_user_regex(self): """Initial SID query with context user regex match""" q = InitialSIDQuery(self.p, user="******", user_regex=True) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test11a", "test11b"], sids) def test_020_role_exact(self): """Initial SID query with context role exact match""" q = InitialSIDQuery(self.p, role="role20_r", role_regex=False) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test20"], sids) def test_021_role_regex(self): """Initial SID query with context role regex match""" q = InitialSIDQuery(self.p, role="role21(a|c)_r", role_regex=True) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test21a", "test21c"], sids) def test_030_type_exact(self): """Initial SID query with context type exact match""" q = InitialSIDQuery(self.p, type_="type30", type_regex=False) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test30"], sids) def test_031_type_regex(self): """Initial SID query with context type regex match""" q = InitialSIDQuery(self.p, type_="type31(b|c)", type_regex=True) sids = sorted(str(s) for s in q.results()) self.assertListEqual(["test31b", "test31c"], sids)
def setUpClass(cls): cls.p = SELinuxPolicy("tests/fsusequery.conf")
class ObjClassQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/objclassquery.conf") def test_000_unset(self): """Class query with no criteria.""" # query with no parameters gets all types. for numclasses, c in enumerate(self.p.classes(), start=1): pass q = ObjClassQuery(self.p) for q_numclasses, u in enumerate(q.results(), start=1): pass self.assertEqual(numclasses, q_numclasses) def test_001_name_exact(self): """Class query with exact name match.""" q = ObjClassQuery(self.p, name="infoflow") classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow"], classes) def test_002_name_regex(self): """Class query with regex name match.""" q = ObjClassQuery(self.p, name="infoflow(2|3)", name_regex=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow2", "infoflow3"], classes) def test_010_common_exact(self): """Class query with exact common name match.""" q = ObjClassQuery(self.p, common="infoflow") classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow", "infoflow2", "infoflow4", "infoflow7"], classes) def test_011_common_regex(self): """Class query with regex common name match.""" q = ObjClassQuery(self.p, common="com_[ab]", common_regex=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow5", "infoflow6"], classes) def test_020_perm_indirect_intersect(self): """Class query with indirect, intersect permission name patch.""" q = ObjClassQuery( self.p, perms=set(["send"]), perms_indirect=True, perms_equal=False) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow6"], classes) def test_021_perm_direct_intersect(self): """Class query with direct, intersect permission name patch.""" q = ObjClassQuery( self.p, perms=set(["super_r"]), perms_indirect=False, perms_equal=False) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow2", "infoflow4", "infoflow8"], classes) def test_022_perm_indirect_equal(self): """Class query with indirect, equal permission name patch.""" q = ObjClassQuery(self.p, perms=set( ["low_w", "med_w", "hi_w", "low_r", "med_r", "hi_r", "unmapped"]), perms_indirect=True, perms_equal=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow7"], classes) def test_023_perm_direct_equal(self): """Class query with direct, equal permission name patch.""" q = ObjClassQuery(self.p, perms=set( ["super_r", "super_w"]), perms_indirect=False, perms_equal=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow2", "infoflow8"], classes) def test_024_perm_indirect_regex(self): """Class query with indirect, regex permission name patch.""" q = ObjClassQuery( self.p, perms="(send|setattr)", perms_indirect=True, perms_regex=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow6", "infoflow9"], classes) def test_025_perm_direct_regex(self): """Class query with direct, regex permission name patch.""" q = ObjClassQuery( self.p, perms="(read|super_r)", perms_indirect=False, perms_regex=True) classes = sorted(str(c) for c in q.results()) self.assertListEqual(["infoflow10", "infoflow2", "infoflow4", "infoflow8"], classes)
def setUpClass(cls): cls.p = SELinuxPolicy("tests/policyrep/initsid.conf")
class RBACRuleQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/rbacrulequery.conf") def test_000_unset(self): """RBAC rule query with no criteria.""" # query with no parameters gets all RBAC rules. for numrules, r in enumerate(self.p.rbacrules(), start=1): pass q = RBACRuleQuery(self.p) for q_numrules, r in enumerate(q.results(), start=1): pass self.assertEqual(numrules, q_numrules) def test_001_source_direct(self): """RBAC rule query with exact, direct, source match.""" q = RBACRuleQuery( self.p, source="test1s", source_indirect=False, source_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 2) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test1s") self.assertEqual(r[0].target, "test1t") self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass") self.assertRaises(InvalidRuleUse, getattr, r[0], "default") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") self.assertEqual(r[1].ruletype, "role_transition") self.assertEqual(r[1].source, "test1s") self.assertEqual(r[1].target, "system") self.assertEqual(r[1].tclass, "infoflow") self.assertEqual(r[1].default, "test1t") self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_002_source_direct_regex(self): """RBAC rule query with regex, direct, source match.""" q = RBACRuleQuery( self.p, source="test2s(1|2)", source_indirect=False, source_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test2s1") self.assertEqual(r[0].target, "test2t") self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass") self.assertRaises(InvalidRuleUse, getattr, r[0], "default") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_010_target_direct(self): """RBAC rule query with exact, direct, target match.""" q = RBACRuleQuery( self.p, target="test10t", target_indirect=False, target_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test10s") self.assertEqual(r[0].target, "test10t") self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass") self.assertRaises(InvalidRuleUse, getattr, r[0], "default") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_011_target_direct_regex(self): """RBAC rule query with regex, direct, target match.""" q = RBACRuleQuery( self.p, target="test11t(1|3)", target_indirect=False, target_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "allow") self.assertEqual(r[0].source, "test11s") self.assertEqual(r[0].target, "test11t1") self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass") self.assertRaises(InvalidRuleUse, getattr, r[0], "default") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_020_class(self): """RBAC rule query with exact object class match.""" q = RBACRuleQuery(self.p, tclass="infoflow2", tclass_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "role_transition") self.assertEqual(r[0].source, "test20") self.assertEqual(r[0].target, "system") self.assertEqual(r[0].tclass, "infoflow2") self.assertEqual(r[0].default, "test20d2") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_021_class_list(self): """RBAC rule query with object class list match.""" q = RBACRuleQuery( self.p, tclass=["infoflow3", "infoflow4"], tclass_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 2) self.assertEqual(r[0].ruletype, "role_transition") self.assertEqual(r[0].source, "test21") self.assertEqual(r[0].target, "system") self.assertEqual(r[0].tclass, "infoflow3") self.assertEqual(r[0].default, "test21d3") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") self.assertEqual(r[1].ruletype, "role_transition") self.assertEqual(r[1].source, "test21") self.assertEqual(r[1].target, "system") self.assertEqual(r[1].tclass, "infoflow4") self.assertEqual(r[1].default, "test21d2") self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_022_class_regex(self): """RBAC rule query with object class regex match.""" q = RBACRuleQuery(self.p, tclass="infoflow(5|6)", tclass_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) self.assertEqual(r[0].ruletype, "role_transition") self.assertEqual(r[0].source, "test22") self.assertEqual(r[0].target, "system") self.assertEqual(r[0].tclass, "infoflow5") self.assertEqual(r[0].default, "test22d2") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") self.assertEqual(r[1].ruletype, "role_transition") self.assertEqual(r[1].source, "test22") self.assertEqual(r[1].target, "system") self.assertEqual(r[1].tclass, "infoflow6") self.assertEqual(r[0].default, "test22d2") self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_030_default(self): """RBAC rule query with exact default match.""" q = RBACRuleQuery( self.p, default="test30d", default_regex=False) r = sorted(q.results()) self.assertEqual(len(r), 1) self.assertEqual(r[0].ruletype, "role_transition") self.assertEqual(r[0].source, "test30s") self.assertEqual(r[0].target, "system") self.assertEqual(r[0].tclass, "infoflow") self.assertEqual(r[0].default, "test30d") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") def test_031_default_regex(self): """RBAC rule query with regex default match.""" q = RBACRuleQuery( self.p, default="test31d(2|3)", default_regex=True) r = sorted(q.results()) self.assertEqual(len(r), 2) self.assertEqual(r[0].ruletype, "role_transition") self.assertEqual(r[0].source, "test31s") self.assertEqual(r[0].target, "system") self.assertEqual(r[0].tclass, "infoflow7") self.assertEqual(r[0].default, "test31d3") self.assertRaises(RuleNotConditional, getattr, r[0], "conditional") self.assertEqual(r[1].ruletype, "role_transition") self.assertEqual(r[1].source, "test31s") self.assertEqual(r[1].target, "system") self.assertEqual(r[1].tclass, "process") self.assertEqual(r[1].default, "test31d2") self.assertRaises(RuleNotConditional, getattr, r[1], "conditional") def test_040_ruletype(self): """RBAC rule query with rule type.""" q = RBACRuleQuery(self.p, ruletype=["allow"]) for num, r in enumerate(sorted(q.results()), start=1): self.assertEqual(r.ruletype, "allow") # this will have to be updated as number of # role allows change in the test policy self.assertEqual(num, 8)
class TypeQueryTest(unittest.TestCase): def setUp(self): self.p = SELinuxPolicy("tests/typequery.conf") def test_000_unset(self): """Type query with no criteria.""" # query with no parameters gets all types. alltypes = sorted(str(t) for t in self.p.types()) q = TypeQuery(self.p) qtypes = sorted(str(t) for t in q.results()) self.assertListEqual(alltypes, qtypes) def test_001_name_exact(self): """Type query with exact name match.""" q = TypeQuery(self.p, name="test1") types = sorted(str(t) for t in q.results()) self.assertListEqual(["test1"], types) def test_002_name_regex(self): """Type query with regex name match.""" q = TypeQuery(self.p, name="test2(a|b)", name_regex=True) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test2a", "test2b"], types) def test_010_attr_intersect(self): """Type query with attribute set intersection.""" q = TypeQuery(self.p, attrs=["test10a", "test10b"]) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test10t1", "test10t2", "test10t3", "test10t4", "test10t5", "test10t6"], types) def test_011_attr_equality(self): """Type query with attribute set equality.""" q = TypeQuery(self.p, attrs=["test11a", "test11b"], attrs_equal=True) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test11t2"], types) def test_012_attr_regex(self): """Type query with attribute regex match.""" q = TypeQuery(self.p, attrs="test12(a|b)", attrs_regex=True) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test12t1", "test12t2", "test12t3", "test12t4", "test12t5", "test12t6"], types) def test_020_alias_exact(self): """Type query with exact alias match.""" q = TypeQuery(self.p, alias="test20a") types = sorted(str(t) for t in q.results()) self.assertListEqual(["test20t1"], types) def test_021_alias_regex(self): """Type query with regex alias match.""" q = TypeQuery(self.p, alias="test21(a|b)", alias_regex=True) types = sorted(str(t) for t in q.results()) self.assertListEqual(["test21t1", "test21t2"], types)
def setUp(self): self.p = SELinuxPolicy("tests/terulequery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/policyrep/role.conf")
def setUp(self): self.p = SELinuxPolicy("tests/commonquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/nodeconquery.conf")
def setUp(self): self.p = SELinuxPolicy("tests/boundsquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/sensitivityquery.conf")
def setUp(self): self.p = SELinuxPolicy("tests/userquery.conf")
def setUpClass(cls): cls.p = SELinuxPolicy("tests/categoryquery.conf")