def testGetAvcRuleComponent(self): #test against normal ('allow healthd healthd_exec:file ...) self.test_file.seek(26096) normal_src = {'flags': {'complement': False}, 'set': set(['healthd'])} normal_tgt = { 'flags': { 'complement': False }, 'set': set(['healthd_exec']) } normal_class = {'flags': {'complement': False}, 'set': set(['file'])} normal_perm = { 'flags': { 'complement': False }, 'set': set(['entrypoint', 'read', 'execute']) } self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == normal_src) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == normal_tgt) c = SELinux_CTS.advance_past_whitespace(self.test_file) if c == ':': self.test_file.read(1) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == normal_class) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == normal_perm) #test against 'hard' ('init {fs_type ...' ) self.test_file.seek(26838) hard_src = {'flags': {'complement': False}, 'set': set(['init'])} hard_tgt = { 'flags': { 'complement': False }, 'set': set(['fs_type', 'dev_type', 'file_type']) } hard_class = { 'flags': { 'complement': False }, 'set': set([ 'dir', 'chr_file', 'blk_file', 'file', 'lnk_file', 'sock_file', 'fifo_file' ]) } hard_perm = {'flags': {'complement': False}, 'set': set(['relabelto'])} self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == hard_src) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == hard_tgt) #mimic ':' check: c = SELinux_CTS.advance_past_whitespace(self.test_file) if c == ':': self.test_file.read(1) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == hard_class) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == hard_perm) #test against 'multi-line' ('init {fs_type ...' ) self.test_file.seek(26967) multi_src = { 'flags': { 'complement': False }, 'set': set(['appdomain', '-unconfineddomain']) } multi_tgt = { 'flags': { 'complement': False }, 'set': set([ 'audio_device', 'camera_device', 'dm_device', 'radio_device', 'gps_device', 'rpmsg_device' ]) } multi_class = { 'flags': { 'complement': False }, 'set': set(['chr_file']) } multi_perm = { 'flags': { 'complement': False }, 'set': set(['read', 'write']) } self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == multi_src) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == multi_tgt) c = SELinux_CTS.advance_past_whitespace(self.test_file) if c == ':': self.test_file.read(1) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == multi_class) self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == multi_perm) #test against 'complement' self.test_file.seek(26806) complement = { 'flags': { 'complement': True }, 'set': set(['entrypoint', 'relabelto']) } self.failUnless( SELinux_CTS.get_avc_rule_component(self.test_file) == complement)