Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages | Search for 
libpoldiff / tests

components-tests.c

Go to the documentation of this file.
00001 /**
00002  *  @file
00003  *
00004  *  Test the libpoldiff's correctness for components.
00005  *
00006  *  @author Paul Rosenfeld prosenfeld@tresys.com
00007  *
00008  *  Copyright (C) 2007 Tresys Technology, LLC
00009  *
00010  *  This library is free software; you can redistribute it and/or
00011  *  modify it under the terms of the GNU Lesser General Public
00012  *  License as published by the Free Software Foundation; either
00013  *  version 2.1 of the License, or (at your option) any later version.
00014  *
00015  *  This library is distributed in the hope that it will be useful,
00016  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00018  *  Lesser General Public License for more details.
00019  *
00020  *  You should have received a copy of the GNU Lesser General Public
00021  *  License along with this library; if not, write to the Free Software
00022  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00023  */
00024 
00025 #include <config.h>
00026 
00027 #include "libpoldiff-tests.h"
00028 #include "components-tests.h"
00029 #include "policy-defs.h"
00030 #include <CUnit/Basic.h>
00031 #include <CUnit/TestDB.h>
00032 
00033 #include <apol/util.h>
00034 
00035 #include <stdio.h>
00036 #include <errno.h>
00037 #include <getopt.h>
00038 #include <stdint.h>
00039 #include <stdlib.h>
00040 #include <string.h>
00041 
00042 char *unchanged_attributes[] = {
00043 /* 00.0 */
00044         "data",
00045         NULL
00046 };
00047 char *added_attributes[] = {
00048 /* 00.1 */
00049         "mineral",
00050         NULL
00051 };
00052 char *removed_attributes[] = {
00053 /* 00.2 */
00054         "other",
00055         NULL
00056 };
00057 char *modified_attributes[] = {
00058 /* 00.3.0 */
00059         "tree +holly_t",
00060 /* 00.3.1 */
00061         "fish -bass_t",
00062         "plant -daikon_t",
00063 /* 00.3.2 */
00064         "animal +hippo_t",
00065         "animal -bass_t",
00066         "animal -koala_t",
00067         "mammal +hippo_t",
00068         "mammal -bear_t",
00069         NULL
00070 };
00071 char *unchanged_bools[] = {
00072 /* 02.0 */
00073         "frog",
00074         NULL
00075 };
00076 char *added_bools[] = {
00077 /* 02.1 */
00078         "shark",
00079         NULL
00080 };
00081 char *removed_bools[] = {
00082 /* 02.2 */
00083         "dog",
00084         NULL
00085 };
00086 char *modified_bools[] = {
00087 /* 02.3 */
00088         "wark",
00089         NULL
00090 };
00091 char *unchanged_classes[] = {
00092 /* 04.0 */
00093         "filesystem", "dir", "blk_file", "sock_file", "fifo_file", "netif",
00094         "process", "msg", "security", "system", "capability", "passwd",
00095         "window", "font", "colormap", "property", "cursor", "xclient",
00096         "xinput", "xserver", "xextension", "pax", "dbus", "ncsd",
00097         "association", "context", NULL
00098 };
00099 char *added_classes[] = {
00100 /* 04.1 */
00101         "thing",
00102         NULL
00103 };
00104 char *removed_classes[] = {
00105 /* 04.2 */
00106         "key",
00107         NULL
00108 };
00109 char *modified_classes[] = {
00110 /* 04.3.00 */
00111         "fd +be",
00112 /* 04.3.01 */
00113         "chr_file -execmod",
00114 /* 04.3.02*/
00115         "file +newperm",
00116         "file -execmod",
00117 /* 04.3.03 */
00118         "ipc +unix_exec",
00119         "sem +unix_exec",
00120 /* 04.3.04 */
00121         "socket -name_bind",
00122         "tcp_socket -name_bind",
00123         "udp_socket -name_bind",
00124         "netlink_socket -name_bind",
00125         "packet_socket -name_bind",
00126         "key_socket -name_bind",
00127         "unix_dgram_socket -name_bind",
00128         "dccp_socket -name_bind",
00129         "netlink_route_socket -name_bind",
00130         "netlink_firewall_socket -name_bind",
00131         "netlink_tcpdiag_socket -name_bind",
00132         "netlink_nflog_socket -name_bind",
00133         "netlink_xfrm_socket -name_bind",
00134         "netlink_selinux_socket -name_bind",
00135         "netlink_audit_socket -name_bind",
00136         "netlink_ip6fw_socket -name_bind",
00137         "netlink_dnrt_socket -name_bind",
00138         "appletalk_socket -name_bind",
00139         "netlink_kobject_uevent_socket -name_bind",
00140 /* 04.3.05 */
00141         "drawable +bar",
00142         "drawable -blah",
00143 /* 04.3.06 */
00144         "msgq +unix_exec",
00145         "msgq +dequeue",
00146 /* 04.3.07 */
00147         "rawip_socket -name_bind",
00148         "rawip_socket +ip_bind",
00149 /* 04.3.08 */
00150         "shm +unix_exec",
00151         "shm -lock",
00152 /* 04.3.09 */
00153         "unix_stream_socket -newconn",
00154         "unix_stream_socket -name_bind",
00155 /* 04.3.10 */
00156         "gc +bar",
00157         "gc +remove",
00158         "gc -blah",
00159         "gc -free",
00160         NULL
00161 };
00162 
00163 char *unchanged_commons[] = {
00164 /* 05.0 */
00165         "file",
00166         NULL
00167 };
00168 char *added_commons[] = {
00169 /* 05.1 */
00170         "new",
00171         NULL
00172 };
00173 char *removed_commons[] = {
00174 /* 05.2 */
00175         "old",
00176         NULL
00177 };
00178 char *modified_commons[] = {
00179 /* 05.3.0 */
00180         "ipc +unix_exec",
00181 /* 05.3.1 */
00182         "socket -name_bind",
00183 /* 05.3.2 */
00184         "bob -blah",
00185         "bob +bar",
00186         NULL
00187 };
00188 
00189 char *unchanged_roles[] = {
00190 /* 08.0 */
00191         "placeholder_r", "admin_r", "intern_r",
00192         NULL
00193 };
00194 char *added_roles[] = {
00195 /* 08.1 */
00196         "strange_r",
00197         NULL
00198 };
00199 char *removed_roles[] = {
00200 /* 08.2 */
00201         "guest_r",
00202         NULL
00203 };
00204 char *modified_roles[] = {
00205 /* 08.3.0 */
00206         "user_r +hippo_t",
00207 /* 08.3.1 */
00208         "lumberjack_r +holly_t",
00209 /* 08.3.2 */
00210         "staff_r -bass_t",
00211 /* 08.3.3 */
00212         "aquarium_r -bass_t",
00213         "garden_r -daikon_t",
00214 /* 08.3.4 */
00215         "object_r +hippo_t",
00216         "object_r +acorn_t",
00217         "object_r -bass_t",
00218         "object_r -koala_t",
00219         "deity_r +acorn_t",
00220         "deity_r +hippo_t",
00221         "deity_r -bass_t",
00222         "deity_r -dirt_t",
00223         "deity_r -koala_t",
00224 /* 08.3.5 */
00225         "zoo_r +hippo_t",
00226         "zoo_r -bass_t",
00227         "zoo_r -koala_t",
00228         "mammal_r +hippo_t",
00229         "mammal_r -bear_t",
00230         NULL
00231 };
00232 
00233 char *unchanged_types[] = {
00234 /* 12.0.0 */
00235         "placeholder_t", "finch_t", "trout_t",
00236         "birch_t", "oak_t", "potato_t", "tiger_t",
00237         "lion_t", "pine_t", "log_t", "file_t",
00238 /* 12.0.1 */
00239         "firefly_t", "lightningbug_t",
00240 /* 12.0.2 */
00241         "rock_t", "big_stone_t",
00242         NULL
00243 };
00244 
00245 char *added_types[] = {
00246 /* 12.1.0 */
00247         "hippo_t",
00248         "acorn_t",
00249         NULL
00250 };
00251 
00252 /* 12.1.1 */
00253 char *removed_types[] = {
00254 /* 12.2.0 */
00255         "bass_t",
00256 /* 12.2.1 */
00257         "koala_t",
00258         NULL
00259 };
00260 
00261 char *modified_types[] = {
00262 /* 12.3.0 */
00263         "holly_t +tree",
00264 /* 12.3.1 */
00265         "bear_t -mammal",
00266 /* 12.3.2 */
00267         "daikon_t -plant",
00268         "daikon_t +mineral",
00269 /* 12.3.3 */
00270         "glass_t -> crystal_t +mineral",
00271 /* 12.3.4 */
00272         "dirt_t -> soil_t +mineral",
00273 /* NEED TO BE ADDED */
00274         "stone_t -other",
00275         "system_t -other",
00276         NULL
00277 };
00278 char *aliased_types[] = {
00279         /* 12.2.1 */
00280         "bear_t -> koala_t",
00281         NULL
00282 };
00283 
00284 char *unchanged_users[] = {
00285 /* 13.0 */
00286         "placeholder_u", "su_u", "cyn_u", "danika_u",
00287         NULL
00288 };
00289 char *added_users[] = {
00290 /* 13.1 */
00291         "gai_u",
00292         NULL
00293 };
00294 char *removed_users[] = {
00295 /* 13.2 */
00296         "mehnlo_u",
00297         NULL
00298 };
00299 char *modified_users[] = {
00300 /* 13.3.0 */
00301         "devona_u +aquarium_r",
00302         "eve_u +strange_r",
00303 /* 13.3.1 */
00304         "nika_u -user_r",
00305 /* 13.3.2 */
00306         "meloni_u +garden_r",
00307         "meloni_u -user_r",
00308         NULL
00309 };
00310 
00311 /* This #define is kind of like a template since all of the "get_name" classes
00312  * follow the same pattern. The wrapped function name comes out the same as the
00313  * original, but with a _w at the end (for example: poldiff_attribute_get_name_w
00314  * see definition in components-tests.h */
00315 WRAP_NAME_FUNC(attrib)
00316         WRAP_NAME_FUNC(bool)
00317         WRAP_NAME_FUNC(class)
00318         WRAP_NAME_FUNC(common)
00319         WRAP_NAME_FUNC(role)
00320         WRAP_NAME_FUNC(type)
00321         WRAP_NAME_FUNC(user)
00322         WRAP_NAME_FUNC(cat)
00323 /* This is the same idea except for with "get_added" and "get_removed" */
00324         WRAP_MOD_FUNC(class, perms, added)
00325         WRAP_MOD_FUNC(class, perms, removed)
00326         WRAP_MOD_FUNC(attrib, types, added)
00327         WRAP_MOD_FUNC(attrib, types, removed)
00328         WRAP_MOD_FUNC(common, perms, added)
00329         WRAP_MOD_FUNC(common, perms, removed)
00330         WRAP_MOD_FUNC(role, types, added)
00331         WRAP_MOD_FUNC(role, types, removed)
00332         WRAP_MOD_FUNC(user, roles, added)
00333         WRAP_MOD_FUNC(user, roles, removed)
00334         WRAP_MOD_FUNC(type, attribs, added)
00335         WRAP_MOD_FUNC(type, attribs, removed)
00336 
00337 void build_component_vecs(component_funcs_t * component_funcs)
00338 {
00339         size_t i;
00340         const void *item = NULL;
00341         const apol_vector_t *v = NULL;
00342         v = component_funcs->get_diff_vector(diff);
00343         for (i = 0; i < apol_vector_get_size(v); i++) {
00344                 item = apol_vector_get_element(v, i);
00345                 const char *name_only = NULL;
00346                 name_only = component_funcs->get_name(item);
00347                 if (component_funcs->get_form(item) == POLDIFF_FORM_ADDED) {
00348                         apol_vector_append(added_v, strdup(name_only));
00349                 } else if (component_funcs->get_form(item) == POLDIFF_FORM_REMOVED) {
00350                         apol_vector_append(removed_v, strdup(name_only));
00351                 } else if (component_funcs->get_form(item) == POLDIFF_FORM_MODIFIED) {
00352                         apol_vector_append(modified_name_only_v, strdup(name_only));
00353                         size_t j;
00354                         if (component_funcs->get_added) {
00355                                 const apol_vector_t *added_elements = component_funcs->get_added(item);
00356                                 for (j = 0; j < apol_vector_get_size(added_elements); ++j) {
00357                                         char *added_element;
00358                                         added_element = apol_vector_get_element(added_elements, j);
00359                                         char *modification_str = NULL;
00360                                         size_t modification_str_len = 0;
00361                                         apol_str_appendf(&modification_str, &modification_str_len, "%s %s%s", name_only, "+",
00362                                                          added_element);
00363                                         apol_vector_append(modified_v, modification_str);
00364                                 }
00365                         }
00366                         if (component_funcs->get_removed) {
00367                                 const apol_vector_t *removed_elements = component_funcs->get_removed(item);
00368                                 for (j = 0; j < apol_vector_get_size(removed_elements); ++j) {
00369                                         char *removed_element;
00370                                         removed_element = apol_vector_get_element(removed_elements, j);
00371                                         char *modification_str = NULL;
00372                                         size_t modification_str_len = 0;
00373                                         apol_str_appendf(&modification_str, &modification_str_len, "%s %s%s", name_only, "-",
00374                                                          removed_element);
00375                                         apol_vector_append(modified_v, modification_str);
00376                                 }
00377                         }
00378                         if (!(component_funcs->get_added && component_funcs)) {
00379                                 apol_vector_append(modified_v, strdup(name_only));
00380                         }
00381                 }
00382         }
00383 }
00384 
00385 void components_types_tests()
00386 {
00387         poldiff_test_answers_t *answers = init_answer_vectors(added_types, removed_types, unchanged_types, modified_types);
00388         component_funcs_t *funcs = init_test_funcs(poldiff_get_type_vector, poldiff_type_get_name_w,
00389                                                    poldiff_type_get_form, poldiff_type_get_added_attribs_w,
00390                                                    poldiff_type_get_removed_attribs_w);
00391         run_test(funcs, answers, COMPONENT);
00392         free(funcs);
00393         /* this is for the alias tests */
00394         size_t i;
00395         apol_vector_t *orig_aliases_v = apol_vector_create(free);
00396         apol_vector_t *mod_aliases_v = apol_vector_create(free);
00397         apol_vector_t *final_aliases_v = apol_vector_create(free);
00398         apol_vector_t *correct_final_aliases_v = string_array_to_vector(aliased_types);
00399         apol_vector_t *changed_aliases_v;
00400 
00401         qpol_policy_t *orig_qpolicy = apol_policy_get_qpol(orig_policy);
00402         qpol_policy_t *mod_qpolicy = apol_policy_get_qpol(mod_policy);
00403 
00404         qpol_iterator_t *orig_types;
00405         qpol_iterator_t *mod_types;
00406 
00407         qpol_policy_get_type_iter(mod_qpolicy, &orig_types);
00408         for (; !qpol_iterator_end(orig_types); qpol_iterator_next(orig_types)) {
00409                 unsigned char isalias = 0;
00410                 qpol_type_t *qpol_type;
00411                 const char *name;
00412                 qpol_iterator_get_item(orig_types, (void **)&qpol_type);
00413                 qpol_type_get_name(orig_qpolicy, qpol_type, &name);
00414                 qpol_type_get_isalias(orig_qpolicy, qpol_type, &isalias);
00415                 if (!isalias) {
00416                         apol_vector_append(orig_aliases_v, strdup(name));
00417                 }
00418         }
00419         qpol_policy_get_type_iter(mod_qpolicy, &mod_types);
00420         for (; !qpol_iterator_end(mod_types); qpol_iterator_next(mod_types)) {
00421                 unsigned char isalias = 0;
00422                 const qpol_type_t *qpol_type;
00423                 const char *name;
00424                 qpol_iterator_get_item(mod_types, (void **)&qpol_type);
00425                 qpol_type_get_name(mod_qpolicy, qpol_type, &name);
00426                 qpol_type_get_isalias(mod_qpolicy, qpol_type, &isalias);
00427                 if (isalias) {
00428                         apol_vector_append(mod_aliases_v, strdup(name));
00429                 }
00430         }
00431 
00432         changed_aliases_v = apol_vector_create_from_intersection(orig_aliases_v, mod_aliases_v, apol_str_strcmp, NULL);
00433         char *alias_str = NULL, *str = NULL;
00434         size_t alias_str_len = 0, str_len = 0;
00435         for (i = 0; i < apol_vector_get_size(changed_aliases_v); ++i) {
00436                 char *name = apol_vector_get_element(changed_aliases_v, i);
00437                 qpol_iterator_t *aliased_to;
00438                 const qpol_type_t *qtype;
00439                 qpol_policy_get_type_by_name(mod_qpolicy, name, &qtype);
00440                 qpol_type_get_alias_iter(mod_qpolicy, qtype, &aliased_to);
00441                 for (; !qpol_iterator_end(aliased_to); qpol_iterator_next(aliased_to)) {
00442                         const char *name;
00443                         qpol_iterator_get_item(aliased_to, (void **)&name);
00444                         apol_str_append(&alias_str, &alias_str_len, name);
00445                 }
00446                 apol_str_appendf(&str, &str_len, "%s -> %s", name, alias_str);
00447                 free(alias_str);
00448                 apol_vector_append(final_aliases_v, str);
00449                 qpol_iterator_destroy(&aliased_to);
00450         }
00451         apol_vector_sort(final_aliases_v, compare_str, NULL);
00452         apol_vector_sort(correct_final_aliases_v, compare_str, NULL);
00453         size_t first_diff = 0;
00454         int test_result;
00455 
00456         CU_ASSERT_FALSE(test_result =
00457                         apol_vector_compare(final_aliases_v, correct_final_aliases_v, compare_str, NULL, &first_diff));
00458         if (test_result) {
00459                 print_test_failure(final_aliases_v, correct_final_aliases_v, first_diff, "Aliases");
00460         }
00461         apol_vector_destroy(&orig_aliases_v);
00462         apol_vector_destroy(&mod_aliases_v);
00463         apol_vector_destroy(&final_aliases_v);
00464         apol_vector_destroy(&correct_final_aliases_v);
00465         apol_vector_destroy(&changed_aliases_v);
00466         qpol_iterator_destroy(&mod_types);
00467         qpol_iterator_destroy(&orig_types);
00468 
00469         cleanup_test(answers);
00470 }
00471 
00472 void components_bools_tests()
00473 {
00474         poldiff_test_answers_t *answers = init_answer_vectors(added_bools, removed_bools, unchanged_bools, modified_bools);
00475         component_funcs_t *funcs = init_test_funcs(poldiff_get_bool_vector, poldiff_bool_get_name_w,
00476                                                    poldiff_bool_get_form, NULL, NULL);
00477         run_test(funcs, answers, COMPONENT);
00478         free(funcs);
00479         cleanup_test(answers);
00480 }
00481 
00482 void components_users_tests()
00483 {
00484         poldiff_test_answers_t *answers = init_answer_vectors(added_users, removed_users, unchanged_users, modified_users);
00485         component_funcs_t *funcs = init_test_funcs(poldiff_get_user_vector, poldiff_user_get_name_w,
00486                                                    poldiff_user_get_form, poldiff_user_get_added_roles_w,
00487                                                    poldiff_user_get_removed_roles_w);
00488         run_test(funcs, answers, COMPONENT);
00489         free(funcs);
00490         cleanup_test(answers);
00491 }
00492 
00493 void components_roles_tests()
00494 {
00495         poldiff_test_answers_t *answers = init_answer_vectors(added_roles, removed_roles, unchanged_roles, modified_roles);
00496         component_funcs_t *funcs = init_test_funcs(poldiff_get_role_vector, poldiff_role_get_name_w, poldiff_role_get_form,
00497                                                    poldiff_role_get_added_types_w, poldiff_role_get_removed_types_w);
00498         run_test(funcs, answers, COMPONENT);
00499         free(funcs);
00500         cleanup_test(answers);
00501 }
00502 
00503 void components_commons_tests()
00504 {
00505         poldiff_test_answers_t *answers = init_answer_vectors(added_commons, removed_commons, unchanged_commons, modified_commons);
00506         component_funcs_t *funcs = init_test_funcs(poldiff_get_common_vector, poldiff_common_get_name_w, poldiff_common_get_form,
00507                                                    poldiff_common_get_added_perms_w, poldiff_common_get_removed_perms_w);
00508         run_test(funcs, answers, COMPONENT);
00509         free(funcs);
00510         cleanup_test(answers);
00511 }
00512 
00513 void components_attributes_tests()
00514 {
00515         poldiff_test_answers_t *answers =
00516                 init_answer_vectors(added_attributes, removed_attributes, unchanged_attributes, modified_attributes);
00517         component_funcs_t *funcs = init_test_funcs(poldiff_get_attrib_vector, poldiff_attrib_get_name_w,
00518                                                    poldiff_attrib_get_form, poldiff_attrib_get_added_types_w,
00519                                                    poldiff_attrib_get_removed_types_w);
00520 
00521         run_test(funcs, answers, COMPONENT);
00522         free(funcs);
00523         cleanup_test(answers);
00524 }
00525 
00526 void components_class_tests()
00527 {
00528         poldiff_test_answers_t *answers = init_answer_vectors(added_classes, removed_classes, unchanged_classes, modified_classes);
00529         component_funcs_t *funcs = init_test_funcs(poldiff_get_class_vector, poldiff_class_get_name_w,
00530                                                    poldiff_class_get_form, poldiff_class_get_added_perms_w,
00531                                                    poldiff_class_get_removed_perms_w);
00532         run_test(funcs, answers, COMPONENT);
00533         free(funcs);
00534         cleanup_test(answers);
00535 }
00536 
00537 int components_test_init()
00538 {
00539         if (!(diff = init_poldiff(COMPONENTS_ORIG_POLICY, COMPONENTS_MOD_POLICY))) {
00540                 return 1;
00541         } else {
00542                 return 0;
00543         }
00544 }