capabilities-tests.c

00001 /**
00002  *  @file
00003  *
00004  *  Test policy loading capabilities that were introduced in SETools
00005  *  3.2.
00006  *
00007  *  @author Jeremy A. Mowery jmowery@tresys.com
00008  *  @author Jason Tang jtang@tresys.com
00009  *
00010  *  Copyright (C) 2007-2008 Tresys Technology, LLC
00011  *
00012  *  This library is free software; you can redistribute it and/or
00013  *  modify it under the terms of the GNU Lesser General Public
00014  *  License as published by the Free Software Foundation; either
00015  *  version 2.1 of the License, or (at your option) any later version.
00016  *
00017  *  This library is distributed in the hope that it will be useful,
00018  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00019  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00020  *  Lesser General Public License for more details.
00021  *
00022  *  You should have received a copy of the GNU Lesser General Public
00023  *  License along with this library; if not, write to the Free Software
00024  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00025  */
00026 
00027 #include <config.h>
00028 
00029 #include <CUnit/CUnit.h>
00030 #include <qpol/policy.h>
00031 
00032 #include <stdbool.h>
00033 
00034 #define POLICY_ROOT TEST_POLICIES "/policy-versions"
00035 
00036 struct capability_answer
00037 {
00038         const char *policy_name;
00039         int policy_type;
00040         unsigned int policy_version;
00041         bool has_attributes;
00042         bool has_syn_rules;
00043         bool has_line_numbers;
00044         bool has_conditionals;
00045         bool has_mls;
00046         bool has_polcaps;
00047         bool has_source;
00048         bool has_modules;
00049 };
00050 
00051 static void capability_test(const struct capability_answer *ca)
00052 {
00053         qpol_policy_t *q = NULL;
00054         int policy_type = qpol_policy_open_from_file(ca->policy_name, &q, NULL, NULL, QPOL_POLICY_OPTION_NO_NEVERALLOWS);
00055         CU_ASSERT_FATAL(policy_type >= 0);
00056         CU_ASSERT_EQUAL(policy_type, ca->policy_type);
00057 
00058         unsigned policy_version;
00059         int retval;
00060         retval = qpol_policy_get_policy_version(q, &policy_version);
00061         CU_ASSERT_EQUAL_FATAL(retval, 0);
00062         CU_ASSERT_EQUAL(policy_version, ca->policy_version);
00063 
00064         bool cap;
00065 
00066         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_ATTRIB_NAMES);
00067         CU_ASSERT_EQUAL(cap, ca->has_attributes);
00068 
00069         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES);
00070         CU_ASSERT_EQUAL(cap, ca->has_syn_rules);
00071 
00072         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_LINE_NUMBERS);
00073         CU_ASSERT_EQUAL(cap, ca->has_line_numbers);
00074 
00075         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_CONDITIONALS);
00076         CU_ASSERT_EQUAL(cap, ca->has_conditionals);
00077 
00078         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MLS);
00079         CU_ASSERT_EQUAL(cap, ca->has_mls);
00080 
00081         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_POLCAPS);
00082         CU_ASSERT_EQUAL(cap, ca->has_polcaps);
00083 
00084         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_SOURCE);
00085         CU_ASSERT_EQUAL(cap, ca->has_source);
00086 
00087         cap = (bool) qpol_policy_has_capability(q, QPOL_CAP_MODULES);
00088         CU_ASSERT_EQUAL(cap, ca->has_modules);
00089 
00090         qpol_policy_destroy(&q);
00091 }
00092 
00093 static void capability_v12_source()
00094 {
00095         struct capability_answer cap = {
00096                 POLICY_ROOT "/policy-12.conf",
00097                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00098                 12U,                   // policy version
00099                 true,                  // has attributes
00100                 true,                  // has syntactic rules
00101                 true,                  // has line numbers
00102                 false,                 // has conditionals
00103                 false,                 // has mls
00104                 false,                 // has policy capabilities
00105                 true,                  // has source
00106                 false                  // has modules
00107         };
00108         capability_test(&cap);
00109 }
00110 
00111 static void capability_v15_source()
00112 {
00113         struct capability_answer cap = {
00114                 POLICY_ROOT "/policy-15.conf",
00115                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00116                 15U,                   // policy version
00117                 true,                  // has attributes
00118                 true,                  // has syntactic rules
00119                 true,                  // has line numbers
00120                 false,                 // has conditionals
00121                 false,                 // has mls
00122                 false,                 // has policy capabilities
00123                 true,                  // has source
00124                 false                  // has modules
00125         };
00126         capability_test(&cap);
00127 }
00128 
00129 static void capability_v15_binary()
00130 {
00131         struct capability_answer cap = {
00132                 POLICY_ROOT "/policy.15",
00133                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00134                 15U,                   // policy version
00135                 false,                 // has attributes
00136                 false,                 // has syntactic rules
00137                 false,                 // has line numbers
00138                 false,                 // has conditionals
00139                 false,                 // has mls
00140                 false,                 // has policy capabilities
00141                 false,                 // has source
00142                 false                  // has modules
00143         };
00144         capability_test(&cap);
00145 }
00146 
00147 static void capability_v16_source()
00148 {
00149         struct capability_answer cap = {
00150                 POLICY_ROOT "/policy-16.conf",
00151                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00152                 16U,                   // policy version
00153                 true,                  // has attributes
00154                 true,                  // has syntactic rules
00155                 true,                  // has line numbers
00156                 true,                  // has conditionals
00157                 false,                 // has mls
00158                 false,                 // has policy capabilities
00159                 true,                  // has source
00160                 false                  // has modules
00161         };
00162         capability_test(&cap);
00163 }
00164 
00165 static void capability_v16_binary()
00166 {
00167         struct capability_answer cap = {
00168                 POLICY_ROOT "/policy.16",
00169                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00170                 16U,                   // policy version
00171                 false,                 // has attributes
00172                 false,                 // has syntactic rules
00173                 false,                 // has line numbers
00174                 true,                  // has conditionals
00175                 false,                 // has mls
00176                 false,                 // has policy capabilities
00177                 false,                 // has source
00178                 false                  // has modules
00179         };
00180         capability_test(&cap);
00181 }
00182 
00183 static void capability_v17_source()
00184 {
00185         struct capability_answer cap = {
00186                 POLICY_ROOT "/policy-17.conf",
00187                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00188                 17U,                   // policy version
00189                 true,                  // has attributes
00190                 true,                  // has syntactic rules
00191                 true,                  // has line numbers
00192                 true,                  // has conditionals
00193                 false,                 // has mls
00194                 false,                 // has policy capabilities
00195                 true,                  // has source
00196                 false                  // has modules
00197         };
00198         capability_test(&cap);
00199 }
00200 
00201 static void capability_v17_binary()
00202 {
00203         struct capability_answer cap = {
00204                 POLICY_ROOT "/policy.17",
00205                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00206                 17U,                   // policy version
00207                 false,                 // has attributes
00208                 false,                 // has syntactic rules
00209                 false,                 // has line numbers
00210                 true,                  // has conditionals
00211                 false,                 // has mls
00212                 false,                 // has policy capabilities
00213                 false,                 // has source
00214                 false                  // has modules
00215         };
00216         capability_test(&cap);
00217 }
00218 
00219 static void capability_v18_source()
00220 {
00221         struct capability_answer cap = {
00222                 POLICY_ROOT "/policy-18.conf",
00223                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00224                 18U,                   // policy version
00225                 true,                  // has attributes
00226                 true,                  // has syntactic rules
00227                 true,                  // has line numbers
00228                 true,                  // has conditionals
00229                 false,                 // has mls
00230                 false,                 // has policy capabilities
00231                 true,                  // has source
00232                 false                  // has modules
00233         };
00234         capability_test(&cap);
00235 }
00236 
00237 static void capability_v18_binary()
00238 {
00239         struct capability_answer cap = {
00240                 POLICY_ROOT "/policy.18",
00241                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00242                 18U,                   // policy version
00243                 false,                 // has attributes
00244                 false,                 // has syntactic rules
00245                 false,                 // has line numbers
00246                 true,                  // has conditionals
00247                 false,                 // has mls
00248                 false,                 // has policy capabilities
00249                 false,                 // has source
00250                 false                  // has modules
00251         };
00252         capability_test(&cap);
00253 }
00254 
00255 static void capability_v19_binary()
00256 {
00257         struct capability_answer cap = {
00258                 POLICY_ROOT "/policy.19",
00259                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00260                 19U,                   // policy version
00261                 false,                 // has attributes
00262                 false,                 // has syntactic rules
00263                 false,                 // has line numbers
00264                 true,                  // has conditionals
00265                 false,                 // has mls
00266                 false,                 // has policy capabilities
00267                 false,                 // has source
00268                 false                  // has modules
00269         };
00270         capability_test(&cap);
00271 }
00272 
00273 static void capability_v19_binary_mls()
00274 {
00275         struct capability_answer cap = {
00276                 POLICY_ROOT "/policy-mls.19",
00277                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00278                 19U,                   // policy version
00279                 false,                 // has attributes
00280                 false,                 // has syntactic rules
00281                 false,                 // has line numbers
00282                 true,                  // has conditionals
00283                 true,                  // has mls
00284                 false,                 // has policy capabilities
00285                 false,                 // has source
00286                 false                  // has modules
00287         };
00288         capability_test(&cap);
00289 }
00290 
00291 static void capability_v20_binary()
00292 {
00293         struct capability_answer cap = {
00294                 POLICY_ROOT "/policy.20",
00295                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00296                 20U,                   // policy version
00297                 false,                 // has attributes
00298                 false,                 // has syntactic rules
00299                 false,                 // has line numbers
00300                 true,                  // has conditionals
00301                 false,                 // has mls
00302                 false,                 // has policy capabilities
00303                 false,                 // has source
00304                 false                  // has modules
00305         };
00306         capability_test(&cap);
00307 }
00308 
00309 static void capability_v20_binary_mls()
00310 {
00311         struct capability_answer cap = {
00312                 POLICY_ROOT "/policy-mls.20",
00313                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00314                 20U,                   // policy version
00315                 false,                 // has attributes
00316                 false,                 // has syntactic rules
00317                 false,                 // has line numbers
00318                 true,                  // has conditionals
00319                 true,                  // has mls
00320                 false,                 // has policy capabilities
00321                 false,                 // has source
00322                 false                  // has modules
00323         };
00324         capability_test(&cap);
00325 }
00326 
00327 static void capability_v21_source()
00328 {
00329         struct capability_answer cap = {
00330                 POLICY_ROOT "/policy-mls-21.conf",
00331                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00332                 21U,                   // policy version
00333                 true,                  // has attributes
00334                 true,                  // has syntactic rules
00335                 true,                  // has line numbers
00336                 true,                  // has conditionals
00337                 true,                  // has mls
00338                 false,                 // has policy capabilities
00339                 true,                  // has source
00340                 false                  // has modules
00341         };
00342         capability_test(&cap);
00343 }
00344 
00345 static void capability_v21_binary()
00346 {
00347         struct capability_answer cap = {
00348                 POLICY_ROOT "/policy-mls.21",
00349                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00350                 21U,                   // policy version
00351                 false,                 // has attributes
00352                 false,                 // has syntactic rules
00353                 false,                 // has line numbers
00354                 true,                  // has conditionals
00355                 true,                  // has mls
00356                 false,                 // has policy capabilities
00357                 false,                 // has source
00358                 false                  // has modules
00359         };
00360         capability_test(&cap);
00361 }
00362 
00363 static void capability_v22_source()
00364 {
00365         struct capability_answer cap = {
00366                 POLICY_ROOT "/policy-mls-22.conf",
00367                 QPOL_POLICY_KERNEL_SOURCE,      // policy type
00368                 22U,                   // policy version
00369                 true,                  // has attributes
00370                 true,                  // has syntactic rules
00371                 true,                  // has line numbers
00372                 true,                  // has conditionals
00373                 true,                  // has mls
00374                 true,                  // has policy capabilities
00375                 true,                  // has source
00376                 false                  // has modules
00377         };
00378         capability_test(&cap);
00379 }
00380 
00381 static void capability_v22_binary()
00382 {
00383         struct capability_answer cap = {
00384                 POLICY_ROOT "/policy-mls.22",
00385                 QPOL_POLICY_KERNEL_BINARY,      // policy type
00386                 22U,                   // policy version
00387                 false,                 // has attributes
00388                 false,                 // has syntactic rules
00389                 false,                 // has line numbers
00390                 true,                  // has conditionals
00391                 true,                  // has mls
00392                 true,                  // has policy capabilities
00393                 false,                 // has source
00394                 false                  // has modules
00395         };
00396         capability_test(&cap);
00397 }
00398 
00399 static void capability_modv6_base_binary()
00400 {
00401         struct capability_answer cap = {
00402                 POLICY_ROOT "/base-6.pp",
00403                 QPOL_POLICY_MODULE_BINARY,      // policy type
00404                 6U,                    // policy version
00405                 true,                  // has attributes
00406                 true,                  // has syntactic rules
00407                 false,                 // has line numbers
00408                 true,                  // has conditionals
00409                 true,                  // has mls
00410                 false,                 // has policy capabilities
00411                 false,                 // has source
00412                 true                   // has modules
00413         };
00414         capability_test(&cap);
00415 }
00416 
00417 CU_TestInfo capabilities_tests[] = {
00418         {"v12, source", capability_v12_source},
00419         {"v15, source", capability_v15_source},
00420         {"v15, binary", capability_v15_binary},
00421         {"v16, source", capability_v16_source},
00422         {"v16, binary", capability_v16_binary},
00423         {"v17, source", capability_v17_source},
00424         {"v17, binary", capability_v17_binary},
00425         {"v18, source", capability_v18_source},
00426         {"v18, binary", capability_v18_binary},
00427         {"v19, binary", capability_v19_binary},
00428         {"v19, binary mls", capability_v19_binary_mls},
00429         {"v20, binary", capability_v20_binary},
00430         {"v20, binary mls", capability_v20_binary_mls},
00431         {"v21, source", capability_v21_source},
00432         {"v21, binary", capability_v21_binary},
00433         {"v22, source", capability_v22_source},
00434         {"v22, binary", capability_v22_binary},
00435         {"mod v6, base binary", capability_modv6_base_binary},
00436         CU_TEST_INFO_NULL
00437 };
00438 
00439 int capabilities_init()
00440 {
00441         return 0;
00442 }
00443 
00444 int capabilities_cleanup()
00445 {
00446         return 0;
00447 }