# Copyright 2015, Tresys Technology, LLC # # SPDX-License-Identifier: GPL-2.0-only # # Until this is fixed for cython: # pylint: disable=undefined-variable,no-member import unittest from unittest.mock import Mock, patch from setools import SELinuxPolicy from setools.exception import MLSDisabled, InvalidUser @unittest.skip("Needs to be reworked for cython") class UserTest(unittest.TestCase): @classmethod def setUpClass(cls): cls.p = SELinuxPolicy("tests/policyrep/user.conf") def mock_user_factory(self, name, roles, level=None, range_=None): """Factory function for User objects, using a mock qpol object.""" assert (level and range_) or (not level and not range_) # inject object_r, like the compiler does roles_with_objr = roles roles_with_objr.append('object_r') mock_user = Mock(qpol.qpol_user_t) mock_user.name.return_value = name mock_user.role_iter = lambda x: iter(roles_with_objr) mock_user.dfltlevel.return_value = level mock_user.range.return_value = range_ return user_factory(self.p.policy, mock_user) def test_001_lookup(self): """User factory policy lookup.""" user = user_factory(self.p.policy, "user10") self.assertEqual("user10", user.qpol_symbol.name(self.p.policy)) def test_002_lookup_invalid(self): """User factory policy invalid lookup.""" with self.assertRaises(InvalidUser): user_factory(self.p.policy, "INVALID") def test_003_lookup_object(self): """User factory policy lookup of User object.""" user1 = user_factory(self.p.policy, "user10") user2 = user_factory(self.p.policy, user1) self.assertIs(user2, user1) def test_010_string(self): """User basic string rendering.""" user = self.mock_user_factory("username", ['role1']) self.assertEqual("username", str(user)) def test_020_statement_role(self): """User statement, one role.""" with patch('setools.policyrep.mls.enabled', return_value=False): user = self.mock_user_factory("username", ['role20_r']) self.assertEqual("user username roles role20_r;", user.statement()) def test_021_statement_two_roles(self): """User statement, two roles.""" with patch('setools.policyrep.mls.enabled', return_value=False): user = self.mock_user_factory("username", ['role20_r', 'role21a_r']) # roles are stored in a set, so the role order may vary self.assertRegex(user.statement(), "(" "user username roles { role20_r role21a_r };" "|" "user username roles { role21a_r role20_r };" ")") def test_022_statement_one_role_mls(self): """User statement, one role, MLS.""" user = self.mock_user_factory("username", ['role20_r'], level="s0", range_="s0-s2") self.assertEqual("user username roles role20_r level s0 range s0 - s2;", user.statement()) def test_023_statement_two_roles_mls(self): """User statement, two roles, MLS.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r'], level="s0", range_="s0 - s2") # roles are stored in a set, so the role order may vary self.assertRegex( user.statement(), "(" "user username roles { role20_r role21a_r } level s0 range s0 - s2;" "|" "user username roles { role21a_r role20_r } level s0 range s0 - s2;" ")") def test_030_roles(self): """User roles.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r']) self.assertSetEqual(user.roles, set(['role20_r', 'role21a_r'])) def test_040_level(self): """User level.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r'], level="s0", range_="s0-s2") self.assertEqual("s0", user.mls_level) def test_041_level_non_mls(self): """User level, MLS disabled.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r']) with patch('setools.policyrep.mls.enabled', return_value=False): with self.assertRaises(MLSDisabled): user.mls_level def test_050_range(self): """User level.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r'], level="s0", range_="s0-s2") self.assertEqual("s0 - s2", user.mls_range) def test_051_range_non_mls(self): """User level, MLS disabled.""" user = self.mock_user_factory("username", ['role20_r', 'role21a_r'], level="s0", range_="s0-s2") with patch('setools.policyrep.mls.enabled', return_value=False): with self.assertRaises(MLSDisabled): user.mls_range