1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# Copyright 2015, Tresys Technology, LLC
#
# SPDX-License-Identifier: GPL-2.0-only
#
import pytest
import setools
@pytest.mark.obj_args("tests/library/policyrep/objclass.conf")
class TestObjClass:
def test_string(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: string representation"""
cls = compiled_policy.lookup_class("infoflow")
assert "infoflow" == str(cls), str(cls)
def test_perms(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: permissions"""
cls = compiled_policy.lookup_class("infoflow8")
assert frozenset(["super_w", "super_r"]) == cls.perms, f"{cls.perms}"
def test_statement_wo_common_w_unique(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: statement, no common."""
cls = compiled_policy.lookup_class("infoflow8")
assert cls.statement() in (
"class infoflow8\n{\n\tsuper_w\n\tsuper_r\n}",
"class infoflow8\n{\n\tsuper_r\n\tsuper_w\n}"), \
cls.statement()
def test_statement_w_common_w_unique(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: statement, with common."""
cls = compiled_policy.lookup_class("infoflow6")
assert cls.statement() in (
"class infoflow6\ninherits com_b\n{\n\tperm1\n\tperm2\n}",
"class infoflow6\ninherits com_b\n{\n\tperm2\n\tperm1\n}"), \
cls.statement()
def test_statement_w_common_wo_unique(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: statement, with common, no class perms."""
cls = compiled_policy.lookup_class("infoflow5")
assert cls.statement() == "class infoflow5\ninherits com_a\n", cls.statement()
def test_contains_wo_common(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: contains"""
cls = compiled_policy.lookup_class("infoflow10")
assert "read" in cls
assert "execute" not in cls
def test_contains_w_common(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""ObjClass: contains, with common"""
cls = compiled_policy.lookup_class("infoflow4")
assert "super_both" in cls
assert "hi_w" in cls
assert "unmapped" not in cls
|
