File: test_user.py

package info (click to toggle)
setools 4.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,600 kB
  • sloc: python: 24,485; makefile: 14
file content (75 lines) | stat: -rw-r--r-- 3,193 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# Copyright 2015, Tresys Technology, LLC
#
# SPDX-License-Identifier: GPL-2.0-only
#
import pytest
import setools


@pytest.mark.obj_args("tests/library/policyrep/user_mls.conf")
class TestUserMLS:

    def test_string(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User basic string rendering."""
        user = compiled_policy.lookup_user("system")
        assert "system" == str(user), f"{user}"

    def test_statement_one_role_mls(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User statement, one role, MLS."""
        user = compiled_policy.lookup_user("user10")
        assert "user user10 roles system level s1:c2 range s1 - s2:c0.c4;" == \
            user.statement(), user.statement()

    def test_023_statement_two_roles_mls(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User statement, two roles, MLS."""
        user = compiled_policy.lookup_user("user20")
        # roles are stored in a set, so the role order may vary
        assert user.statement() in (
            "user user20 roles { role20_r role21a_r } level s0 range s0 - s2:c0.c4;",
            "user user20 roles { role21a_r role20_r } level s0 range s0 - s2:c0.c4;"), \
            user.statement()

    def test_roles(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User roles."""
        user = compiled_policy.lookup_user("user20")
        assert set(['role20_r', 'role21a_r']) == user.roles, user.roles

    def test_level(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User level."""
        user = compiled_policy.lookup_user("user10")
        assert "s1:c2" == user.mls_level, user.mls_level

    def test_range(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User level."""
        user = compiled_policy.lookup_user("user20")
        assert "s0 - s2:c0.c4" == user.mls_range, user.mls_range


@pytest.mark.obj_args("tests/library/policyrep/user_standard.conf", mls=False)
class TestUserStandard:

    def test_statement_role(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User statement, one role."""
        user = compiled_policy.lookup_user("user10")
        assert "user user10 roles system;" == user.statement(), user.statement()

    def test_statement_two_roles(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User statement, two roles."""
        user = compiled_policy.lookup_user("user20")
        # roles are stored in a set, so the role order may vary
        assert user.statement() in (
            "user user20 roles { role20_r role21a_r };",
            "user user20 roles { role21a_r role20_r };"), \
            user.statement()

    def test_level(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User level, MLS disabled."""
        user = compiled_policy.lookup_user("user10")
        with pytest.raises(setools.exception.MLSDisabled):
            user.mls_level

    def test_range(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """User level, MLS disabled."""
        user = compiled_policy.lookup_user("user20")
        with pytest.raises(setools.exception.MLSDisabled):
            user.mls_range