1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
# Copyright 2014, Tresys Technology, LLC
#
# SPDX-License-Identifier: GPL-2.0-only
#
import pytest
import setools
@pytest.mark.obj_args("tests/library/objclassquery.conf")
class TestObjClassQuery:
def test_unset(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with no criteria."""
# query with no parameters gets all types.
classes = sorted(compiled_policy.classes())
q = setools.ObjClassQuery(compiled_policy)
q_classes = sorted(q.results())
assert classes == q_classes
def test_name_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with exact name match."""
q = setools.ObjClassQuery(compiled_policy, name="infoflow")
classes = sorted(str(c) for c in q.results())
assert ["infoflow"] == classes
def test_name_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with regex name match."""
q = setools.ObjClassQuery(compiled_policy, name="infoflow(2|3)", name_regex=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow2", "infoflow3"] == classes
def test_common_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with exact common name match."""
q = setools.ObjClassQuery(compiled_policy, common="infoflow")
classes = sorted(str(c) for c in q.results())
assert ["infoflow", "infoflow2", "infoflow4", "infoflow7"] == classes
def test_common_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with regex common name match."""
q = setools.ObjClassQuery(compiled_policy, common="com_[ab]", common_regex=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow5", "infoflow6"] == classes
def test_perm_indirect_intersect(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with indirect, intersect permission name patch."""
q = setools.ObjClassQuery(
compiled_policy, perms=set(["send"]), perms_indirect=True, perms_equal=False)
classes = sorted(str(c) for c in q.results())
assert ["infoflow6"] == classes
def test_perm_direct_intersect(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with direct, intersect permission name patch."""
q = setools.ObjClassQuery(
compiled_policy, perms=set(["super_r"]), perms_indirect=False, perms_equal=False)
classes = sorted(str(c) for c in q.results())
assert ["infoflow2", "infoflow4", "infoflow8"] == classes
def test_perm_indirect_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with indirect, equal permission name patch."""
q = setools.ObjClassQuery(compiled_policy, perms=set(
["low_w", "med_w", "hi_w", "low_r", "med_r", "hi_r", "unmapped"]),
perms_indirect=True, perms_equal=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow7"] == classes
def test_perm_direct_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with direct, equal permission name patch."""
q = setools.ObjClassQuery(compiled_policy, perms=set(
["super_r", "super_w"]), perms_indirect=False, perms_equal=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow2", "infoflow8"] == classes
def test_perm_indirect_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with indirect, regex permission name patch."""
q = setools.ObjClassQuery(
compiled_policy, perms="(send|setattr)", perms_indirect=True, perms_regex=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow6", "infoflow9"] == classes
def test_perm_direct_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
"""Class query with direct, regex permission name patch."""
q = setools.ObjClassQuery(
compiled_policy, perms="(read|super_r)", perms_indirect=False, perms_regex=True)
classes = sorted(str(c) for c in q.results())
assert ["infoflow10", "infoflow2", "infoflow4", "infoflow8"] == classes
|
