File: test_objclassquery.py

package info (click to toggle)
setools 4.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,600 kB
  • sloc: python: 24,485; makefile: 14
file content (97 lines) | stat: -rw-r--r-- 4,304 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Copyright 2014, Tresys Technology, LLC
#
# SPDX-License-Identifier: GPL-2.0-only
#
import pytest
import setools


@pytest.mark.obj_args("tests/library/objclassquery.conf")
class TestObjClassQuery:

    def test_unset(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with no criteria."""
        # query with no parameters gets all types.
        classes = sorted(compiled_policy.classes())

        q = setools.ObjClassQuery(compiled_policy)
        q_classes = sorted(q.results())

        assert classes == q_classes

    def test_name_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with exact name match."""
        q = setools.ObjClassQuery(compiled_policy, name="infoflow")

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow"] == classes

    def test_name_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with regex name match."""
        q = setools.ObjClassQuery(compiled_policy, name="infoflow(2|3)", name_regex=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow2", "infoflow3"] == classes

    def test_common_exact(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with exact common name match."""
        q = setools.ObjClassQuery(compiled_policy, common="infoflow")

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow", "infoflow2", "infoflow4", "infoflow7"] == classes

    def test_common_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with regex common name match."""
        q = setools.ObjClassQuery(compiled_policy, common="com_[ab]", common_regex=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow5", "infoflow6"] == classes

    def test_perm_indirect_intersect(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with indirect, intersect permission name patch."""
        q = setools.ObjClassQuery(
            compiled_policy, perms=set(["send"]), perms_indirect=True, perms_equal=False)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow6"] == classes

    def test_perm_direct_intersect(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with direct, intersect permission name patch."""
        q = setools.ObjClassQuery(
            compiled_policy, perms=set(["super_r"]), perms_indirect=False, perms_equal=False)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow2", "infoflow4", "infoflow8"] == classes

    def test_perm_indirect_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with indirect, equal permission name patch."""
        q = setools.ObjClassQuery(compiled_policy, perms=set(
            ["low_w", "med_w", "hi_w", "low_r", "med_r", "hi_r", "unmapped"]),
            perms_indirect=True, perms_equal=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow7"] == classes

    def test_perm_direct_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with direct, equal permission name patch."""
        q = setools.ObjClassQuery(compiled_policy, perms=set(
            ["super_r", "super_w"]), perms_indirect=False, perms_equal=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow2", "infoflow8"] == classes

    def test_perm_indirect_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with indirect, regex permission name patch."""
        q = setools.ObjClassQuery(
            compiled_policy, perms="(send|setattr)", perms_indirect=True, perms_regex=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow6", "infoflow9"] == classes

    def test_perm_direct_regex(self, compiled_policy: setools.SELinuxPolicy) -> None:
        """Class query with direct, regex permission name patch."""
        q = setools.ObjClassQuery(
            compiled_policy, perms="(read|super_r)", perms_indirect=False, perms_regex=True)

        classes = sorted(str(c) for c in q.results())
        assert ["infoflow10", "infoflow2", "infoflow4", "infoflow8"] == classes