1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #include <sepol/policydb/policydb.h>
31 
32 #include "CuTest.h"
33 #include "CilTest.h"
34 #include "test_cil_post.h"
35 
36 #include "../../src/cil_post.h"
37 #include "../../src/cil_internal.h"
38 
test_cil_post_filecon_compare_meta_a_not_b(CuTest * tc)39 void test_cil_post_filecon_compare_meta_a_not_b(CuTest *tc) {
40         struct cil_filecon *afilecon;
41         cil_filecon_init(&afilecon);
42 
43         struct cil_filecon *bfilecon;
44         cil_filecon_init(&bfilecon);
45 
46         afilecon->root_str = "ba.r";
47         afilecon->path_str = "foo";
48 
49         bfilecon->root_str = "barr";
50         bfilecon->path_str = "foo";
51 
52 
53         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
54         CuAssertTrue(tc, rc < 0);
55 }
56 
test_cil_post_filecon_compare_meta_b_not_a(CuTest * tc)57 void test_cil_post_filecon_compare_meta_b_not_a(CuTest *tc) {
58         struct cil_filecon *afilecon;
59         cil_filecon_init(&afilecon);
60 
61         struct cil_filecon *bfilecon;
62         cil_filecon_init(&bfilecon);
63 
64         afilecon->root_str = "bar";
65         afilecon->path_str = "foo";
66 
67         bfilecon->root_str = "ba.rr";
68         bfilecon->path_str = "foo";
69 
70 
71         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
72         CuAssertTrue(tc, rc > 0);
73 }
74 
test_cil_post_filecon_compare_meta_a_and_b_strlen_a_greater_b(CuTest * tc)75 void test_cil_post_filecon_compare_meta_a_and_b_strlen_a_greater_b(CuTest *tc) {
76         struct cil_filecon *afilecon;
77         cil_filecon_init(&afilecon);
78 
79         struct cil_filecon *bfilecon;
80         cil_filecon_init(&bfilecon);
81 
82         afilecon->root_str = ".\\$";
83         afilecon->path_str = ".$({";
84 
85         bfilecon->root_str = ".?";
86         bfilecon->path_str = ".";
87 
88 
89         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
90         CuAssertTrue(tc, rc > 0);
91 }
92 
test_cil_post_filecon_compare_type_atype_greater_btype(CuTest * tc)93 void test_cil_post_filecon_compare_type_atype_greater_btype(CuTest *tc) {
94         struct cil_filecon *afilecon;
95         cil_filecon_init(&afilecon);
96 
97         struct cil_filecon *bfilecon;
98         cil_filecon_init(&bfilecon);
99 
100         afilecon->root_str = ".\\$";
101         afilecon->path_str = ".$({";
102         afilecon->type = CIL_FILECON_CHAR;
103 
104         bfilecon->root_str = ".\\$";
105         bfilecon->path_str = ".$({";
106         bfilecon->type = CIL_FILECON_DIR;
107 
108         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
109         CuAssertTrue(tc, rc > 0);
110 }
111 
test_cil_post_filecon_compare_type_btype_greater_atype(CuTest * tc)112 void test_cil_post_filecon_compare_type_btype_greater_atype(CuTest *tc) {
113         struct cil_filecon *afilecon;
114         cil_filecon_init(&afilecon);
115 
116         struct cil_filecon *bfilecon;
117         cil_filecon_init(&bfilecon);
118 
119         afilecon->root_str = ".\\$";
120         afilecon->path_str = ".$({";
121         afilecon->type = CIL_FILECON_DIR;
122 
123         bfilecon->root_str = ".\\$";
124         bfilecon->path_str = ".$({";
125         bfilecon->type = CIL_FILECON_CHAR;
126 
127 
128         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
129         CuAssertTrue(tc, rc < 0);
130 }
131 
test_cil_post_filecon_compare_meta_a_and_b_strlen_b_greater_a(CuTest * tc)132 void test_cil_post_filecon_compare_meta_a_and_b_strlen_b_greater_a(CuTest *tc) {
133         struct cil_filecon *afilecon;
134         cil_filecon_init(&afilecon);
135 
136         struct cil_filecon *bfilecon;
137         cil_filecon_init(&bfilecon);
138 
139         afilecon->root_str = ".";
140         afilecon->path_str = ".";
141 
142         bfilecon->root_str = ".*+|[({";
143         bfilecon->path_str = ".";
144 
145 
146         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
147         CuAssertTrue(tc, rc < 0);
148 }
149 
test_cil_post_filecon_compare_stemlen_a_greater_b(CuTest * tc)150 void test_cil_post_filecon_compare_stemlen_a_greater_b(CuTest *tc) {
151         struct cil_filecon *afilecon;
152         cil_filecon_init(&afilecon);
153 
154         struct cil_filecon *bfilecon;
155         cil_filecon_init(&bfilecon);
156 
157         afilecon->root_str = "bar";
158         afilecon->path_str = "foo";
159 
160         bfilecon->root_str = "barr";
161         bfilecon->path_str = "foo";
162 
163 
164         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
165         CuAssertTrue(tc, rc < 0);
166 }
167 
test_cil_post_filecon_compare_stemlen_b_greater_a(CuTest * tc)168 void test_cil_post_filecon_compare_stemlen_b_greater_a(CuTest *tc) {
169         struct cil_filecon *afilecon;
170         cil_filecon_init(&afilecon);
171 
172         struct cil_filecon *bfilecon;
173         cil_filecon_init(&bfilecon);
174 
175         afilecon->root_str = "barre";
176         afilecon->path_str = "foo";
177 
178         bfilecon->root_str = "barr";
179         bfilecon->path_str = "foo";
180 
181 
182         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
183         CuAssertTrue(tc, rc > 0);
184 }
185 
test_cil_post_filecon_compare_equal(CuTest * tc)186 void test_cil_post_filecon_compare_equal(CuTest *tc) {
187         struct cil_filecon *afilecon;
188         cil_filecon_init(&afilecon);
189 
190         struct cil_filecon *bfilecon;
191         cil_filecon_init(&bfilecon);
192 
193         afilecon->root_str = ".\\$";
194         afilecon->path_str = ".$({";
195         afilecon->type = CIL_FILECON_DIR;
196 
197         bfilecon->root_str = ".\\$";
198         bfilecon->path_str = ".$({";
199         bfilecon->type = CIL_FILECON_DIR;
200 
201 
202         int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
203         CuAssertIntEquals(tc, 0, rc);
204 }
205 
test_cil_post_portcon_compare_atotal_greater_btotal(CuTest * tc)206 void test_cil_post_portcon_compare_atotal_greater_btotal(CuTest *tc) {
207         struct cil_portcon *aportcon;
208         cil_portcon_init(&aportcon);
209 
210         struct cil_portcon *bportcon;
211         cil_portcon_init(&bportcon);
212 
213         aportcon->port_low = 15;
214         aportcon->port_high = 30;
215 
216         bportcon->port_low = 10;
217         bportcon->port_high = 11;
218 
219         int rc = cil_post_portcon_compare(&aportcon, &bportcon);
220         CuAssertTrue(tc, rc > 0);
221 }
222 
test_cil_post_portcon_compare_btotal_greater_atotal(CuTest * tc)223 void test_cil_post_portcon_compare_btotal_greater_atotal(CuTest *tc) {
224         struct cil_portcon *aportcon;
225         cil_portcon_init(&aportcon);
226 
227         struct cil_portcon *bportcon;
228         cil_portcon_init(&bportcon);
229 
230         aportcon->port_low = 5;
231         aportcon->port_high = 5;
232 
233         bportcon->port_low = 11;
234         bportcon->port_high = 20;
235 
236         int rc = cil_post_portcon_compare(&aportcon, &bportcon);
237         CuAssertTrue(tc, rc < 0);
238 }
239 
test_cil_post_portcon_compare_aportlow_greater_bportlow(CuTest * tc)240 void test_cil_post_portcon_compare_aportlow_greater_bportlow(CuTest *tc) {
241         struct cil_portcon *aportcon;
242         cil_portcon_init(&aportcon);
243 
244         struct cil_portcon *bportcon;
245         cil_portcon_init(&bportcon);
246 
247         aportcon->port_low = 30;
248         aportcon->port_high = 33;
249 
250         bportcon->port_low = 17;
251         bportcon->port_high = 20;
252 
253         int rc = cil_post_portcon_compare(&aportcon, &bportcon);
254         CuAssertTrue(tc, rc > 0);
255 }
256 
test_cil_post_portcon_compare_bportlow_greater_aportlow(CuTest * tc)257 void test_cil_post_portcon_compare_bportlow_greater_aportlow(CuTest *tc) {
258         struct cil_portcon *aportcon;
259         cil_portcon_init(&aportcon);
260 
261         struct cil_portcon *bportcon;
262         cil_portcon_init(&bportcon);
263 
264         aportcon->port_low = 5;
265         aportcon->port_high = 8;
266 
267         bportcon->port_low = 17;
268         bportcon->port_high = 20;
269 
270         int rc = cil_post_portcon_compare(&aportcon, &bportcon);
271         CuAssertTrue(tc, rc < 0);
272 }
273 
test_cil_post_portcon_compare_equal(CuTest * tc)274 void test_cil_post_portcon_compare_equal(CuTest *tc) {
275         struct cil_portcon *aportcon;
276         cil_portcon_init(&aportcon);
277 
278         struct cil_portcon *bportcon;
279         cil_portcon_init(&bportcon);
280 
281         aportcon->port_low = 17;
282         aportcon->port_high = 20;
283 
284         bportcon->port_low = 17;
285         bportcon->port_high = 20;
286 
287         int rc = cil_post_portcon_compare(&aportcon, &bportcon);
288         CuAssertTrue(tc, rc == 0);
289 }
290 
test_cil_post_genfscon_compare_atypestr_greater_btypestr(CuTest * tc)291 void test_cil_post_genfscon_compare_atypestr_greater_btypestr(CuTest *tc) {
292         struct cil_genfscon *agenfscon;
293         cil_genfscon_init(&agenfscon);
294         agenfscon->fs_str = "aaaa";
295 
296         struct cil_genfscon *bgenfscon;
297         cil_genfscon_init(&bgenfscon);
298         bgenfscon->fs_str = "bbbb";
299 
300         int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
301         CuAssertTrue(tc, rc < 0);
302 }
303 
test_cil_post_genfscon_compare_btypestr_greater_atypestr(CuTest * tc)304 void test_cil_post_genfscon_compare_btypestr_greater_atypestr(CuTest *tc) {
305         struct cil_genfscon *agenfscon;
306         cil_genfscon_init(&agenfscon);
307         agenfscon->fs_str = "bbbb";
308 
309         struct cil_genfscon *bgenfscon;
310         cil_genfscon_init(&bgenfscon);
311         bgenfscon->fs_str = "aaaa";
312 
313         int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
314         CuAssertTrue(tc, rc > 0);
315 }
316 
test_cil_post_genfscon_compare_apathstr_greater_bpathstr(CuTest * tc)317 void test_cil_post_genfscon_compare_apathstr_greater_bpathstr(CuTest *tc) {
318         struct cil_genfscon *agenfscon;
319         cil_genfscon_init(&agenfscon);
320         agenfscon->fs_str = "aaaa";
321         agenfscon->path_str = "ff";
322 
323         struct cil_genfscon *bgenfscon;
324         cil_genfscon_init(&bgenfscon);
325         bgenfscon->fs_str = "aaaa";
326         bgenfscon->path_str = "gg";
327 
328         int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
329         CuAssertTrue(tc, rc < 0);
330 }
331 
test_cil_post_genfscon_compare_bpathstr_greater_apathstr(CuTest * tc)332 void test_cil_post_genfscon_compare_bpathstr_greater_apathstr(CuTest *tc) {
333         struct cil_genfscon *agenfscon;
334         cil_genfscon_init(&agenfscon);
335         agenfscon->fs_str = "bbbb";
336         agenfscon->path_str = "cccc";
337 
338         struct cil_genfscon *bgenfscon;
339         cil_genfscon_init(&bgenfscon);
340         bgenfscon->fs_str = "bbbb";
341         bgenfscon->path_str = "aaaa";
342 
343         int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
344         CuAssertTrue(tc, rc > 0);
345 }
346 
test_cil_post_genfscon_compare_equal(CuTest * tc)347 void test_cil_post_genfscon_compare_equal(CuTest *tc) {
348         struct cil_genfscon *agenfscon;
349         cil_genfscon_init(&agenfscon);
350         agenfscon->fs_str = "bbbb";
351         agenfscon->path_str = "cccc";
352 
353         struct cil_genfscon *bgenfscon;
354         cil_genfscon_init(&bgenfscon);
355         bgenfscon->fs_str = "bbbb";
356         bgenfscon->path_str = "cccc";
357 
358         int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
359         CuAssertIntEquals(tc, 0, rc);
360 }
361 
test_cil_post_netifcon_compare_a_greater_b(CuTest * tc)362 void test_cil_post_netifcon_compare_a_greater_b(CuTest *tc) {
363         struct cil_netifcon *anetifcon;
364         cil_netifcon_init(&anetifcon);
365         anetifcon->interface_str = "aaa";
366 
367         struct cil_netifcon *bnetifcon;
368         cil_netifcon_init(&bnetifcon);
369         bnetifcon->interface_str = "bbb";
370 
371         int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
372         CuAssertTrue(tc, rc < 0);
373 }
374 
test_cil_post_netifcon_compare_b_greater_a(CuTest * tc)375 void test_cil_post_netifcon_compare_b_greater_a(CuTest *tc) {
376         struct cil_netifcon *anetifcon;
377         cil_netifcon_init(&anetifcon);
378         anetifcon->interface_str = "bbb";
379 
380         struct cil_netifcon *bnetifcon;
381         cil_netifcon_init(&bnetifcon);
382         bnetifcon->interface_str = "aaa";
383 
384         int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
385         CuAssertTrue(tc, rc > 0);
386 }
387 
test_cil_post_netifcon_compare_equal(CuTest * tc)388 void test_cil_post_netifcon_compare_equal(CuTest *tc) {
389         struct cil_netifcon *anetifcon;
390         cil_netifcon_init(&anetifcon);
391         anetifcon->interface_str = "aaa";
392 
393         struct cil_netifcon *bnetifcon;
394         cil_netifcon_init(&bnetifcon);
395         bnetifcon->interface_str = "aaa";
396 
397         int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
398         CuAssertTrue(tc, rc == 0);
399 }
400 
test_cil_post_nodecon_compare_aipv4_bipv6(CuTest * tc)401 void test_cil_post_nodecon_compare_aipv4_bipv6(CuTest *tc) {
402         struct cil_nodecon *anodecon;
403         cil_nodecon_init(&anodecon);
404         cil_ipaddr_init(&anodecon->addr);
405         cil_ipaddr_init(&anodecon->mask);
406 
407         struct cil_nodecon *bnodecon;
408         cil_nodecon_init(&bnodecon);
409         cil_ipaddr_init(&bnodecon->addr);
410         cil_ipaddr_init(&bnodecon->mask);
411 
412         anodecon->addr->ip.v4.s_addr = 103;
413         anodecon->mask->ip.v4.s_addr = 100;
414         anodecon->addr->family = AF_INET;
415 
416         bnodecon->addr->ip.v4.s_addr = 100;
417         bnodecon->mask->ip.v4.s_addr = 100;
418         bnodecon->addr->family = AF_INET6;
419 
420         int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
421         CuAssertTrue(tc, rc < 0);
422 }
423 
test_cil_post_nodecon_compare_aipv6_bipv4(CuTest * tc)424 void test_cil_post_nodecon_compare_aipv6_bipv4(CuTest *tc) {
425         struct cil_nodecon *anodecon;
426         cil_nodecon_init(&anodecon);
427         cil_ipaddr_init(&anodecon->addr);
428         cil_ipaddr_init(&anodecon->mask);
429 
430         struct cil_nodecon *bnodecon;
431         cil_nodecon_init(&bnodecon);
432         cil_ipaddr_init(&bnodecon->addr);
433         cil_ipaddr_init(&bnodecon->mask);
434 
435         anodecon->addr->ip.v4.s_addr = 103;
436         anodecon->mask->ip.v4.s_addr = 100;
437         anodecon->addr->family = AF_INET6;
438 
439         bnodecon->addr->ip.v4.s_addr = 100;
440         bnodecon->mask->ip.v4.s_addr = 100;
441         bnodecon->addr->family = AF_INET;
442 
443         int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
444         CuAssertTrue(tc, rc > 0);
445 }
446 
test_cil_post_nodecon_compare_aipv4_greaterthan_bipv4(CuTest * tc)447 void test_cil_post_nodecon_compare_aipv4_greaterthan_bipv4(CuTest *tc) {
448         struct cil_nodecon *anodecon;
449         cil_nodecon_init(&anodecon);
450         cil_ipaddr_init(&anodecon->addr);
451         cil_ipaddr_init(&anodecon->mask);
452 
453         struct cil_nodecon *bnodecon;
454         cil_nodecon_init(&bnodecon);
455         cil_ipaddr_init(&bnodecon->addr);
456         cil_ipaddr_init(&bnodecon->mask);
457 
458         anodecon->addr->ip.v4.s_addr = 103;
459         anodecon->mask->ip.v4.s_addr = 100;
460         anodecon->addr->family = AF_INET;
461 
462         bnodecon->addr->ip.v4.s_addr = 100;
463         bnodecon->mask->ip.v4.s_addr = 100;
464         bnodecon->addr->family = AF_INET;
465 
466         int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
467         CuAssertTrue(tc, rc > 0);
468 }
469 
test_cil_post_nodecon_compare_aipv4_lessthan_bipv4(CuTest * tc)470 void test_cil_post_nodecon_compare_aipv4_lessthan_bipv4(CuTest *tc) {
471         struct cil_nodecon *anodecon;
472         cil_nodecon_init(&anodecon);
473         cil_ipaddr_init(&anodecon->addr);
474         cil_ipaddr_init(&anodecon->mask);
475 
476         struct cil_nodecon *bnodecon;
477         cil_nodecon_init(&bnodecon);
478         cil_ipaddr_init(&bnodecon->addr);
479         cil_ipaddr_init(&bnodecon->mask);
480 
481         anodecon->addr->ip.v4.s_addr = 99;
482         anodecon->mask->ip.v4.s_addr = 100;
483         anodecon->addr->family = AF_INET;
484 
485         bnodecon->addr->ip.v4.s_addr = 100;
486         bnodecon->mask->ip.v4.s_addr = 100;
487         bnodecon->addr->family = AF_INET;
488 
489         int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
490         CuAssertTrue(tc, rc < 0);
491 }
492 
test_cil_post_nodecon_compare_amaskipv4_greaterthan_bmaskipv4(CuTest * tc)493 void test_cil_post_nodecon_compare_amaskipv4_greaterthan_bmaskipv4(CuTest *tc) {
494 	struct cil_nodecon *anodecon;
495 	cil_nodecon_init(&anodecon);
496 	cil_ipaddr_init(&anodecon->addr);
497 	cil_ipaddr_init(&anodecon->mask);
498 
499 	struct cil_nodecon *bnodecon;
500 	cil_nodecon_init(&bnodecon);
501 	cil_ipaddr_init(&bnodecon->addr);
502 	cil_ipaddr_init(&bnodecon->mask);
503 
504 	anodecon->addr->ip.v4.s_addr = 103;
505 	anodecon->mask->ip.v4.s_addr = 101;
506 	anodecon->addr->family = AF_INET;
507 
508 	bnodecon->addr->ip.v4.s_addr = 100;
509 	bnodecon->mask->ip.v4.s_addr = 100;
510 	bnodecon->addr->family = AF_INET;
511 
512 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
513 	CuAssertTrue(tc, rc < 0);
514 }
515 
test_cil_post_nodecon_compare_amaskipv4_lessthan_bmaskipv4(CuTest * tc)516 void test_cil_post_nodecon_compare_amaskipv4_lessthan_bmaskipv4(CuTest *tc) {
517 	struct cil_nodecon *anodecon;
518 	cil_nodecon_init(&anodecon);
519 	cil_ipaddr_init(&anodecon->addr);
520 	cil_ipaddr_init(&anodecon->mask);
521 
522 	struct cil_nodecon *bnodecon;
523 	cil_nodecon_init(&bnodecon);
524 	cil_ipaddr_init(&bnodecon->addr);
525 	cil_ipaddr_init(&bnodecon->mask);
526 
527 	anodecon->addr->ip.v4.s_addr = 99;
528 	anodecon->mask->ip.v4.s_addr = 99;
529 	anodecon->addr->family = AF_INET;
530 
531 	bnodecon->addr->ip.v4.s_addr = 100;
532 	bnodecon->mask->ip.v4.s_addr = 100;
533 	bnodecon->addr->family = AF_INET;
534 
535 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
536 	CuAssertTrue(tc, rc > 0);
537 }
538 
test_cil_post_nodecon_compare_aipv6_greaterthan_bipv6(CuTest * tc)539 void test_cil_post_nodecon_compare_aipv6_greaterthan_bipv6(CuTest *tc) {
540 	struct cil_nodecon *anodecon;
541 	cil_nodecon_init(&anodecon);
542 	cil_ipaddr_init(&anodecon->addr);
543 	cil_ipaddr_init(&anodecon->mask);
544 
545 	struct cil_nodecon *bnodecon;
546 	cil_nodecon_init(&bnodecon);
547 	cil_ipaddr_init(&bnodecon->addr);
548 	cil_ipaddr_init(&bnodecon->mask);
549 
550 	anodecon->addr->ip.v6.s6_addr[0] = '5';
551 	anodecon->mask->ip.v6.s6_addr[0] = '9';
552 	anodecon->addr->family = AF_INET6;
553 
554 	bnodecon->addr->ip.v6.s6_addr[0] = '3';
555 	bnodecon->mask->ip.v6.s6_addr[0] = '9';
556 	bnodecon->addr->family = AF_INET6;
557 
558 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
559 	CuAssertTrue(tc, rc > 0);
560 }
561 
test_cil_post_nodecon_compare_aipv6_lessthan_bipv6(CuTest * tc)562 void test_cil_post_nodecon_compare_aipv6_lessthan_bipv6(CuTest *tc) {
563 	struct cil_nodecon *anodecon;
564 	cil_nodecon_init(&anodecon);
565 	cil_ipaddr_init(&anodecon->addr);
566 	cil_ipaddr_init(&anodecon->mask);
567 
568 	struct cil_nodecon *bnodecon;
569 	cil_nodecon_init(&bnodecon);
570 	cil_ipaddr_init(&bnodecon->addr);
571 	cil_ipaddr_init(&bnodecon->mask);
572 
573 	anodecon->addr->ip.v6.s6_addr[0] = '3';
574 	anodecon->mask->ip.v6.s6_addr[0] = '1';
575 	anodecon->addr->family = AF_INET6;
576 
577 	bnodecon->addr->ip.v6.s6_addr[0] = '5';
578 	bnodecon->mask->ip.v6.s6_addr[0] = '1';
579 	bnodecon->addr->family = AF_INET6;
580 
581 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
582 	CuAssertTrue(tc, rc < 0);
583 }
584 
test_cil_post_nodecon_compare_amaskipv6_greaterthan_bmaskipv6(CuTest * tc)585 void test_cil_post_nodecon_compare_amaskipv6_greaterthan_bmaskipv6(CuTest *tc) {
586 	struct cil_nodecon *anodecon;
587 	cil_nodecon_init(&anodecon);
588 	cil_ipaddr_init(&anodecon->addr);
589 	cil_ipaddr_init(&anodecon->mask);
590 
591 	struct cil_nodecon *bnodecon;
592 	cil_nodecon_init(&bnodecon);
593 	cil_ipaddr_init(&bnodecon->addr);
594 	cil_ipaddr_init(&bnodecon->mask);
595 
596 	anodecon->addr->ip.v6.s6_addr[0] = '1';
597 	anodecon->mask->ip.v6.s6_addr[0] = '4';
598 	anodecon->addr->family = AF_INET6;
599 
600 	bnodecon->addr->ip.v6.s6_addr[0] = '1';
601 	bnodecon->mask->ip.v6.s6_addr[0] = '3';
602 	bnodecon->addr->family = AF_INET6;
603 
604 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
605 	CuAssertTrue(tc, rc < 0);
606 }
607 
test_cil_post_nodecon_compare_amaskipv6_lessthan_bmaskipv6(CuTest * tc)608 void test_cil_post_nodecon_compare_amaskipv6_lessthan_bmaskipv6(CuTest *tc) {
609 	struct cil_nodecon *anodecon;
610 	cil_nodecon_init(&anodecon);
611 	cil_ipaddr_init(&anodecon->addr);
612 	cil_ipaddr_init(&anodecon->mask);
613 
614 	struct cil_nodecon *bnodecon;
615 	cil_nodecon_init(&bnodecon);
616 	cil_ipaddr_init(&bnodecon->addr);
617 	cil_ipaddr_init(&bnodecon->mask);
618 
619 	anodecon->addr->ip.v6.s6_addr[0] = '5';
620 	anodecon->mask->ip.v6.s6_addr[0] = '1';
621 	anodecon->addr->family = AF_INET6;
622 
623 	bnodecon->addr->ip.v6.s6_addr[0] = '5';
624 	bnodecon->mask->ip.v6.s6_addr[0] = '6';
625 	bnodecon->addr->family = AF_INET6;
626 
627 	int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
628 	CuAssertTrue(tc, rc > 0);
629 }
630 
test_cil_post_fsuse_compare_type_a_greater_b(CuTest * tc)631 void test_cil_post_fsuse_compare_type_a_greater_b(CuTest *tc) {
632 	struct cil_fsuse *afsuse;
633 	cil_fsuse_init(&afsuse);
634 	afsuse->type = CIL_FSUSE_XATTR;
635 
636 	struct cil_fsuse *bfsuse;
637 	cil_fsuse_init(&bfsuse);
638 	bfsuse->type = CIL_FSUSE_TASK;
639 
640 	int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
641 	CuAssertTrue(tc, rc < 0);
642 }
643 
test_cil_post_fsuse_compare_type_b_greater_a(CuTest * tc)644 void test_cil_post_fsuse_compare_type_b_greater_a(CuTest *tc) {
645 	struct cil_fsuse *afsuse;
646 	cil_fsuse_init(&afsuse);
647 	afsuse->type = CIL_FSUSE_TASK;
648 
649 	struct cil_fsuse *bfsuse;
650 	cil_fsuse_init(&bfsuse);
651 	bfsuse->type = CIL_FSUSE_XATTR;
652 
653 	int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
654 	CuAssertTrue(tc, rc > 0);
655 }
656 
test_cil_post_fsuse_compare_fsstr_a_greater_b(CuTest * tc)657 void test_cil_post_fsuse_compare_fsstr_a_greater_b(CuTest *tc) {
658 	struct cil_fsuse *afsuse;
659 	cil_fsuse_init(&afsuse);
660 	afsuse->type = CIL_FSUSE_XATTR;
661 	afsuse->fs_str = "aaa";
662 
663 	struct cil_fsuse *bfsuse;
664 	cil_fsuse_init(&bfsuse);
665 	bfsuse->type = CIL_FSUSE_XATTR;
666 	bfsuse->fs_str = "bbb";
667 
668 	int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
669 	CuAssertTrue(tc, rc < 0);
670 }
671 
test_cil_post_fsuse_compare_fsstr_b_greater_a(CuTest * tc)672 void test_cil_post_fsuse_compare_fsstr_b_greater_a(CuTest *tc) {
673 	struct cil_fsuse *afsuse;
674 	cil_fsuse_init(&afsuse);
675 	afsuse->type = CIL_FSUSE_XATTR;
676 	afsuse->fs_str = "bbb";
677 
678 	struct cil_fsuse *bfsuse;
679 	cil_fsuse_init(&bfsuse);
680 	bfsuse->type = CIL_FSUSE_XATTR;
681 	bfsuse->fs_str = "aaa";
682 
683 	int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
684 	CuAssertTrue(tc, rc > 0);
685 }
686 
test_cil_post_fsuse_compare_equal(CuTest * tc)687 void test_cil_post_fsuse_compare_equal(CuTest *tc) {
688 	struct cil_fsuse *afsuse;
689 	cil_fsuse_init(&afsuse);
690 	afsuse->type = CIL_FSUSE_XATTR;
691 	afsuse->fs_str = "foo";
692 
693 	struct cil_fsuse *bfsuse;
694 	cil_fsuse_init(&bfsuse);
695 	bfsuse->type = CIL_FSUSE_XATTR;
696 	bfsuse->fs_str = "foo";
697 
698 	int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
699 	CuAssertTrue(tc, rc == 0);
700 }
701 
702 
703 
704