1 /*
2  * Author: Joshua Brindle <jbrindle@tresys.com>
3  *         Chad Sellers <csellers@tresys.com>
4  *         Chris PeBenito <cpebenito@tresys.com>
5  *
6  * Copyright (C) 2006 Tresys Technology, LLC
7  *
8  *  This library is free software; you can redistribute it and/or
9  *  modify it under the terms of the GNU Lesser General Public
10  *  License as published by the Free Software Foundation; either
11  *  version 2.1 of the License, or (at your option) any later version.
12  *
13  *  This library is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  *  Lesser General Public License for more details.
17  *
18  *  You should have received a copy of the GNU Lesser General Public
19  *  License along with this library; if not, write to the Free Software
20  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
21  */
22 
23 /* This has tests that are common between test suites*/
24 
25 #include <sepol/policydb/avrule_block.h>
26 
27 #include <CUnit/Basic.h>
28 
29 #include "helpers.h"
30 
test_sym_presence(policydb_t * p,const char * id,int sym_type,unsigned int scope_type,unsigned int * decls,unsigned int len)31 void test_sym_presence(policydb_t * p, const char *id, int sym_type, unsigned int scope_type, unsigned int *decls, unsigned int len)
32 {
33 	scope_datum_t *scope;
34 	int found;
35 	unsigned int i, j;
36 	/* make sure it is in global symtab */
37 	if (!hashtab_search(p->symtab[sym_type].table, id)) {
38 		fprintf(stderr, "symbol %s not found in table %d\n", id, sym_type);
39 		CU_FAIL_FATAL();
40 	}
41 	/* make sure its scope is correct */
42 	scope = hashtab_search(p->scope[sym_type].table, id);
43 	CU_ASSERT_FATAL(scope != NULL);
44 	CU_ASSERT(scope->scope == scope_type);
45 	CU_ASSERT(scope->decl_ids_len == len);
46 	if (scope->decl_ids_len != len)
47 		fprintf(stderr, "sym %s has %d decls, %d expected\n", id, scope->decl_ids_len, len);
48 	for (i = 0; i < len; i++) {
49 		found = 0;
50 		for (j = 0; j < len; j++) {
51 			if (decls[i] == scope->decl_ids[j])
52 				found++;
53 		}
54 		CU_ASSERT(found == 1);
55 	}
56 
57 }
58 
common_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)59 static int common_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
60 {
61 	common_datum_t *d = (common_datum_t *) datum;
62 	policydb_t *p = (policydb_t *) data;
63 
64 	CU_ASSERT(p->sym_val_to_name[SYM_COMMONS][d->s.value - 1] == (char *)key);
65 	return 0;
66 }
67 
class_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)68 static int class_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
69 {
70 	class_datum_t *d = (class_datum_t *) datum;
71 	policydb_t *p = (policydb_t *) data;
72 
73 	CU_ASSERT(p->sym_val_to_name[SYM_CLASSES][d->s.value - 1] == (char *)key);
74 	CU_ASSERT(p->class_val_to_struct[d->s.value - 1] == d);
75 	return 0;
76 }
77 
role_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)78 static int role_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
79 {
80 	role_datum_t *d = (role_datum_t *) datum;
81 	policydb_t *p = (policydb_t *) data;
82 
83 	CU_ASSERT(p->sym_val_to_name[SYM_ROLES][d->s.value - 1] == (char *)key);
84 	CU_ASSERT(p->role_val_to_struct[d->s.value - 1] == d);
85 	return 0;
86 }
87 
type_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)88 static int type_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
89 {
90 	type_datum_t *d = (type_datum_t *) datum;
91 	policydb_t *p = (policydb_t *) data;
92 
93 	if (!d->primary)
94 		return 0;
95 
96 	CU_ASSERT(p->sym_val_to_name[SYM_TYPES][d->s.value - 1] == (char *)key);
97 	CU_ASSERT(p->type_val_to_struct[d->s.value - 1] == d);
98 
99 	return 0;
100 }
101 
user_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)102 static int user_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
103 {
104 	user_datum_t *d = (user_datum_t *) datum;
105 	policydb_t *p = (policydb_t *) data;
106 
107 	CU_ASSERT(p->sym_val_to_name[SYM_USERS][d->s.value - 1] == (char *)key);
108 	CU_ASSERT(p->user_val_to_struct[d->s.value - 1] == d);
109 	return 0;
110 }
111 
cond_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)112 static int cond_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
113 {
114 	cond_bool_datum_t *d = (cond_bool_datum_t *) datum;
115 	policydb_t *p = (policydb_t *) data;
116 
117 	CU_ASSERT(p->sym_val_to_name[SYM_BOOLS][d->s.value - 1] == (char *)key);
118 	CU_ASSERT(p->bool_val_to_struct[d->s.value - 1] == d);
119 	return 0;
120 }
121 
level_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)122 static int level_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
123 {
124 	level_datum_t *d = (level_datum_t *) datum;
125 	policydb_t *p = (policydb_t *) data;
126 
127 	CU_ASSERT(p->sym_val_to_name[SYM_LEVELS][d->level->sens - 1] == (char *)key);
128 	return 0;
129 }
130 
cat_test_index(hashtab_key_t key,hashtab_datum_t datum,void * data)131 static int cat_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
132 {
133 	cat_datum_t *d = (cat_datum_t *) datum;
134 	policydb_t *p = (policydb_t *) data;
135 
136 	CU_ASSERT(p->sym_val_to_name[SYM_CATS][d->s.value - 1] == (char *)key);
137 	return 0;
138 }
139 
140 static int (*test_index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *p) = {
141 common_test_index, class_test_index, role_test_index, type_test_index, user_test_index, cond_test_index, level_test_index, cat_test_index,};
142 
test_policydb_indexes(policydb_t * p)143 void test_policydb_indexes(policydb_t * p)
144 {
145 	int i;
146 
147 	for (i = 0; i < SYM_NUM; i++) {
148 		hashtab_map(p->symtab[i].table, test_index_f[i], p);
149 	}
150 }
151 
test_alias_datum(policydb_t * p,const char * id,const char * primary_id,char mode,unsigned int flavor)152 void test_alias_datum(policydb_t * p, const char *id, const char *primary_id, char mode, unsigned int flavor)
153 {
154 	type_datum_t *type, *primary;
155 	unsigned int my_primary, my_flavor, my_value;
156 
157 	type = hashtab_search(p->p_types.table, id);
158 	primary = hashtab_search(p->p_types.table, primary_id);
159 
160 	CU_ASSERT_PTR_NOT_NULL(type);
161 	CU_ASSERT_PTR_NOT_NULL(primary);
162 
163 	if (type && primary) {
164 		if (mode) {
165 			my_flavor = type->flavor;
166 		} else {
167 			my_flavor = flavor;
168 		}
169 
170 		if (my_flavor == TYPE_TYPE) {
171 			my_primary = 0;
172 			my_value = primary->s.value;
173 		} else {
174 			CU_ASSERT(my_flavor == TYPE_ALIAS);
175 			my_primary = primary->s.value;
176 			CU_ASSERT_NOT_EQUAL(type->s.value, primary->s.value);
177 			my_value = type->s.value;
178 		}
179 
180 		CU_ASSERT(type->primary == my_primary);
181 		CU_ASSERT(type->flavor == my_flavor);
182 		CU_ASSERT(type->s.value == my_value);
183 	}
184 }
185 
test_role_type_set(policydb_t * p,const char * id,avrule_decl_t * decl,const char ** types,unsigned int len,unsigned int flags)186 role_datum_t *test_role_type_set(policydb_t * p, const char *id, avrule_decl_t * decl, const char **types, unsigned int len, unsigned int flags)
187 {
188 	ebitmap_node_t *tnode;
189 	unsigned int i, j, new, found = 0;
190 	role_datum_t *role;
191 
192 	if (decl)
193 		role = hashtab_search(decl->p_roles.table, id);
194 	else
195 		role = hashtab_search(p->p_roles.table, id);
196 
197 	if (!role)
198 		printf("role %s can't be found! \n", id);
199 
200 	CU_ASSERT_FATAL(role != NULL);
201 
202 	ebitmap_for_each_positive_bit(&role->types.types, tnode, i) {
203 		new = 0;
204 		for (j = 0; j < len; j++) {
205 			if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
206 				found++;
207 				new = 1;
208 			}
209 		}
210 		if (new == 0) {
211 			printf("\nRole %s had type %s not in types array\n",
212 			       id, p->sym_val_to_name[SYM_TYPES][i]);
213 		}
214 		CU_ASSERT(new == 1);
215 	}
216 	CU_ASSERT(found == len);
217 	if (found != len)
218 		printf("\nrole %s has %d types, %d expected\n", p->sym_val_to_name[SYM_ROLES][role->s.value - 1], found, len);
219 	/* roles should never have anything in the negset */
220 	CU_ASSERT(role->types.negset.highbit == 0);
221 	CU_ASSERT(role->types.flags == flags);
222 
223 	return role;
224 }
225 
test_attr_types(policydb_t * p,const char * id,avrule_decl_t * decl,const char ** types,int len)226 void test_attr_types(policydb_t * p, const char *id, avrule_decl_t * decl, const char **types, int len)
227 {
228 	ebitmap_node_t *tnode;
229 	int j, new, found = 0;
230 	unsigned int i;
231 	type_datum_t *attr;
232 
233 	if (decl) {
234 		attr = hashtab_search(decl->p_types.table, id);
235 		if (attr == NULL)
236 			printf("could not find attr %s in decl %d\n", id, decl->decl_id);
237 	} else {
238 		attr = hashtab_search(p->p_types.table, id);
239 		if (attr == NULL)
240 			printf("could not find attr %s in policy\n", id);
241 	}
242 
243 	CU_ASSERT_FATAL(attr != NULL);
244 	CU_ASSERT(attr->flavor == TYPE_ATTRIB);
245 	CU_ASSERT(attr->primary == 1);
246 
247 	ebitmap_for_each_positive_bit(&attr->types, tnode, i) {
248 		new = 0;
249 		for (j = 0; j < len; j++) {
250 			if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
251 				found++;
252 				new = 1;
253 			}
254 		}
255 		if (new == 0) {
256 			printf("\nattr %s had type %s not in types array\n",
257 			       id, p->sym_val_to_name[SYM_TYPES][i]);
258 		}
259 		CU_ASSERT(new == 1);
260 	}
261 	CU_ASSERT(found == len);
262 	if (found != len)
263 		printf("\nattr %s has %d types, %d expected\n", id, found, len);
264 }
265