1import unittest 2import os 3import shutil 4from tempfile import mkdtemp 5from subprocess import Popen, PIPE 6 7 8class SepolicyTests(unittest.TestCase): 9 10 def assertDenied(self, err): 11 self.assert_('Permission denied' in err, 12 '"Permission denied" not found in %r' % err) 13 14 def assertNotFound(self, err): 15 self.assert_('not found' in err, 16 '"not found" not found in %r' % err) 17 18 def assertFailure(self, status): 19 self.assert_(status != 0, 20 '"Succeeded when it should have failed') 21 22 def assertSuccess(self, status, err): 23 self.assert_(status == 0, 24 '"sepolicy should have succeeded for this test %r' % err) 25 26 def test_man_domain(self): 27 "Verify sepolicy manpage -d works" 28 p = Popen(['sepolicy', 'manpage', '-d', 'httpd_t'], stdout=PIPE) 29 out, err = p.communicate() 30 print out, err 31 self.assertSuccess(p.returncode, err) 32 33 def test_man_all(self): 34 "Verify sepolicy manpage -a works" 35 p = Popen(['sepolicy', 'manpage', '-a'], stdout=PIPE) 36 out, err = p.communicate() 37 self.assertSuccess(p.returncode, err) 38 39 def test_network_l(self): 40 "Verify sepolicy network -l works" 41 p = Popen(['sepolicy', 'network', '-l'], stdout=PIPE) 42 out, err = p.communicate() 43 self.assertSuccess(p.returncode, err) 44 45 def test_network_t(self): 46 "Verify sepolicy network -t works" 47 p = Popen(['sepolicy', 'network', '-t', 'http_port_t'], stdout=PIPE) 48 out, err = p.communicate() 49 self.assertSuccess(p.returncode, err) 50 51 def test_network_p(self): 52 "Verify sepolicy network -p works" 53 p = Popen(['sepolicy', 'network', '-p', '80'], stdout=PIPE) 54 out, err = p.communicate() 55 self.assertSuccess(p.returncode, err) 56 57 def test_network_d(self): 58 "Verify sepolicy network -d works" 59 p = Popen(['sepolicy', 'network', '-d', 'httpd_t'], stdout=PIPE) 60 out, err = p.communicate() 61 self.assertSuccess(p.returncode, err) 62 63 def test_transition_s(self): 64 "Verify sepolicy transition -l works" 65 p = Popen(['sepolicy', 'transition', '-s', 'httpd_t'], stdout=PIPE) 66 out, err = p.communicate() 67 self.assertSuccess(p.returncode, err) 68 69 def test_transition_t(self): 70 "Verify sepolicy transition -t works" 71 p = Popen(['sepolicy', 'transition', '-s', 'httpd_t', '-t', 'sendmail_t'], stdout=PIPE) 72 out, err = p.communicate() 73 self.assertSuccess(p.returncode, err) 74 75 def test_booleans_a(self): 76 "Verify sepolicy booleans -a works" 77 p = Popen(['sepolicy', 'booleans', '-a'], stdout=PIPE) 78 out, err = p.communicate() 79 self.assertSuccess(p.returncode, err) 80 81 def test_booleans_b_alias(self): 82 "Verify sepolicy booleans -b works" 83 p = Popen(['sepolicy', 'booleans', '-b', 'allow_ypbind'], stdout=PIPE) 84 out, err = p.communicate() 85 self.assertSuccess(p.returncode, err) 86 87 def test_booleans_b(self): 88 "Verify sepolicy booleans -b works" 89 p = Popen(['sepolicy', 'booleans', '-b', 'nis_enabled'], stdout=PIPE) 90 out, err = p.communicate() 91 self.assertSuccess(p.returncode, err) 92 93 def test_interface_l(self): 94 "Verify sepolicy interface -l works" 95 p = Popen(['sepolicy', 'interface', '-l'], stdout=PIPE) 96 out, err = p.communicate() 97 self.assertSuccess(p.returncode, err) 98 99 def test_interface_a(self): 100 "Verify sepolicy interface -a works" 101 p = Popen(['sepolicy', 'interface', '-a'], stdout=PIPE) 102 out, err = p.communicate() 103 self.assertSuccess(p.returncode, err) 104 105 def test_interface_p(self): 106 "Verify sepolicy interface -u works" 107 p = Popen(['sepolicy', 'interface', '-u'], stdout=PIPE) 108 out, err = p.communicate() 109 self.assertSuccess(p.returncode, err) 110 111 def test_interface_ci(self): 112 "Verify sepolicy interface -c -i works" 113 p = Popen(['sepolicy', 'interface', '-c', '-i', 'apache_admin'], stdout=PIPE) 114 out, err = p.communicate() 115 self.assertSuccess(p.returncode, err) 116 117if __name__ == "__main__": 118 import selinux 119 if selinux.security_getenforce() == 1: 120 unittest.main() 121 else: 122 print "SELinux must be in enforcing mode for this test" 123