1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #include <sepol/policydb/policydb.h>
31 
32 #include "CuTest.h"
33 #include "CilTest.h"
34 
35 #include "../../src/cil_build_ast.h"
36 #include "../../src/cil_resolve_ast.h"
37 #include "../../src/cil_verify.h"
38 #include "../../src/cil_internal.h"
39 
40 /* this all needs to be moved to a private header file */
41 int __cil_resolve_ast_node_helper(struct cil_tree_node *, uint32_t *, void *);
42 int __cil_disable_children_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *);
43 
44 struct cil_args_resolve {
45 	struct cil_db *db;
46 	enum cil_pass pass;
47 	uint32_t *changed;
48 	struct cil_tree_node *callstack;
49 	struct cil_tree_node *optstack;
50 	struct cil_tree_node *macro;
51 };
52 
gen_resolve_args(struct cil_db * db,enum cil_pass pass,uint32_t * changed,struct cil_tree_node * calls,struct cil_tree_node * opts,struct cil_tree_node * macro)53 struct cil_args_resolve *gen_resolve_args(struct cil_db *db, enum cil_pass pass, uint32_t *changed, struct cil_tree_node *calls, struct cil_tree_node *opts, struct cil_tree_node *macro)
54 {
55 	struct cil_args_resolve *args = cil_malloc(sizeof(*args));
56 	args->db = db;
57 	args->pass = pass;
58 	args->changed = changed;
59 	args->callstack = calls;
60 	args->optstack = opts;
61 	args->macro = macro;
62 
63 	return args;
64 }
65 
test_cil_resolve_name(CuTest * tc)66 void test_cil_resolve_name(CuTest *tc) {
67 	char *line[] = { "(", "block", "foo",
68 				"(", "typealias", "test", "type_t", ")",
69 				"(", "type", "test", ")", ")", NULL};
70 
71 	struct cil_tree *test_tree;
72 	gen_test_tree(&test_tree, line);
73 
74 	struct cil_db *test_db;
75 	cil_db_init(&test_db);
76 
77 	uint32_t changed = CIL_FALSE;
78 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
79 
80 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
81 
82 	struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
83 	struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
84 	struct cil_tree_node *type_node = NULL;
85 
86 	int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
87 	CuAssertIntEquals(tc, SEPOL_OK, rc);
88 }
89 
test_cil_resolve_name_invalid_type_neg(CuTest * tc)90 void test_cil_resolve_name_invalid_type_neg(CuTest *tc) {
91 	char *line[] = { "(", "block", "foo",
92 				"(", "typealias", "foo.test2", "type_t", ")",
93 				"(", "type", "test", ")", ")", NULL};
94 
95 	struct cil_tree *test_tree;
96 	gen_test_tree(&test_tree, line);
97 
98 	struct cil_db *test_db;
99 	cil_db_init(&test_db);
100 
101 	uint32_t changed = CIL_FALSE;
102 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
103 
104 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
105 
106 	struct cil_tree_node *test_curr = test_db->ast->root->cl_head->cl_head;
107 	struct cil_typealias *test_alias = (struct cil_typealias*)test_curr->data;
108 	struct cil_tree_node *type_node = NULL;
109 
110 	int rc = cil_resolve_name(test_curr, test_alias->type_str, CIL_SYM_TYPES, args, &type_node);
111 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
112 }
113 
test_cil_resolve_ast_curr_null_neg(CuTest * tc)114 void test_cil_resolve_ast_curr_null_neg(CuTest *tc) {
115 	struct cil_db *test_db;
116 	cil_db_init(&test_db);
117 
118 	test_db->ast->root = NULL;
119 
120 	int rc = cil_resolve_ast(test_db, test_db->ast->root);
121 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
122 }
123 
124 
125 /*
126 	cil_resolve test cases
127 */
128 
test_cil_resolve_roleallow(CuTest * tc)129 void test_cil_resolve_roleallow(CuTest *tc) {
130 	char *line[] = {"(", "role", "foo", ")", \
131 			"(", "role", "bar", ")", \
132 			"(", "roleallow", "foo", "bar", ")", NULL};
133 
134 	struct cil_tree *test_tree;
135 	gen_test_tree(&test_tree, line);
136 
137 	struct cil_db *test_db;
138 	cil_db_init(&test_db);
139 
140 	uint32_t changed = CIL_FALSE;
141 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
142 
143 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
144 
145 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next->next, args);
146 	CuAssertIntEquals(tc, SEPOL_OK, rc);
147 }
148 
test_cil_resolve_roleallow_srcdecl_neg(CuTest * tc)149 void test_cil_resolve_roleallow_srcdecl_neg(CuTest *tc) {
150 	char *line[] = {"(", "role", "bar", ")", \
151 			"(", "roleallow", "foo", "bar", ")", NULL};
152 
153 	struct cil_tree *test_tree;
154 	gen_test_tree(&test_tree, line);
155 
156 	struct cil_db *test_db;
157 	cil_db_init(&test_db);
158 
159 	uint32_t changed = CIL_FALSE;
160 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
161 
162 	int rc1=cil_build_ast(test_db, test_tree->root, test_db->ast->root);
163 	rc1 = rc1;
164 
165 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
166 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
167 }
168 
test_cil_resolve_roleallow_tgtdecl_neg(CuTest * tc)169 void test_cil_resolve_roleallow_tgtdecl_neg(CuTest *tc) {
170 	char *line[] = {"(", "role", "foo", ")", \
171 			"(", "roleallow", "foo", "bar", ")", NULL};
172 
173 	struct cil_tree *test_tree;
174 	gen_test_tree(&test_tree, line);
175 
176 	struct cil_db *test_db;
177 	cil_db_init(&test_db);
178 
179 	uint32_t changed = CIL_FALSE;
180 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
181 
182 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
183 
184 	int rc = cil_resolve_roleallow(test_db->ast->root->cl_head->next, args);
185 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
186 }
187 
test_cil_resolve_classmapping_anon(CuTest * tc)188 void test_cil_resolve_classmapping_anon(CuTest *tc) {
189 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
190 			"(", "classmap", "files", "(", "read", ")", ")",
191 			"(", "classmapping", "files", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
192 
193 	struct cil_tree *test_tree;
194 	gen_test_tree(&test_tree, line);
195 
196 	struct cil_db *test_db;
197 	cil_db_init(&test_db);
198 
199 	uint32_t changed = CIL_FALSE;
200 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
201 
202 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
203 
204 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
205 	CuAssertIntEquals(tc, SEPOL_OK, rc);
206 }
207 
test_cil_resolve_classmapping_anon_inmacro(CuTest * tc)208 void test_cil_resolve_classmapping_anon_inmacro(CuTest *tc) {
209 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
210 			"(", "class", "file", "(", "open", ")", ")",
211 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
212 				"(", "classmapping", "files", "read", "a", ")", ")",
213 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
214 
215 	struct cil_tree *test_tree;
216 	gen_test_tree(&test_tree, line);
217 
218 	struct cil_db *test_db;
219 	cil_db_init(&test_db);
220 
221 	uint32_t changed = CIL_FALSE;
222 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
223 
224 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
225 
226 	args->pass = CIL_PASS_CALL1;
227 
228 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
229 
230 	args->pass = CIL_PASS_CALL2;
231 
232 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
233 
234 	args->pass = CIL_PASS_MISC3;
235 	args->callstack = test_db->ast->root->cl_head->next->next->next;
236 
237 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
238 	CuAssertIntEquals(tc, SEPOL_OK, rc);
239 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
240 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
241 }
242 
test_cil_resolve_classmapping_anon_inmacro_neg(CuTest * tc)243 void test_cil_resolve_classmapping_anon_inmacro_neg(CuTest *tc) {
244 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
245 			"(", "class", "file", "(", "open", ")", ")",
246 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
247 				"(", "classmapping", "files", "read", "a", ")", ")",
248 			"(", "call", "mm", "(", "(", "DNE", "(", "open", ")", ")", ")", ")", NULL};
249 
250 	struct cil_tree *test_tree;
251 	gen_test_tree(&test_tree, line);
252 
253 	struct cil_db *test_db;
254 	cil_db_init(&test_db);
255 
256 	uint32_t changed = CIL_FALSE;
257 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
258 
259 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
260 
261 	args->pass = CIL_PASS_CALL1;
262 
263 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
264 
265 	args->pass = CIL_PASS_CALL2;
266 
267 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
268 
269 	args->pass = CIL_PASS_MISC3;
270 	args->callstack = test_db->ast->root->cl_head->next->next->next;
271 
272 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next->next->cl_head, args);
273 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
274 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
275 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
276 }
277 
test_cil_resolve_classmapping_named(CuTest * tc)278 void test_cil_resolve_classmapping_named(CuTest *tc) {
279 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
280 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
281 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
282 
283 	struct cil_tree *test_tree;
284 	gen_test_tree(&test_tree, line);
285 
286 	struct cil_db *test_db;
287 	cil_db_init(&test_db);
288 
289 	uint32_t changed = CIL_FALSE;
290 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
291 
292 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
293 
294 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
295 	CuAssertIntEquals(tc, SEPOL_OK, rc);
296 }
297 
test_cil_resolve_classmapping_named_classmapname_neg(CuTest * tc)298 void test_cil_resolve_classmapping_named_classmapname_neg(CuTest *tc) {
299 	char *line[] = {"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
300 			"(", "classmap", "files", "(", "read", ")", ")",
301 			"(", "classmapping", "files", "read", "foo", ")", NULL};
302 
303 	struct cil_tree *test_tree;
304 	gen_test_tree(&test_tree, line);
305 
306 	struct cil_db *test_db;
307 	cil_db_init(&test_db);
308 
309 	uint32_t changed = CIL_FALSE;
310 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
311 
312 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
313 
314 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
315 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
316 }
317 
test_cil_resolve_classmapping_anon_classmapname_neg(CuTest * tc)318 void test_cil_resolve_classmapping_anon_classmapname_neg(CuTest *tc) {
319 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
320 			"(", "classmap", "files", "(", "read", ")", ")",
321 			"(", "classmapping", "dne", "read", "(", "file", "(", "open", ")", ")", ")", NULL};
322 
323 	struct cil_tree *test_tree;
324 	gen_test_tree(&test_tree, line);
325 
326 	struct cil_db *test_db;
327 	cil_db_init(&test_db);
328 
329 	uint32_t changed = CIL_FALSE;
330 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
331 
332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
333 
334 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
335 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
336 }
337 
test_cil_resolve_classmapping_anon_permset_neg(CuTest * tc)338 void test_cil_resolve_classmapping_anon_permset_neg(CuTest *tc) {
339 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
340 			"(", "classmap", "files", "(", "read", ")", ")",
341 			"(", "classmapping", "files", "read", "(", "dne", "(", "open", ")", ")", ")", NULL};
342 
343 	struct cil_tree *test_tree;
344 	gen_test_tree(&test_tree, line);
345 
346 	struct cil_db *test_db;
347 	cil_db_init(&test_db);
348 
349 	uint32_t changed = CIL_FALSE;
350 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
351 
352 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
353 
354 	int rc = cil_resolve_classmapping(test_db->ast->root->cl_head->next->next, args);
355 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
356 }
357 
test_cil_resolve_rolebounds(CuTest * tc)358 void test_cil_resolve_rolebounds(CuTest *tc) {
359 	char *line[] = {"(", "role", "role1", ")",
360 			"(", "role", "role2", ")",
361 			"(", "rolebounds", "role1", "role2", ")", NULL};
362 
363 	struct cil_tree *test_tree;
364 	gen_test_tree(&test_tree, line);
365 
366 	struct cil_db *test_db;
367 	cil_db_init(&test_db);
368 
369 	uint32_t changed = CIL_FALSE;
370 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
371 
372 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
373 
374 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
375 	CuAssertIntEquals(tc, SEPOL_OK, rc);
376 }
377 
test_cil_resolve_rolebounds_exists_neg(CuTest * tc)378 void test_cil_resolve_rolebounds_exists_neg(CuTest *tc) {
379 	char *line[] = {"(", "role", "role1", ")",
380 			"(", "role", "role2", ")",
381 			"(", "rolebounds", "role1", "role2", ")", NULL};
382 
383 	struct cil_tree *test_tree;
384 	gen_test_tree(&test_tree, line);
385 
386 	struct cil_db *test_db;
387 	cil_db_init(&test_db);
388 
389 	uint32_t changed = CIL_FALSE;
390 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
391 
392 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
393 
394 	cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
395 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
396 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
397 }
398 
test_cil_resolve_rolebounds_role1_neg(CuTest * tc)399 void test_cil_resolve_rolebounds_role1_neg(CuTest *tc) {
400 	char *line[] = {"(", "role", "role1", ")",
401 			"(", "role", "role2", ")",
402 			"(", "rolebounds", "role_DNE", "role2", ")", NULL};
403 
404 	struct cil_tree *test_tree;
405 	gen_test_tree(&test_tree, line);
406 
407 	struct cil_db *test_db;
408 	cil_db_init(&test_db);
409 
410 	uint32_t changed = CIL_FALSE;
411 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
412 
413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
414 
415 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
416 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
417 }
418 
test_cil_resolve_rolebounds_role2_neg(CuTest * tc)419 void test_cil_resolve_rolebounds_role2_neg(CuTest *tc) {
420 	char *line[] = {"(", "role", "role1", ")",
421 			"(", "role", "role2", ")",
422 			"(", "rolebounds", "role1", "role_DNE", ")", NULL};
423 
424 	struct cil_tree *test_tree;
425 	gen_test_tree(&test_tree, line);
426 
427 	struct cil_db *test_db;
428 	cil_db_init(&test_db);
429 
430 	uint32_t changed = CIL_FALSE;
431 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
432 
433 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
434 
435 	int rc = cil_resolve_rolebounds(test_db->ast->root->cl_head->next->next, args);
436 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
437 }
438 
test_cil_resolve_sensalias(CuTest * tc)439 void test_cil_resolve_sensalias(CuTest *tc) {
440 	char *line[] = {"(", "sensitivity", "s0", ")",
441 			"(", "sensitivityalias", "s0", "alias", ")", NULL};
442 
443 	struct cil_tree *test_tree;
444 	gen_test_tree(&test_tree, line);
445 
446 	struct cil_db *test_db;
447 	cil_db_init(&test_db);
448 
449 	uint32_t changed = CIL_FALSE;
450 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
451 
452 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
453 
454 	int rc = cil_resolve_sensalias(test_db->ast->root->cl_head->next, args);
455 	CuAssertIntEquals(tc, SEPOL_OK, rc);
456 }
457 
test_cil_resolve_sensalias_sensdecl_neg(CuTest * tc)458 void test_cil_resolve_sensalias_sensdecl_neg(CuTest *tc) {
459 	char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
460 
461 	struct cil_tree *test_tree;
462 	gen_test_tree(&test_tree, line);
463 
464 	struct cil_db *test_db;
465 	cil_db_init(&test_db);
466 
467 	uint32_t changed = CIL_FALSE;
468 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
469 
470 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
471 
472 	int rc = cil_resolve_sensalias(test_db->ast->root->cl_head, args);
473 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
474 }
475 
test_cil_resolve_catalias(CuTest * tc)476 void test_cil_resolve_catalias(CuTest *tc) {
477 	char *line[] = {"(", "category", "c0", ")",
478 			"(", "categoryalias", "c0", "red", ")", NULL};
479 
480 	struct cil_tree *test_tree;
481 	gen_test_tree(&test_tree, line);
482 
483 	struct cil_db *test_db;
484 	cil_db_init(&test_db);
485 
486 	uint32_t changed = CIL_FALSE;
487 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
488 
489 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
490 
491 	int rc = cil_resolve_catalias(test_db->ast->root->cl_head->next, args);
492 	CuAssertIntEquals(tc, SEPOL_OK, rc);
493 }
494 
test_cil_resolve_catalias_catdecl_neg(CuTest * tc)495 void test_cil_resolve_catalias_catdecl_neg(CuTest *tc) {
496 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
497 
498 	struct cil_tree *test_tree;
499 	gen_test_tree(&test_tree, line);
500 
501 	struct cil_db *test_db;
502 	cil_db_init(&test_db);
503 
504 	uint32_t changed = CIL_FALSE;
505 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
506 
507 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
508 
509 	int rc = cil_resolve_catalias(test_db->ast->root->cl_head, args);
510 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
511 }
512 
test_cil_resolve_catorder(CuTest * tc)513 void test_cil_resolve_catorder(CuTest *tc) {
514 	char *line[] = {"(", "category", "c0", ")",
515 			"(", "category", "c3", ")",
516 			"(", "categoryorder", "(", "c0", "c3", ")", NULL};
517 
518 	struct cil_tree *test_tree;
519 	gen_test_tree(&test_tree, line);
520 
521 	struct cil_db *test_db;
522 	cil_db_init(&test_db);
523 
524 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
525 
526 	uint32_t changed = CIL_FALSE;
527 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
528 
529 	int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
530 	int rc2 = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
531 	CuAssertIntEquals(tc, SEPOL_OK, rc);
532 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
533 }
534 
test_cil_resolve_catorder_neg(CuTest * tc)535 void test_cil_resolve_catorder_neg(CuTest *tc) {
536 	char *line[] = {"(", "category", "c0", ")",
537 			"(", "category", "c3", ")",
538 			"(", "categoryorder", "(", "c5", ")", ")", NULL};
539 
540 	struct cil_tree *test_tree;
541 	gen_test_tree(&test_tree, line);
542 
543 	struct cil_db *test_db;
544 	cil_db_init(&test_db);
545 
546 	uint32_t changed = CIL_FALSE;
547 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
548 
549 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
550 
551 	int rc = cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
552 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
553 }
554 
test_cil_resolve_dominance(CuTest * tc)555 void test_cil_resolve_dominance(CuTest *tc) {
556 	char *line[] = {"(", "sensitivity", "s0", ")",
557 			"(", "sensitivity", "s1", ")",
558 			"(", "sensitivity", "s2", ")",
559 			"(", "dominance", "(", "s0", "s1", ")", NULL};
560 
561 	struct cil_tree *test_tree;
562 	gen_test_tree(&test_tree, line);
563 
564 	struct cil_db *test_db;
565 	cil_db_init(&test_db);
566 
567 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
568 
569 	uint32_t changed = CIL_FALSE;
570 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
571 
572 	int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
573 	int rc2 = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
574 	CuAssertIntEquals(tc, SEPOL_OK, rc);
575 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
576 }
577 
test_cil_resolve_dominance_neg(CuTest * tc)578 void test_cil_resolve_dominance_neg(CuTest *tc) {
579 	char *line[] = {"(", "sensitivity", "s0", ")",
580 			"(", "sensitivity", "s1", ")",
581 			"(", "sensitivity", "s2", ")",
582 			"(", "dominance", "(", "s6", ")", ")", NULL};
583 
584 	struct cil_tree *test_tree;
585 	gen_test_tree(&test_tree, line);
586 
587 	struct cil_db *test_db;
588 	cil_db_init(&test_db);
589 
590 	uint32_t changed = CIL_FALSE;
591 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
592 
593 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
594 
595 	int rc = cil_resolve_dominance(test_db->ast->root->cl_head->next->next->next, args);
596 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
597 }
598 
test_cil_resolve_cat_list(CuTest * tc)599 void test_cil_resolve_cat_list(CuTest *tc) {
600 	char *line[] = {"(", "category", "c0", ")",
601 			"(", "category", "c1", ")",
602 			"(", "category", "c2", ")",
603 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
604 
605 	struct cil_tree *test_tree;
606 	gen_test_tree(&test_tree, line);
607 
608 	struct cil_db *test_db;
609 	cil_db_init(&test_db);
610 
611 	uint32_t changed = CIL_FALSE;
612 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
613 
614 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
615 
616 	struct cil_list *test_cat_list;
617 	cil_list_init(&test_cat_list);
618 
619 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
620 
621 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
622 	CuAssertIntEquals(tc, SEPOL_OK, rc);
623 }
624 
test_cil_resolve_cat_list_catlistnull_neg(CuTest * tc)625 void test_cil_resolve_cat_list_catlistnull_neg(CuTest *tc) {
626 	char *line[] = {"(", "category", "c0", ")",
627 			"(", "category", "c1", ")",
628 			"(", "category", "c2", ")",
629 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
630 
631 	struct cil_tree *test_tree;
632 	gen_test_tree(&test_tree, line);
633 
634 	struct cil_db *test_db;
635 	cil_db_init(&test_db);
636 
637 	uint32_t changed = CIL_FALSE;
638 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
639 
640 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
641 
642 	struct cil_list *test_cat_list;
643 	cil_list_init(&test_cat_list);
644 
645 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
646 	test_catset->cat_list_str = NULL;
647 
648 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
649 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
650 }
651 
test_cil_resolve_cat_list_rescatlistnull_neg(CuTest * tc)652 void test_cil_resolve_cat_list_rescatlistnull_neg(CuTest *tc) {
653 	char *line[] = {"(", "category", "c0", ")",
654 			"(", "category", "c1", ")",
655 			"(", "category", "c2", ")",
656 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
657 
658 	struct cil_tree *test_tree;
659 	gen_test_tree(&test_tree, line);
660 
661 	struct cil_db *test_db;
662 	cil_db_init(&test_db);
663 
664 	uint32_t changed = CIL_FALSE;
665 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
666 
667 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
668 
669 	struct cil_list *test_cat_list = NULL;
670 
671 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->data;
672 
673 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next, test_catset->cat_list_str, test_cat_list, args);
674 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
675 }
676 
test_cil_resolve_cat_list_catrange(CuTest * tc)677 void test_cil_resolve_cat_list_catrange(CuTest *tc) {
678 	char *line[] = {"(", "category", "c0", ")",
679 			"(", "category", "c1", ")",
680 			"(", "category", "c2", ")",
681 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
682 			"(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
683 
684 	struct cil_tree *test_tree;
685 	gen_test_tree(&test_tree, line);
686 
687 	struct cil_db *test_db;
688 	cil_db_init(&test_db);
689 
690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
691 
692 	uint32_t changed = CIL_FALSE;
693 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
694 
695 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
696 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
697 
698 	struct cil_list *test_cat_list;
699 	cil_list_init(&test_cat_list);
700 
701 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
702 
703 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
704 	CuAssertIntEquals(tc, SEPOL_OK, rc);
705 }
706 
test_cil_resolve_cat_list_catrange_neg(CuTest * tc)707 void test_cil_resolve_cat_list_catrange_neg(CuTest *tc) {
708 	char *line[] = {"(", "category", "c0", ")",
709 			"(", "category", "c1", ")",
710 			"(", "category", "c2", ")",
711 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
712 			"(", "categoryset", "somecats", "(", "c0", "(", "c2", "c1", ")", ")", ")", NULL};
713 
714 	struct cil_tree *test_tree;
715 	gen_test_tree(&test_tree, line);
716 
717 	struct cil_db *test_db;
718 	cil_db_init(&test_db);
719 
720 	uint32_t changed = CIL_FALSE;
721 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
722 
723 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
724 
725 	struct cil_list *test_cat_list;
726 	cil_list_init(&test_cat_list);
727 
728 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
729 
730 	args->pass = CIL_PASS_MLS;
731 
732 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
733 
734 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
735 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
736 }
737 
test_cil_resolve_cat_list_catname_neg(CuTest * tc)738 void test_cil_resolve_cat_list_catname_neg(CuTest *tc) {
739 	char *line[] = {"(", "category", "c5", ")",
740 			"(", "category", "c6", ")",
741 			"(", "category", "c7", ")",
742 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
743 			"(", "categoryset", "somecats", "(", "c0", "(", "c1", "c2", ")", ")", ")", NULL};
744 
745 	struct cil_tree *test_tree;
746 	gen_test_tree(&test_tree, line);
747 
748 	struct cil_db *test_db;
749 	cil_db_init(&test_db);
750 
751 	uint32_t changed = CIL_FALSE;
752 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
753 
754 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
755 
756 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next, args);
757 
758 	args->pass = CIL_PASS_MLS;
759 	struct cil_list *test_cat_list;
760 	cil_list_init(&test_cat_list);
761 
762 	struct cil_catset *test_catset = (struct cil_catset*)test_db->ast->root->cl_head->next->next->next->next->data;
763 
764 	int rc = cil_resolve_cat_list(test_db->ast->root->cl_head->next->next->next->next, test_catset->cat_list_str, test_cat_list, args);
765 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
766 }
767 
test_cil_resolve_catset(CuTest * tc)768 void test_cil_resolve_catset(CuTest *tc) {
769 	char *line[] = {"(", "category", "c0", ")",
770 			"(", "category", "c1", ")",
771 			"(", "category", "c2", ")",
772 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
773 
774 	struct cil_tree *test_tree;
775 	gen_test_tree(&test_tree, line);
776 
777 	struct cil_db *test_db;
778 	cil_db_init(&test_db);
779 
780 	uint32_t changed = CIL_FALSE;
781 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
782 
783 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
784 
785 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
786 
787 	int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
788 	CuAssertIntEquals(tc, SEPOL_OK, rc);
789 }
790 
test_cil_resolve_catset_catlist_neg(CuTest * tc)791 void test_cil_resolve_catset_catlist_neg(CuTest *tc) {
792 	char *line[] = {"(", "category", "c0", ")",
793 			"(", "category", "c1", ")",
794 			"(", "category", "c2", ")",
795 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", "c4", ")", ")", NULL};
796 
797 	struct cil_tree *test_tree;
798 	gen_test_tree(&test_tree, line);
799 
800 	struct cil_db *test_db;
801 	cil_db_init(&test_db);
802 
803 	uint32_t changed = CIL_FALSE;
804 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
805 
806 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
807 
808 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
809 
810 	int rc = cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, test_catset, args);
811 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
812 }
813 
test_cil_resolve_catrange(CuTest * tc)814 void test_cil_resolve_catrange(CuTest *tc) {
815 	char *line[] = {"(", "category", "c0", ")",
816                         "(", "category", "c255", ")",
817                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
818                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
819 
820 	struct cil_tree *test_tree;
821 	gen_test_tree(&test_tree, line);
822 
823 	struct cil_db *test_db;
824 	cil_db_init(&test_db);
825 
826 	uint32_t changed = CIL_FALSE;
827 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
828 
829 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
830 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
831 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
832 
833 	args->pass = CIL_PASS_MLS;
834 
835 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
836 	CuAssertIntEquals(tc, SEPOL_OK, rc);
837 }
838 
test_cil_resolve_catrange_catloworder_neg(CuTest * tc)839 void test_cil_resolve_catrange_catloworder_neg(CuTest *tc) {
840 	char *line[] = {"(", "category", "c0", ")",
841                         "(", "category", "c255", ")",
842                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
843                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
844 
845 	struct cil_tree *test_tree;
846 	gen_test_tree(&test_tree, line);
847 
848 	struct cil_db *test_db;
849 	cil_db_init(&test_db);
850 
851 	uint32_t changed = CIL_FALSE;
852 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
853 
854 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
855 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
856 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
857 
858 	test_db->catorder->head = test_db->catorder->head->next;
859 	test_db->catorder->head->next = NULL;
860 
861 	args->pass = CIL_PASS_MLS;
862 
863 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
864 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
865 }
866 
test_cil_resolve_catrange_cathighorder_neg(CuTest * tc)867 void test_cil_resolve_catrange_cathighorder_neg(CuTest *tc) {
868 	char *line[] = {"(", "category", "c0", ")",
869                         "(", "category", "c255", ")",
870                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
871                         "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
872 
873 	struct cil_tree *test_tree;
874 	gen_test_tree(&test_tree, line);
875 
876 	struct cil_db *test_db;
877 	cil_db_init(&test_db);
878 
879 	uint32_t changed = CIL_FALSE;
880 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
881 
882 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
883 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
884 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
885 
886 	args->pass = CIL_PASS_MLS;
887 
888 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
889 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
890 }
891 
test_cil_resolve_catrange_cat1_neg(CuTest * tc)892 void test_cil_resolve_catrange_cat1_neg(CuTest *tc) {
893 	char *line[] = {"(", "category", "c0", ")",
894                         "(", "category", "c255", ")",
895                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
896                         "(", "categoryrange", "range", "(", "c12", "c255", ")", ")", NULL};
897 
898 	struct cil_tree *test_tree;
899 	gen_test_tree(&test_tree, line);
900 
901 	struct cil_db *test_db;
902 	cil_db_init(&test_db);
903 
904 	uint32_t changed = CIL_FALSE;
905 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
906 
907 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
908 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
909 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
910 
911 	args->pass = CIL_PASS_MLS;
912 
913 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
914 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
915 }
916 
test_cil_resolve_catrange_cat2_neg(CuTest * tc)917 void test_cil_resolve_catrange_cat2_neg(CuTest *tc) {
918 	char *line[] = {"(", "category", "c0", ")",
919                         "(", "category", "c255", ")",
920                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
921                         "(", "categoryrange", "range", "(", "c0", "c23", ")", ")", NULL};
922 
923 	struct cil_tree *test_tree;
924 	gen_test_tree(&test_tree, line);
925 
926 	struct cil_db *test_db;
927 	cil_db_init(&test_db);
928 
929 	uint32_t changed = CIL_FALSE;
930 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
931 
932 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
933 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
934 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
935 
936 	args->pass = CIL_PASS_MLS;
937 
938 	int rc = cil_resolve_catrange(test_db->ast->root->cl_head->next->next->next, (struct cil_catrange*)test_db->ast->root->cl_head->next->next->next->data, args);
939 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
940 }
941 
test_cil_resolve_senscat(CuTest * tc)942 void test_cil_resolve_senscat(CuTest *tc) {
943 	char *line[] = {"(", "sensitivity", "s0", ")",
944                         "(", "sensitivity", "s1", ")",
945                         "(", "dominance", "(", "s0", "s1", ")", ")",
946                         "(", "category", "c0", ")",
947                         "(", "category", "c255", ")",
948                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
949                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
950 
951 	struct cil_tree *test_tree;
952 	gen_test_tree(&test_tree, line);
953 
954 	struct cil_db *test_db;
955 	cil_db_init(&test_db);
956 
957 	uint32_t changed = CIL_FALSE;
958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
959 
960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
961 
962 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
963 	CuAssertIntEquals(tc, SEPOL_OK, rc);
964 }
965 
test_cil_resolve_senscat_catrange_neg(CuTest * tc)966 void test_cil_resolve_senscat_catrange_neg(CuTest *tc) {
967 	char *line[] = {"(", "sensitivity", "s0", ")",
968                         "(", "sensitivity", "s1", ")",
969                         "(", "dominance", "(", "s0", "s1", ")", ")",
970                         "(", "category", "c0", ")",
971                         "(", "category", "c255", ")",
972                         "(", "category", "c500", ")",
973                         "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
974                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c255", "c5", ")", ")", ")", NULL};
975 
976 	struct cil_tree *test_tree;
977 	gen_test_tree(&test_tree, line);
978 
979 	struct cil_db *test_db;
980 	cil_db_init(&test_db);
981 
982 	uint32_t changed = CIL_FALSE;
983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
984 
985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
986 
987 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
988 
989 	args->pass = CIL_PASS_MLS;
990 
991 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
992 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
993 }
994 
test_cil_resolve_senscat_catsetname(CuTest * tc)995 void test_cil_resolve_senscat_catsetname(CuTest *tc) {
996 	char *line[] = {"(", "sensitivity", "s0", ")",
997                         "(", "sensitivity", "s1", ")",
998                         "(", "category", "c0", ")",
999                         "(", "category", "c255", ")",
1000                         "(", "category", "c500", ")",
1001 			"(", "categoryset", "foo", "(", "c0", "c255", "c500", ")", ")",
1002                         "(", "categoryorder", "(", "c0", "c255", "c500", ")", ")",
1003                         "(", "sensitivitycategory", "s1", "foo", ")", NULL};
1004 
1005 	struct cil_tree *test_tree;
1006 	gen_test_tree(&test_tree, line);
1007 
1008 	struct cil_db *test_db;
1009 	cil_db_init(&test_db);
1010 
1011 	uint32_t changed = CIL_FALSE;
1012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1013 
1014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1015 
1016 	struct cil_catset *test_catset = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1017 	cil_resolve_catset(test_db->ast->root->cl_head->next->next->next->next->next, test_catset, args);
1018 
1019 	args->pass = CIL_PASS_MISC2;
1020 
1021 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1022 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1023 }
1024 
test_cil_resolve_senscat_catsetname_neg(CuTest * tc)1025 void test_cil_resolve_senscat_catsetname_neg(CuTest *tc) {
1026 	char *line[] = {"(", "sensitivity", "s0", ")",
1027                         "(", "sensitivity", "s1", ")",
1028                         "(", "category", "c0", ")",
1029                         "(", "category", "c255", ")",
1030                         "(", "category", "c500", ")",
1031                         "(", "sensitivitycategory", "s1", "foo", ")", NULL};
1032 
1033 	struct cil_tree *test_tree;
1034 	gen_test_tree(&test_tree, line);
1035 
1036 	struct cil_db *test_db;
1037 	cil_db_init(&test_db);
1038 
1039 	uint32_t changed = CIL_FALSE;
1040 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1041 
1042 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1043 
1044 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
1045 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1046 }
1047 
test_cil_resolve_senscat_sublist(CuTest * tc)1048 void test_cil_resolve_senscat_sublist(CuTest *tc) {
1049       char *line[] = {"(", "sensitivity", "s0", ")",
1050                         "(", "sensitivity", "s1", ")",
1051                         "(", "dominance", "(", "s0", "s1", ")", ")",
1052                         "(", "category", "c0", ")",
1053                         "(", "category", "c1", ")",
1054                         "(", "category", "c255", ")",
1055                         "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
1056                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
1057 
1058 	struct cil_tree *test_tree;
1059 	gen_test_tree(&test_tree, line);
1060 
1061 	struct cil_db *test_db;
1062 	cil_db_init(&test_db);
1063 
1064 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1065 
1066 	uint32_t changed = CIL_FALSE;
1067 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1068 
1069 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
1070 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
1071 
1072 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1073 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1074 }
1075 
test_cil_resolve_senscat_missingsens_neg(CuTest * tc)1076 void test_cil_resolve_senscat_missingsens_neg(CuTest *tc) {
1077       char *line[] = {"(", "sensitivity", "s0", ")",
1078                         "(", "dominance", "(", "s0", "s1", ")", ")",
1079                         "(", "category", "c0", ")",
1080                         "(", "category", "c255", ")",
1081                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
1082                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
1083 
1084 	struct cil_tree *test_tree;
1085 	gen_test_tree(&test_tree, line);
1086 
1087 	struct cil_db *test_db;
1088 	cil_db_init(&test_db);
1089 
1090 	uint32_t changed = CIL_FALSE;
1091 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1092 
1093 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1094 
1095 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
1096 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1097 }
1098 
test_cil_resolve_senscat_category_neg(CuTest * tc)1099 void test_cil_resolve_senscat_category_neg(CuTest *tc) {
1100       char *line[] = {"(", "sensitivity", "s0", ")",
1101                         "(", "sensitivity", "s1", ")",
1102                         "(", "dominance", "(", "s0", "s1", ")", ")",
1103                         "(", "category", "c0", ")",
1104                         "(", "category", "c255", ")",
1105                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
1106                         "(", "sensitivitycategory", "s1", "(", "c5", "c255", ")", ")", NULL};
1107 
1108 	struct cil_tree *test_tree;
1109 	gen_test_tree(&test_tree, line);
1110 
1111 	struct cil_db *test_db;
1112 	cil_db_init(&test_db);
1113 
1114 	uint32_t changed = CIL_FALSE;
1115 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
1116 
1117 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1118 
1119 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1120 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1121 }
1122 
test_cil_resolve_senscat_currrangecat(CuTest * tc)1123 void test_cil_resolve_senscat_currrangecat(CuTest *tc) {
1124       char *line[] = {"(", "sensitivity", "s0", ")",
1125                         "(", "sensitivity", "s1", ")",
1126                         "(", "dominance", "(", "s0", "s1", ")", ")",
1127                         "(", "category", "c0", ")",
1128                         "(", "category", "c1", ")",
1129                         "(", "category", "c255", ")",
1130                         "(", "categoryorder", "(", "c0", "c1", "c255", ")", ")",
1131                         "(", "sensitivitycategory", "s1", "(", "c0", "(", "c1", "c255", ")", ")", ")", NULL};
1132 
1133 	struct cil_tree *test_tree;
1134 	gen_test_tree(&test_tree, line);
1135 
1136 	struct cil_db *test_db;
1137 	cil_db_init(&test_db);
1138 
1139 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1140 
1141 	uint32_t changed = CIL_FALSE;
1142 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1143 
1144 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
1145 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
1146 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
1147 
1148 	args->pass = CIL_PASS_MISC2;
1149 
1150 	int rc = cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
1151 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1152 }
1153 
test_cil_resolve_level(CuTest * tc)1154 void test_cil_resolve_level(CuTest *tc) {
1155 	char *line[] = {"(", "category", "c0", ")",
1156 			"(", "categoryorder", "(", "c0", ")", ")",
1157 			"(", "sensitivity", "s0", ")",
1158 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1159 			"(", "type", "blah_t", ")",
1160 			"(", "role", "blah_r", ")",
1161 			"(", "user", "blah_u", ")",
1162 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1163 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1164 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1165 
1166 	struct cil_tree *test_tree;
1167 	gen_test_tree(&test_tree, line);
1168 
1169 	struct cil_db *test_db;
1170 	cil_db_init(&test_db);
1171 
1172 	uint32_t changed = CIL_FALSE;
1173 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1174 
1175 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1176 
1177 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1178 
1179 	args->pass = CIL_PASS_MISC3;
1180 
1181 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1182 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1183 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1184 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1185 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
1186 }
1187 
test_cil_resolve_level_catlist(CuTest * tc)1188 void test_cil_resolve_level_catlist(CuTest *tc) {
1189 	char *line[] = {"(", "category", "c0", ")",
1190 			"(", "category", "c1", ")",
1191 			"(", "categoryorder", "(", "c0", "c1", ")", ")",
1192 			"(", "sensitivity", "s0", ")",
1193 			"(", "sensitivitycategory", "s0", "(", "c0", "c1", ")", ")",
1194 			"(", "type", "blah_t", ")",
1195 			"(", "role", "blah_r", ")",
1196 			"(", "user", "blah_u", ")",
1197 			"(", "level", "low", "(", "s0", "(", "c0", "c1", ")", ")", ")",
1198 			"(", "level", "high", "(", "s0", "(", "c0", "c1", ")", ")", ")",
1199 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1200 
1201 	struct cil_tree *test_tree;
1202 	gen_test_tree(&test_tree, line);
1203 
1204 	struct cil_db *test_db;
1205 	cil_db_init(&test_db);
1206 
1207 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1208 
1209 	uint32_t changed = CIL_FALSE;
1210 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1211 
1212 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next, args);
1213 
1214 	args->pass = CIL_PASS_MISC3;
1215 
1216 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1217 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1218 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1219 	rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1220 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1221 }
1222 
test_cil_resolve_level_catset(CuTest * tc)1223 void test_cil_resolve_level_catset(CuTest *tc) {
1224 	char *line[] = {"(", "category", "c0", ")",
1225 			"(", "category", "c1", ")",
1226 			"(", "category", "c2", ")",
1227 			"(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
1228 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
1229 			"(", "sensitivity", "s0", ")",
1230 			"(", "sensitivitycategory", "s0", "cats", ")",
1231 			"(", "type", "blah_t", ")",
1232 			"(", "role", "blah_r", ")",
1233 			"(", "user", "blah_u", ")",
1234 			"(", "level", "low", "(", "s0", "cats", ")", ")",
1235 			"(", "level", "high", "(", "s0", "(", "cats", ")", ")", ")",
1236 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1237 
1238 	struct cil_tree *test_tree;
1239 	gen_test_tree(&test_tree, line);
1240 
1241 	struct cil_db *test_db;
1242 	cil_db_init(&test_db);
1243 
1244 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1245 
1246 	uint32_t changed = CIL_FALSE;
1247 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
1248 
1249 	struct cil_catset *cs = (struct cil_catset *)test_db->ast->root->cl_head->next->next->next->data;
1250 
1251 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next->next->next, args);
1252 
1253 	args->pass = CIL_PASS_MLS;
1254 
1255 	cil_resolve_catset(test_db->ast->root->cl_head->next->next->next, cs, args);
1256 
1257 	args->pass = CIL_PASS_MISC2;
1258 
1259 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1260 
1261 	args->pass = CIL_PASS_MISC3;
1262 
1263 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
1264 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1265 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1266 }
1267 
test_cil_resolve_level_catset_name_neg(CuTest * tc)1268 void test_cil_resolve_level_catset_name_neg(CuTest *tc) {
1269 	char *line[] = {"(", "category", "c0", ")",
1270 			"(", "category", "c1", ")",
1271 			"(", "category", "c2", ")",
1272 			"(", "categoryset", "cats", "(", "c0", "c1", "c2", ")", ")",
1273 			"(", "categoryorder", "(", "c0", "c1", "c2", ")", ")",
1274 			"(", "sensitivity", "s0", ")",
1275 			"(", "sensitivitycategory", "s0", "cats", ")",
1276 			"(", "type", "blah_t", ")",
1277 			"(", "role", "blah_r", ")",
1278 			"(", "user", "blah_u", ")",
1279 			"(", "level", "low", "(", "s0", "dne", ")", ")",
1280 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1281 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1282 
1283 	struct cil_tree *test_tree;
1284 	gen_test_tree(&test_tree, line);
1285 
1286 	struct cil_db *test_db;
1287 	cil_db_init(&test_db);
1288 
1289 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1290 
1291 	uint32_t changed = CIL_FALSE;
1292 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1293 
1294 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1295 
1296 	args->pass = CIL_PASS_MISC3;
1297 
1298 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next;
1299 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1300 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1301 }
1302 
test_cil_resolve_level_sens_neg(CuTest * tc)1303 void test_cil_resolve_level_sens_neg(CuTest *tc) {
1304 	char *line[] = {"(", "category", "c0", ")",
1305 			"(", "categoryorder", "(", "c0", ")", ")",
1306 			"(", "sensitivity", "s0", ")",
1307 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1308 			"(", "type", "blah_t", ")",
1309 			"(", "role", "blah_r", ")",
1310 			"(", "user", "blah_u", ")",
1311 			"(", "level", "low", "(", "s1", "(", "c0", ")", ")", ")",
1312 			"(", "level", "high", "(", "s1", "(", "c0", ")", ")", ")",
1313 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1314 
1315 	struct cil_tree *test_tree;
1316 	gen_test_tree(&test_tree, line);
1317 
1318 	struct cil_db *test_db;
1319 	cil_db_init(&test_db);
1320 
1321 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1322 
1323 	uint32_t changed = CIL_FALSE;
1324 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1325 
1326 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1327 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1328 
1329 	args->pass = CIL_PASS_MISC3;
1330 
1331 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1332 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1333 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1334 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
1335 }
1336 
test_cil_resolve_level_cat_neg(CuTest * tc)1337 void test_cil_resolve_level_cat_neg(CuTest *tc) {
1338 	char *line[] = {"(", "category", "c0", ")",
1339 			"(", "categoryorder", "(", "c0", ")", ")",
1340 			"(", "sensitivity", "s0", ")",
1341 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1342 			"(", "type", "blah_t", ")",
1343 			"(", "role", "blah_r", ")",
1344 			"(", "user", "blah_u", ")",
1345 			"(", "level", "low", "(", "s0", "(", "c1", ")", ")", ")",
1346 			"(", "level", "high", "(", "s0", "(", "c1", ")", ")", ")",
1347 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1348 
1349 	struct cil_tree *test_tree;
1350 	gen_test_tree(&test_tree, line);
1351 
1352 	struct cil_db *test_db;
1353 	cil_db_init(&test_db);
1354 
1355 	uint32_t changed = CIL_FALSE;
1356 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1357 
1358 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1359 
1360 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1361 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1362 
1363 	args->pass = CIL_PASS_MISC3;
1364 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1365 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1366 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1367 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc2);
1368 }
1369 
test_cil_resolve_level_senscat_neg(CuTest * tc)1370 void test_cil_resolve_level_senscat_neg(CuTest *tc) {
1371 	char *line[] = {"(", "category", "c0", ")",
1372 			"(", "categoryorder", "(", "c0", ")", ")",
1373 			"(", "sensitivity", "s0", ")",
1374 			"(", "sensitivitycategory", "s1", "(", "c0", ")", ")",
1375 			"(", "type", "blah_t", ")",
1376 			"(", "role", "blah_r", ")",
1377 			"(", "user", "blah_u", ")",
1378 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1379 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1380 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
1381 
1382 	struct cil_tree *test_tree;
1383 	gen_test_tree(&test_tree, line);
1384 
1385 	struct cil_db *test_db;
1386 	cil_db_init(&test_db);
1387 
1388 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1389 
1390 	uint32_t changed = CIL_FALSE;
1391 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1392 
1393 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
1394 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
1395 
1396 	args->pass = CIL_PASS_MISC3;
1397 	int rc = cil_resolve_level(level, (struct cil_level*)level->data, args);
1398 	int rc2 = cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
1399 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
1400 	CuAssertIntEquals(tc, SEPOL_ERR, rc2);
1401 }
1402 
test_cil_resolve_levelrange_namedlvl(CuTest * tc)1403 void test_cil_resolve_levelrange_namedlvl(CuTest *tc) {
1404 	char *line[] = {"(", "category", "c0", ")",
1405 			"(", "sensitivity", "s0", ")",
1406 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1407 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1408 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1409 			"(", "levelrange", "range", "(", "low", "high", ")", ")", NULL};
1410 
1411 	struct cil_tree *test_tree;
1412 	gen_test_tree(&test_tree, line);
1413 
1414 	struct cil_db *test_db;
1415 	cil_db_init(&test_db);
1416 
1417 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1418 
1419 	uint32_t changed = CIL_FALSE;
1420 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1421 
1422 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1423 
1424 	args->pass = CIL_PASS_MISC3;
1425 
1426 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1427 
1428 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1429 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1430 }
1431 
test_cil_resolve_levelrange_namedlvl_low_neg(CuTest * tc)1432 void test_cil_resolve_levelrange_namedlvl_low_neg(CuTest *tc) {
1433 	char *line[] = {"(", "category", "c0", ")",
1434 			"(", "sensitivity", "s0", ")",
1435 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1436 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1437 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1438 			"(", "levelrange", "range", "(", "DNE", "high", ")", ")", NULL};
1439 
1440 	struct cil_tree *test_tree;
1441 	gen_test_tree(&test_tree, line);
1442 
1443 	struct cil_db *test_db;
1444 	cil_db_init(&test_db);
1445 
1446 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1447 
1448 	uint32_t changed = CIL_FALSE;
1449 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1450 
1451 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1452 
1453 	args->pass = CIL_PASS_MISC3;
1454 
1455 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1456 
1457 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1458 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1459 }
1460 
test_cil_resolve_levelrange_namedlvl_high_neg(CuTest * tc)1461 void test_cil_resolve_levelrange_namedlvl_high_neg(CuTest *tc) {
1462 	char *line[] = {"(", "category", "c0", ")",
1463 			"(", "sensitivity", "s0", ")",
1464 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1465 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1466 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1467 			"(", "levelrange", "range", "(", "low", "DNE", ")", ")", NULL};
1468 
1469 	struct cil_tree *test_tree;
1470 	gen_test_tree(&test_tree, line);
1471 
1472 	struct cil_db *test_db;
1473 	cil_db_init(&test_db);
1474 
1475 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1476 
1477 	uint32_t changed = CIL_FALSE;
1478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1479 
1480 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1481 
1482 	args->pass = CIL_PASS_MISC3;
1483 
1484 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->next->next->data;
1485 
1486 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next->next->next, lvlrange, args);
1487 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1488 }
1489 
test_cil_resolve_levelrange_anonlvl(CuTest * tc)1490 void test_cil_resolve_levelrange_anonlvl(CuTest *tc) {
1491 	char *line[] = {"(", "category", "c0", ")",
1492 			"(", "sensitivity", "s0", ")",
1493 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1494 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
1495 
1496 	struct cil_tree *test_tree;
1497 	gen_test_tree(&test_tree, line);
1498 
1499 	struct cil_db *test_db;
1500 	cil_db_init(&test_db);
1501 
1502 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1503 
1504 	uint32_t changed = CIL_FALSE;
1505 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1506 
1507 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1508 
1509 	args->pass = CIL_PASS_MISC3;
1510 
1511 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1512 
1513 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1514 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1515 }
1516 
test_cil_resolve_levelrange_anonlvl_low_neg(CuTest * tc)1517 void test_cil_resolve_levelrange_anonlvl_low_neg(CuTest *tc) {
1518 	char *line[] = {"(", "category", "c0", ")",
1519 			"(", "sensitivity", "s0", ")",
1520 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1521 			"(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
1522 
1523 	struct cil_tree *test_tree;
1524 	gen_test_tree(&test_tree, line);
1525 
1526 	struct cil_db *test_db;
1527 	cil_db_init(&test_db);
1528 
1529 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1530 
1531 	uint32_t changed = CIL_FALSE;
1532 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1533 
1534 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1535 
1536 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1537 
1538 	args->pass = CIL_PASS_MISC3;
1539 
1540 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1541 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1542 }
1543 
test_cil_resolve_levelrange_anonlvl_high_neg(CuTest * tc)1544 void test_cil_resolve_levelrange_anonlvl_high_neg(CuTest *tc) {
1545 	char *line[] = {"(", "category", "c0", ")",
1546 			"(", "sensitivity", "s0", ")",
1547 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1548 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "dne", "(", "c0", ")", ")", ")", ")", NULL};
1549 
1550 	struct cil_tree *test_tree;
1551 	gen_test_tree(&test_tree, line);
1552 
1553 	struct cil_db *test_db;
1554 	cil_db_init(&test_db);
1555 
1556 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1557 
1558 	uint32_t changed = CIL_FALSE;
1559 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1560 
1561 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1562 
1563 	struct cil_levelrange *lvlrange = (struct cil_levelrange *)test_db->ast->root->cl_head->next->next->next->data;
1564 
1565 	args->pass = CIL_PASS_MISC3;
1566 
1567 	int rc = cil_resolve_levelrange(test_db->ast->root->cl_head->next->next->next, lvlrange, args);
1568 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1569 }
1570 
test_cil_resolve_constrain(CuTest * tc)1571 void test_cil_resolve_constrain(CuTest *tc) {
1572         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
1573 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
1574 			"(", "sensitivity", "s0", ")",
1575 			"(", "category", "c1", ")",
1576 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1577 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1578 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1579 
1580 	struct cil_tree *test_tree;
1581 	gen_test_tree(&test_tree, line);
1582 
1583 	struct cil_db *test_db;
1584 	cil_db_init(&test_db);
1585 
1586 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1587 
1588 	uint32_t changed = CIL_FALSE;
1589 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1590 
1591 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1592 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1593 }
1594 
test_cil_resolve_constrain_class_neg(CuTest * tc)1595 void test_cil_resolve_constrain_class_neg(CuTest *tc) {
1596         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
1597 			"(", "sensitivity", "s0", ")",
1598 			"(", "category", "c1", ")",
1599 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1600 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1601 			"(", "mlsconstrain", "(", "foo", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1602 
1603 	struct cil_tree *test_tree;
1604 	gen_test_tree(&test_tree, line);
1605 
1606 	struct cil_db *test_db;
1607 	cil_db_init(&test_db);
1608 
1609 	uint32_t changed = CIL_FALSE;
1610 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1611 
1612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1613 
1614 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next, args);
1615 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1616 }
1617 
test_cil_resolve_constrain_perm_neg(CuTest * tc)1618 void test_cil_resolve_constrain_perm_neg(CuTest *tc) {
1619         char *line[] = {"(", "class", "file", "(", "create", ")", ")",
1620 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
1621 			"(", "sensitivity", "s0", ")",
1622 			"(", "category", "c1", ")",
1623 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1624 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1625 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1626 
1627 	struct cil_tree *test_tree;
1628 	gen_test_tree(&test_tree, line);
1629 
1630 	struct cil_db *test_db;
1631 	cil_db_init(&test_db);
1632 
1633 	uint32_t changed = CIL_FALSE;
1634 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1635 
1636 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1637 
1638 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
1639 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1640 }
1641 
test_cil_resolve_constrain_perm_resolve_neg(CuTest * tc)1642 void test_cil_resolve_constrain_perm_resolve_neg(CuTest *tc) {
1643         char *line[] = {"(", "sensitivity", "s0", ")",
1644 			"(", "category", "c1", ")",
1645 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
1646 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
1647 			"(", "mlsconstrain", "(", "file", "(", "foo", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
1648 
1649 	struct cil_tree *test_tree;
1650 	gen_test_tree(&test_tree, line);
1651 
1652 	struct cil_db *test_db;
1653 	cil_db_init(&test_db);
1654 
1655 	uint32_t changed = CIL_FALSE;
1656 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1657 
1658 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1659 
1660 	int rc = cil_resolve_constrain(test_db->ast->root->cl_head->next->next->next->next, args);
1661 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1662 }
1663 
test_cil_resolve_context(CuTest * tc)1664 void test_cil_resolve_context(CuTest *tc) {
1665 	char *line[] = {"(", "sensitivity", "s0", ")",
1666 			"(", "category", "c0", ")",
1667 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1668 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1669 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1670 			"(", "user", "system_u", ")",
1671 			"(", "role", "object_r", ")",
1672 			"(", "type", "netif_t", ")",
1673 			"(", "context", "con",
1674                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1675 
1676 	struct cil_tree *test_tree;
1677 	gen_test_tree(&test_tree, line);
1678 
1679 	struct cil_db *test_db;
1680 	cil_db_init(&test_db);
1681 
1682 	uint32_t changed = CIL_FALSE;
1683 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1684 
1685 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1686 
1687 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
1688 
1689 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
1690 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1691 }
1692 
test_cil_resolve_context_macro(CuTest * tc)1693 void test_cil_resolve_context_macro(CuTest *tc) {
1694 	char *line[] = {"(", "sensitivity", "s0", ")",
1695 			"(", "category", "c0", ")",
1696 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1697 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1698 			"(", "user", "system_u", ")",
1699 			"(", "role", "object_r", ")",
1700 			"(", "type", "netif_t", ")",
1701 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
1702 				"(", "context", "con",
1703 					"(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
1704 			"(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
1705 
1706 	struct cil_tree *test_tree;
1707 	gen_test_tree(&test_tree, line);
1708 
1709 	struct cil_db *test_db;
1710 	cil_db_init(&test_db);
1711 
1712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1713 
1714 	uint32_t changed = CIL_FALSE;
1715 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
1716 
1717 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
1718 
1719 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1720 
1721 	args->pass = CIL_PASS_CALL2;
1722 
1723 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1724 
1725 	args->pass = CIL_PASS_MISC2;
1726 
1727 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1728 
1729 	args->pass = CIL_PASS_MISC3;
1730 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1731 
1732 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context,  args);
1733 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1734 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
1735 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
1736 }
1737 
test_cil_resolve_context_macro_neg(CuTest * tc)1738 void test_cil_resolve_context_macro_neg(CuTest *tc) {
1739 	char *line[] = {"(", "sensitivity", "s0", ")",
1740 			"(", "category", "c0", ")",
1741 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1742 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1743 			"(", "user", "system_u", ")",
1744 			"(", "role", "object_r", ")",
1745 			"(", "type", "netif_t", ")",
1746 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
1747 				"(", "context", "con",
1748 					"(", "system_u", "object_r", "netif_t", "range", ")", ")", ")",
1749 			"(", "call", "mm", "(", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "DNE", ")", ")", ")", ")", NULL};
1750 
1751 	struct cil_tree *test_tree;
1752 	gen_test_tree(&test_tree, line);
1753 
1754 	struct cil_db *test_db;
1755 	cil_db_init(&test_db);
1756 
1757 	uint32_t changed = CIL_FALSE;
1758 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
1759 
1760 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1761 
1762 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head->data;
1763 
1764 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1765 
1766 	args->pass = CIL_PASS_CALL2;
1767 
1768 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
1769 
1770 	args->pass = CIL_PASS_CALL2;
1771 
1772 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1773 
1774 	args->pass = CIL_PASS_MISC3;
1775 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
1776 
1777 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, test_context, args);
1778 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1779 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
1780 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
1781 }
1782 
test_cil_resolve_context_namedrange(CuTest * tc)1783 void test_cil_resolve_context_namedrange(CuTest *tc) {
1784 	char *line[] = {"(", "sensitivity", "s0", ")",
1785 			"(", "category", "c0", ")",
1786 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1787 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1788 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1789 			"(", "levelrange", "range", "(", "low", "high", ")", ")",
1790 			"(", "user", "system_u", ")",
1791 			"(", "role", "object_r", ")",
1792 			"(", "type", "netif_t", ")",
1793 			"(", "context", "con",
1794                         "(", "system_u", "object_r", "netif_t", "range", ")", ")", NULL};
1795 
1796 	struct cil_tree *test_tree;
1797 	gen_test_tree(&test_tree, line);
1798 
1799 	struct cil_db *test_db;
1800 	cil_db_init(&test_db);
1801 
1802 	uint32_t changed = CIL_FALSE;
1803 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1804 
1805 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1806 
1807 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
1808 
1809 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
1810 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1811 }
1812 
test_cil_resolve_context_namedrange_neg(CuTest * tc)1813 void test_cil_resolve_context_namedrange_neg(CuTest *tc) {
1814 	char *line[] = {"(", "sensitivity", "s0", ")",
1815 			"(", "category", "c0", ")",
1816 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1817 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1818 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1819 			"(", "levelrange", "range", "(", "low", "high", ")", ")",
1820 			"(", "user", "system_u", ")",
1821 			"(", "role", "object_r", ")",
1822 			"(", "type", "netif_t", ")",
1823 			"(", "context", "con",
1824                         "(", "system_u", "object_r", "netif_t", "DNE", ")", ")", NULL};
1825 
1826 	struct cil_tree *test_tree;
1827 	gen_test_tree(&test_tree, line);
1828 
1829 	struct cil_db *test_db;
1830 	cil_db_init(&test_db);
1831 
1832 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1833 
1834 	uint32_t changed = CIL_FALSE;
1835 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1836 
1837 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->data;
1838 
1839 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, test_context, args);
1840 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1841 }
1842 
test_cil_resolve_context_user_neg(CuTest * tc)1843 void test_cil_resolve_context_user_neg(CuTest *tc) {
1844 	char *line[] = {"(", "sensitivity", "s0", ")",
1845 			"(", "category", "c0", ")",
1846 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1847 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1848 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1849 			"(", "role", "object_r", ")",
1850 			"(", "type", "netif_t", ")",
1851 			"(", "context", "con",
1852                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1853 
1854 	struct cil_tree *test_tree;
1855 	gen_test_tree(&test_tree, line);
1856 
1857 	struct cil_db *test_db;
1858 	cil_db_init(&test_db);
1859 
1860 	uint32_t changed = CIL_FALSE;
1861 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1862 
1863 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1864 
1865 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1866 
1867 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1868 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1869 }
1870 
test_cil_resolve_context_role_neg(CuTest * tc)1871 void test_cil_resolve_context_role_neg(CuTest *tc) {
1872 	char *line[] = {"(", "sensitivity", "s0", ")",
1873 			"(", "category", "c0", ")",
1874 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1875 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1876 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1877 			"(", "user", "system_u", ")",
1878 			"(", "type", "netif_t", ")",
1879 			"(", "context", "con",
1880                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1881 
1882 	struct cil_tree *test_tree;
1883 	gen_test_tree(&test_tree, line);
1884 
1885 	struct cil_db *test_db;
1886 	cil_db_init(&test_db);
1887 
1888 	uint32_t changed = CIL_FALSE;
1889 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1890 
1891 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1892 
1893 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1894 
1895 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1896 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1897 }
1898 
test_cil_resolve_context_type_neg(CuTest * tc)1899 void test_cil_resolve_context_type_neg(CuTest *tc) {
1900 	char *line[] = {"(", "sensitivity", "s0", ")",
1901 			"(", "category", "c0", ")",
1902 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1903 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1904 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1905 			"(", "user", "system_u", ")",
1906 			"(", "role", "object_r", ")",
1907 			"(", "context", "con",
1908                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
1909 
1910 	struct cil_tree *test_tree;
1911 	gen_test_tree(&test_tree, line);
1912 
1913 	struct cil_db *test_db;
1914 	cil_db_init(&test_db);
1915 
1916 	uint32_t changed = CIL_FALSE;
1917 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1918 
1919 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1920 
1921 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->data;
1922 
1923 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next, test_context, args);
1924 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1925 }
1926 
test_cil_resolve_context_anon_level_neg(CuTest * tc)1927 void test_cil_resolve_context_anon_level_neg(CuTest *tc) {
1928 	char *line[] = {"(", "sensitivity", "s0", ")",
1929 			"(", "category", "c0", ")",
1930 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
1931 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
1932 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
1933 			"(", "user", "system_u", ")",
1934 			"(", "role", "object_r", ")",
1935 			"(", "type", "netif_t", ")",
1936 			"(", "context", "con",
1937                         "(", "system_u", "object_r", "netif_t", "(", "DNE", "high", ")", ")", ")", NULL};
1938 
1939 	struct cil_tree *test_tree;
1940 	gen_test_tree(&test_tree, line);
1941 
1942 	struct cil_db *test_db;
1943 	cil_db_init(&test_db);
1944 
1945 	uint32_t changed = CIL_FALSE;
1946 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
1947 
1948 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1949 
1950 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next, args);
1951 
1952 	args->pass = CIL_PASS_MISC3;
1953 
1954 	struct cil_context *test_context = (struct cil_context*)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data;
1955 
1956 	int rc = cil_resolve_context(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, test_context, args);
1957 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
1958 }
1959 
test_cil_resolve_roletransition(CuTest * tc)1960 void test_cil_resolve_roletransition(CuTest *tc) {
1961 	char *line[] = {"(", "role", "foo_r", ")",
1962 			"(", "type", "bar_t", ")",
1963 			"(", "role", "foobar_r", ")",
1964 			"(", "class", "process", "(", "transition", ")", ")",
1965 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
1966 
1967 	struct cil_tree *test_tree;
1968 	gen_test_tree(&test_tree, line);
1969 
1970 	struct cil_db *test_db;
1971 	cil_db_init(&test_db);
1972 
1973 	uint32_t changed = CIL_FALSE;
1974 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1975 
1976 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1977 
1978 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next->next, args);
1979 	CuAssertIntEquals(tc, SEPOL_OK, rc);
1980 }
1981 
test_cil_resolve_roletransition_srcdecl_neg(CuTest * tc)1982 void test_cil_resolve_roletransition_srcdecl_neg(CuTest *tc) {
1983 	char *line[] = {"(", "type", "bar_t", ")",
1984 			"(", "role", "foobar_r", ")",
1985 			"(", "class", "process", "(", "transition", ")", ")",
1986 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
1987 
1988 	struct cil_tree *test_tree;
1989 	gen_test_tree(&test_tree, line);
1990 
1991 	struct cil_db *test_db;
1992 	cil_db_init(&test_db);
1993 
1994 	uint32_t changed = CIL_FALSE;
1995 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
1996 
1997 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
1998 
1999 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2000 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2001 }
2002 
test_cil_resolve_roletransition_tgtdecl_neg(CuTest * tc)2003 void test_cil_resolve_roletransition_tgtdecl_neg(CuTest *tc) {
2004 	char *line[] = {"(", "role", "foo_r", ")",
2005 			"(", "role", "foobar_r", ")",
2006 			"(", "class", "process", "(", "transition", ")", ")",
2007 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
2008 
2009 	struct cil_tree *test_tree;
2010 	gen_test_tree(&test_tree, line);
2011 
2012 	struct cil_db *test_db;
2013 	cil_db_init(&test_db);
2014 
2015 	uint32_t changed = CIL_FALSE;
2016 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2017 
2018 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2019 
2020 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2021 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2022 }
2023 
test_cil_resolve_roletransition_resultdecl_neg(CuTest * tc)2024 void test_cil_resolve_roletransition_resultdecl_neg(CuTest *tc) {
2025 	char *line[] = {"(", "role", "foo_r", ")",
2026 			"(", "type", "bar_t", ")",
2027 			"(", "class", "process", "(", "transition", ")", ")",
2028 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
2029 
2030 	struct cil_tree *test_tree;
2031 	gen_test_tree(&test_tree, line);
2032 
2033 	struct cil_db *test_db;
2034 	cil_db_init(&test_db);
2035 
2036 	uint32_t changed = CIL_FALSE;
2037 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2038 
2039 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2040 
2041 	int rc = cil_resolve_roletransition(test_db->ast->root->cl_head->next->next->next, args);
2042 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2043 }
2044 
test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest * tc)2045 void test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest *tc) {
2046 	char *line[] = {"(", "typeattribute", "attrs", ")",
2047 			"(", "typeattribute", "attrs2", ")",
2048 			"(", "type", "type_t", ")",
2049 			"(", "typeattributeset", "attrs2", "type_t", ")",
2050 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
2051 
2052 	struct cil_tree *test_tree;
2053 	gen_test_tree(&test_tree, line);
2054 
2055 	struct cil_db *test_db;
2056 	cil_db_init(&test_db);
2057 
2058 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2059 
2060 	uint32_t changed = CIL_FALSE;
2061 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2062 
2063 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next, args);
2064 	int rc2 = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2065 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2066 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2067 }
2068 
test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest * tc)2069 void test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest *tc) {
2070 	char *line[] = {"(", "typeattribute", "attrs", ")",
2071 			"(", "typeattribute", "attrs2", ")",
2072 			"(", "type", "type_t", ")",
2073 			"(", "type", "type_b", ")",
2074 			"(", "type", "type_a", ")",
2075 			"(", "typeattributeset", "attrs", "(", "and", "type_a", "type_b", ")", ")",
2076 			"(", "typeattributeset", "attrs2", "(", "not", "attrs", ")", ")", NULL};
2077 
2078 	struct cil_tree *test_tree;
2079 	gen_test_tree(&test_tree, line);
2080 
2081 	struct cil_db *test_db;
2082 	cil_db_init(&test_db);
2083 
2084 	uint32_t changed = CIL_FALSE;
2085 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2086 
2087 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2088 
2089 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2090 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2091 }
2092 
test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest * tc)2093 void test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest *tc) {
2094 	char *line[] = {"(", "typeattribute", "attrs", ")",
2095 			"(", "type", "type_t", ")",
2096 			"(", "type", "type_tt", ")",
2097 			"(", "typeattributeset", "attrs", "(", "and", "type_t", "type_tt", ")", ")", NULL};
2098 
2099 	struct cil_tree *test_tree;
2100 	gen_test_tree(&test_tree, line);
2101 
2102 	struct cil_db *test_db;
2103 	cil_db_init(&test_db);
2104 
2105 	uint32_t changed = CIL_FALSE;
2106 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2107 
2108 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2109 
2110 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2112 }
2113 
test_cil_resolve_typeattributeset_using_attr(CuTest * tc)2114 void test_cil_resolve_typeattributeset_using_attr(CuTest *tc) {
2115 	char *line[] = {"(", "typeattribute", "attrs", ")",
2116 			"(", "typeattribute", "attr_a", ")",
2117 			"(", "typeattributeset", "attrs", "attr_a", ")", NULL};
2118 
2119 	struct cil_tree *test_tree;
2120 	gen_test_tree(&test_tree, line);
2121 
2122 	struct cil_db *test_db;
2123 	cil_db_init(&test_db);
2124 
2125 	uint32_t changed = CIL_FALSE;
2126 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2127 
2128 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2129 
2130 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
2131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2132 }
2133 
test_cil_resolve_typeattributeset_name_neg(CuTest * tc)2134 void test_cil_resolve_typeattributeset_name_neg(CuTest *tc) {
2135 	char *line[] = {"(", "type", "type_t", ")",
2136 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
2137 
2138 	struct cil_tree *test_tree;
2139 	gen_test_tree(&test_tree, line);
2140 
2141 	struct cil_db *test_db;
2142 	cil_db_init(&test_db);
2143 
2144 	uint32_t changed = CIL_FALSE;
2145 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2146 
2147 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2148 
2149 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
2150 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2151 }
2152 
test_cil_resolve_typeattributeset_undef_type_neg(CuTest * tc)2153 void test_cil_resolve_typeattributeset_undef_type_neg(CuTest *tc) {
2154 	char *line[] = {"(", "typeattribute", "attrs", ")",
2155 			"(", "typeattributeset", "attrs", "type_t", ")", NULL};
2156 
2157 	struct cil_tree *test_tree;
2158 	gen_test_tree(&test_tree, line);
2159 
2160 	struct cil_db *test_db;
2161 	cil_db_init(&test_db);
2162 
2163 	uint32_t changed = CIL_FALSE;
2164 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2165 
2166 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2167 
2168 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next, args);
2169 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2170 }
2171 
test_cil_resolve_typeattributeset_not(CuTest * tc)2172 void test_cil_resolve_typeattributeset_not(CuTest *tc) {
2173 	char *line[] = {"(", "typeattribute", "attrs", ")",
2174 			"(", "type", "type_t", ")",
2175 			"(", "type", "t_t", ")",
2176 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
2177 
2178 	struct cil_tree *test_tree;
2179 	gen_test_tree(&test_tree, line);
2180 
2181 	struct cil_db *test_db;
2182 	cil_db_init(&test_db);
2183 
2184 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2185 
2186 	uint32_t changed = CIL_FALSE;
2187 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2188 
2189 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next->next, args);
2190 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2191 }
2192 
test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest * tc)2193 void test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest *tc) {
2194 	char *line[] = {"(", "typeattribute", "attrs", ")",
2195 			"(", "type", "type_t", ")",
2196 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
2197 
2198 	struct cil_tree *test_tree;
2199 	gen_test_tree(&test_tree, line);
2200 
2201 	struct cil_db *test_db;
2202 	cil_db_init(&test_db);
2203 
2204 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2205 
2206 	uint32_t changed = CIL_FALSE;
2207 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2208 
2209 	int rc = cil_resolve_typeattributeset(test_db->ast->root->cl_head->next->next, args);
2210 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2211 }
2212 
test_cil_resolve_typealias(CuTest * tc)2213 void test_cil_resolve_typealias(CuTest *tc) {
2214 	char *line[] = {"(", "block", "foo",
2215 				"(", "typealias", ".foo.test", "type_t", ")",
2216 				"(", "type", "test", ")", ")", NULL};
2217 
2218 	struct cil_tree *test_tree;
2219 	gen_test_tree(&test_tree, line);
2220 
2221 	struct cil_db *test_db;
2222 	cil_db_init(&test_db);
2223 
2224 	uint32_t changed = CIL_FALSE;
2225 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2226 
2227 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2228 
2229 	int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
2230 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2231 }
2232 
test_cil_resolve_typealias_neg(CuTest * tc)2233 void test_cil_resolve_typealias_neg(CuTest *tc) {
2234 	char *line[] = {"(", "block", "foo",
2235 				"(", "typealias", ".foo", "apache_alias", ")", ")", NULL};
2236 
2237 	struct cil_tree *test_tree;
2238 	gen_test_tree(&test_tree, line);
2239 
2240 	struct cil_db *test_db;
2241 	cil_db_init(&test_db);
2242 
2243 	uint32_t changed = CIL_FALSE;
2244 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2245 
2246 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2247 
2248 	int rc = cil_resolve_typealias(test_db->ast->root->cl_head->cl_head, args);
2249 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2250 }
2251 
test_cil_resolve_typebounds(CuTest * tc)2252 void test_cil_resolve_typebounds(CuTest *tc) {
2253 	char *line[] = {"(", "type", "type_a", ")",
2254 			"(", "type", "type_b", ")",
2255 			"(", "typebounds", "type_a", "type_b", ")", NULL};
2256 
2257 	struct cil_tree *test_tree;
2258 	gen_test_tree(&test_tree, line);
2259 
2260 	struct cil_db *test_db;
2261 	cil_db_init(&test_db);
2262 
2263 	uint32_t changed = CIL_FALSE;
2264 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2265 
2266 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2267 
2268 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
2269 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2270 }
2271 
test_cil_resolve_typebounds_repeatbind_neg(CuTest * tc)2272 void test_cil_resolve_typebounds_repeatbind_neg(CuTest *tc) {
2273 	char *line[] = {"(", "type", "type_a", ")",
2274 			"(", "type", "type_b", ")",
2275 			"(", "typebounds", "type_a", "type_b", ")",
2276 			"(", "typebounds", "type_a", "type_b", ")", NULL};
2277 
2278 	struct cil_tree *test_tree;
2279 	gen_test_tree(&test_tree, line);
2280 
2281 	struct cil_db *test_db;
2282 	cil_db_init(&test_db);
2283 
2284 	uint32_t changed = CIL_FALSE;
2285 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2286 
2287 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2288 
2289 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next, args);
2290 	int rc2 = cil_resolve_typebounds(test_db->ast->root->cl_head->next->next->next, args);
2291 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2292 	CuAssertIntEquals(tc, SEPOL_ERR, rc2);
2293 }
2294 
test_cil_resolve_typebounds_type1_neg(CuTest * tc)2295 void test_cil_resolve_typebounds_type1_neg(CuTest *tc) {
2296 	char *line[] = {"(", "type", "type_b", ")",
2297 			"(", "typebounds", "type_a", "type_b", ")", NULL};
2298 
2299 	struct cil_tree *test_tree;
2300 	gen_test_tree(&test_tree, line);
2301 
2302 	struct cil_db *test_db;
2303 	cil_db_init(&test_db);
2304 
2305 	uint32_t changed = CIL_FALSE;
2306 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2307 
2308 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2309 
2310 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
2311 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2312 }
2313 
test_cil_resolve_typebounds_type2_neg(CuTest * tc)2314 void test_cil_resolve_typebounds_type2_neg(CuTest *tc) {
2315 	char *line[] = {"(", "type", "type_a", ")",
2316 			"(", "typebounds", "type_a", "type_b", ")", NULL};
2317 
2318 	struct cil_tree *test_tree;
2319 	gen_test_tree(&test_tree, line);
2320 
2321 	struct cil_db *test_db;
2322 	cil_db_init(&test_db);
2323 
2324 	uint32_t changed = CIL_FALSE;
2325 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2326 
2327 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2328 
2329 	int rc = cil_resolve_typebounds(test_db->ast->root->cl_head->next, args);
2330 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2331 }
2332 
test_cil_resolve_typepermissive(CuTest * tc)2333 void test_cil_resolve_typepermissive(CuTest *tc) {
2334 	char *line[] = {"(", "type", "type_a", ")",
2335 			"(", "typepermissive", "type_a", ")", NULL};
2336 
2337 	struct cil_tree *test_tree;
2338 	gen_test_tree(&test_tree, line);
2339 
2340 	struct cil_db *test_db;
2341 	cil_db_init(&test_db);
2342 
2343 	uint32_t changed = CIL_FALSE;
2344 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
2345 
2346 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2347 
2348 	int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
2349 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2350 }
2351 
test_cil_resolve_typepermissive_neg(CuTest * tc)2352 void test_cil_resolve_typepermissive_neg(CuTest *tc) {
2353 	char *line[] = {"(", "type", "type_a", ")",
2354 			"(", "typepermissive", "type_b", ")", NULL};
2355 
2356 	struct cil_tree *test_tree;
2357 	gen_test_tree(&test_tree, line);
2358 
2359 	struct cil_db *test_db;
2360 	cil_db_init(&test_db);
2361 
2362 	uint32_t changed = CIL_FALSE;
2363 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2364 
2365 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2366 
2367 	int rc = cil_resolve_typepermissive(test_db->ast->root->cl_head->next, args);
2368 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2369 }
2370 
test_cil_resolve_nametypetransition(CuTest * tc)2371 void test_cil_resolve_nametypetransition(CuTest *tc) {
2372 	char *line[] = {"(", "type", "foo", ")",
2373 			"(", "type", "bar", ")",
2374 			"(", "class", "file", "(", "read", ")", ")",
2375 			"(", "type", "foobar", ")",
2376 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
2377 
2378 	struct cil_tree *test_tree;
2379 	gen_test_tree(&test_tree, line);
2380 
2381 	struct cil_db *test_db;
2382 	cil_db_init(&test_db);
2383 
2384 	uint32_t changed = CIL_FALSE;
2385 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2386 
2387 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2388 
2389 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2390 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2391 }
2392 
test_cil_resolve_nametypetransition_src_neg(CuTest * tc)2393 void test_cil_resolve_nametypetransition_src_neg(CuTest *tc) {
2394 	char *line[] = {"(", "type", "foo", ")",
2395 			"(", "type", "bar", ")",
2396 			"(", "class", "file", "(", "read", ")", ")",
2397 			"(", "type", "foobar", ")",
2398 			"(", "nametypetransition", "str", "wrong", "bar", "file", "foobar", ")", NULL};
2399 
2400 	struct cil_tree *test_tree;
2401 	gen_test_tree(&test_tree, line);
2402 
2403 	struct cil_db *test_db;
2404 	cil_db_init(&test_db);
2405 
2406 	uint32_t changed = CIL_FALSE;
2407 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2408 
2409 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2410 
2411 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2412 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2413 }
2414 
test_cil_resolve_nametypetransition_tgt_neg(CuTest * tc)2415 void test_cil_resolve_nametypetransition_tgt_neg(CuTest *tc) {
2416 	char *line[] = {"(", "type", "foo", ")",
2417 			"(", "type", "bar", ")",
2418 			"(", "class", "file", "(", "read", ")", ")",
2419 			"(", "type", "foobar", ")",
2420 			"(", "nametypetransition", "str", "foo", "wrong", "file", "foobar", ")", NULL};
2421 
2422 	struct cil_tree *test_tree;
2423 	gen_test_tree(&test_tree, line);
2424 
2425 	struct cil_db *test_db;
2426 	cil_db_init(&test_db);
2427 
2428 	uint32_t changed = CIL_FALSE;
2429 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2430 
2431 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2432 
2433 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2434 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2435 }
2436 
test_cil_resolve_nametypetransition_class_neg(CuTest * tc)2437 void test_cil_resolve_nametypetransition_class_neg(CuTest *tc) {
2438 	char *line[] = {"(", "type", "foo", ")",
2439 			"(", "type", "bar", ")",
2440 			"(", "class", "file", "(", "read", ")", ")",
2441 			"(", "type", "foobar", ")",
2442 			"(", "nametypetransition", "str", "foo", "bar", "wrong", "foobar", ")", NULL};
2443 
2444 	struct cil_tree *test_tree;
2445 	gen_test_tree(&test_tree, line);
2446 
2447 	struct cil_db *test_db;
2448 	cil_db_init(&test_db);
2449 
2450 	uint32_t changed = CIL_FALSE;
2451 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2452 
2453 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2454 
2455 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2456 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2457 }
2458 
test_cil_resolve_nametypetransition_dest_neg(CuTest * tc)2459 void test_cil_resolve_nametypetransition_dest_neg(CuTest *tc) {
2460 	char *line[] = {"(", "type", "foo", ")",
2461 			"(", "type", "bar", ")",
2462 			"(", "class", "file", "(", "read", ")", ")",
2463 			"(", "type", "foobar", ")",
2464 			"(", "nametypetransition", "str", "foo", "bar", "file", "wrong", ")", NULL};
2465 
2466 	struct cil_tree *test_tree;
2467 	gen_test_tree(&test_tree, line);
2468 
2469 	struct cil_db *test_db;
2470 	cil_db_init(&test_db);
2471 
2472 	uint32_t changed = CIL_FALSE;
2473 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2474 
2475 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2476 
2477 	int rc = cil_resolve_nametypetransition(test_db->ast->root->cl_head->next->next->next->next, args);
2478 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2479 }
2480 
test_cil_resolve_rangetransition(CuTest * tc)2481 void test_cil_resolve_rangetransition(CuTest *tc) {
2482 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2483 			"(", "type", "type_a", ")",
2484 			"(", "type", "type_b", ")",
2485 			"(", "sensitivity", "s0", ")",
2486 			"(", "category", "c0", ")",
2487 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2488 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2489 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
2490 
2491 	struct cil_tree *test_tree;
2492 	gen_test_tree(&test_tree, line);
2493 
2494 	struct cil_db *test_db;
2495 	cil_db_init(&test_db);
2496 
2497 	uint32_t changed = CIL_FALSE;
2498 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2499 
2500 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2501 
2502 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2503 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2504 }
2505 
test_cil_resolve_rangetransition_namedrange_anon(CuTest * tc)2506 void test_cil_resolve_rangetransition_namedrange_anon(CuTest *tc) {
2507 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2508 			"(", "type", "type_a", ")",
2509 			"(", "type", "type_b", ")",
2510 			"(", "sensitivity", "s0", ")",
2511 			"(", "category", "c0", ")",
2512 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2513 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2514 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2515 			"(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
2516 				"(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
2517 			"(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
2518 
2519 	struct cil_tree *test_tree;
2520 	gen_test_tree(&test_tree, line);
2521 
2522 	struct cil_db *test_db;
2523 	cil_db_init(&test_db);
2524 
2525 	uint32_t changed = CIL_FALSE;
2526 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2527 
2528 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2529 
2530 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2531 
2532 	args->pass = CIL_PASS_CALL2;
2533 
2534 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2535 
2536 	args->pass = CIL_PASS_MISC2;
2537 
2538 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2539 
2540 	args->pass = CIL_PASS_MISC3;
2541 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
2542 
2543 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head, args);
2544 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2545 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2546 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2547 }
2548 
test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest * tc)2549 void test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest *tc) {
2550 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2551 			"(", "type", "type_a", ")",
2552 			"(", "type", "type_b", ")",
2553 			"(", "sensitivity", "s0", ")",
2554 			"(", "category", "c0", ")",
2555 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2556 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2557 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2558 			"(", "macro", "mm", "(", "(", "levelrange", "l", ")", ")",
2559 				"(", "rangetransition", "type_a", "type_b", "class_", "l", ")", ")",
2560 			"(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
2561 
2562 	struct cil_tree *test_tree;
2563 	gen_test_tree(&test_tree, line);
2564 
2565 	struct cil_db *test_db;
2566 	cil_db_init(&test_db);
2567 
2568 	uint32_t changed = CIL_FALSE;
2569 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2570 
2571 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2572 
2573 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2574 
2575 	args->pass = CIL_PASS_CALL2;
2576 
2577 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
2578 
2579 	args->pass = CIL_PASS_MISC2;
2580 
2581 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
2582 
2583 	args->pass = CIL_PASS_MISC3;
2584 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next;
2585 
2586 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->cl_head,  args);
2587 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2588 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2589 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2590 }
2591 
test_cil_resolve_rangetransition_namedrange(CuTest * tc)2592 void test_cil_resolve_rangetransition_namedrange(CuTest *tc) {
2593 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2594 			"(", "type", "type_a", ")",
2595 			"(", "type", "type_b", ")",
2596 			"(", "sensitivity", "s0", ")",
2597 			"(", "category", "c0", ")",
2598 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2599 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2600 			"(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
2601 			"(", "rangetransition", "type_a", "type_b", "class_", "foo_range", ")", NULL};
2602 
2603 	struct cil_tree *test_tree;
2604 	gen_test_tree(&test_tree, line);
2605 
2606 	struct cil_db *test_db;
2607 	cil_db_init(&test_db);
2608 
2609 	uint32_t changed = CIL_FALSE;
2610 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2611 
2612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2613 
2614 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2615 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2616 }
2617 
test_cil_resolve_rangetransition_namedrange_neg(CuTest * tc)2618 void test_cil_resolve_rangetransition_namedrange_neg(CuTest *tc) {
2619 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2620 			"(", "type", "type_a", ")",
2621 			"(", "type", "type_b", ")",
2622 			"(", "sensitivity", "s0", ")",
2623 			"(", "category", "c0", ")",
2624 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2625 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2626 			"(", "levelrange", "foo_range", "(", "low", "high", ")", ")",
2627 			"(", "rangetransition", "type_a", "type_b", "class_", "DNE", ")", NULL};
2628 
2629 	struct cil_tree *test_tree;
2630 	gen_test_tree(&test_tree, line);
2631 
2632 	struct cil_db *test_db;
2633 	cil_db_init(&test_db);
2634 
2635 	uint32_t changed = CIL_FALSE;
2636 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2637 
2638 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2639 
2640 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2641 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2642 }
2643 
test_cil_resolve_rangetransition_type1_neg(CuTest * tc)2644 void test_cil_resolve_rangetransition_type1_neg(CuTest *tc) {
2645 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2646 			"(", "type", "type_a", ")",
2647 			"(", "type", "type_b", ")",
2648 			"(", "sensitivity", "s0", ")",
2649 			"(", "category", "c0", ")",
2650 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2651 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2652 			"(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
2653 
2654 	struct cil_tree *test_tree;
2655 	gen_test_tree(&test_tree, line);
2656 
2657 	struct cil_db *test_db;
2658 	cil_db_init(&test_db);
2659 
2660 	uint32_t changed = CIL_FALSE;
2661 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2662 
2663 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2664 
2665 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2666 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2667 }
2668 
test_cil_resolve_rangetransition_type2_neg(CuTest * tc)2669 void test_cil_resolve_rangetransition_type2_neg(CuTest *tc) {
2670 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2671 			"(", "type", "type_a", ")",
2672 			"(", "type", "type_b", ")",
2673 			"(", "sensitivity", "s0", ")",
2674 			"(", "category", "c0", ")",
2675 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2676 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2677 			"(", "rangetransition", "type_a", "type_DNE", "class_", "(", "low", "high", ")", ")", NULL};
2678 
2679 	struct cil_tree *test_tree;
2680 	gen_test_tree(&test_tree, line);
2681 
2682 	struct cil_db *test_db;
2683 	cil_db_init(&test_db);
2684 
2685 	uint32_t changed = CIL_FALSE;
2686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2687 
2688 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2689 
2690 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2691 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2692 }
2693 
test_cil_resolve_rangetransition_class_neg(CuTest * tc)2694 void test_cil_resolve_rangetransition_class_neg(CuTest *tc) {
2695 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2696 			"(", "type", "type_a", ")",
2697 			"(", "type", "type_b", ")",
2698 			"(", "sensitivity", "s0", ")",
2699 			"(", "category", "c0", ")",
2700 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2701 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2702 			"(", "rangetransition", "type_a", "type_b", "class_DNE", "(", "low", "high", ")", ")", NULL};
2703 
2704 	struct cil_tree *test_tree;
2705 	gen_test_tree(&test_tree, line);
2706 
2707 	struct cil_db *test_db;
2708 	cil_db_init(&test_db);
2709 
2710 	uint32_t changed = CIL_FALSE;
2711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2712 
2713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2714 
2715 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2716 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2717 }
2718 
test_cil_resolve_rangetransition_call_level_l_anon(CuTest * tc)2719 void test_cil_resolve_rangetransition_call_level_l_anon(CuTest *tc) {
2720 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2721 			"(", "type", "type_a", ")",
2722 			"(", "type", "type_b", ")",
2723 			"(", "sensitivity", "s0", ")",
2724 			"(", "category", "c0", ")",
2725 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2726 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2727 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
2728 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
2729 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
2730 
2731 	struct cil_tree *test_tree;
2732 	gen_test_tree(&test_tree, line);
2733 
2734 	struct cil_db *test_db;
2735 	cil_db_init(&test_db);
2736 
2737 	uint32_t changed = CIL_FALSE;
2738 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2739 
2740 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2741 
2742 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2743 
2744 	args->pass = CIL_PASS_CALL2;
2745 
2746 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2747 
2748 	args->pass = CIL_PASS_MISC2;
2749 
2750 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2751 
2752 	args->pass = CIL_PASS_MISC3;
2753 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2754 
2755 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2756 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2757 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2758 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2759 }
2760 
test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest * tc)2761 void test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest *tc) {
2762 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2763 			"(", "type", "type_a", ")",
2764 			"(", "type", "type_b", ")",
2765 			"(", "sensitivity", "s0", ")",
2766 			"(", "category", "c0", ")",
2767 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2769 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
2770 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "l", "high", ")", ")", ")",
2771 			"(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
2772 
2773 	struct cil_tree *test_tree;
2774 	gen_test_tree(&test_tree, line);
2775 
2776 	struct cil_db *test_db;
2777 	cil_db_init(&test_db);
2778 
2779 	uint32_t changed = CIL_FALSE;
2780 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2781 
2782 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2783 
2784 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2785 
2786 	args->pass = CIL_PASS_CALL2;
2787 
2788 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2789 
2790 	args->pass = CIL_PASS_MISC2;
2791 
2792 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2793 
2794 	args->pass = CIL_PASS_MISC3;
2795 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2796 
2797 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2798 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2799 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2800 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2801 }
2802 
test_cil_resolve_rangetransition_call_level_h_anon(CuTest * tc)2803 void test_cil_resolve_rangetransition_call_level_h_anon(CuTest *tc) {
2804 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2805 			"(", "type", "type_a", ")",
2806 			"(", "type", "type_b", ")",
2807 			"(", "sensitivity", "s0", ")",
2808 			"(", "category", "c0", ")",
2809 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2810 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2811 			"(", "macro", "mm", "(", "(", "level", "h", ")", ")",
2812 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
2813 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
2814 
2815 	struct cil_tree *test_tree;
2816 	gen_test_tree(&test_tree, line);
2817 
2818 	struct cil_db *test_db;
2819 	cil_db_init(&test_db);
2820 
2821 	uint32_t changed = CIL_FALSE;
2822 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2823 
2824 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2825 
2826 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2827 
2828 	args->pass = CIL_PASS_CALL2;
2829 
2830 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2831 
2832 	args->pass = CIL_PASS_MISC2;
2833 
2834 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2835 
2836 	args->pass = CIL_PASS_MISC3;
2837 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2838 
2839 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2840 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2841 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2842 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2843 }
2844 
test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest * tc)2845 void test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest *tc) {
2846 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2847 			"(", "type", "type_a", ")",
2848 			"(", "type", "type_b", ")",
2849 			"(", "sensitivity", "s0", ")",
2850 			"(", "category", "c0", ")",
2851 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2852 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2853 			"(", "macro", "mm", "(", "(", "level", "h", ")", ")",
2854 				"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "h", ")", ")", ")",
2855 			"(", "call", "mm", "(", "(", "s0", "(", "c4", ")", ")", ")", ")", NULL};
2856 
2857 	struct cil_tree *test_tree;
2858 	gen_test_tree(&test_tree, line);
2859 
2860 	struct cil_db *test_db;
2861 	cil_db_init(&test_db);
2862 
2863 	uint32_t changed = CIL_FALSE;
2864 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
2865 
2866 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2867 
2868 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2869 
2870 	args->pass = CIL_PASS_CALL2;
2871 
2872 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
2873 
2874 	args->pass = CIL_PASS_MISC2;
2875 
2876 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2877 
2878 	args->pass = CIL_PASS_MISC3;
2879 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next->next;
2880 
2881 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->cl_head, args);
2882 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2883 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
2884 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
2885 }
2886 
test_cil_resolve_rangetransition_level_l_neg(CuTest * tc)2887 void test_cil_resolve_rangetransition_level_l_neg(CuTest *tc) {
2888 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2889 			"(", "type", "type_a", ")",
2890 			"(", "type", "type_b", ")",
2891 			"(", "sensitivity", "s0", ")",
2892 			"(", "category", "c0", ")",
2893 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2894 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2895 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low_DNE", "high", ")", ")", NULL};
2896 
2897 	struct cil_tree *test_tree;
2898 	gen_test_tree(&test_tree, line);
2899 
2900 	struct cil_db *test_db;
2901 	cil_db_init(&test_db);
2902 
2903 	uint32_t changed = CIL_FALSE;
2904 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2905 
2906 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2907 
2908 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2909 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2910 }
2911 
test_cil_resolve_rangetransition_level_h_neg(CuTest * tc)2912 void test_cil_resolve_rangetransition_level_h_neg(CuTest *tc) {
2913 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2914 			"(", "type", "type_a", ")",
2915 			"(", "type", "type_b", ")",
2916 			"(", "sensitivity", "s0", ")",
2917 			"(", "category", "c0", ")",
2918 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
2919 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2920 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high_DNE", ")", ")", NULL};
2921 
2922 	struct cil_tree *test_tree;
2923 	gen_test_tree(&test_tree, line);
2924 
2925 	struct cil_db *test_db;
2926 	cil_db_init(&test_db);
2927 
2928 	uint32_t changed = CIL_FALSE;
2929 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
2930 
2931 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2932 
2933 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2934 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2935 }
2936 
test_cil_resolve_rangetransition_anon_level_l(CuTest * tc)2937 void test_cil_resolve_rangetransition_anon_level_l(CuTest *tc) {
2938 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2939 			"(", "type", "type_a", ")",
2940 			"(", "type", "type_b", ")",
2941 			"(", "sensitivity", "s0", ")",
2942 			"(", "category", "c0", ")",
2943 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2944 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2945 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c0", ")", ")", "high", ")", ")", NULL};
2946 
2947 	struct cil_tree *test_tree;
2948 	gen_test_tree(&test_tree, line);
2949 
2950 	struct cil_db *test_db;
2951 	cil_db_init(&test_db);
2952 
2953 	uint32_t changed = CIL_FALSE;
2954 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2955 
2956 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2957 
2958 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2959 
2960 	args->pass = CIL_PASS_MISC3;
2961 
2962 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2963 	CuAssertIntEquals(tc, SEPOL_OK, rc);
2964 }
2965 
test_cil_resolve_rangetransition_anon_level_l_neg(CuTest * tc)2966 void test_cil_resolve_rangetransition_anon_level_l_neg(CuTest *tc) {
2967 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2968 			"(", "type", "type_a", ")",
2969 			"(", "type", "type_b", ")",
2970 			"(", "sensitivity", "s0", ")",
2971 			"(", "category", "c0", ")",
2972 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
2973 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
2974 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "(", "s0", "(", "c_DNE", ")", ")", "high", ")", ")", NULL};
2975 
2976 	struct cil_tree *test_tree;
2977 	gen_test_tree(&test_tree, line);
2978 
2979 	struct cil_db *test_db;
2980 	cil_db_init(&test_db);
2981 
2982 	uint32_t changed = CIL_FALSE;
2983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
2984 
2985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
2986 
2987 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
2988 
2989 	args->pass = CIL_PASS_MISC3;
2990 
2991 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
2992 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
2993 }
2994 
test_cil_resolve_rangetransition_anon_level_h(CuTest * tc)2995 void test_cil_resolve_rangetransition_anon_level_h(CuTest *tc) {
2996 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
2997 			"(", "type", "type_a", ")",
2998 			"(", "type", "type_b", ")",
2999 			"(", "sensitivity", "s0", ")",
3000 			"(", "category", "c0", ")",
3001 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
3002 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3003 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s0", "(", "c0", ")",  ")", ")", ")", NULL};
3004 
3005 	struct cil_tree *test_tree;
3006 	gen_test_tree(&test_tree, line);
3007 
3008 	struct cil_db *test_db;
3009 	cil_db_init(&test_db);
3010 
3011 	uint32_t changed = CIL_FALSE;
3012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3013 
3014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3015 
3016 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
3017 
3018 	args->pass = CIL_PASS_MISC3;
3019 
3020 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3021 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3022 }
3023 
test_cil_resolve_rangetransition_anon_level_h_neg(CuTest * tc)3024 void test_cil_resolve_rangetransition_anon_level_h_neg(CuTest *tc) {
3025 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
3026 			"(", "type", "type_a", ")",
3027 			"(", "type", "type_b", ")",
3028 			"(", "sensitivity", "s0", ")",
3029 			"(", "category", "c0", ")",
3030 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
3031 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3032 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "(", "s_DNE", "(", "c0", ")",  ")", ")", NULL};
3033 
3034 	struct cil_tree *test_tree;
3035 	gen_test_tree(&test_tree, line);
3036 
3037 	struct cil_db *test_db;
3038 	cil_db_init(&test_db);
3039 
3040 	uint32_t changed = CIL_FALSE;
3041 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3042 
3043 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3044 
3045 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
3046 
3047 	args->pass = CIL_PASS_MISC3;
3048 
3049 	int rc = cil_resolve_rangetransition(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3050 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3051 }
3052 
test_cil_resolve_classcommon(CuTest * tc)3053 void test_cil_resolve_classcommon(CuTest *tc) {
3054 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
3055 			"(", "common", "file", "(", "write", ")", ")",
3056 			"(", "classcommon", "file", "file", ")", NULL};
3057 
3058 	struct cil_tree *test_tree;
3059 	gen_test_tree(&test_tree, line);
3060 
3061 	struct cil_db *test_db;
3062 	cil_db_init(&test_db);
3063 
3064 	uint32_t changed = CIL_FALSE;
3065 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3066 
3067 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3068 
3069 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next->next, args);
3070 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3071 }
3072 
test_cil_resolve_classcommon_no_class_neg(CuTest * tc)3073 void test_cil_resolve_classcommon_no_class_neg(CuTest *tc) {
3074 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
3075 			"(", "classcommon", "foo", "foo", ")", NULL};
3076 
3077 	struct cil_tree *test_tree;
3078 	gen_test_tree(&test_tree, line);
3079 
3080 	struct cil_db *test_db;
3081 	cil_db_init(&test_db);
3082 
3083 	uint32_t changed = CIL_FALSE;
3084 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3085 
3086 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3087 
3088 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
3089 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3090 }
3091 
test_cil_resolve_classcommon_no_common_neg(CuTest * tc)3092 void test_cil_resolve_classcommon_no_common_neg(CuTest *tc) {
3093 	char *line[] = {"(", "common", "foo", "(", "read", ")", ")",
3094 			"(", "classcommon", "foo", "foo", ")", NULL};
3095 
3096 	struct cil_tree *test_tree;
3097 	gen_test_tree(&test_tree, line);
3098 
3099 	struct cil_db *test_db;
3100 	cil_db_init(&test_db);
3101 
3102 	uint32_t changed = CIL_FALSE;
3103 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
3104 
3105 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3106 
3107 	int rc = cil_resolve_classcommon(test_db->ast->root->cl_head->next, args);
3108 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3109 }
3110 
test_cil_resolve_classpermset_named(CuTest * tc)3111 void test_cil_resolve_classpermset_named(CuTest *tc) {
3112 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3113 			"(", "class", "char", "(", "read", ")", ")",
3114 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
3115 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
3116 
3117 	struct cil_tree *test_tree;
3118 	gen_test_tree(&test_tree, line);
3119 
3120 	struct cil_db *test_db;
3121 	cil_db_init(&test_db);
3122 
3123 	uint32_t changed = CIL_FALSE;
3124 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3125 
3126 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3127 
3128 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3129 
3130 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3132 }
3133 
test_cil_resolve_classpermset_named_namedpermlist(CuTest * tc)3134 void test_cil_resolve_classpermset_named_namedpermlist(CuTest *tc) {
3135 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3136 			"(", "class", "char", "(", "read", ")", ")",
3137 			"(", "classpermissionset", "char_w", "(", "char", "baz", ")", ")",
3138 			"(", "permissionset", "baz", "(", "read", ")", ")",
3139 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
3140 
3141 	struct cil_tree *test_tree;
3142 	gen_test_tree(&test_tree, line);
3143 
3144 	struct cil_db *test_db;
3145 	cil_db_init(&test_db);
3146 
3147 	uint32_t changed = CIL_FALSE;
3148 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3149 
3150 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3151 
3152 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3153 
3154 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3155 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3156 }
3157 
test_cil_resolve_classpermset_named_permlist_neg(CuTest * tc)3158 void test_cil_resolve_classpermset_named_permlist_neg(CuTest *tc) {
3159 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3160 			"(", "class", "char", "(", "read", ")", ")",
3161 			"(", "classpermissionset", "char_w", "(", "dne", "(", "read", ")", ")", ")",
3162 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
3163 
3164 	struct cil_tree *test_tree;
3165 	gen_test_tree(&test_tree, line);
3166 
3167 	struct cil_db *test_db;
3168 	cil_db_init(&test_db);
3169 
3170 	uint32_t changed = CIL_FALSE;
3171 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3172 
3173 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3174 
3175 	struct cil_classpermset *cps = test_db->ast->root->cl_head->next->next->data;
3176 
3177 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3178 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3179 }
3180 
test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest * tc)3181 void test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest *tc) {
3182 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3183 			"(", "class", "char", "(", "read", ")", ")",
3184 			"(", "classpermissionset", "char_w", "(", "char", "(", "read", ")", ")", ")",
3185 			"(", "classmapping", "files", "read", "char_w", ")", NULL};
3186 
3187 	struct cil_tree *test_tree;
3188 	gen_test_tree(&test_tree, line);
3189 
3190 	struct cil_db *test_db;
3191 	cil_db_init(&test_db);
3192 
3193 	uint32_t changed = CIL_FALSE;
3194 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3195 
3196 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3197 
3198 	struct cil_classpermset *cps;
3199 	cil_classpermset_init(&cps);
3200 
3201 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next->next->next, cps, args);
3202 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
3203 }
3204 
test_cil_resolve_classpermset_anon(CuTest * tc)3205 void test_cil_resolve_classpermset_anon(CuTest *tc) {
3206 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3207 			"(", "classmapping", "files", "read", "(", "char", "(", "read", ")", ")", ")",
3208 			"(", "class", "char", "(", "read", ")", ")", NULL};
3209 
3210 	struct cil_tree *test_tree;
3211 	gen_test_tree(&test_tree, line);
3212 
3213 	struct cil_db *test_db;
3214 	cil_db_init(&test_db);
3215 
3216 	uint32_t changed = CIL_FALSE;
3217 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3218 
3219 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3220 
3221 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3222 
3223 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3224 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3225 }
3226 
test_cil_resolve_classpermset_anon_namedpermlist(CuTest * tc)3227 void test_cil_resolve_classpermset_anon_namedpermlist(CuTest *tc) {
3228 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3229 			"(", "classmapping", "files", "read", "(", "char", "baz", ")", ")",
3230 			"(", "permissionset", "baz", "(", "read", ")", ")",
3231 			"(", "class", "char", "(", "read", ")", ")", NULL};
3232 
3233 	struct cil_tree *test_tree;
3234 	gen_test_tree(&test_tree, line);
3235 
3236 	struct cil_db *test_db;
3237 	cil_db_init(&test_db);
3238 
3239 	uint32_t changed = CIL_FALSE;
3240 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3241 
3242 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3243 
3244 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3245 
3246 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3247 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3248 }
3249 
test_cil_resolve_classpermset_anon_permlist_neg(CuTest * tc)3250 void test_cil_resolve_classpermset_anon_permlist_neg(CuTest *tc) {
3251 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
3252 			"(", "classmapping", "files", "read", "(", "char", "(", "dne", ")", ")", ")",
3253 			"(", "class", "char", "(", "read", ")", ")", NULL};
3254 
3255 	struct cil_tree *test_tree;
3256 	gen_test_tree(&test_tree, line);
3257 
3258 	struct cil_db *test_db;
3259 	cil_db_init(&test_db);
3260 
3261 	uint32_t changed = CIL_FALSE;
3262 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3263 
3264 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3265 
3266 	struct cil_classpermset *cps = ((struct cil_classmapping*)test_db->ast->root->cl_head->next->data)->classpermsets_str->head->data;
3267 
3268 	int rc = cil_resolve_classpermset(test_db->ast->root->cl_head->next, cps, args);
3269 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3270 }
3271 
test_cil_resolve_avrule(CuTest * tc)3272 void test_cil_resolve_avrule(CuTest *tc) {
3273 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3274 	                "(", "type", "test", ")",
3275 			"(", "type", "foo", ")",
3276 	                "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3277 
3278 	struct cil_tree *test_tree;
3279 	gen_test_tree(&test_tree, line);
3280 
3281 	struct cil_db *test_db;
3282 	cil_db_init(&test_db);
3283 
3284 	uint32_t changed = CIL_FALSE;
3285 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3286 
3287 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3288 
3289 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3290 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3291 }
3292 
test_cil_resolve_avrule_permset(CuTest * tc)3293 void test_cil_resolve_avrule_permset(CuTest *tc) {
3294 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3295 	                "(", "type", "test", ")",
3296 			"(", "type", "foo", ")",
3297 			"(", "permissionset", "baz", "(", "open", "write", ")", ")",
3298 	                "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
3299 
3300 	struct cil_tree *test_tree;
3301 	gen_test_tree(&test_tree, line);
3302 
3303 	struct cil_db *test_db;
3304 	cil_db_init(&test_db);
3305 
3306 	uint32_t changed = CIL_FALSE;
3307 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3308 
3309 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3310 
3311 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3312 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3313 }
3314 
test_cil_resolve_avrule_permset_neg(CuTest * tc)3315 void test_cil_resolve_avrule_permset_neg(CuTest *tc) {
3316 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3317 	                "(", "type", "test", ")",
3318 			"(", "type", "foo", ")",
3319 			"(", "permissionset", "baz", "(", "open", "close", ")", ")",
3320 	                "(", "allow", "test", "foo", "(", "bar", "dne", ")", ")", NULL};
3321 
3322 	struct cil_tree *test_tree;
3323 	gen_test_tree(&test_tree, line);
3324 
3325 	struct cil_db *test_db;
3326 	cil_db_init(&test_db);
3327 
3328 	uint32_t changed = CIL_FALSE;
3329 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3330 
3331 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3332 
3333 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3334 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3335 }
3336 
test_cil_resolve_avrule_permset_permdne_neg(CuTest * tc)3337 void test_cil_resolve_avrule_permset_permdne_neg(CuTest *tc) {
3338 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3339 	                "(", "type", "test", ")",
3340 			"(", "type", "foo", ")",
3341 			"(", "permissionset", "baz", "(", "open", "dne", ")", ")",
3342 	                "(", "allow", "test", "foo", "(", "bar", "baz", ")", ")", NULL};
3343 
3344 	struct cil_tree *test_tree;
3345 	gen_test_tree(&test_tree, line);
3346 
3347 	struct cil_db *test_db;
3348 	cil_db_init(&test_db);
3349 
3350 	uint32_t changed = CIL_FALSE;
3351 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3352 
3353 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3354 
3355 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next->next, args);
3356 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3357 }
3358 
test_cil_resolve_avrule_firsttype_neg(CuTest * tc)3359 void test_cil_resolve_avrule_firsttype_neg(CuTest *tc) {
3360 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3361 	                "(", "type", "test", ")",
3362 			"(", "type", "foo", ")",
3363 	                "(", "allow", "fail1", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3364 
3365 	struct cil_tree *test_tree;
3366 	gen_test_tree(&test_tree, line);
3367 
3368 	struct cil_db *test_db;
3369 	cil_db_init(&test_db);
3370 
3371 	uint32_t changed = CIL_FALSE;
3372 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3373 
3374 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3375 
3376 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3377 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3378 }
3379 
test_cil_resolve_avrule_secondtype_neg(CuTest * tc)3380 void test_cil_resolve_avrule_secondtype_neg(CuTest *tc) {
3381 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3382 	                "(", "type", "test", ")",
3383 			"(", "type", "foo", ")",
3384 	                "(", "allow", "test", "fail2", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
3385 
3386 	struct cil_tree *test_tree;
3387 	gen_test_tree(&test_tree, line);
3388 
3389 	struct cil_db *test_db;
3390 	cil_db_init(&test_db);
3391 
3392 	uint32_t changed = CIL_FALSE;
3393 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3394 
3395 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3396 
3397 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3398 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3399 }
3400 
test_cil_resolve_avrule_class_neg(CuTest * tc)3401 void test_cil_resolve_avrule_class_neg(CuTest *tc) {
3402 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3403 	                "(", "type", "test", ")",
3404 			"(", "type", "foo", ")",
3405 	                "(", "allow", "test", "foo", "(", "fail3", "(", "read", "write", ")", ")", ")", NULL};
3406 
3407 	struct cil_tree *test_tree;
3408 	gen_test_tree(&test_tree, line);
3409 
3410 	struct cil_db *test_db;
3411 	cil_db_init(&test_db);
3412 
3413 	uint32_t changed = CIL_FALSE;
3414 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3415 
3416 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3417 
3418 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3419 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3420 }
3421 
test_cil_resolve_avrule_perm_neg(CuTest * tc)3422 void test_cil_resolve_avrule_perm_neg(CuTest *tc) {
3423 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
3424 	                "(", "type", "test", ")",
3425 			"(", "type", "foo", ")",
3426 	                "(", "allow", "test", "foo", "(", "bar", "(", "execute", ")", ")", ")", NULL};
3427 
3428 	struct cil_tree *test_tree;
3429 	gen_test_tree(&test_tree, line);
3430 
3431 	struct cil_db *test_db;
3432 	cil_db_init(&test_db);
3433 
3434 	uint32_t changed = CIL_FALSE;
3435 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3436 
3437 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3438 
3439 	int rc = cil_resolve_avrule(test_db->ast->root->cl_head->next->next->next, args);
3440 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3441 }
3442 
test_cil_resolve_type_rule_transition(CuTest * tc)3443 void test_cil_resolve_type_rule_transition(CuTest *tc) {
3444 	char *line[] = {"(", "type", "foo", ")",
3445 			"(", "type", "bar", ")",
3446 			"(", "class", "file", "(", "write", ")", ")",
3447 			"(", "type", "foobar", ")",
3448 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3449 
3450 	struct cil_tree *test_tree;
3451 	gen_test_tree(&test_tree, line);
3452 
3453 	struct cil_db *test_db;
3454 	cil_db_init(&test_db);
3455 
3456 	uint32_t changed = CIL_FALSE;
3457 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3458 
3459 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3460 
3461 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3462 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3463 }
3464 
test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest * tc)3465 void test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest *tc) {
3466 	char *line[] = {"(", "type", "bar", ")",
3467 			"(", "class", "file", "(", "write", ")", ")",
3468 			"(", "type", "foobar", ")",
3469 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3470 
3471 	struct cil_tree *test_tree;
3472 	gen_test_tree(&test_tree, line);
3473 
3474 	struct cil_db *test_db;
3475 	cil_db_init(&test_db);
3476 
3477 	uint32_t changed = CIL_FALSE;
3478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3479 
3480 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3481 
3482 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3483 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3484 }
3485 
test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest * tc)3486 void test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest *tc) {
3487 	char *line[] = {"(", "type", "foo", ")",
3488 			"(", "class", "file", "(", "write", ")", ")",
3489 			"(", "type", "foobar", ")",
3490 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3491 
3492 	struct cil_tree *test_tree;
3493 	gen_test_tree(&test_tree, line);
3494 
3495 	struct cil_db *test_db;
3496 	cil_db_init(&test_db);
3497 
3498 	uint32_t changed = CIL_FALSE;
3499 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3500 
3501 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3502 
3503 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3504 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3505 }
3506 
test_cil_resolve_type_rule_transition_objdecl_neg(CuTest * tc)3507 void test_cil_resolve_type_rule_transition_objdecl_neg(CuTest *tc) {
3508 	char *line[] = {"(", "type", "foo", ")",
3509 			"(", "type", "bar", ")",
3510 			"(", "type", "foobar", ")",
3511 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3512 
3513 	struct cil_tree *test_tree;
3514 	gen_test_tree(&test_tree, line);
3515 
3516 	struct cil_db *test_db;
3517 	cil_db_init(&test_db);
3518 
3519 	uint32_t changed = CIL_FALSE;
3520 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3521 
3522 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3523 
3524 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3525 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3526 }
3527 
test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest * tc)3528 void test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest *tc) {
3529 	char *line[] = {"(", "type", "foo", ")",
3530 			"(", "type", "bar", ")",
3531 			"(", "class", "file", "(", "write", ")", ")",
3532 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
3533 
3534 	struct cil_tree *test_tree;
3535 	gen_test_tree(&test_tree, line);
3536 
3537 	struct cil_db *test_db;
3538 	cil_db_init(&test_db);
3539 
3540 	uint32_t changed = CIL_FALSE;
3541 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3542 
3543 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3544 
3545 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3546 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3547 }
3548 
test_cil_resolve_type_rule_change(CuTest * tc)3549 void test_cil_resolve_type_rule_change(CuTest *tc) {
3550 	char *line[] = {"(", "type", "foo", ")",
3551 			"(", "type", "bar", ")",
3552 			"(", "class", "file", "(", "write", ")", ")",
3553 			"(", "type", "foobar", ")",
3554 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3555 
3556 	struct cil_tree *test_tree;
3557 	gen_test_tree(&test_tree, line);
3558 
3559 	struct cil_db *test_db;
3560 	cil_db_init(&test_db);
3561 
3562 	uint32_t changed = CIL_FALSE;
3563 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3564 
3565 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3566 
3567 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3568 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3569 }
3570 
test_cil_resolve_type_rule_change_srcdecl_neg(CuTest * tc)3571 void test_cil_resolve_type_rule_change_srcdecl_neg(CuTest *tc) {
3572 	char *line[] = {"(", "type", "bar", ")",
3573 			"(", "class", "file", "(", "write", ")", ")",
3574 			"(", "type", "foobar", ")",
3575 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3576 
3577 	struct cil_tree *test_tree;
3578 	gen_test_tree(&test_tree, line);
3579 
3580 	struct cil_db *test_db;
3581 	cil_db_init(&test_db);
3582 
3583 	uint32_t changed = CIL_FALSE;
3584 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3585 
3586 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3587 
3588 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3589 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3590 }
3591 
test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest * tc)3592 void test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest *tc) {
3593 	char *line[] = {"(", "type", "foo", ")",
3594 			"(", "class", "file", "(", "write", ")", ")",
3595 			"(", "type", "foobar", ")",
3596 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3597 
3598 	struct cil_tree *test_tree;
3599 	gen_test_tree(&test_tree, line);
3600 
3601 	struct cil_db *test_db;
3602 	cil_db_init(&test_db);
3603 
3604 	uint32_t changed = CIL_FALSE;
3605 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3606 
3607 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3608 
3609 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3610 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3611 }
3612 
test_cil_resolve_type_rule_change_objdecl_neg(CuTest * tc)3613 void test_cil_resolve_type_rule_change_objdecl_neg(CuTest *tc) {
3614 	char *line[] = {"(", "type", "foo", ")",
3615 			"(", "type", "bar", ")",
3616 			"(", "type", "foobar", ")",
3617 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3618 
3619 	struct cil_tree *test_tree;
3620 	gen_test_tree(&test_tree, line);
3621 
3622 	struct cil_db *test_db;
3623 	cil_db_init(&test_db);
3624 
3625 	uint32_t changed = CIL_FALSE;
3626 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3627 
3628 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3629 
3630 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3631 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3632 }
3633 
test_cil_resolve_type_rule_change_resultdecl_neg(CuTest * tc)3634 void test_cil_resolve_type_rule_change_resultdecl_neg(CuTest *tc) {
3635 	char *line[] = {"(", "type", "foo", ")",
3636 			"(", "type", "bar", ")",
3637 			"(", "class", "file", "(", "write", ")", ")",
3638 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
3639 
3640 	struct cil_tree *test_tree;
3641 	gen_test_tree(&test_tree, line);
3642 
3643 	struct cil_db *test_db;
3644 	cil_db_init(&test_db);
3645 
3646 	uint32_t changed = CIL_FALSE;
3647 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3648 
3649 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3650 
3651 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3652 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3653 }
3654 
test_cil_resolve_type_rule_member(CuTest * tc)3655 void test_cil_resolve_type_rule_member(CuTest *tc) {
3656 	char *line[] = {"(", "type", "foo", ")",
3657 			"(", "type", "bar", ")",
3658 			"(", "class", "file", "(", "write", ")", ")",
3659 			"(", "type", "foobar", ")",
3660 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3661 
3662 	struct cil_tree *test_tree;
3663 	gen_test_tree(&test_tree, line);
3664 
3665 	struct cil_db *test_db;
3666 	cil_db_init(&test_db);
3667 
3668 	uint32_t changed = CIL_FALSE;
3669 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3670 
3671 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3672 
3673 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next->next, args);
3674 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3675 }
3676 
test_cil_resolve_type_rule_member_srcdecl_neg(CuTest * tc)3677 void test_cil_resolve_type_rule_member_srcdecl_neg(CuTest *tc) {
3678 	char *line[] = {"(", "type", "bar", ")",
3679 			"(", "class", "file", "(", "write", ")", ")",
3680 			"(", "type", "foobar", ")",
3681 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3682 
3683 	struct cil_tree *test_tree;
3684 	gen_test_tree(&test_tree, line);
3685 
3686 	struct cil_db *test_db;
3687 	cil_db_init(&test_db);
3688 
3689 	uint32_t changed = CIL_FALSE;
3690 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3691 
3692 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3693 
3694 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3695 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3696 }
3697 
test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest * tc)3698 void test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest *tc) {
3699 	char *line[] = {"(", "type", "foo", ")",
3700 			"(", "class", "file", "(", "write", ")", ")",
3701 			"(", "type", "foobar", ")",
3702 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3703 
3704 	struct cil_tree *test_tree;
3705 	gen_test_tree(&test_tree, line);
3706 
3707 	struct cil_db *test_db;
3708 	cil_db_init(&test_db);
3709 
3710 	uint32_t changed = CIL_FALSE;
3711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3712 
3713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3714 
3715 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3716 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3717 }
3718 
test_cil_resolve_type_rule_member_objdecl_neg(CuTest * tc)3719 void test_cil_resolve_type_rule_member_objdecl_neg(CuTest *tc) {
3720 	char *line[] = {"(", "type", "foo", ")",
3721 			"(", "type", "bar", ")",
3722 			"(", "type", "foobar", ")",
3723 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3724 
3725 	struct cil_tree *test_tree;
3726 	gen_test_tree(&test_tree, line);
3727 
3728 	struct cil_db *test_db;
3729 	cil_db_init(&test_db);
3730 
3731 	uint32_t changed = CIL_FALSE;
3732 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3733 
3734 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3735 
3736 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3737 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3738 }
3739 
test_cil_resolve_type_rule_member_resultdecl_neg(CuTest * tc)3740 void test_cil_resolve_type_rule_member_resultdecl_neg(CuTest *tc) {
3741 	char *line[] = {"(", "type", "foo", ")",
3742 			"(", "type", "bar", ")",
3743 			"(", "class", "file", "(", "write", ")", ")",
3744 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
3745 
3746 	struct cil_tree *test_tree;
3747 	gen_test_tree(&test_tree, line);
3748 
3749 	struct cil_db *test_db;
3750 	cil_db_init(&test_db);
3751 
3752 	uint32_t changed = CIL_FALSE;
3753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3754 
3755 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3756 
3757 	int rc = cil_resolve_type_rule(test_db->ast->root->cl_head->next->next->next, args);
3758 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3759 }
3760 
test_cil_resolve_filecon(CuTest * tc)3761 void test_cil_resolve_filecon(CuTest *tc) {
3762 	char *line[] = {"(", "user", "user_u", ")",
3763 			"(", "role", "role_r", ")",
3764 			"(", "type", "type_t", ")",
3765 			"(", "category", "c0", ")",
3766 			"(", "sensitivity", "s0", ")",
3767 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3769 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3770 			"(", "filecon", "root", "path", "file", "con", ")", NULL};
3771 
3772 	struct cil_tree *test_tree;
3773 	gen_test_tree(&test_tree, line);
3774 
3775 	struct cil_db *test_db;
3776 	cil_db_init(&test_db);
3777 
3778 	uint32_t changed = CIL_FALSE;
3779 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3780 
3781 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3782 
3783 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3784 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3785 }
3786 
test_cil_resolve_filecon_neg(CuTest * tc)3787 void test_cil_resolve_filecon_neg(CuTest *tc) {
3788 	char *line[] = {"(", "user", "user_u", ")",
3789 			"(", "role", "role_r", ")",
3790 			"(", "type", "type_t", ")",
3791 			"(", "category", "c0", ")",
3792 			"(", "sensitivity", "s0", ")",
3793 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3794 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3795 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3796 			"(", "filecon", "root", "path", "file", "conn", ")", NULL};
3797 
3798 	struct cil_tree *test_tree;
3799 	gen_test_tree(&test_tree, line);
3800 
3801 	struct cil_db *test_db;
3802 	cil_db_init(&test_db);
3803 
3804 	uint32_t changed = CIL_FALSE;
3805 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3806 
3807 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3808 
3809 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3810 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3811 }
3812 
test_cil_resolve_filecon_anon_context(CuTest * tc)3813 void test_cil_resolve_filecon_anon_context(CuTest *tc) {
3814 	char *line[] = {"(", "user", "user_u", ")",
3815 			"(", "role", "role_r", ")",
3816 			"(", "type", "type_t", ")",
3817 			"(", "category", "c0", ")",
3818 			"(", "sensitivity", "s0", ")",
3819 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3820 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3821 			"(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3822 
3823 	struct cil_tree *test_tree;
3824 	gen_test_tree(&test_tree, line);
3825 
3826 	struct cil_db *test_db;
3827 	cil_db_init(&test_db);
3828 
3829 	uint32_t changed = CIL_FALSE;
3830 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3831 
3832 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3833 
3834 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3835 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3836 }
3837 
test_cil_resolve_filecon_anon_context_neg(CuTest * tc)3838 void test_cil_resolve_filecon_anon_context_neg(CuTest *tc) {
3839 	char *line[] = {"(", "user", "system_u", ")",
3840 			"(", "type", "type_t", ")",
3841 			"(", "category", "c0", ")",
3842 			"(", "sensitivity", "s0", ")",
3843 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3844 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3845 			"(", "filecon", "root", "path", "file", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3846 
3847 	struct cil_tree *test_tree;
3848 	gen_test_tree(&test_tree, line);
3849 
3850 	struct cil_db *test_db;
3851 	cil_db_init(&test_db);
3852 
3853 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3854 
3855 	uint32_t changed = CIL_FALSE;
3856 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3857 
3858 	int rc = cil_resolve_filecon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
3859 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3860 }
3861 
test_cil_resolve_portcon(CuTest * tc)3862 void test_cil_resolve_portcon(CuTest *tc) {
3863 	char *line[] = {"(", "user", "user_u", ")",
3864 			"(", "role", "role_r", ")",
3865 			"(", "type", "type_t", ")",
3866 			"(", "category", "c0", ")",
3867 			"(", "sensitivity", "s0", ")",
3868 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3869 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3870 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3871 			"(", "portcon", "udp", "25", "con", ")", NULL};
3872 
3873 	struct cil_tree *test_tree;
3874 	gen_test_tree(&test_tree, line);
3875 
3876 	struct cil_db *test_db;
3877 	cil_db_init(&test_db);
3878 
3879 	uint32_t changed = CIL_FALSE;
3880 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3881 
3882 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3883 
3884 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3885 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3886 }
3887 
test_cil_resolve_portcon_neg(CuTest * tc)3888 void test_cil_resolve_portcon_neg(CuTest *tc) {
3889 	char *line[] = {"(", "user", "user_u", ")",
3890 			"(", "role", "role_r", ")",
3891 			"(", "type", "type_t", ")",
3892 			"(", "category", "c0", ")",
3893 			"(", "sensitivity", "s0", ")",
3894 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3895 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3896 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3897 			"(", "portcon", "udp", "25", "conn", ")", NULL};
3898 
3899 	struct cil_tree *test_tree;
3900 	gen_test_tree(&test_tree, line);
3901 
3902 	struct cil_db *test_db;
3903 	cil_db_init(&test_db);
3904 
3905 	uint32_t changed = CIL_FALSE;
3906 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3907 
3908 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3909 
3910 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3911 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3912 }
3913 
test_cil_resolve_portcon_anon_context(CuTest * tc)3914 void test_cil_resolve_portcon_anon_context(CuTest *tc) {
3915 	char *line[] = {"(", "user", "user_u", ")",
3916 			"(", "role", "role_r", ")",
3917 			"(", "type", "type_t", ")",
3918 			"(", "category", "c0", ")",
3919 			"(", "sensitivity", "s0", ")",
3920 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3921 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3922 			"(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3923 
3924 	struct cil_tree *test_tree;
3925 	gen_test_tree(&test_tree, line);
3926 
3927 	struct cil_db *test_db;
3928 	cil_db_init(&test_db);
3929 
3930 	uint32_t changed = CIL_FALSE;
3931 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3932 
3933 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3934 
3935 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
3936 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3937 }
3938 
test_cil_resolve_portcon_anon_context_neg(CuTest * tc)3939 void test_cil_resolve_portcon_anon_context_neg(CuTest *tc) {
3940 	char *line[] = {"(", "user", "system_u", ")",
3941 			"(", "type", "type_t", ")",
3942 			"(", "category", "c0", ")",
3943 			"(", "sensitivity", "s0", ")",
3944 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3945 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3946 			"(", "portcon", "udp", "25", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
3947 
3948 	struct cil_tree *test_tree;
3949 	gen_test_tree(&test_tree, line);
3950 
3951 	struct cil_db *test_db;
3952 	cil_db_init(&test_db);
3953 
3954 	uint32_t changed = CIL_FALSE;
3955 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3956 
3957 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3958 
3959 	int rc = cil_resolve_portcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
3960 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
3961 }
3962 
test_cil_resolve_genfscon(CuTest * tc)3963 void test_cil_resolve_genfscon(CuTest *tc) {
3964 	char *line[] = {"(", "user", "user_u", ")",
3965 			"(", "role", "role_r", ")",
3966 			"(", "type", "type_t", ")",
3967 			"(", "category", "c0", ")",
3968 			"(", "sensitivity", "s0", ")",
3969 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3970 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3971 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3972 			"(", "genfscon", "type", "path", "con", ")", NULL};
3973 
3974 	struct cil_tree *test_tree;
3975 	gen_test_tree(&test_tree, line);
3976 
3977 	struct cil_db *test_db;
3978 	cil_db_init(&test_db);
3979 
3980 	uint32_t changed = CIL_FALSE;
3981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
3982 
3983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
3984 
3985 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
3986 	CuAssertIntEquals(tc, SEPOL_OK, rc);
3987 }
3988 
test_cil_resolve_genfscon_neg(CuTest * tc)3989 void test_cil_resolve_genfscon_neg(CuTest *tc) {
3990 	char *line[] = {"(", "user", "user_u", ")",
3991 			"(", "role", "role_r", ")",
3992 			"(", "type", "type_t", ")",
3993 			"(", "category", "c0", ")",
3994 			"(", "sensitivity", "s0", ")",
3995 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
3996 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
3997 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
3998 			"(", "genfscon", "type", "path", "conn", ")", NULL};
3999 
4000 	struct cil_tree *test_tree;
4001 	gen_test_tree(&test_tree, line);
4002 
4003 	struct cil_db *test_db;
4004 	cil_db_init(&test_db);
4005 
4006 	uint32_t changed = CIL_FALSE;
4007 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4008 
4009 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4010 
4011 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4012 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4013 }
4014 
test_cil_resolve_genfscon_anon_context(CuTest * tc)4015 void test_cil_resolve_genfscon_anon_context(CuTest *tc) {
4016 	char *line[] = {"(", "user", "user_u", ")",
4017 			"(", "role", "role_r", ")",
4018 			"(", "type", "type_t", ")",
4019 			"(", "category", "c0", ")",
4020 			"(", "sensitivity", "s0", ")",
4021 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4022 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4023 			"(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4024 
4025 	struct cil_tree *test_tree;
4026 	gen_test_tree(&test_tree, line);
4027 
4028 	struct cil_db *test_db;
4029 	cil_db_init(&test_db);
4030 
4031 	uint32_t changed = CIL_FALSE;
4032 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4033 
4034 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4035 
4036 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4037 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4038 }
4039 
test_cil_resolve_genfscon_anon_context_neg(CuTest * tc)4040 void test_cil_resolve_genfscon_anon_context_neg(CuTest *tc) {
4041 	char *line[] = {"(", "user", "system_u", ")",
4042 			"(", "type", "type_t", ")",
4043 			"(", "category", "c0", ")",
4044 			"(", "sensitivity", "s0", ")",
4045 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4046 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4047 			"(", "genfscon", "type", "path", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4048 
4049 	struct cil_tree *test_tree;
4050 	gen_test_tree(&test_tree, line);
4051 
4052 	struct cil_db *test_db;
4053 	cil_db_init(&test_db);
4054 
4055 	uint32_t changed = CIL_FALSE;
4056 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4057 
4058 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4059 
4060 	int rc = cil_resolve_genfscon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
4061 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4062 }
4063 
test_cil_resolve_nodecon_ipv4(CuTest * tc)4064 void test_cil_resolve_nodecon_ipv4(CuTest *tc) {
4065 	char *line[] = {"(", "user", "user_u", ")",
4066 			"(", "role", "role_r", ")",
4067 			"(", "type", "type_t", ")",
4068 			"(", "category", "c0", ")",
4069 			"(", "sensitivity", "s0", ")",
4070 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4071 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4072 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4073 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4074 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
4075 			"(", "nodecon", "ip", "netmask", "con", ")", NULL};
4076 
4077 	struct cil_tree *test_tree;
4078 	gen_test_tree(&test_tree, line);
4079 
4080 	struct cil_db *test_db;
4081 	cil_db_init(&test_db);
4082 
4083 	uint32_t changed = CIL_FALSE;
4084 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4085 
4086 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4087 
4088 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4089 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4090 }
4091 
test_cil_resolve_nodecon_ipv6(CuTest * tc)4092 void test_cil_resolve_nodecon_ipv6(CuTest *tc) {
4093 	char *line[] = {"(", "user", "user_u", ")",
4094 			"(", "role", "role_r", ")",
4095 			"(", "type", "type_t", ")",
4096 			"(", "category", "c0", ")",
4097 			"(", "sensitivity", "s0", ")",
4098 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4099 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4100 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4101 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4102 			"(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
4103 			"(", "nodecon", "ip", "netmask", "con", ")", NULL};
4104 
4105 	struct cil_tree *test_tree;
4106 	gen_test_tree(&test_tree, line);
4107 
4108 	struct cil_db *test_db;
4109 	cil_db_init(&test_db);
4110 
4111 	uint32_t changed = CIL_FALSE;
4112 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4113 
4114 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4115 
4116 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4117 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4118 }
4119 
test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest * tc)4120 void test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest *tc) {
4121 	char *line[] = {"(", "user", "user_u", ")",
4122 			"(", "role", "role_r", ")",
4123 			"(", "type", "type_t", ")",
4124 			"(", "category", "c0", ")",
4125 			"(", "sensitivity", "s0", ")",
4126 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4127 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4128 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4129 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
4130 			"(", "nodecon", "(", "192.168.1.1", ")", "netmask", "con", ")", NULL};
4131 
4132 	struct cil_tree *test_tree;
4133 	gen_test_tree(&test_tree, line);
4134 
4135 	struct cil_db *test_db;
4136 	cil_db_init(&test_db);
4137 
4138 	uint32_t changed = CIL_FALSE;
4139 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4140 
4141 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4142 
4143 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4144 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4145 }
4146 
test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest * tc)4147 void test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest *tc) {
4148 	char *line[] = {"(", "user", "user_u", ")",
4149 			"(", "role", "role_r", ")",
4150 			"(", "type", "type_t", ")",
4151 			"(", "category", "c0", ")",
4152 			"(", "sensitivity", "s0", ")",
4153 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4154 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4155 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4156 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4157 			"(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
4158 
4159 	struct cil_tree *test_tree;
4160 	gen_test_tree(&test_tree, line);
4161 
4162 	struct cil_db *test_db;
4163 	cil_db_init(&test_db);
4164 
4165 	uint32_t changed = CIL_FALSE;
4166 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4167 
4168 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4169 
4170 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4171 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4172 }
4173 
test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest * tc)4174 void test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest *tc) {
4175 	char *line[] = {"(", "user", "user_u", ")",
4176 			"(", "role", "role_r", ")",
4177 			"(", "type", "type_t", ")",
4178 			"(", "category", "c0", ")",
4179 			"(", "sensitivity", "s0", ")",
4180 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4181 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4182 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4183 			"(", "ipaddr", "netmask", "2001:0DB8:AC10:FE01::", ")",
4184 			"(", "nodecon", "(", "2001:0DB8:AC10:FE01::", ")", "netmask", "con", ")", NULL};
4185 
4186 	struct cil_tree *test_tree;
4187 	gen_test_tree(&test_tree, line);
4188 
4189 	struct cil_db *test_db;
4190 	cil_db_init(&test_db);
4191 
4192 	uint32_t changed = CIL_FALSE;
4193 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4194 
4195 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4196 
4197 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4198 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4199 }
4200 
test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest * tc)4201 void test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest *tc) {
4202 	char *line[] = {"(", "user", "user_u", ")",
4203 			"(", "role", "role_r", ")",
4204 			"(", "type", "type_t", ")",
4205 			"(", "category", "c0", ")",
4206 			"(", "sensitivity", "s0", ")",
4207 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4208 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4209 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4210 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4211 			"(", "nodecon", "ip", "(", "2001:0DB8:AC10:FE01::", ")", "con", ")", NULL};
4212 
4213 	struct cil_tree *test_tree;
4214 	gen_test_tree(&test_tree, line);
4215 
4216 	struct cil_db *test_db;
4217 	cil_db_init(&test_db);
4218 
4219 	uint32_t changed = CIL_FALSE;
4220 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4221 
4222 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4223 
4224 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4225 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4226 }
4227 
test_cil_resolve_nodecon_diffipfam_neg(CuTest * tc)4228 void test_cil_resolve_nodecon_diffipfam_neg(CuTest *tc) {
4229 	char *line[] = {"(", "user", "user_u", ")",
4230 			"(", "role", "role_r", ")",
4231 			"(", "type", "type_t", ")",
4232 			"(", "category", "c0", ")",
4233 			"(", "sensitivity", "s0", ")",
4234 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4235 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4236 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4237 			"(", "ipaddr", "ip", "2001:0DB8:AC10:FE01::", ")",
4238 			"(", "nodecon", "ip", "(", "192.168.1.1", ")", "con", ")", NULL};
4239 
4240 	struct cil_tree *test_tree;
4241 	gen_test_tree(&test_tree, line);
4242 
4243 	struct cil_db *test_db;
4244 	cil_db_init(&test_db);
4245 
4246 	uint32_t changed = CIL_FALSE;
4247 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4248 
4249 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4250 
4251 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4252 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
4253 }
4254 
test_cil_resolve_nodecon_context_neg(CuTest * tc)4255 void test_cil_resolve_nodecon_context_neg(CuTest *tc) {
4256 	char *line[] = {"(", "user", "user_u", ")",
4257 			"(", "role", "role_r", ")",
4258 			"(", "type", "type_t", ")",
4259 			"(", "category", "c0", ")",
4260 			"(", "sensitivity", "s0", ")",
4261 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4262 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4263 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4264 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4265 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
4266 			"(", "nodecon", "n", "netmask", "con", ")", NULL};
4267 
4268 	struct cil_tree *test_tree;
4269 	gen_test_tree(&test_tree, line);
4270 
4271 	struct cil_db *test_db;
4272 	cil_db_init(&test_db);
4273 
4274 	uint32_t changed = CIL_FALSE;
4275 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4276 
4277 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4278 
4279 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4280 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4281 }
4282 
test_cil_resolve_nodecon_ipaddr_neg(CuTest * tc)4283 void test_cil_resolve_nodecon_ipaddr_neg(CuTest *tc) {
4284 	char *line[] = {"(", "user", "user_u", ")",
4285 			"(", "role", "role_r", ")",
4286 			"(", "type", "type_t", ")",
4287 			"(", "category", "c0", ")",
4288 			"(", "sensitivity", "s0", ")",
4289 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4290 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4291 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4292 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4293 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
4294 			"(", "nodecon", "ip", "n", "con", ")", NULL};
4295 
4296 	struct cil_tree *test_tree;
4297 	gen_test_tree(&test_tree, line);
4298 
4299 	struct cil_db *test_db;
4300 	cil_db_init(&test_db);
4301 
4302 	uint32_t changed = CIL_FALSE;
4303 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4304 
4305 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4306 
4307 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
4308 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4309 }
4310 
test_cil_resolve_nodecon_netmask_neg(CuTest * tc)4311 void test_cil_resolve_nodecon_netmask_neg(CuTest *tc) {
4312 	char *line[] = {"(", "user", "user_u", ")",
4313 			"(", "role", "role_r", ")",
4314 			"(", "type", "type_t", ")",
4315 			"(", "category", "c0", ")",
4316 			"(", "sensitivity", "s0", ")",
4317 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4318 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4319 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
4320 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4321 			"(", "nodecon", "ip", "ip", "conn", ")", NULL};
4322 
4323 	struct cil_tree *test_tree;
4324 	gen_test_tree(&test_tree, line);
4325 
4326 	struct cil_db *test_db;
4327 	cil_db_init(&test_db);
4328 
4329 	uint32_t changed = CIL_FALSE;
4330 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4331 
4332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4333 
4334 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4335 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4336 }
4337 
test_cil_resolve_nodecon_anon_context(CuTest * tc)4338 void test_cil_resolve_nodecon_anon_context(CuTest *tc) {
4339 	char *line[] = {"(", "user", "user_u", ")",
4340 			"(", "role", "role_r", ")",
4341 			"(", "type", "type_t", ")",
4342 			"(", "category", "c0", ")",
4343 			"(", "sensitivity", "s0", ")",
4344 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4345 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4346 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4347 			"(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4348 
4349 	struct cil_tree *test_tree;
4350 	gen_test_tree(&test_tree, line);
4351 
4352 	struct cil_db *test_db;
4353 	cil_db_init(&test_db);
4354 
4355 	uint32_t changed = CIL_FALSE;
4356 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4357 
4358 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4359 
4360 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4361 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4362 }
4363 
test_cil_resolve_nodecon_anon_context_neg(CuTest * tc)4364 void test_cil_resolve_nodecon_anon_context_neg(CuTest *tc) {
4365 	char *line[] = {"(", "user", "system_u", ")",
4366 			"(", "type", "type_t", ")",
4367 			"(", "category", "c0", ")",
4368 			"(", "sensitivity", "s0", ")",
4369 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4370 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4371 			"(", "ipaddr", "ip", "192.168.1.1", ")",
4372 			"(", "nodecon", "ip", "ip", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")", NULL};
4373 
4374 	struct cil_tree *test_tree;
4375 	gen_test_tree(&test_tree, line);
4376 
4377 	struct cil_db *test_db;
4378 	cil_db_init(&test_db);
4379 
4380 	uint32_t changed = CIL_FALSE;
4381 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4382 
4383 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4384 
4385 	int rc = cil_resolve_nodecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4386 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4387 }
4388 
test_cil_resolve_netifcon(CuTest * tc)4389 void test_cil_resolve_netifcon(CuTest *tc) {
4390 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4391 			"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4392 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4393 
4394 	struct cil_tree *test_tree;
4395 	gen_test_tree(&test_tree, line);
4396 
4397 	struct cil_db *test_db;
4398 	cil_db_init(&test_db);
4399 
4400 	uint32_t changed = CIL_FALSE;
4401 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4402 
4403 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4404 
4405 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next, args);
4406 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4407 }
4408 
test_cil_resolve_netifcon_otf_neg(CuTest * tc)4409 void test_cil_resolve_netifcon_otf_neg(CuTest *tc) {
4410 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4411 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4412 
4413 	struct cil_tree *test_tree;
4414 	gen_test_tree(&test_tree, line);
4415 
4416 	struct cil_db *test_db;
4417 	cil_db_init(&test_db);
4418 
4419 	uint32_t changed = CIL_FALSE;
4420 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4421 
4422 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4423 
4424 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
4425 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4426 }
4427 
test_cil_resolve_netifcon_interface_neg(CuTest * tc)4428 void test_cil_resolve_netifcon_interface_neg(CuTest *tc) {
4429 	char *line[] = {"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4430 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
4431 
4432 	struct cil_tree *test_tree;
4433 	gen_test_tree(&test_tree, line);
4434 
4435 	struct cil_db *test_db;
4436 	cil_db_init(&test_db);
4437 
4438 	uint32_t changed = CIL_FALSE;
4439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4440 
4441 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4442 
4443 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next, args);
4444 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4445 }
4446 
test_cil_resolve_netifcon_unnamed(CuTest * tc)4447 void test_cil_resolve_netifcon_unnamed(CuTest *tc) {
4448 	char *line[] = {"(", "sensitivity", "s0", ")",
4449 			"(", "category", "c0", ")",
4450 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4451 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4452 			"(", "user", "system_u", ")",
4453 			"(", "role", "object_r", ")",
4454 			"(", "type", "netif_t", ")",
4455 			"(", "netifcon", "eth1",
4456                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4457                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4458 
4459 	struct cil_tree *test_tree;
4460 	gen_test_tree(&test_tree, line);
4461 
4462 	struct cil_db *test_db;
4463 	cil_db_init(&test_db);
4464 
4465 	uint32_t changed = CIL_FALSE;
4466 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4467 
4468 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4469 
4470 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4471 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4472 }
4473 
test_cil_resolve_netifcon_unnamed_packet_neg(CuTest * tc)4474 void test_cil_resolve_netifcon_unnamed_packet_neg(CuTest *tc) {
4475 	char *line[] = {"(", "sensitivity", "s0", ")",
4476 			"(", "category", "c0", ")",
4477 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4478 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4479 			"(", "role", "object_r", ")",
4480 			"(", "type", "netif_t", ")",
4481 			"(", "netifcon", "eth1",
4482                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4483                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4484 
4485 	struct cil_tree *test_tree;
4486 	gen_test_tree(&test_tree, line);
4487 
4488 	struct cil_db *test_db;
4489 	cil_db_init(&test_db);
4490 
4491 	uint32_t changed = CIL_FALSE;
4492 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4493 
4494 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4495 
4496 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
4497 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4498 }
4499 
test_cil_resolve_netifcon_unnamed_otf_neg(CuTest * tc)4500 void test_cil_resolve_netifcon_unnamed_otf_neg(CuTest *tc) {
4501 	char *line[] = {"(", "sensitivity", "s0", ")",
4502 			"(", "category", "c0", ")",
4503 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4504 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4505 			"(", "user", "system_u", ")",
4506 			"(", "role", "object_r", ")",
4507 			"(", "type", "netif_t", ")",
4508 			"(", "netifcon", "eth1",
4509                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")",
4510                         "(", "system_u", "foo_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4511 
4512 	struct cil_tree *test_tree;
4513 	gen_test_tree(&test_tree, line);
4514 
4515 	struct cil_db *test_db;
4516 	cil_db_init(&test_db);
4517 
4518 	uint32_t changed = CIL_FALSE;
4519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4520 
4521 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4522 
4523 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
4524 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4525 }
4526 
test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest * tc)4527 void test_cil_resolve_netifcon_sublist_secondlist_missing_neg(CuTest *tc) {
4528 	char *line[] = {"(", "netifcon", "eth1",
4529                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4530 
4531 	struct cil_tree *test_tree;
4532 	gen_test_tree(&test_tree, line);
4533 
4534 	struct cil_db *test_db;
4535 	cil_db_init(&test_db);
4536 
4537 	uint32_t changed = CIL_FALSE;
4538 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4539 
4540 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4541 
4542 	int rc = cil_resolve_netifcon(test_db->ast->root->cl_head, args);
4543 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4544 }
4545 
test_cil_resolve_pirqcon(CuTest * tc)4546 void test_cil_resolve_pirqcon(CuTest *tc) {
4547 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4548 			"(", "pirqcon", "1", "con", ")", NULL};
4549 
4550 	struct cil_tree *test_tree;
4551 	gen_test_tree(&test_tree, line);
4552 
4553 	struct cil_db *test_db;
4554 	cil_db_init(&test_db);
4555 
4556 	uint32_t changed = CIL_FALSE;
4557 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4558 
4559 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4560 
4561 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
4562 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4563 }
4564 
test_cil_resolve_pirqcon_context_neg(CuTest * tc)4565 void test_cil_resolve_pirqcon_context_neg(CuTest *tc) {
4566 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4567 			"(", "pirqcon", "1", "dne", ")", NULL};
4568 
4569 	struct cil_tree *test_tree;
4570 	gen_test_tree(&test_tree, line);
4571 
4572 	struct cil_db *test_db;
4573 	cil_db_init(&test_db);
4574 
4575 	uint32_t changed = CIL_FALSE;
4576 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4577 
4578 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4579 
4580 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next, args);
4581 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4582 }
4583 
test_cil_resolve_pirqcon_anon_context(CuTest * tc)4584 void test_cil_resolve_pirqcon_anon_context(CuTest *tc) {
4585 	char *line[] = {"(", "user", "system_u", ")",
4586 			"(", "role", "object_r", ")",
4587 			"(", "type", "etc_t", ")",
4588 			"(", "sensitivity", "s0", ")",
4589 			"(", "category", "c0", ")",
4590 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4591 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4592 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4593 			"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4594 
4595 	struct cil_tree *test_tree;
4596 	gen_test_tree(&test_tree, line);
4597 
4598 	struct cil_db *test_db;
4599 	cil_db_init(&test_db);
4600 
4601 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4602 
4603 	uint32_t changed = CIL_FALSE;
4604 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4605 
4606 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4607 
4608 	args->pass = CIL_PASS_MISC3;
4609 
4610 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4611 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4612 }
4613 
test_cil_resolve_pirqcon_anon_context_neg(CuTest * tc)4614 void test_cil_resolve_pirqcon_anon_context_neg(CuTest *tc) {
4615 	char *line[] = {"(", "pirqcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4616 
4617 	struct cil_tree *test_tree;
4618 	gen_test_tree(&test_tree, line);
4619 
4620 	struct cil_db *test_db;
4621 	cil_db_init(&test_db);
4622 
4623 	uint32_t changed = CIL_FALSE;
4624 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4625 
4626 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4627 
4628 	int rc = cil_resolve_pirqcon(test_db->ast->root->cl_head, args);
4629 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4630 }
4631 
test_cil_resolve_iomemcon(CuTest * tc)4632 void test_cil_resolve_iomemcon(CuTest *tc) {
4633 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4634 			"(", "iomemcon", "1", "con", ")", NULL};
4635 
4636 	struct cil_tree *test_tree;
4637 	gen_test_tree(&test_tree, line);
4638 
4639 	struct cil_db *test_db;
4640 	cil_db_init(&test_db);
4641 
4642 	uint32_t changed = CIL_FALSE;
4643 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4644 
4645 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4646 
4647 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
4648 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4649 }
4650 
test_cil_resolve_iomemcon_context_neg(CuTest * tc)4651 void test_cil_resolve_iomemcon_context_neg(CuTest *tc) {
4652 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4653 			"(", "iomemcon", "1", "dne", ")", NULL};
4654 
4655 	struct cil_tree *test_tree;
4656 	gen_test_tree(&test_tree, line);
4657 
4658 	struct cil_db *test_db;
4659 	cil_db_init(&test_db);
4660 
4661 	uint32_t changed = CIL_FALSE;
4662 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4663 
4664 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4665 
4666 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next, args);
4667 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4668 }
4669 
test_cil_resolve_iomemcon_anon_context(CuTest * tc)4670 void test_cil_resolve_iomemcon_anon_context(CuTest *tc) {
4671 	char *line[] = {"(", "user", "system_u", ")",
4672 			"(", "role", "object_r", ")",
4673 			"(", "type", "etc_t", ")",
4674 			"(", "sensitivity", "s0", ")",
4675 			"(", "category", "c0", ")",
4676 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4677 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4678 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4679 			"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4680 
4681 	struct cil_tree *test_tree;
4682 	gen_test_tree(&test_tree, line);
4683 
4684 	struct cil_db *test_db;
4685 	cil_db_init(&test_db);
4686 
4687 	uint32_t changed = CIL_FALSE;
4688 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4689 
4690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4691 
4692 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4693 
4694 	args->pass = CIL_PASS_MISC3;
4695 
4696 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4697 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4698 }
4699 
test_cil_resolve_iomemcon_anon_context_neg(CuTest * tc)4700 void test_cil_resolve_iomemcon_anon_context_neg(CuTest *tc) {
4701 	char *line[] = {"(", "iomemcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4702 
4703 	struct cil_tree *test_tree;
4704 	gen_test_tree(&test_tree, line);
4705 
4706 	struct cil_db *test_db;
4707 	cil_db_init(&test_db);
4708 
4709 	uint32_t changed = CIL_FALSE;
4710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4711 
4712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4713 
4714 	int rc = cil_resolve_iomemcon(test_db->ast->root->cl_head, args);
4715 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4716 }
4717 
test_cil_resolve_ioportcon(CuTest * tc)4718 void test_cil_resolve_ioportcon(CuTest *tc) {
4719 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4720 			"(", "ioportcon", "1", "con", ")", NULL};
4721 
4722 	struct cil_tree *test_tree;
4723 	gen_test_tree(&test_tree, line);
4724 
4725 	struct cil_db *test_db;
4726 	cil_db_init(&test_db);
4727 
4728 	uint32_t changed = CIL_FALSE;
4729 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4730 
4731 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4732 
4733 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
4734 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4735 }
4736 
test_cil_resolve_ioportcon_context_neg(CuTest * tc)4737 void test_cil_resolve_ioportcon_context_neg(CuTest *tc) {
4738 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4739 			"(", "ioportcon", "1", "dne", ")", NULL};
4740 
4741 	struct cil_tree *test_tree;
4742 	gen_test_tree(&test_tree, line);
4743 
4744 	struct cil_db *test_db;
4745 	cil_db_init(&test_db);
4746 
4747 	uint32_t changed = CIL_FALSE;
4748 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4749 
4750 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4751 
4752 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next, args);
4753 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4754 }
4755 
test_cil_resolve_ioportcon_anon_context(CuTest * tc)4756 void test_cil_resolve_ioportcon_anon_context(CuTest *tc) {
4757 	char *line[] = {"(", "user", "system_u", ")",
4758 			"(", "role", "object_r", ")",
4759 			"(", "type", "etc_t", ")",
4760 			"(", "sensitivity", "s0", ")",
4761 			"(", "category", "c0", ")",
4762 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4763 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4764 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4765 			"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4766 
4767 	struct cil_tree *test_tree;
4768 	gen_test_tree(&test_tree, line);
4769 
4770 	struct cil_db *test_db;
4771 	cil_db_init(&test_db);
4772 
4773 	uint32_t changed = CIL_FALSE;
4774 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4775 
4776 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4777 
4778 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4779 
4780 	args->pass = CIL_PASS_MISC3;
4781 
4782 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4783 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4784 }
4785 
test_cil_resolve_ioportcon_anon_context_neg(CuTest * tc)4786 void test_cil_resolve_ioportcon_anon_context_neg(CuTest *tc) {
4787 	char *line[] = {"(", "ioportcon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4788 
4789 	struct cil_tree *test_tree;
4790 	gen_test_tree(&test_tree, line);
4791 
4792 	struct cil_db *test_db;
4793 	cil_db_init(&test_db);
4794 
4795 	uint32_t changed = CIL_FALSE;
4796 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4797 
4798 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4799 
4800 	int rc = cil_resolve_ioportcon(test_db->ast->root->cl_head, args);
4801 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4802 }
4803 
test_cil_resolve_pcidevicecon(CuTest * tc)4804 void test_cil_resolve_pcidevicecon(CuTest *tc) {
4805 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4806 			"(", "pcidevicecon", "1", "con", ")", NULL};
4807 
4808 	struct cil_tree *test_tree;
4809 	gen_test_tree(&test_tree, line);
4810 
4811 	struct cil_db *test_db;
4812 	cil_db_init(&test_db);
4813 
4814 	uint32_t changed = CIL_FALSE;
4815 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4816 
4817 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4818 
4819 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
4820 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4821 }
4822 
test_cil_resolve_pcidevicecon_context_neg(CuTest * tc)4823 void test_cil_resolve_pcidevicecon_context_neg(CuTest *tc) {
4824 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
4825 			"(", "pcidevicecon", "1", "dne", ")", NULL};
4826 
4827 	struct cil_tree *test_tree;
4828 	gen_test_tree(&test_tree, line);
4829 
4830 	struct cil_db *test_db;
4831 	cil_db_init(&test_db);
4832 
4833 	uint32_t changed = CIL_FALSE;
4834 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4835 
4836 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4837 
4838 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next, args);
4839 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4840 }
4841 
test_cil_resolve_pcidevicecon_anon_context(CuTest * tc)4842 void test_cil_resolve_pcidevicecon_anon_context(CuTest *tc) {
4843 	char *line[] = {"(", "user", "system_u", ")",
4844 			"(", "role", "object_r", ")",
4845 			"(", "type", "etc_t", ")",
4846 			"(", "sensitivity", "s0", ")",
4847 			"(", "category", "c0", ")",
4848 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4849 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4850 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4851 			"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4852 
4853 	struct cil_tree *test_tree;
4854 	gen_test_tree(&test_tree, line);
4855 
4856 	struct cil_db *test_db;
4857 	cil_db_init(&test_db);
4858 
4859 	uint32_t changed = CIL_FALSE;
4860 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
4861 
4862 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4863 
4864 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next->next->next, args);
4865 
4866 	args->pass = CIL_PASS_MISC3;
4867 
4868 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4869 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4870 }
4871 
test_cil_resolve_pcidevicecon_anon_context_neg(CuTest * tc)4872 void test_cil_resolve_pcidevicecon_anon_context_neg(CuTest *tc) {
4873 	char *line[] = {"(", "pcidevicecon", "1", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")", NULL};
4874 
4875 	struct cil_tree *test_tree;
4876 	gen_test_tree(&test_tree, line);
4877 
4878 	struct cil_db *test_db;
4879 	cil_db_init(&test_db);
4880 
4881 	uint32_t changed = CIL_FALSE;
4882 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4883 
4884 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4885 
4886 	int rc = cil_resolve_pcidevicecon(test_db->ast->root->cl_head, args);
4887 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4888 }
4889 
test_cil_resolve_fsuse(CuTest * tc)4890 void test_cil_resolve_fsuse(CuTest *tc) {
4891 	char *line[] = {"(", "sensitivity", "s0", ")",
4892 			"(", "category", "c0", ")",
4893 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4894 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4895 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4896 			"(", "user", "system_u", ")",
4897 			"(", "role", "object_r", ")",
4898 			"(", "type", "netif_t", ")",
4899 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4900 			"(", "fsuse", "xattr", "ext3", "con", ")", NULL};
4901 
4902 	struct cil_tree *test_tree;
4903 	gen_test_tree(&test_tree, line);
4904 
4905 	struct cil_db *test_db;
4906 	cil_db_init(&test_db);
4907 
4908 	uint32_t changed = CIL_FALSE;
4909 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4910 
4911 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4912 
4913 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4914 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4915 }
4916 
test_cil_resolve_fsuse_nocontext_neg(CuTest * tc)4917 void test_cil_resolve_fsuse_nocontext_neg(CuTest *tc) {
4918 	char *line[] = {"(", "sensitivity", "s0", ")",
4919 			"(", "category", "c0", ")",
4920 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4921 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4922 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4923 			"(", "user", "system_u", ")",
4924 			"(", "role", "object_r", ")",
4925 			"(", "type", "netif_t", ")",
4926 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4927 			"(", "fsuse", "xattr", "ext3", "(", ")", ")", NULL};
4928 
4929 	struct cil_tree *test_tree;
4930 	gen_test_tree(&test_tree, line);
4931 
4932 	struct cil_db *test_db;
4933 	cil_db_init(&test_db);
4934 
4935 	uint32_t changed = CIL_FALSE;
4936 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4937 
4938 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4939 
4940 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4941 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
4942 }
4943 
test_cil_resolve_fsuse_neg(CuTest * tc)4944 void test_cil_resolve_fsuse_neg(CuTest *tc) {
4945 	char *line[] = {"(", "sensitivity", "s0", ")",
4946 			"(", "category", "c0", ")",
4947 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4948 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4949 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4950 			"(", "user", "system_u", ")",
4951 			"(", "role", "object_r", ")",
4952 			"(", "type", "netif_t", ")",
4953 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
4954 			"(", "fsuse", "xattr", "ext3", "conn", ")", NULL};
4955 
4956 	struct cil_tree *test_tree;
4957 	gen_test_tree(&test_tree, line);
4958 
4959 	struct cil_db *test_db;
4960 	cil_db_init(&test_db);
4961 
4962 	uint32_t changed = CIL_FALSE;
4963 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4964 
4965 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4966 
4967 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
4968 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
4969 }
4970 
test_cil_resolve_fsuse_anon(CuTest * tc)4971 void test_cil_resolve_fsuse_anon(CuTest *tc) {
4972 	char *line[] = {"(", "sensitivity", "s0", ")",
4973 			"(", "category", "c0", ")",
4974 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
4975 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
4976 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
4977 			"(", "user", "system_u", ")",
4978 			"(", "role", "object_r", ")",
4979 			"(", "type", "netif_t", ")",
4980 			"(", "fsuse", "xattr", "ext3", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
4981 
4982 	struct cil_tree *test_tree;
4983 	gen_test_tree(&test_tree, line);
4984 
4985 	struct cil_db *test_db;
4986 	cil_db_init(&test_db);
4987 
4988 	uint32_t changed = CIL_FALSE;
4989 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
4990 
4991 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
4992 
4993 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
4994 	CuAssertIntEquals(tc, SEPOL_OK, rc);
4995 }
4996 
test_cil_resolve_fsuse_anon_neg(CuTest * tc)4997 void test_cil_resolve_fsuse_anon_neg(CuTest *tc) {
4998 	char *line[] = {"(", "sensitivity", "s0", ")",
4999 			"(", "category", "c0", ")",
5000 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5001 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
5002 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
5003 			"(", "user", "system_u", ")",
5004 			"(", "role", "object_r", ")",
5005 			"(", "type", "netif_t", ")",
5006 			"(", "fsuse", "xattr", "ext3", "(", "system_uu", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
5007 
5008 	struct cil_tree *test_tree;
5009 	gen_test_tree(&test_tree, line);
5010 
5011 	struct cil_db *test_db;
5012 	cil_db_init(&test_db);
5013 
5014 	uint32_t changed = CIL_FALSE;
5015 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
5016 
5017 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5018 
5019 	int rc = cil_resolve_fsuse(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5020 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5021 }
5022 
test_cil_resolve_sidcontext(CuTest * tc)5023 void test_cil_resolve_sidcontext(CuTest *tc) {
5024 	char *line[] = {"(", "category", "c0", ")",
5025 			"(", "categoryorder", "(", "c0", ")", ")",
5026 			"(", "sensitivity", "s0", ")",
5027 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5028 			"(", "type", "blah_t", ")",
5029 			"(", "role", "blah_r", ")",
5030 			"(", "user", "blah_u", ")",
5031 			"(", "sid", "test", ")",
5032 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
5033 
5034 	struct cil_tree *test_tree;
5035 	gen_test_tree(&test_tree, line);
5036 
5037 	struct cil_db *test_db;
5038 	cil_db_init(&test_db);
5039 
5040 	uint32_t changed = CIL_FALSE;
5041 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5042 
5043 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5044 
5045 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5046 
5047 	args->pass = CIL_PASS_MISC3;
5048 
5049 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5050 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5051 }
5052 
test_cil_resolve_sidcontext_named_levels(CuTest * tc)5053 void test_cil_resolve_sidcontext_named_levels(CuTest *tc) {
5054 	char *line[] = {"(", "category", "c0", ")",
5055 			"(", "categoryorder", "(", "c0", ")", ")",
5056 			"(", "sensitivity", "s0", ")",
5057 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5058 			"(", "type", "blah_t", ")",
5059 			"(", "role", "blah_r", ")",
5060 			"(", "user", "blah_u", ")",
5061 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
5062 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
5063 			"(", "sid", "test", ")",
5064 			"(", "sidcontext", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
5065 
5066 	struct cil_tree *test_tree;
5067 	gen_test_tree(&test_tree, line);
5068 
5069 	struct cil_db *test_db;
5070 	cil_db_init(&test_db);
5071 
5072 	uint32_t changed = CIL_FALSE;
5073 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5074 
5075 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5076 
5077 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5078 
5079 	args->pass = CIL_PASS_MISC3;
5080 
5081 	struct cil_tree_node *level = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5082 	cil_resolve_level(level, (struct cil_level*)level->data, args);
5083 	cil_resolve_level(level->next, (struct cil_level*)level->next->data, args);
5084 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5085 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5086 }
5087 
test_cil_resolve_sidcontext_named_context(CuTest * tc)5088 void test_cil_resolve_sidcontext_named_context(CuTest *tc) {
5089 	char *line[] = {"(", "category", "c0", ")",
5090 			"(", "categoryorder", "(", "c0", ")", ")",
5091 			"(", "sensitivity", "s0", ")",
5092 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5093 			"(", "type", "blah_t", ")",
5094 			"(", "role", "blah_r", ")",
5095 			"(", "user", "blah_u", ")",
5096 			"(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
5097 			"(", "sid", "test", ")",
5098 			"(", "sidcontext", "test", "con", ")", NULL};
5099 
5100 	struct cil_tree *test_tree;
5101 	gen_test_tree(&test_tree, line);
5102 
5103 	struct cil_db *test_db;
5104 	cil_db_init(&test_db);
5105 
5106 	uint32_t changed = CIL_FALSE;
5107 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5108 
5109 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5110 
5111 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5112 
5113 	args->pass = CIL_PASS_MISC3;
5114 
5115 	struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5116 	cil_resolve_context(context, (struct cil_context*)context->data, args);
5117 
5118 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
5119 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5120 }
5121 
test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest * tc)5122 void test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest *tc) {
5123 	char *line[] = {"(", "category", "c0", ")",
5124 			"(", "categoryorder", "(", "c0", ")", ")",
5125 			"(", "sensitivity", "s0", ")",
5126 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5127 			"(", "type", "blah_t", ")",
5128 			"(", "role", "blah_r", ")",
5129 			"(", "user", "blah_u", ")",
5130 			"(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")",
5131 			"(", "sid", "test", ")",
5132 			"(", "sidcontext", "test", "foo", ")", NULL};
5133 
5134 	struct cil_tree *test_tree;
5135 	gen_test_tree(&test_tree, line);
5136 
5137 	struct cil_db *test_db;
5138 	cil_db_init(&test_db);
5139 
5140 	uint32_t changed = CIL_FALSE;
5141 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5142 
5143 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5144 
5145 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5146 
5147 	args->pass = CIL_PASS_MISC3;
5148 
5149 	struct cil_tree_node *context = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
5150 	cil_resolve_context(context, (struct cil_context*)context->data, args);
5151 
5152 	int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, args);
5153 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5154 }
5155 
test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest * tc)5156 void test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest *tc) {
5157            char *line[] = {"(", "category", "c0", ")",
5158                         "(", "categoryorder", "(", "c0", ")", ")",
5159                         "(", "sensitivity", "s0", ")",
5160                         "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
5161                         "(", "type", "blah_t", ")",
5162                         "(", "role", "blah_r", ")",
5163                         "(", "user", "blah_u", ")",
5164 			"(", "sid", "test", ")",
5165                         "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
5166 
5167         struct cil_tree *test_tree;
5168         gen_test_tree(&test_tree, line);
5169 
5170         struct cil_db *test_db;
5171         cil_db_init(&test_db);
5172 
5173 	uint32_t changed = CIL_FALSE;
5174 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
5175 
5176         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5177 
5178         cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
5179 
5180         int rc = cil_resolve_sidcontext(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5181         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5182 }
5183 
test_cil_resolve_blockinherit(CuTest * tc)5184 void test_cil_resolve_blockinherit(CuTest *tc) {
5185 	char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
5186 			"(", "block", "foo", "(", "type", "a", ")",
5187 				"(", "blockinherit", "baz", ")", ")", NULL};
5188 
5189 	struct cil_tree *test_tree;
5190 	gen_test_tree(&test_tree, line);
5191 
5192 	struct cil_db *test_db;
5193 	cil_db_init(&test_db);
5194 
5195 	uint32_t changed = CIL_FALSE;
5196 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5197 
5198 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5199 
5200 	int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
5201 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5202 }
5203 
test_cil_resolve_blockinherit_blockstrdne_neg(CuTest * tc)5204 void test_cil_resolve_blockinherit_blockstrdne_neg(CuTest *tc) {
5205 	char *line[] = {"(", "block", "baz", "(", "type", "b", ")", ")",
5206 			"(", "block", "foo", "(", "type", "a", ")",
5207 				"(", "blockinherit", "dne", ")", ")", NULL};
5208 
5209 	struct cil_tree *test_tree;
5210 	gen_test_tree(&test_tree, line);
5211 
5212 	struct cil_db *test_db;
5213 	cil_db_init(&test_db);
5214 
5215 	uint32_t changed = CIL_FALSE;
5216 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5217 
5218 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5219 
5220 	int rc = cil_resolve_blockinherit(test_db->ast->root->cl_head->next->cl_head->next, args);
5221 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5222 }
5223 
test_cil_resolve_in_block(CuTest * tc)5224 void test_cil_resolve_in_block(CuTest *tc) {
5225 	char *line[] = {"(", "class", "char", "(", "read", ")", ")",
5226 			"(", "block", "foo", "(", "type", "a", ")", ")",
5227 			"(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5228 
5229 	struct cil_tree *test_tree;
5230 	gen_test_tree(&test_tree, line);
5231 
5232 	struct cil_db *test_db;
5233 	cil_db_init(&test_db);
5234 
5235 	uint32_t changed = CIL_FALSE;
5236 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5237 
5238 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5239 
5240 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5241 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5242 }
5243 
test_cil_resolve_in_blockstrdne_neg(CuTest * tc)5244 void test_cil_resolve_in_blockstrdne_neg(CuTest *tc) {
5245 	char *line[] = {"(", "class", "char", "(", "read", ")", ")",
5246 			"(", "in", "foo", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5247 
5248 	struct cil_tree *test_tree;
5249 	gen_test_tree(&test_tree, line);
5250 
5251 	struct cil_db *test_db;
5252 	cil_db_init(&test_db);
5253 
5254 	uint32_t changed = CIL_FALSE;
5255 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5256 
5257 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5258 
5259 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next, args);
5260 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5261 }
5262 
test_cil_resolve_in_macro(CuTest * tc)5263 void test_cil_resolve_in_macro(CuTest *tc) {
5264 	char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
5265 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5266 				"(", "allow", "foo", "bar", "(", "file", "(", "write", ")", ")", ")", ")",
5267 			"(", "in", "mm", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5268 
5269 	struct cil_tree *test_tree;
5270 	gen_test_tree(&test_tree, line);
5271 
5272 	struct cil_db *test_db;
5273 	cil_db_init(&test_db);
5274 
5275 	uint32_t changed = CIL_FALSE;
5276 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5277 
5278 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5279 
5280 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5281 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5282 }
5283 
test_cil_resolve_in_optional(CuTest * tc)5284 void test_cil_resolve_in_optional(CuTest *tc) {
5285 	char *line[] = {"(", "class", "char", "(", "read", "write", ")", ")",
5286 			"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")",
5287 			"(", "in", "opt", "(", "allow", "test", "baz", "(", "char", "(", "read", ")", ")", ")", ")", NULL};
5288 
5289 	struct cil_tree *test_tree;
5290 	gen_test_tree(&test_tree, line);
5291 
5292 	struct cil_db *test_db;
5293 	cil_db_init(&test_db);
5294 
5295 	uint32_t changed = CIL_FALSE;
5296 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5297 
5298 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5299 
5300 	int rc = cil_resolve_in(test_db->ast->root->cl_head->next->next, args);
5301 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5302 }
5303 
test_cil_resolve_call1_noparam(CuTest * tc)5304 void test_cil_resolve_call1_noparam(CuTest *tc) {
5305 	char *line[] = {"(", "type", "qaz", ")",
5306 			"(", "class", "file", "(", "read", ")", ")",
5307 			"(", "macro", "mm", "(", "(", "type", ")", ")",
5308 				"(", "type", "b", ")",
5309 				"(", "allow", "qaz", "b", "file", "(", "read", ")", ")", ")",
5310 			"(", "call", "mm", "(", ")", ")", NULL};
5311 
5312 	struct cil_tree *test_tree;
5313 	gen_test_tree(&test_tree, line);
5314 
5315 	struct cil_db *test_db;
5316 	cil_db_init(&test_db);
5317 
5318 	uint32_t changed = CIL_FALSE;
5319 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5320 
5321 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5322 
5323 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5324 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5325 }
5326 
test_cil_resolve_call1_type(CuTest * tc)5327 void test_cil_resolve_call1_type(CuTest *tc) {
5328 	char *line[] = {"(", "type", "qaz", ")",
5329 			"(", "class", "file", "(", "read", ")", ")",
5330 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5331 				"(", "type", "b", ")",
5332 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5333 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
5334 
5335 	struct cil_tree *test_tree;
5336 	gen_test_tree(&test_tree, line);
5337 
5338 	struct cil_db *test_db;
5339 	cil_db_init(&test_db);
5340 
5341 	uint32_t changed = CIL_FALSE;
5342 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5343 
5344 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5345 
5346 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5347 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5348 }
5349 
test_cil_resolve_call1_role(CuTest * tc)5350 void test_cil_resolve_call1_role(CuTest *tc) {
5351 	char *line[] = {"(", "role", "role_r", ")",
5352 			"(", "class", "file", "(", "read", ")", ")",
5353 			"(", "macro", "mm", "(", "(", "role", "a", ")", ")",
5354 				"(", "role", "b", ")",
5355 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5356 			"(", "call", "mm", "(", "role_r", ")", ")", NULL};
5357 
5358 	struct cil_tree *test_tree;
5359 	gen_test_tree(&test_tree, line);
5360 
5361 	struct cil_db *test_db;
5362 	cil_db_init(&test_db);
5363 
5364 	uint32_t changed = CIL_FALSE;
5365 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5366 
5367 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5368 
5369 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5370 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5371 }
5372 
test_cil_resolve_call1_user(CuTest * tc)5373 void test_cil_resolve_call1_user(CuTest *tc) {
5374 	char *line[] = {"(", "user", "user_u", ")",
5375 			"(", "class", "file", "(", "read", ")", ")",
5376 			"(", "macro", "mm", "(", "(", "user", "a", ")", ")",
5377 				"(", "user", "b", ")",
5378 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5379 			"(", "call", "mm", "(", "user_u", ")", ")", NULL};
5380 
5381 	struct cil_tree *test_tree;
5382 	gen_test_tree(&test_tree, line);
5383 
5384 	struct cil_db *test_db;
5385 	cil_db_init(&test_db);
5386 
5387 	uint32_t changed = CIL_FALSE;
5388 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5389 
5390 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5391 
5392 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5393 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5394 }
5395 
test_cil_resolve_call1_sens(CuTest * tc)5396 void test_cil_resolve_call1_sens(CuTest *tc) {
5397 	char *line[] = {"(", "sensitivity", "sens", ")",
5398 			"(", "class", "file", "(", "read", ")", ")",
5399 			"(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
5400 				"(", "sensitivity", "b", ")",
5401 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5402 			"(", "call", "mm", "(", "sens", ")", ")", NULL};
5403 
5404 	struct cil_tree *test_tree;
5405 	gen_test_tree(&test_tree, line);
5406 
5407 	struct cil_db *test_db;
5408 	cil_db_init(&test_db);
5409 
5410 	uint32_t changed = CIL_FALSE;
5411 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5412 
5413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5414 
5415 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5416 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5417 }
5418 
test_cil_resolve_call1_cat(CuTest * tc)5419 void test_cil_resolve_call1_cat(CuTest *tc) {
5420 	char *line[] = {"(", "category", "c0", ")",
5421 			"(", "class", "file", "(", "read", ")", ")",
5422 			"(", "macro", "mm", "(", "(", "category", "a", ")", ")",
5423 				"(", "category", "b", ")",
5424 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5425 			"(", "call", "mm", "(", "c0", ")", ")", NULL};
5426 
5427 	struct cil_tree *test_tree;
5428 	gen_test_tree(&test_tree, line);
5429 
5430 	struct cil_db *test_db;
5431 	cil_db_init(&test_db);
5432 
5433 	uint32_t changed = CIL_FALSE;
5434 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5435 
5436 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5437 
5438 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5439 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5440 }
5441 
test_cil_resolve_call1_catset(CuTest * tc)5442 void test_cil_resolve_call1_catset(CuTest *tc) {
5443 	char *line[] = {"(", "category", "c0", ")",
5444 			"(", "category", "c1", ")",
5445 			"(", "category", "c2", ")",
5446 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
5447 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
5448 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5449 			"(", "call", "mm", "(", "somecats", ")", ")", NULL};
5450 
5451 	struct cil_tree *test_tree;
5452 	gen_test_tree(&test_tree, line);
5453 
5454 	struct cil_db *test_db;
5455 	cil_db_init(&test_db);
5456 
5457 	uint32_t changed = CIL_FALSE;
5458 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5459 
5460 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5461 
5462 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
5463 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5464 }
5465 
test_cil_resolve_call1_catset_anon(CuTest * tc)5466 void test_cil_resolve_call1_catset_anon(CuTest *tc) {
5467 	char *line[] = {"(", "category", "c0", ")",
5468 			"(", "category", "c1", ")",
5469 			"(", "category", "c2", ")",
5470 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
5471 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5472 			"(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
5473 
5474 	struct cil_tree *test_tree;
5475 	gen_test_tree(&test_tree, line);
5476 
5477 	struct cil_db *test_db;
5478 	cil_db_init(&test_db);
5479 
5480 	uint32_t changed = CIL_FALSE;
5481 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5482 
5483 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5484 
5485 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5486 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5487 }
5488 
test_cil_resolve_call1_catset_anon_neg(CuTest * tc)5489 void test_cil_resolve_call1_catset_anon_neg(CuTest *tc) {
5490 	char *line[] = {"(", "category", "c0", ")",
5491 			"(", "category", "c1", ")",
5492 			"(", "category", "c2", ")",
5493 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
5494 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
5495 			"(", "call", "mm", "(", "(", "c5", "(", "c2", ")", "c4", ")", ")", ")", NULL};
5496 
5497 	struct cil_tree *test_tree;
5498 	gen_test_tree(&test_tree, line);
5499 
5500 	struct cil_db *test_db;
5501 	cil_db_init(&test_db);
5502 
5503 	uint32_t changed = CIL_FALSE;
5504 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5505 
5506 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5507 
5508 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5509 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5510 }
5511 
test_cil_resolve_call1_level(CuTest * tc)5512 void test_cil_resolve_call1_level(CuTest *tc) {
5513 	char *line[] = {"(", "category", "c0", ")",
5514 			"(", "sensitivity", "s0", ")",
5515 			"(", "user", "system_u", ")",
5516 			"(", "role", "role_r", ")",
5517 			"(", "type", "type_t", ")",
5518 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5519 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5520 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
5521 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
5522 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
5523 
5524 	struct cil_tree *test_tree;
5525 	gen_test_tree(&test_tree, line);
5526 
5527 	struct cil_db *test_db;
5528 	cil_db_init(&test_db);
5529 
5530 	uint32_t changed = CIL_FALSE;
5531 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5532 
5533 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5534 
5535 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5536 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5537 }
5538 
test_cil_resolve_call1_level_anon(CuTest * tc)5539 void test_cil_resolve_call1_level_anon(CuTest *tc) {
5540 	char *line[] = {"(", "category", "c0", ")",
5541 			"(", "sensitivity", "s0", ")",
5542 			"(", "user", "system_u", ")",
5543 			"(", "role", "role_r", ")",
5544 			"(", "type", "type_t", ")",
5545 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5546 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5547 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
5548 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
5549 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
5550 
5551 	struct cil_tree *test_tree;
5552 	gen_test_tree(&test_tree, line);
5553 
5554 	struct cil_db *test_db;
5555 	cil_db_init(&test_db);
5556 
5557 	uint32_t changed = CIL_FALSE;
5558 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5559 
5560 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5561 
5562 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5563 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5564 }
5565 
test_cil_resolve_call1_level_anon_neg(CuTest * tc)5566 void test_cil_resolve_call1_level_anon_neg(CuTest *tc) {
5567 	char *line[] = {"(", "category", "c0", ")",
5568 			"(", "sensitivity", "s0", ")",
5569 			"(", "user", "system_u", ")",
5570 			"(", "role", "role_r", ")",
5571 			"(", "type", "type_t", ")",
5572 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5573 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5574 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
5575 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
5576 			"(", "call", "mm", "(", "(", "s0", "(", "c0", "(", "c5", ")", ")", ")", ")", ")", NULL};
5577 
5578 	struct cil_tree *test_tree;
5579 	gen_test_tree(&test_tree, line);
5580 
5581 	struct cil_db *test_db;
5582 	cil_db_init(&test_db);
5583 
5584 	uint32_t changed = CIL_FALSE;
5585 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5586 
5587 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5588 
5589 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5590 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5591 }
5592 
test_cil_resolve_call1_ipaddr(CuTest * tc)5593 void test_cil_resolve_call1_ipaddr(CuTest *tc) {
5594 	char *line[] = {"(", "category", "c0", ")",
5595 			"(", "sensitivity", "s0", ")",
5596 			"(", "user", "system_u", ")",
5597 			"(", "role", "role_r", ")",
5598 			"(", "type", "type_t", ")",
5599 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5600 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5601 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5602 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
5603 			"(", "ipaddr", "ip", "192.168.0.1", ")",
5604 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5605 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
5606 			"(", "call", "mm", "(", "ip", ")", ")", NULL};
5607 
5608 	struct cil_tree *test_tree;
5609 	gen_test_tree(&test_tree, line);
5610 
5611 	struct cil_db *test_db;
5612 	cil_db_init(&test_db);
5613 
5614 	uint32_t changed = CIL_FALSE;
5615 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5616 
5617 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5618 
5619 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
5620 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5621 }
5622 
test_cil_resolve_call1_ipaddr_anon(CuTest * tc)5623 void test_cil_resolve_call1_ipaddr_anon(CuTest *tc) {
5624 	char *line[] = {"(", "category", "c0", ")",
5625 			"(", "sensitivity", "s0", ")",
5626 			"(", "user", "system_u", ")",
5627 			"(", "role", "role_r", ")",
5628 			"(", "type", "type_t", ")",
5629 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5630 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5631 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5632 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
5633 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5634 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
5635 			"(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
5636 
5637 	struct cil_tree *test_tree;
5638 	gen_test_tree(&test_tree, line);
5639 
5640 	struct cil_db *test_db;
5641 	cil_db_init(&test_db);
5642 
5643 	uint32_t changed = CIL_FALSE;
5644 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5645 
5646 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5647 
5648 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5649 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5650 }
5651 
test_cil_resolve_call1_ipaddr_anon_neg(CuTest * tc)5652 void test_cil_resolve_call1_ipaddr_anon_neg(CuTest *tc) {
5653 	char *line[] = {"(", "category", "c0", ")",
5654 			"(", "sensitivity", "s0", ")",
5655 			"(", "user", "system_u", ")",
5656 			"(", "role", "role_r", ")",
5657 			"(", "type", "type_t", ")",
5658 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
5659 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
5660 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
5661 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
5662 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
5663 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
5664 			"(", "call", "mm", "(", "(", "192.1.1", ")", ")", ")", NULL};
5665 
5666 	struct cil_tree *test_tree;
5667 	gen_test_tree(&test_tree, line);
5668 
5669 	struct cil_db *test_db;
5670 	cil_db_init(&test_db);
5671 
5672 	uint32_t changed = CIL_FALSE;
5673 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5674 
5675 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5676 
5677 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
5678 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5679 }
5680 
test_cil_resolve_call1_class(CuTest * tc)5681 void test_cil_resolve_call1_class(CuTest *tc) {
5682 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5683 			"(", "class", "file", "(", "read", ")", ")",
5684 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5685 				"(", "class", "b", "(", "read", ")", ")",
5686 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5687 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
5688 
5689 	struct cil_tree *test_tree;
5690 	gen_test_tree(&test_tree, line);
5691 
5692 	struct cil_db *test_db;
5693 	cil_db_init(&test_db);
5694 
5695 	uint32_t changed = CIL_FALSE;
5696 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5697 
5698 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5699 
5700 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5701 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5702 }
5703 
test_cil_resolve_call1_classmap(CuTest * tc)5704 void test_cil_resolve_call1_classmap(CuTest *tc) {
5705 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
5706 			"(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
5707 				"(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
5708 			"(", "call", "mm", "(", "(", "read", ")", ")", ")", NULL};
5709 
5710 	struct cil_tree *test_tree;
5711 	gen_test_tree(&test_tree, line);
5712 
5713 	struct cil_db *test_db;
5714 	cil_db_init(&test_db);
5715 
5716 	uint32_t changed = CIL_FALSE;
5717 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5718 
5719 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5720 
5721 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
5722 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5723 }
5724 
test_cil_resolve_call1_permset(CuTest * tc)5725 void test_cil_resolve_call1_permset(CuTest *tc) {
5726 	char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
5727 			"(", "type", "dead", ")",
5728 			"(", "type", "bar", ")",
5729 			"(", "class", "baz", "(", "close", "read", "open", ")", ")",
5730 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
5731 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
5732 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
5733 
5734 	struct cil_tree *test_tree;
5735 	gen_test_tree(&test_tree, line);
5736 
5737 	struct cil_db *test_db;
5738 	cil_db_init(&test_db);
5739 
5740 	uint32_t changed = CIL_FALSE;
5741 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5742 
5743 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5744 
5745 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
5746 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5747 }
5748 
test_cil_resolve_call1_permset_anon(CuTest * tc)5749 void test_cil_resolve_call1_permset_anon(CuTest *tc) {
5750 	char *line[] = {"(", "type", "dead", ")",
5751 			"(", "type", "bar", ")",
5752 			"(", "class", "baz", "(", "close", "read", "open", ")", ")",
5753 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
5754 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
5755 			"(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
5756 
5757 	struct cil_tree *test_tree;
5758 	gen_test_tree(&test_tree, line);
5759 
5760 	struct cil_db *test_db;
5761 	cil_db_init(&test_db);
5762 
5763 	uint32_t changed = CIL_FALSE;
5764 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5765 
5766 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5767 
5768 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5769 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5770 }
5771 
test_cil_resolve_call1_classpermset_named(CuTest * tc)5772 void test_cil_resolve_call1_classpermset_named(CuTest *tc) {
5773 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5774 			"(", "class", "file", "(", "open", ")", ")",
5775 			"(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
5776 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5777 				"(", "classmapping", "files", "read", "a", ")", ")",
5778 			"(", "call", "mm", "(", "char_w", ")", ")", NULL};
5779 
5780 	struct cil_tree *test_tree;
5781 	gen_test_tree(&test_tree, line);
5782 
5783 	struct cil_db *test_db;
5784 	cil_db_init(&test_db);
5785 
5786 	uint32_t changed = CIL_FALSE;
5787 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5788 
5789 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5790 
5791 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
5792 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5793 }
5794 
test_cil_resolve_call1_classpermset_anon(CuTest * tc)5795 void test_cil_resolve_call1_classpermset_anon(CuTest *tc) {
5796 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5797 			"(", "class", "file", "(", "open", ")", ")",
5798 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5799 				"(", "classmapping", "files", "read", "a", ")", ")",
5800 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
5801 
5802 	struct cil_tree *test_tree;
5803 	gen_test_tree(&test_tree, line);
5804 
5805 	struct cil_db *test_db;
5806 	cil_db_init(&test_db);
5807 
5808 	uint32_t changed = CIL_FALSE;
5809 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5810 
5811 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5812 
5813 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5814 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5815 }
5816 
test_cil_resolve_call1_classpermset_anon_neg(CuTest * tc)5817 void test_cil_resolve_call1_classpermset_anon_neg(CuTest *tc) {
5818 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
5819 			"(", "class", "file", "(", "open", ")", ")",
5820 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
5821 				"(", "classmapping", "files", "read", "a", ")", ")",
5822 			"(", "call", "mm", "(", "(", "file", "(", ")", ")", ")", ")", NULL};
5823 
5824 	struct cil_tree *test_tree;
5825 	gen_test_tree(&test_tree, line);
5826 
5827 	struct cil_db *test_db;
5828 	cil_db_init(&test_db);
5829 
5830 	uint32_t changed = CIL_FALSE;
5831 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5832 
5833 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5834 
5835 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5836 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5837 }
5838 
test_cil_resolve_call1_unknown_neg(CuTest * tc)5839 void test_cil_resolve_call1_unknown_neg(CuTest *tc) {
5840 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5841 			"(", "class", "file", "(", "read", ")", ")",
5842 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5843 				"(", "class", "b", "(", "read", ")", ")",
5844 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5845 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
5846 
5847 	struct cil_tree *test_tree;
5848 	gen_test_tree(&test_tree, line);
5849 
5850 	struct cil_db *test_db;
5851 	cil_db_init(&test_db);
5852 
5853 	uint32_t changed = CIL_FALSE;
5854 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5855 
5856 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5857 
5858 	struct cil_tree_node *macro_node = NULL;
5859 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
5860 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro = (struct cil_macro*)macro_node->data;
5861 	free(((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str);
5862 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro_str = NULL;
5863 
5864 	((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data)->macro->params->head->flavor = CIL_NETIFCON;
5865 
5866 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5867 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5868 }
5869 
test_cil_resolve_call1_unknowncall_neg(CuTest * tc)5870 void test_cil_resolve_call1_unknowncall_neg(CuTest *tc) {
5871 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5872 			"(", "class", "file", "(", "read", ")", ")",
5873 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5874 				"(", "class", "b", "(", "read", ")", ")",
5875 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5876 			"(", "call", "m", "(", "foo", ")", ")", NULL};
5877 
5878 	struct cil_tree *test_tree;
5879 	gen_test_tree(&test_tree, line);
5880 
5881 	struct cil_db *test_db;
5882 	cil_db_init(&test_db);
5883 
5884 	uint32_t changed = CIL_FALSE;
5885 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5886 
5887 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5888 
5889 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5890 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
5891 }
5892 
test_cil_resolve_call1_extraargs_neg(CuTest * tc)5893 void test_cil_resolve_call1_extraargs_neg(CuTest *tc) {
5894 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
5895 			"(", "class", "file", "(", "read", ")", ")",
5896 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
5897 				"(", "class", "b", "(", "read", ")", ")",
5898 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5899 			"(", "call", "mm", "(", "foo", "bar", ")", ")", NULL};
5900 
5901 	struct cil_tree *test_tree;
5902 	gen_test_tree(&test_tree, line);
5903 
5904 	struct cil_db *test_db;
5905 	cil_db_init(&test_db);
5906 
5907 	uint32_t changed = CIL_FALSE;
5908 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5909 
5910 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5911 
5912 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5913 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5914 }
5915 
test_cil_resolve_call1_copy_dup(CuTest * tc)5916 void test_cil_resolve_call1_copy_dup(CuTest *tc) {
5917 	char *line[] = {"(", "type", "qaz", ")",
5918 			"(", "class", "file", "(", "read", ")", ")",
5919 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5920 				"(", "type", "qaz", ")",
5921 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5922 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
5923 
5924 	struct cil_tree *test_tree;
5925 	gen_test_tree(&test_tree, line);
5926 
5927 	struct cil_db *test_db;
5928 	cil_db_init(&test_db);
5929 
5930 	uint32_t changed = CIL_FALSE;
5931 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5932 
5933 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5934 
5935 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5936 	CuAssertIntEquals(tc, SEPOL_OK, rc);
5937 }
5938 
test_cil_resolve_call1_missing_arg_neg(CuTest * tc)5939 void test_cil_resolve_call1_missing_arg_neg(CuTest *tc) {
5940 	char *line[] = {"(", "category", "c0", ")",
5941 			"(", "sensitivity", "s0", ")",
5942 			"(", "user", "system_u", ")",
5943 			"(", "role", "role_r", ")",
5944 			"(", "type", "type_t", ")",
5945 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
5946 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
5947 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
5948 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
5949 			"(", "call", "mm", "(", "l", ")", ")", NULL};
5950 
5951 	struct cil_tree *test_tree;
5952 	gen_test_tree(&test_tree, line);
5953 
5954 	struct cil_db *test_db;
5955 	cil_db_init(&test_db);
5956 
5957 	uint32_t changed = CIL_FALSE;
5958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5959 
5960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5961 
5962 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
5963 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5964 }
5965 
test_cil_resolve_call1_paramsflavor_neg(CuTest * tc)5966 void test_cil_resolve_call1_paramsflavor_neg(CuTest *tc) {
5967 	char *line[] = {"(", "type", "qaz", ")",
5968 			"(", "class", "file", "(", "read", ")", ")",
5969 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
5970 				"(", "type", "b", ")",
5971 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
5972 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
5973 
5974 	struct cil_tree *test_tree;
5975 	gen_test_tree(&test_tree, line);
5976 
5977 	struct cil_db *test_db;
5978 	cil_db_init(&test_db);
5979 
5980 	uint32_t changed = CIL_FALSE;
5981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
5982 
5983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
5984 
5985 	struct cil_tree_node *macro_node = NULL;
5986 
5987 	struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
5988 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
5989 	new_call->macro = (struct cil_macro*)macro_node->data;
5990 	struct cil_list_item *item = new_call->macro->params->head;
5991 	item->flavor = CIL_CONTEXT;
5992 
5993 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
5994 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
5995 }
5996 
test_cil_resolve_call1_unknownflavor_neg(CuTest * tc)5997 void test_cil_resolve_call1_unknownflavor_neg(CuTest *tc) {
5998 	char *line[] = {"(", "type", "qaz", ")",
5999 			"(", "class", "file", "(", "read", ")", ")",
6000 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6001 				"(", "type", "b", ")",
6002 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6003 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6004 
6005 	struct cil_tree *test_tree;
6006 	gen_test_tree(&test_tree, line);
6007 
6008 	struct cil_db *test_db;
6009 	cil_db_init(&test_db);
6010 
6011 	uint32_t changed = CIL_FALSE;
6012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6013 
6014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6015 
6016 	struct cil_tree_node *macro_node = NULL;
6017 
6018 	struct cil_call *new_call = ((struct cil_call*)test_db->ast->root->cl_head->next->next->next->data);
6019 	cil_resolve_name(test_db->ast->root->cl_head->next->next->next, new_call->macro_str, CIL_SYM_BLOCKS, args, &macro_node);
6020 	new_call->macro = (struct cil_macro*)macro_node->data;
6021 	struct cil_list_item *item = new_call->macro->params->head;
6022 	((struct cil_param*)item->data)->flavor = CIL_CONTEXT;
6023 
6024 	int rc = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6025 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6026 }
6027 
test_cil_resolve_call2_type(CuTest * tc)6028 void test_cil_resolve_call2_type(CuTest *tc) {
6029 	char *line[] = {"(", "type", "qaz", ")",
6030 			"(", "class", "file", "(", "read", ")", ")",
6031 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6032 				"(", "type", "b", ")",
6033 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6034 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6035 
6036 	struct cil_tree *test_tree;
6037 	gen_test_tree(&test_tree, line);
6038 
6039 	struct cil_db *test_db;
6040 	cil_db_init(&test_db);
6041 
6042 	uint32_t changed = CIL_FALSE;
6043 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6044 
6045 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6046 
6047 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6048 
6049 	args->pass = CIL_PASS_CALL2;
6050 
6051 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6052 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6053 }
6054 
test_cil_resolve_call2_role(CuTest * tc)6055 void test_cil_resolve_call2_role(CuTest *tc) {
6056 	char *line[] = {"(", "role", "role_r", ")",
6057 			"(", "class", "file", "(", "read", ")", ")",
6058 			"(", "macro", "mm", "(", "(", "role", "a", ")", ")",
6059 				"(", "role", "b", ")",
6060 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6061 			"(", "call", "mm", "(", "role_r", ")", ")", NULL};
6062 
6063 	struct cil_tree *test_tree;
6064 	gen_test_tree(&test_tree, line);
6065 
6066 	struct cil_db *test_db;
6067 	cil_db_init(&test_db);
6068 
6069 	uint32_t changed = CIL_FALSE;
6070 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6071 
6072 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6073 
6074 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6075 
6076 	args->pass = CIL_PASS_CALL2;
6077 
6078 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6079 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6080 }
6081 
test_cil_resolve_call2_user(CuTest * tc)6082 void test_cil_resolve_call2_user(CuTest *tc) {
6083 	char *line[] = {"(", "user", "user_u", ")",
6084 			"(", "class", "file", "(", "read", ")", ")",
6085 			"(", "macro", "mm", "(", "(", "user", "a", ")", ")",
6086 				"(", "user", "b", ")",
6087 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6088 			"(", "call", "mm", "(", "user_u", ")", ")", NULL};
6089 
6090 	struct cil_tree *test_tree;
6091 	gen_test_tree(&test_tree, line);
6092 
6093 	struct cil_db *test_db;
6094 	cil_db_init(&test_db);
6095 
6096 	uint32_t changed = CIL_FALSE;
6097 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6098 
6099 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6100 
6101 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6102 
6103 	args->pass = CIL_PASS_CALL2;
6104 
6105 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6106 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6107 }
6108 
test_cil_resolve_call2_sens(CuTest * tc)6109 void test_cil_resolve_call2_sens(CuTest *tc) {
6110 	char *line[] = {"(", "sensitivity", "sens", ")",
6111 			"(", "class", "file", "(", "read", ")", ")",
6112 			"(", "macro", "mm", "(", "(", "sensitivity", "a", ")", ")",
6113 				"(", "sensitivity", "b", ")",
6114 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6115 			"(", "call", "mm", "(", "sens", ")", ")", NULL};
6116 
6117 	struct cil_tree *test_tree;
6118 	gen_test_tree(&test_tree, line);
6119 
6120 	struct cil_db *test_db;
6121 	cil_db_init(&test_db);
6122 
6123 	uint32_t changed = CIL_FALSE;
6124 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6125 
6126 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6127 
6128 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6129 
6130 	args->pass = CIL_PASS_CALL2;
6131 
6132 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6133 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6134 }
6135 
test_cil_resolve_call2_cat(CuTest * tc)6136 void test_cil_resolve_call2_cat(CuTest *tc) {
6137 	char *line[] = {"(", "category", "c0", ")",
6138 			"(", "class", "file", "(", "read", ")", ")",
6139 			"(", "macro", "mm", "(", "(", "category", "a", ")", ")",
6140 				"(", "category", "b", ")",
6141 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6142 			"(", "call", "mm", "(", "c0", ")", ")", NULL};
6143 
6144 	struct cil_tree *test_tree;
6145 	gen_test_tree(&test_tree, line);
6146 
6147 	struct cil_db *test_db;
6148 	cil_db_init(&test_db);
6149 
6150 	uint32_t changed = CIL_FALSE;
6151 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6152 
6153 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6154 
6155 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6156 
6157 	args->pass = CIL_PASS_CALL2;
6158 
6159 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6160 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6161 }
6162 
test_cil_resolve_call2_catset(CuTest * tc)6163 void test_cil_resolve_call2_catset(CuTest *tc) {
6164 	char *line[] = {"(", "category", "c0", ")",
6165 			"(", "category", "c1", ")",
6166 			"(", "category", "c2", ")",
6167 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")",
6168 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
6169 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
6170 			"(", "call", "mm", "(", "somecats", ")", ")", NULL};
6171 
6172 	struct cil_tree *test_tree;
6173 	gen_test_tree(&test_tree, line);
6174 
6175 	struct cil_db *test_db;
6176 	cil_db_init(&test_db);
6177 
6178 	uint32_t changed = CIL_FALSE;
6179 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6180 
6181 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6182 
6183 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
6184 
6185 	args->pass = CIL_PASS_CALL2;
6186 
6187 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
6188 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6189 }
6190 
test_cil_resolve_call2_catset_anon(CuTest * tc)6191 void test_cil_resolve_call2_catset_anon(CuTest *tc) {
6192 	char *line[] = {"(", "category", "c0", ")",
6193 			"(", "category", "c1", ")",
6194 			"(", "category", "c2", ")",
6195 			"(", "macro", "mm", "(", "(", "categoryset",  "foo", ")", ")",
6196 				"(", "level", "bar", "(", "s0", "foo", ")", ")", ")",
6197 			"(", "call", "mm", "(", "(", "c0", "c1", "c2", ")", ")", ")", NULL};
6198 
6199 	struct cil_tree *test_tree;
6200 	gen_test_tree(&test_tree, line);
6201 
6202 	struct cil_db *test_db;
6203 	cil_db_init(&test_db);
6204 
6205 	uint32_t changed = CIL_FALSE;
6206 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6207 
6208 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6209 
6210 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6211 
6212 	args->pass = CIL_PASS_CALL2;
6213 
6214 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6215 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6216 }
6217 
test_cil_resolve_call2_permset(CuTest * tc)6218 void test_cil_resolve_call2_permset(CuTest *tc) {
6219 	char *line[] = {"(", "permissionset", "foo", "(", "read", "open", ")", ")",
6220 			"(", "class", "dead", "(", "close", ")", ")",
6221 			"(", "class", "bar", "(", "close", ")", ")",
6222 			"(", "class", "baz", "(", "close", ")", ")",
6223 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
6224 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
6225 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
6226 
6227 	struct cil_tree *test_tree;
6228 	gen_test_tree(&test_tree, line);
6229 
6230 	struct cil_db *test_db;
6231 	cil_db_init(&test_db);
6232 
6233 	uint32_t changed = CIL_FALSE;
6234 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6235 
6236 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6237 
6238 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
6239 
6240 	args->pass = CIL_PASS_CALL2;
6241 
6242 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
6243 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6244 }
6245 
test_cil_resolve_call2_permset_anon(CuTest * tc)6246 void test_cil_resolve_call2_permset_anon(CuTest *tc) {
6247 	char *line[] = {"(", "class", "dead", "(", "close", ")", ")",
6248 			"(", "class", "bar", "(", "close", ")", ")",
6249 			"(", "class", "baz", "(", "close", ")", ")",
6250 			"(", "macro", "mm", "(", "(", "permissionset", "a", ")", ")",
6251 				"(", "allow", "dead", "bar", "(", "baz", "a", ")", ")", ")",
6252 			"(", "call", "mm", "(", "(", "read", "open", ")", ")", ")", NULL};
6253 
6254 	struct cil_tree *test_tree;
6255 	gen_test_tree(&test_tree, line);
6256 
6257 	struct cil_db *test_db;
6258 	cil_db_init(&test_db);
6259 
6260 	uint32_t changed = CIL_FALSE;
6261 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6262 
6263 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6264 
6265 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6266 
6267 	args->pass = CIL_PASS_CALL2;
6268 
6269 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6270 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6271 }
6272 
test_cil_resolve_call2_classpermset_named(CuTest * tc)6273 void test_cil_resolve_call2_classpermset_named(CuTest *tc) {
6274 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
6275 			"(", "class", "file", "(", "open", ")", ")",
6276 			"(", "classpermissionset", "char_w", "(", "file", "(", "open", ")", ")", ")",
6277 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
6278 				"(", "classmapping", "files", "read", "a", ")", ")",
6279 			"(", "call", "mm", "(", "char_w", ")", ")", NULL};
6280 
6281 	struct cil_tree *test_tree;
6282 	gen_test_tree(&test_tree, line);
6283 
6284 	struct cil_db *test_db;
6285 	cil_db_init(&test_db);
6286 
6287 	uint32_t changed = CIL_FALSE;
6288 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6289 
6290 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6291 
6292 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next, args);
6293 
6294 	args->pass = CIL_PASS_CALL2;
6295 
6296 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next, args);
6297 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6298 }
6299 
test_cil_resolve_call2_classpermset_anon(CuTest * tc)6300 void test_cil_resolve_call2_classpermset_anon(CuTest *tc) {
6301 	char *line[] = {"(", "classmap", "files", "(", "read", ")", ")",
6302 			"(", "class", "file", "(", "open", ")", ")",
6303 			"(", "macro", "mm", "(", "(", "classpermissionset", "a", ")", ")",
6304 				"(", "classmapping", "files", "read", "a", ")", ")",
6305 			"(", "call", "mm", "(", "(", "file", "(", "open", ")", ")", ")", ")", NULL};
6306 
6307 	struct cil_tree *test_tree;
6308 	gen_test_tree(&test_tree, line);
6309 
6310 	struct cil_db *test_db;
6311 	cil_db_init(&test_db);
6312 
6313 	uint32_t changed = CIL_FALSE;
6314 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6315 
6316 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6317 
6318 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6319 
6320 	args->pass = CIL_PASS_CALL2;
6321 
6322 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6323 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6324 }
6325 
test_cil_resolve_call2_class(CuTest * tc)6326 void test_cil_resolve_call2_class(CuTest *tc) {
6327 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
6328 			"(", "class", "file", "(", "read", ")", ")",
6329 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
6330 				"(", "class", "b", "(", "read", ")", ")",
6331 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6332 			"(", "call", "mm", "(", "foo", ")", ")", NULL};
6333 
6334 	struct cil_tree *test_tree;
6335 	gen_test_tree(&test_tree, line);
6336 
6337 	struct cil_db *test_db;
6338 	cil_db_init(&test_db);
6339 
6340 	uint32_t changed = CIL_FALSE;
6341 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6342 
6343 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6344 
6345 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6346 
6347 	args->pass = CIL_PASS_CALL2;
6348 
6349 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6350 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6351 }
6352 
test_cil_resolve_call2_classmap(CuTest * tc)6353 void test_cil_resolve_call2_classmap(CuTest *tc) {
6354 	char *line[] = {"(", "class", "file", "(", "open", ")", ")",
6355 			"(", "classmap", "files", "(", "read", ")", ")",
6356 			"(", "macro", "mm", "(", "(", "classmap", "a", ")", ")",
6357 				"(", "classmapping", "a", "read", "(", "file", "(", "open", ")", ")", ")", ")",
6358 			"(", "call", "mm", "(", "files", ")", ")", NULL};
6359 
6360 	struct cil_tree *test_tree;
6361 	gen_test_tree(&test_tree, line);
6362 
6363 	struct cil_db *test_db;
6364 	cil_db_init(&test_db);
6365 
6366 	uint32_t changed = CIL_FALSE;
6367 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6368 
6369 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6370 
6371 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6372 
6373 	args->pass = CIL_PASS_CALL2;
6374 
6375 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6376 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6377 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
6378 }
6379 
test_cil_resolve_call2_level(CuTest * tc)6380 void test_cil_resolve_call2_level(CuTest *tc) {
6381 	char *line[] = {"(", "category", "c0", ")",
6382 			"(", "sensitivity", "s0", ")",
6383 			"(", "user", "system_u", ")",
6384 			"(", "role", "role_r", ")",
6385 			"(", "type", "type_t", ")",
6386 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6387 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6388 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6389 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6390 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6391 
6392 	struct cil_tree *test_tree;
6393 	gen_test_tree(&test_tree, line);
6394 
6395 	struct cil_db *test_db;
6396 	cil_db_init(&test_db);
6397 
6398 	uint32_t changed = CIL_FALSE;
6399 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6400 
6401 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6402 
6403 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6404 
6405 	args->pass = CIL_PASS_CALL2;
6406 
6407 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6408 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6409 }
6410 
test_cil_resolve_call2_level_anon(CuTest * tc)6411 void test_cil_resolve_call2_level_anon(CuTest *tc) {
6412 	char *line[] = {"(", "category", "c0", ")",
6413 			"(", "sensitivity", "s0", ")",
6414 			"(", "user", "system_u", ")",
6415 			"(", "role", "role_r", ")",
6416 			"(", "type", "type_t", ")",
6417 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6418 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6419 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", ")",
6420 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "h", ")", ")", ")", ")",
6421 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
6422 
6423 	struct cil_tree *test_tree;
6424 	gen_test_tree(&test_tree, line);
6425 
6426 	struct cil_db *test_db;
6427 	cil_db_init(&test_db);
6428 
6429 	uint32_t changed = CIL_FALSE;
6430 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6431 
6432 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6433 
6434 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6435 
6436 	args->pass = CIL_PASS_CALL2;
6437 
6438 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6439 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6440 }
6441 
test_cil_resolve_call2_ipaddr(CuTest * tc)6442 void test_cil_resolve_call2_ipaddr(CuTest *tc) {
6443 	char *line[] = {"(", "category", "c0", ")",
6444 			"(", "sensitivity", "s0", ")",
6445 			"(", "user", "system_u", ")",
6446 			"(", "role", "role_r", ")",
6447 			"(", "type", "type_t", ")",
6448 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
6449 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
6450 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
6451 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
6452 			"(", "ipaddr", "ip", "192.168.0.1", ")",
6453 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
6454 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
6455 			"(", "call", "mm", "(", "ip", ")", ")", NULL};
6456 
6457 	struct cil_tree *test_tree;
6458 	gen_test_tree(&test_tree, line);
6459 
6460 	struct cil_db *test_db;
6461 	cil_db_init(&test_db);
6462 
6463 	uint32_t changed = CIL_FALSE;
6464 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6465 
6466 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6467 
6468 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
6469 
6470 	args->pass = CIL_PASS_CALL2;
6471 
6472 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next->next, args);
6473 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6474 }
6475 
test_cil_resolve_call2_ipaddr_anon(CuTest * tc)6476 void test_cil_resolve_call2_ipaddr_anon(CuTest *tc) {
6477 	char *line[] = {"(", "category", "c0", ")",
6478 			"(", "sensitivity", "s0", ")",
6479 			"(", "user", "system_u", ")",
6480 			"(", "role", "role_r", ")",
6481 			"(", "type", "type_t", ")",
6482 			"(", "level", "lvl_l", "(", "s0", "(", "c0", ")", ")", ")",
6483 			"(", "level", "lvl_h", "(", "s0", "(", "c0", ")", ")", ")",
6484 			"(", "context", "con", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")",
6485 			"(", "ipaddr", "netmask", "192.168.0.1", ")",
6486 			"(", "macro", "mm", "(", "(", "ipaddr", "addr", ")", ")",
6487 				"(", "nodecon", "addr", "netmask", "con", ")", ")",
6488 			"(", "call", "mm", "(", "(", "192.168.1.1", ")", ")", ")", NULL};
6489 
6490 	struct cil_tree *test_tree;
6491 	gen_test_tree(&test_tree, line);
6492 
6493 	struct cil_db *test_db;
6494 	cil_db_init(&test_db);
6495 
6496 	uint32_t changed = CIL_FALSE;
6497 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6498 
6499 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6500 
6501 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
6502 
6503 	args->pass = CIL_PASS_CALL2;
6504 
6505 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, args);
6506 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6507 }
6508 
test_cil_resolve_call2_unknown_neg(CuTest * tc)6509 void test_cil_resolve_call2_unknown_neg(CuTest *tc) {
6510 	char *line[] = {"(", "category", "c0", ")",
6511 			"(", "sensitivity", "s0", ")",
6512 			"(", "user", "system_u", ")",
6513 			"(", "role", "role_r", ")",
6514 			"(", "type", "type_t", ")",
6515 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6516 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6517 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6518 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6519 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6520 
6521 	struct cil_tree *test_tree;
6522 	gen_test_tree(&test_tree, line);
6523 
6524 	struct cil_db *test_db;
6525 	cil_db_init(&test_db);
6526 
6527 	uint32_t changed = CIL_FALSE;
6528 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6529 
6530 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6531 
6532 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6533 	((struct cil_args*)((struct cil_list_item *)((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data)->args->head)->data)->flavor = CIL_SYM_UNKNOWN;
6534 
6535 	args->pass = CIL_PASS_CALL2;
6536 
6537 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6538 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6539 }
6540 
test_cil_resolve_call2_name_neg(CuTest * tc)6541 void test_cil_resolve_call2_name_neg(CuTest *tc) {
6542 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")",
6543 			"(", "class", "file", "(", "read", ")", ")",
6544 			"(", "macro", "mm", "(", "(", "class", "a", ")", ")",
6545 				"(", "class", "b", "(", "read", ")", ")",
6546 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6547 			"(", "call", "mm", ")", NULL};
6548 
6549 	struct cil_tree *test_tree;
6550 	gen_test_tree(&test_tree, line);
6551 
6552 	struct cil_db *test_db;
6553 	cil_db_init(&test_db);
6554 
6555 	uint32_t changed = CIL_FALSE;
6556 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6557 
6558 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6559 
6560 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6561 
6562 	args->pass = CIL_PASS_CALL2;
6563 
6564 	int rc = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6565 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6566 }
6567 
test_cil_resolve_name_call_args(CuTest * tc)6568 void test_cil_resolve_name_call_args(CuTest *tc) {
6569 	char *line[] = {"(", "type", "qaz", ")",
6570 			"(", "class", "file", "(", "read", ")", ")",
6571 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6572 				"(", "type", "b", ")",
6573 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6574 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6575 
6576 	struct cil_tree *test_tree;
6577 	gen_test_tree(&test_tree, line);
6578 
6579 	struct cil_db *test_db;
6580 	cil_db_init(&test_db);
6581 
6582 	uint32_t changed = CIL_FALSE;
6583 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6584 
6585 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6586 
6587 	struct cil_tree_node *test_node;
6588 	cil_tree_node_init(&test_node);
6589 
6590 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6591 
6592 	args->pass = CIL_PASS_CALL2;
6593 
6594 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6595 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "a", CIL_SYM_TYPES, &test_node);
6596 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6597 }
6598 
test_cil_resolve_name_call_args_multipleparams(CuTest * tc)6599 void test_cil_resolve_name_call_args_multipleparams(CuTest *tc) {
6600 	char *line[] = {"(", "category", "c0", ")",
6601 			"(", "sensitivity", "s0", ")",
6602 			"(", "user", "system_u", ")",
6603 			"(", "role", "role_r", ")",
6604 			"(", "type", "type_t", ")",
6605 			"(", "level", "l", "(", "s0", "(", "c0", ")", ")", ")",
6606 			"(", "level", "h", "(", "s0", "(", "c0", ")", ")", ")",
6607 			"(", "macro", "mm", "(", "(", "level", "lvl_l", ")", "(", "level", "lvl_h", ")", ")",
6608 				"(", "context", "foo", "(", "system_u", "role_r", "type_t", "(", "lvl_l", "lvl_h", ")", ")", ")", ")",
6609 			"(", "call", "mm", "(", "l", "h", ")", ")", NULL};
6610 
6611 	struct cil_tree *test_tree;
6612 	gen_test_tree(&test_tree, line);
6613 
6614 	struct cil_db *test_db;
6615 	cil_db_init(&test_db);
6616 
6617 	uint32_t changed = CIL_FALSE;
6618 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6619 
6620 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6621 
6622 	struct cil_tree_node *test_node;
6623 	cil_tree_node_init(&test_node);
6624 
6625 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6626 
6627 	args->pass = CIL_PASS_CALL2;
6628 
6629 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, args);
6630 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->data, "lvl_h", CIL_SYM_LEVELS, &test_node);
6631 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6632 }
6633 
test_cil_resolve_name_call_args_diffflavor(CuTest * tc)6634 void test_cil_resolve_name_call_args_diffflavor(CuTest *tc) {
6635 	char *line[] = {"(", "type", "qaz", ")",
6636 			"(", "class", "file", "(", "read", ")", ")",
6637 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6638 				"(", "type", "b", ")",
6639 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6640 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6641 
6642 	struct cil_tree *test_tree;
6643 	gen_test_tree(&test_tree, line);
6644 
6645 	struct cil_db *test_db;
6646 	cil_db_init(&test_db);
6647 
6648 	uint32_t changed = CIL_FALSE;
6649 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6650 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6651 
6652 	struct cil_tree_node *test_node;
6653 	cil_tree_node_init(&test_node);
6654 
6655 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6656 
6657 	args->pass = CIL_PASS_CALL2;
6658 
6659 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6660 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qaz", CIL_LEVEL, &test_node);
6661 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6662 }
6663 
test_cil_resolve_name_call_args_callnull_neg(CuTest * tc)6664 void test_cil_resolve_name_call_args_callnull_neg(CuTest *tc) {
6665 	char *line[] = {"(", "type", "qaz", ")",
6666 			"(", "class", "file", "(", "read", ")", ")",
6667 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6668 				"(", "type", "b", ")",
6669 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6670 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6671 
6672 	struct cil_tree *test_tree;
6673 	gen_test_tree(&test_tree, line);
6674 
6675 	struct cil_db *test_db;
6676 	cil_db_init(&test_db);
6677 
6678 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6679 
6680 	uint32_t changed = CIL_FALSE;
6681 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6682 
6683 	struct cil_tree_node *test_node;
6684 	cil_tree_node_init(&test_node);
6685 
6686 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6687 
6688 	args->pass = CIL_PASS_CALL2;
6689 
6690 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6691 	int rc = cil_resolve_name_call_args(NULL, "qaz", CIL_LEVEL, &test_node);
6692 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6693 }
6694 
test_cil_resolve_name_call_args_namenull_neg(CuTest * tc)6695 void test_cil_resolve_name_call_args_namenull_neg(CuTest *tc) {
6696 	char *line[] = {"(", "type", "qaz", ")",
6697 			"(", "class", "file", "(", "read", ")", ")",
6698 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6699 				"(", "type", "b", ")",
6700 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6701 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
6702 
6703 	struct cil_tree *test_tree;
6704 	gen_test_tree(&test_tree, line);
6705 
6706 	struct cil_db *test_db;
6707 	cil_db_init(&test_db);
6708 
6709 	uint32_t changed = CIL_FALSE;
6710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6711 
6712 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6713 
6714 	struct cil_tree_node *test_node;
6715 	cil_tree_node_init(&test_node);
6716 
6717 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6718 
6719 	args->pass = CIL_PASS_CALL2;
6720 
6721 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6722 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, NULL, CIL_LEVEL, &test_node);
6723 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6724 }
6725 
test_cil_resolve_name_call_args_callargsnull_neg(CuTest * tc)6726 void test_cil_resolve_name_call_args_callargsnull_neg(CuTest *tc) {
6727 	char *line[] = {"(", "type", "qaz", ")",
6728 			"(", "class", "file", "(", "read", ")", ")",
6729 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6730 				"(", "type", "b", ")",
6731 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6732 			"(", "call", "mm", ")", NULL};
6733 
6734 	struct cil_tree *test_tree;
6735 	gen_test_tree(&test_tree, line);
6736 
6737 	struct cil_db *test_db;
6738 	cil_db_init(&test_db);
6739 
6740 	uint32_t changed = CIL_FALSE;
6741 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6742 
6743 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6744 
6745 	struct cil_tree_node *test_node;
6746 	cil_tree_node_init(&test_node);
6747 
6748 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6749 
6750 	args->pass = CIL_PASS_CALL2;
6751 
6752 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6753 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_LEVEL, &test_node);
6754 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6755 }
6756 
test_cil_resolve_name_call_args_name_neg(CuTest * tc)6757 void test_cil_resolve_name_call_args_name_neg(CuTest *tc) {
6758 	char *line[] = {"(", "type", "qaz", ")",
6759 			"(", "class", "file", "(", "read", ")", ")",
6760 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
6761 				"(", "type", "b", ")",
6762 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
6763 			"(", "call", "mm", "(", "baz", ")", ")", NULL};
6764 
6765 	struct cil_tree *test_tree;
6766 	gen_test_tree(&test_tree, line);
6767 
6768 	struct cil_db *test_db;
6769 	cil_db_init(&test_db);
6770 
6771 	uint32_t changed = CIL_FALSE;
6772 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
6773 
6774 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6775 
6776 	struct cil_tree_node *test_node = NULL;
6777 	//cil_tree_node_init(&test_node);
6778 
6779 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
6780 
6781 	args->pass = CIL_PASS_CALL2;
6782 
6783 	cil_resolve_call2(test_db->ast->root->cl_head->next->next->next, args);
6784 	int rc = cil_resolve_name_call_args((struct cil_call *)test_db->ast->root->cl_head->next->next->next->data, "qas", CIL_TYPE, &test_node);
6785 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6786 }
6787 
test_cil_resolve_expr_stack_bools(CuTest * tc)6788 void test_cil_resolve_expr_stack_bools(CuTest *tc) {
6789 	char *line[] = {"(", "boolean", "foo", "true", ")",
6790 			"(", "boolean", "bar", "false", ")",
6791 			"(", "class", "baz", "(", "read", ")", ")",
6792 			"(", "booleanif", "(", "and", "foo", "bar", ")",
6793 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
6794 
6795 	struct cil_tree *test_tree;
6796 	gen_test_tree(&test_tree, line);
6797 
6798 	struct cil_db *test_db;
6799 	cil_db_init(&test_db);
6800 
6801 	uint32_t changed = CIL_FALSE;
6802 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6803 
6804 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6805 
6806 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6807 
6808 	int rc = cil_resolve_expr_stack(bif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
6809 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6810 }
6811 
test_cil_resolve_expr_stack_tunables(CuTest * tc)6812 void test_cil_resolve_expr_stack_tunables(CuTest *tc) {
6813 	char *line[] = {"(", "tunable", "foo", "true", ")",
6814 			"(", "tunable", "bar", "false", ")",
6815 			"(", "class", "baz", "(", "read", ")", ")",
6816 			"(", "tunableif", "(", "and", "foo", "bar", ")",
6817 			"(", "true",
6818 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6819 
6820 	struct cil_tree *test_tree;
6821 	gen_test_tree(&test_tree, line);
6822 
6823 	struct cil_db *test_db;
6824 	cil_db_init(&test_db);
6825 
6826 	uint32_t changed = CIL_FALSE;
6827 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
6828 
6829 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6830 
6831 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
6832 
6833 	int rc = cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
6834 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6835 }
6836 
test_cil_resolve_expr_stack_type(CuTest * tc)6837 void test_cil_resolve_expr_stack_type(CuTest *tc) {
6838         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6839 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
6840 			"(", "type", "t1", ")",
6841 			"(", "type", "type_t", ")",
6842 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "t1", "type_t", ")", ")", NULL};
6843 
6844 	struct cil_tree *test_tree;
6845 	gen_test_tree(&test_tree, line);
6846 
6847 	struct cil_db *test_db;
6848 	cil_db_init(&test_db);
6849 
6850 	uint32_t changed = CIL_FALSE;
6851 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6852 
6853 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6854 
6855 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6856 
6857 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6858 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6859 }
6860 
test_cil_resolve_expr_stack_role(CuTest * tc)6861 void test_cil_resolve_expr_stack_role(CuTest *tc) {
6862         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6863 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
6864 			"(", "role", "r1", ")",
6865 			"(", "role", "role_r", ")",
6866 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "role_r", ")", ")", NULL};
6867 
6868 	struct cil_tree *test_tree;
6869 	gen_test_tree(&test_tree, line);
6870 
6871 	struct cil_db *test_db;
6872 	cil_db_init(&test_db);
6873 
6874 	uint32_t changed = CIL_FALSE;
6875 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6876 
6877 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6878 
6879 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6880 
6881 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6882 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6883 }
6884 
test_cil_resolve_expr_stack_user(CuTest * tc)6885 void test_cil_resolve_expr_stack_user(CuTest *tc) {
6886         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
6887 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
6888 			"(", "user", "u1", ")",
6889 			"(", "user", "user_u", ")",
6890 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "u1", "user_u", ")", ")", NULL};
6891 
6892 	struct cil_tree *test_tree;
6893 	gen_test_tree(&test_tree, line);
6894 
6895 	struct cil_db *test_db;
6896 	cil_db_init(&test_db);
6897 
6898 	uint32_t changed = CIL_FALSE;
6899 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
6900 
6901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6902 
6903 	struct cil_constrain *cons = (struct cil_constrain*)test_db->ast->root->cl_head->next->next->next->next->data;
6904 
6905 	int rc = cil_resolve_expr_stack(cons->expr, test_db->ast->root->cl_head->next->next->next->next, args);
6906 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6907 }
6908 
test_cil_resolve_expr_stack_neg(CuTest * tc)6909 void test_cil_resolve_expr_stack_neg(CuTest *tc) {
6910 	char *line[] = {"(", "boolean", "foo", "true", ")",
6911 			"(", "boolean", "bar", "false", ")",
6912 			"(", "class", "baz", "(", "read", ")", ")",
6913 			"(", "booleanif", "(", "and", "beef", "baf", ")",
6914 			"(", "true",
6915 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6916 
6917 	struct cil_tree *test_tree;
6918 	gen_test_tree(&test_tree, line);
6919 
6920 	struct cil_db *test_db;
6921 	cil_db_init(&test_db);
6922 
6923 	uint32_t changed = CIL_FALSE;
6924 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6925 
6926 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6927 
6928 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6929 
6930 	int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
6931 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
6932 }
6933 
test_cil_resolve_expr_stack_emptystr_neg(CuTest * tc)6934 void test_cil_resolve_expr_stack_emptystr_neg(CuTest *tc) {
6935 	char *line[] = {"(", "boolean", "foo", "true", ")",
6936 			"(", "boolean", "bar", "false", ")",
6937 			"(", "class", "baz", "(", "read", ")", ")",
6938 			"(", "booleanif", "(", "and", "foo", "bar", ")",
6939 			"(", "true",
6940 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6941 
6942 	struct cil_tree *test_tree;
6943 	gen_test_tree(&test_tree, line);
6944 
6945 	struct cil_db *test_db;
6946 	cil_db_init(&test_db);
6947 
6948 	uint32_t changed = CIL_FALSE;
6949 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6950 
6951 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6952 
6953 	struct cil_booleanif *bif = (struct cil_booleanif*)test_db->ast->root->cl_head->next->next->next->data;
6954 	((struct cil_conditional*)bif->expr_stack->head->data)->str = NULL;
6955 
6956 	int rc = cil_resolve_expr_stack(bif->expr_stack,test_db->ast->root->cl_head->next->next->next, args);
6957 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
6958 }
6959 
test_cil_resolve_boolif(CuTest * tc)6960 void test_cil_resolve_boolif(CuTest *tc) {
6961 	char *line[] = {"(", "boolean", "foo", "true", ")",
6962 			"(", "boolean", "bar", "false", ")",
6963 			"(", "class", "baz", "(", "read", ")", ")",
6964 			"(", "booleanif", "(", "and", "foo", "bar", ")",
6965 			"(", "true",
6966 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6967 
6968 	struct cil_tree *test_tree;
6969 	gen_test_tree(&test_tree, line);
6970 
6971 	struct cil_db *test_db;
6972 	cil_db_init(&test_db);
6973 
6974 	uint32_t changed = CIL_FALSE;
6975 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6976 
6977 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
6978 
6979 	int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
6980 	CuAssertIntEquals(tc, SEPOL_OK, rc);
6981 }
6982 
test_cil_resolve_boolif_neg(CuTest * tc)6983 void test_cil_resolve_boolif_neg(CuTest *tc) {
6984 	char *line[] = {"(", "boolean", "foo", "true", ")",
6985 			"(", "boolean", "bar", "false", ")",
6986 			"(", "class", "baz", "(", "read", ")", ")",
6987 			"(", "booleanif", "(", "and", "dne", "N/A", ")",
6988 			"(", "true",
6989 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
6990 
6991 	struct cil_tree *test_tree;
6992 	gen_test_tree(&test_tree, line);
6993 
6994 	struct cil_db *test_db;
6995 	cil_db_init(&test_db);
6996 
6997 	uint32_t changed = CIL_FALSE;
6998 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
6999 
7000 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7001 
7002 	int rc = cil_resolve_boolif(test_db->ast->root->cl_head->next->next->next, args);
7003 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7004 }
7005 
test_cil_evaluate_expr_stack_and(CuTest * tc)7006 void test_cil_evaluate_expr_stack_and(CuTest *tc) {
7007 	char *line[] = {"(", "tunable", "foo", "true", ")",
7008 			"(", "tunable", "bar", "false", ")",
7009 			"(", "class", "baz", "(", "read", ")", ")",
7010 			"(", "tunableif", "(", "and", "foo", "bar", ")",
7011 			"(", "true",
7012 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7013 
7014 	struct cil_tree *test_tree;
7015 	gen_test_tree(&test_tree, line);
7016 
7017 	struct cil_db *test_db;
7018 	cil_db_init(&test_db);
7019 
7020 	uint16_t result = CIL_FALSE;
7021 	uint32_t changed = CIL_FALSE;
7022 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7023 
7024 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7025 
7026 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7027 
7028 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7029 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7030 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7031 }
7032 
test_cil_evaluate_expr_stack_not(CuTest * tc)7033 void test_cil_evaluate_expr_stack_not(CuTest *tc) {
7034 	char *line[] = {"(", "tunable", "foo", "true", ")",
7035 			"(", "tunable", "bar", "false", ")",
7036 			"(", "class", "baz", "(", "read", ")", ")",
7037 			"(", "tunableif", "(", "not", "bar", ")",
7038 			"(", "true",
7039 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7040 
7041 	struct cil_tree *test_tree;
7042 	gen_test_tree(&test_tree, line);
7043 
7044 	struct cil_db *test_db;
7045 	cil_db_init(&test_db);
7046 
7047 	uint16_t result = CIL_FALSE;
7048 	uint32_t changed = CIL_FALSE;
7049 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7050 
7051 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7052 
7053 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7054 
7055 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7056 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7057 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7058 }
7059 
test_cil_evaluate_expr_stack_or(CuTest * tc)7060 void test_cil_evaluate_expr_stack_or(CuTest *tc) {
7061 	char *line[] = {"(", "tunable", "foo", "true", ")",
7062 			"(", "tunable", "bar", "false", ")",
7063 			"(", "class", "baz", "(", "read", ")", ")",
7064 			"(", "tunableif", "(", "or", "foo", "bar", ")",
7065 			"(", "true",
7066 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7067 
7068 	struct cil_tree *test_tree;
7069 	gen_test_tree(&test_tree, line);
7070 
7071 	struct cil_db *test_db;
7072 	cil_db_init(&test_db);
7073 
7074 	uint16_t result = CIL_FALSE;
7075 	uint32_t changed = CIL_FALSE;
7076 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7077 
7078 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7079 
7080 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7081 
7082 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7083 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7084 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7085 }
7086 
test_cil_evaluate_expr_stack_xor(CuTest * tc)7087 void test_cil_evaluate_expr_stack_xor(CuTest *tc) {
7088 	char *line[] = {"(", "tunable", "foo", "true", ")",
7089 			"(", "tunable", "bar", "false", ")",
7090 			"(", "class", "baz", "(", "read", ")", ")",
7091 			"(", "tunableif", "(", "xor", "foo", "bar", ")",
7092 			"(", "true",
7093 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7094 
7095 	struct cil_tree *test_tree;
7096 	gen_test_tree(&test_tree, line);
7097 
7098 	struct cil_db *test_db;
7099 	cil_db_init(&test_db);
7100 
7101 	uint16_t result = CIL_FALSE;
7102 	uint32_t changed = CIL_FALSE;
7103 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7104 
7105 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7106 
7107 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7108 
7109 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7110 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7112 }
7113 
test_cil_evaluate_expr_stack_eq(CuTest * tc)7114 void test_cil_evaluate_expr_stack_eq(CuTest *tc) {
7115 	char *line[] = {"(", "tunable", "foo", "true", ")",
7116 			"(", "tunable", "bar", "false", ")",
7117 			"(", "class", "baz", "(", "read", ")", ")",
7118 			"(", "tunableif", "(", "eq", "foo", "bar", ")",
7119 			"(", "true",
7120 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7121 
7122 	struct cil_tree *test_tree;
7123 	gen_test_tree(&test_tree, line);
7124 
7125 	struct cil_db *test_db;
7126 	cil_db_init(&test_db);
7127 
7128 	uint16_t result = CIL_FALSE;
7129 	uint32_t changed = CIL_FALSE;
7130 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7131 
7132 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7133 
7134 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7135 
7136 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7137 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7138 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7139 }
7140 
test_cil_evaluate_expr_stack_neq(CuTest * tc)7141 void test_cil_evaluate_expr_stack_neq(CuTest *tc) {
7142 	char *line[] = {"(", "tunable", "foo", "true", ")",
7143 			"(", "tunable", "bar", "false", ")",
7144 			"(", "class", "baz", "(", "read", ")", ")",
7145 			"(", "tunableif", "(", "neq", "foo", "bar", ")",
7146 			"(", "true",
7147 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7148 
7149 	struct cil_tree *test_tree;
7150 	gen_test_tree(&test_tree, line);
7151 
7152 	struct cil_db *test_db;
7153 	cil_db_init(&test_db);
7154 
7155 	uint16_t result = CIL_FALSE;
7156 	uint32_t changed = CIL_FALSE;
7157 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7158 
7159 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7160 
7161 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->data;
7162 
7163 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next, args);
7164 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7165 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7166 }
7167 
test_cil_evaluate_expr_stack_oper1(CuTest * tc)7168 void test_cil_evaluate_expr_stack_oper1(CuTest *tc) {
7169 	char *line[] = {"(", "tunable", "foo", "true", ")",
7170 			"(", "tunable", "bar", "false", ")",
7171 			"(", "tunable", "baz", "false", ")",
7172 			"(", "class", "baz", "(", "read", ")", ")",
7173 			"(", "tunableif", "(", "and", "(", "or", "foo", "bar", ")", "baz", ")",
7174 			"(", "true",
7175 			"(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
7176 
7177 	struct cil_tree *test_tree;
7178 	gen_test_tree(&test_tree, line);
7179 
7180 	struct cil_db *test_db;
7181 	cil_db_init(&test_db);
7182 
7183 	uint16_t result = CIL_FALSE;
7184 	uint32_t changed = CIL_FALSE;
7185 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7186 
7187 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7188 
7189 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
7190 
7191 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
7192 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7193 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7194 }
7195 
test_cil_evaluate_expr_stack_oper2(CuTest * tc)7196 void test_cil_evaluate_expr_stack_oper2(CuTest *tc) {
7197 	char *line[] = {"(", "tunable", "foo", "true", ")",
7198 			"(", "tunable", "bar", "false", ")",
7199 			"(", "tunable", "baz", "false", ")",
7200 			"(", "class", "baz", "(", "read", ")", ")",
7201 			"(", "tunableif", "(", "and", "baz", "(", "or", "foo", "bar", ")", ")",
7202 			"(", "true",
7203 			"(", "allow", "foo", "bar", "(", "jaz", "(", "read", ")", ")", ")", ")", ")", NULL};
7204 
7205 	struct cil_tree *test_tree;
7206 	gen_test_tree(&test_tree, line);
7207 
7208 	struct cil_db *test_db;
7209 	cil_db_init(&test_db);
7210 
7211 	uint16_t result = CIL_FALSE;
7212 	uint32_t changed = CIL_FALSE;
7213 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7214 
7215 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7216 
7217 	struct cil_tunableif *tif = (struct cil_tunableif*)test_db->ast->root->cl_head->next->next->next->next->data;
7218 
7219 	cil_resolve_expr_stack(tif->expr_stack, test_db->ast->root->cl_head->next->next->next->next, args);
7220 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7221 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7222 }
7223 /*
7224 void test_cil_evaluate_expr_stack_neg(CuTest *tc) {
7225 	char *line[] = {"(", "tunable", "foo", "true", ")",
7226 			"(", "tunable", "bar", "false", ")",
7227 			"(", "class", "baz", "(", "read", ")", ")",
7228 			"(", "tunableif", "(", "neq", "foo", "bar", ")",
7229 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
7230 
7231 	struct cil_tree *test_tree;
7232 	gen_test_tree(&test_tree, line);
7233 
7234 	struct cil_db *test_db;
7235 	cil_db_init(&test_db);
7236 
7237 	uint16_t result = CIL_FALSE;
7238 
7239 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7240 
7241 	struct cil_tree_node *test_node;
7242 	cil_tree_node_init(&test_node);
7243 
7244 	struct cil_conditional *new_cond;
7245 	cil_conditional_init(&new_cond);
7246 	new_cond->flavor = CIL_COND;
7247 	char *baz = "baz";
7248 	new_cond->str = baz;
7249 	new_cond->flavor = CIL_TUNABLE;
7250 
7251 	struct cil_tunableif *tif = test_db->ast->root->cl_head->next->next->next->next->data;
7252 
7253 	test_node->data = new_cond;
7254 	test_node->cl_head = tif->expr_stack;
7255 	tif->expr_stack->parent = test_node;
7256 
7257 	cil_resolve_expr_stack(test_db, tif->expr_stack, test_db->ast->root->cl_head->next->next->next, NULL);
7258 	int rc = cil_evaluate_expr_stack(tif->expr_stack, &result);
7259 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
7260 }
7261 */
test_cil_resolve_tunif_false(CuTest * tc)7262 void test_cil_resolve_tunif_false(CuTest *tc) {
7263 	char *line[] = {"(", "tunable", "foo", "true", ")",
7264 			"(", "tunable", "bar", "false", ")",
7265 			"(", "class", "baz", "(", "read", ")", ")",
7266 			"(", "tunableif", "(", "and", "foo", "bar", ")",
7267 			"(", "false",
7268 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7269 
7270 	struct cil_tree *test_tree;
7271 	gen_test_tree(&test_tree, line);
7272 
7273 	struct cil_db *test_db;
7274 	cil_db_init(&test_db);
7275 
7276 	uint32_t changed = CIL_FALSE;
7277 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7278 
7279 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7280 
7281 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7282 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7283 }
7284 
test_cil_resolve_tunif_true(CuTest * tc)7285 void test_cil_resolve_tunif_true(CuTest *tc) {
7286 	char *line[] = {"(", "tunable", "foo", "true", ")",
7287 			"(", "tunable", "bar", "true", ")",
7288 			"(", "class", "baz", "(", "read", ")", ")",
7289 			"(", "tunableif", "(", "and", "foo", "bar", ")",
7290 			"(", "true",
7291 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7292 
7293 	struct cil_tree *test_tree;
7294 	gen_test_tree(&test_tree, line);
7295 
7296 	struct cil_db *test_db;
7297 	cil_db_init(&test_db);
7298 
7299 	uint32_t changed = CIL_FALSE;
7300 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7301 
7302 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7303 
7304 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7305 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7306 }
7307 
test_cil_resolve_tunif_resolveexpr_neg(CuTest * tc)7308 void test_cil_resolve_tunif_resolveexpr_neg(CuTest *tc) {
7309 	char *line[] = {"(", "tunable", "foo", "true", ")",
7310 			"(", "tunable", "bar", "false", ")",
7311 			"(", "class", "baz", "(", "read", ")", ")",
7312 			"(", "tunableif", "(", "and", "dne", "N/A", ")",
7313 			"(", "true",
7314 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
7315 
7316 	struct cil_tree *test_tree;
7317 	gen_test_tree(&test_tree, line);
7318 
7319 	struct cil_db *test_db;
7320 	cil_db_init(&test_db);
7321 
7322 	uint32_t changed = CIL_FALSE;
7323 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
7324 
7325 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7326 
7327 	int rc = cil_resolve_tunif(test_db->ast->root->cl_head->next->next->next, args);
7328 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7329 }
7330 /*
7331 void test_cil_resolve_tunif_evaluateexpr_neg(CuTest *tc) {
7332 	char *line[] = {"(", "tunable", "foo", "true", ")",
7333 			"(", "tunable", "bar", "false", ")",
7334 			"(", "class", "baz", "(", "read", ")", ")",
7335 			"(", "tunableif", "(", "and", "foo", "bar", ")",
7336 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
7337 
7338 	struct cil_tree *test_tree;
7339 	gen_test_tree(&test_tree, line);
7340 
7341 	struct cil_db *test_db;
7342 	cil_db_init(&test_db);
7343 
7344 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7345 
7346 	struct cil_tree_node *test_node;
7347 	cil_tree_node_init(&test_node);
7348 
7349 	struct cil_conditional *new_cond;
7350 	cil_conditional_init(&new_cond);
7351 	new_cond->flavor = CIL_COND;
7352 	char *baz = "baz";
7353 	new_cond->str = baz;
7354 	new_cond->flavor = CIL_TUNABLE;
7355 
7356 	struct tunableif *tif = test_db->ast->root->cl_head->next->next->next->data;
7357 
7358 	test_node->data = new_cond;
7359 	test_node->cl_head = tif->expr_stack;
7360 	tif->expr_stack->parent = test_node;
7361 
7362 	int rc = cil_resolve_tunif(test_db, test_db->ast->root->cl_head->next->next->next, NULL);
7363 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
7364 }
7365 */
test_cil_resolve_userbounds(CuTest * tc)7366 void test_cil_resolve_userbounds(CuTest *tc) {
7367 	char *line[] = {"(", "user", "user1", ")",
7368 			"(", "user", "user2", ")",
7369 			"(", "userbounds", "user1", "user2", ")", NULL};
7370 
7371 	struct cil_tree *test_tree;
7372 	gen_test_tree(&test_tree, line);
7373 
7374 	struct cil_db *test_db;
7375 	cil_db_init(&test_db);
7376 
7377 	uint32_t changed = CIL_FALSE;
7378 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7379 
7380 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7381 
7382 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7383 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7384 }
7385 
test_cil_resolve_userbounds_exists_neg(CuTest * tc)7386 void test_cil_resolve_userbounds_exists_neg(CuTest *tc) {
7387 	char *line[] = {"(", "user", "user1", ")",
7388 			"(", "user", "user2", ")",
7389 			"(", "userbounds", "user1", "user2", ")", NULL};
7390 
7391 	struct cil_tree *test_tree;
7392 	gen_test_tree(&test_tree, line);
7393 
7394 	struct cil_db *test_db;
7395 	cil_db_init(&test_db);
7396 
7397 	uint32_t changed = CIL_FALSE;
7398 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7399 
7400 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7401 
7402 	cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7403 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7404 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
7405 }
7406 
test_cil_resolve_userbounds_user1_neg(CuTest * tc)7407 void test_cil_resolve_userbounds_user1_neg(CuTest *tc) {
7408 	char *line[] = {"(", "user", "user1", ")",
7409 			"(", "user", "user2", ")",
7410 			"(", "userbounds", "user_DNE", "user2", ")", NULL};
7411 
7412 	struct cil_tree *test_tree;
7413 	gen_test_tree(&test_tree, line);
7414 
7415 	struct cil_db *test_db;
7416 	cil_db_init(&test_db);
7417 
7418 	uint32_t changed = CIL_FALSE;
7419 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7420 
7421 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7422 
7423 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7424 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7425 }
7426 
test_cil_resolve_userbounds_user2_neg(CuTest * tc)7427 void test_cil_resolve_userbounds_user2_neg(CuTest *tc) {
7428 	char *line[] = {"(", "user", "user1", ")",
7429 			"(", "user", "user2", ")",
7430 			"(", "userbounds", "user1", "user_DNE", ")", NULL};
7431 
7432 	struct cil_tree *test_tree;
7433 	gen_test_tree(&test_tree, line);
7434 
7435 	struct cil_db *test_db;
7436 	cil_db_init(&test_db);
7437 
7438 	uint32_t changed = CIL_FALSE;
7439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7440 
7441 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7442 
7443 	int rc = cil_resolve_userbounds(test_db->ast->root->cl_head->next->next, args);
7444 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7445 }
7446 
test_cil_resolve_roletype(CuTest * tc)7447 void test_cil_resolve_roletype(CuTest *tc) {
7448 	char *line[] = {"(", "role",  "admin_r", ")",
7449 			"(", "type", "admin_t", ")",
7450 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
7451 
7452 	struct cil_tree *test_tree;
7453 	gen_test_tree(&test_tree, line);
7454 
7455 	struct cil_db *test_db;
7456 	cil_db_init(&test_db);
7457 
7458 	uint32_t changed = CIL_FALSE;
7459 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7460 
7461 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7462 
7463 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next->next, args);
7464 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7465 }
7466 
test_cil_resolve_roletype_type_neg(CuTest * tc)7467 void test_cil_resolve_roletype_type_neg(CuTest *tc) {
7468 	char *line[] = {"(", "role",  "admin_r", ")",
7469 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
7470 
7471 	struct cil_tree *test_tree;
7472 	gen_test_tree(&test_tree, line);
7473 
7474 	struct cil_db *test_db;
7475 	cil_db_init(&test_db);
7476 
7477 	uint32_t changed = CIL_FALSE;
7478 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7479 
7480 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7481 
7482 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
7483 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7484 }
7485 
test_cil_resolve_roletype_role_neg(CuTest * tc)7486 void test_cil_resolve_roletype_role_neg(CuTest *tc) {
7487 	char *line[] = {"(", "type", "admin_t", ")",
7488 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
7489 
7490 	struct cil_tree *test_tree;
7491 	gen_test_tree(&test_tree, line);
7492 
7493 	struct cil_db *test_db;
7494 	cil_db_init(&test_db);
7495 
7496 	uint32_t changed = CIL_FALSE;
7497 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7498 
7499 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7500 
7501 	int rc = cil_resolve_roletype(test_db->ast->root->cl_head->next, args);
7502 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7503 }
7504 
test_cil_resolve_userrole(CuTest * tc)7505 void test_cil_resolve_userrole(CuTest *tc) {
7506 	char *line[] = {"(", "role",  "staff_r", ")",
7507 			"(", "user", "staff_u", ")",
7508 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
7509 
7510 	struct cil_tree *test_tree;
7511 	gen_test_tree(&test_tree, line);
7512 
7513 	struct cil_db *test_db;
7514 	cil_db_init(&test_db);
7515 
7516 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7517 
7518 	uint32_t changed = CIL_FALSE;
7519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7520 
7521 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next->next, args);
7522 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7523 }
7524 
test_cil_resolve_userrole_user_neg(CuTest * tc)7525 void test_cil_resolve_userrole_user_neg(CuTest *tc) {
7526 	char *line[] = {"(", "role",  "staff_r", ")",
7527 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
7528 
7529 	struct cil_tree *test_tree;
7530 	gen_test_tree(&test_tree, line);
7531 
7532 	struct cil_db *test_db;
7533 	cil_db_init(&test_db);
7534 
7535 	uint32_t changed = CIL_FALSE;
7536 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7537 
7538 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7539 
7540 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
7541 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7542 }
7543 
test_cil_resolve_userrole_role_neg(CuTest * tc)7544 void test_cil_resolve_userrole_role_neg(CuTest *tc) {
7545 	char *line[] = {"(", "user", "staff_u", ")",
7546 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
7547 
7548 	struct cil_tree *test_tree;
7549 	gen_test_tree(&test_tree, line);
7550 
7551 	struct cil_db *test_db;
7552 	cil_db_init(&test_db);
7553 
7554 	uint32_t changed = CIL_FALSE;
7555 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
7556 
7557 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7558 
7559 	int rc = cil_resolve_userrole(test_db->ast->root->cl_head->next, args);
7560 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7561 }
7562 
test_cil_resolve_userlevel(CuTest * tc)7563 void test_cil_resolve_userlevel(CuTest *tc) {
7564 	char *line[] = {"(", "user",  "foo_u", ")",
7565 			"(", "category", "c0", ")",
7566 			"(", "sensitivity", "s0", ")",
7567 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7568 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7569 			"(", "userlevel", "foo_u", "low", ")", NULL};
7570 
7571 	struct cil_tree *test_tree;
7572 	gen_test_tree(&test_tree, line);
7573 
7574 	struct cil_db *test_db;
7575 	cil_db_init(&test_db);
7576 
7577 	uint32_t changed = CIL_FALSE;
7578 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7579 
7580 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7581 
7582 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7583 
7584 	args->pass = CIL_PASS_MISC3;
7585 
7586 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7587 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7588 }
7589 
test_cil_resolve_userlevel_macro(CuTest * tc)7590 void test_cil_resolve_userlevel_macro(CuTest *tc) {
7591 	char *line[] = {"(", "user",  "foo_u", ")",
7592 			"(", "category", "c0", ")",
7593 			"(", "sensitivity", "s0", ")",
7594 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7595 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
7596 				"(", "userlevel", "foo_u", "l", ")", ")",
7597 			"(", "call", "mm", "(", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
7598 
7599 	struct cil_tree *test_tree;
7600 	gen_test_tree(&test_tree, line);
7601 
7602 	struct cil_db *test_db;
7603 	cil_db_init(&test_db);
7604 
7605 	uint32_t changed = CIL_FALSE;
7606 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7607 
7608 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7609 
7610 
7611 	args->pass = CIL_PASS_CALL1;
7612 
7613 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
7614 
7615 	args->pass = CIL_PASS_CALL2;
7616 
7617 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
7618 
7619 	args->pass = CIL_PASS_MISC2;
7620 
7621 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7622 
7623 	args->pass = CIL_PASS_MISC3;
7624 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
7625 
7626 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
7627 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7628 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
7629 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
7630 }
7631 
test_cil_resolve_userlevel_macro_neg(CuTest * tc)7632 void test_cil_resolve_userlevel_macro_neg(CuTest *tc) {
7633 	char *line[] = {"(", "user",  "foo_u", ")",
7634 			"(", "category", "c0", ")",
7635 			"(", "sensitivity", "s0", ")",
7636 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7637 			"(", "macro", "mm", "(", "(", "level", "l", ")", ")",
7638 				"(", "userlevel", "foo_u", "l", ")", ")",
7639 			"(", "call", "mm", "(", "(", "DNE", "(", "c0", ")", ")", ")", ")", NULL};
7640 
7641 	struct cil_tree *test_tree;
7642 	gen_test_tree(&test_tree, line);
7643 
7644 	struct cil_db *test_db;
7645 	cil_db_init(&test_db);
7646 
7647 	uint32_t changed = CIL_FALSE;
7648 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7649 
7650 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7651 
7652 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next, args);
7653 
7654 	args->pass = CIL_PASS_CALL2;
7655 
7656 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next, args);
7657 
7658 	args->pass = CIL_PASS_MISC2;
7659 
7660 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7661 
7662 	args->pass = CIL_PASS_MISC3;
7663 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next;
7664 
7665 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next->cl_head, args);
7666 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7667 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
7668 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
7669 }
7670 
test_cil_resolve_userlevel_level_anon(CuTest * tc)7671 void test_cil_resolve_userlevel_level_anon(CuTest *tc) {
7672 	char *line[] = {"(", "user",  "foo_u", ")",
7673 			"(", "category", "c0", ")",
7674 			"(", "sensitivity", "s0", ")",
7675 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7676 			"(", "userlevel", "foo_u", "(", "s0", "(", "c0", ")", ")", ")", NULL};
7677 
7678 	struct cil_tree *test_tree;
7679 	gen_test_tree(&test_tree, line);
7680 
7681 	struct cil_db *test_db;
7682 	cil_db_init(&test_db);
7683 
7684 	uint32_t changed = CIL_FALSE;
7685 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7686 
7687 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7688 
7689 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7690 
7691 	args->pass = CIL_PASS_MISC3;
7692 
7693 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
7694 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7695 }
7696 
test_cil_resolve_userlevel_level_anon_neg(CuTest * tc)7697 void test_cil_resolve_userlevel_level_anon_neg(CuTest *tc) {
7698 	char *line[] = {"(", "user",  "foo_u", ")",
7699 			"(", "category", "c0", ")",
7700 			"(", "sensitivity", "s0", ")",
7701 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7702 			"(", "userlevel", "foo_u", "(", "s0", "(", "DNE", ")", ")", ")", NULL};
7703 
7704 	struct cil_tree *test_tree;
7705 	gen_test_tree(&test_tree, line);
7706 
7707 	struct cil_db *test_db;
7708 	cil_db_init(&test_db);
7709 
7710 	uint32_t changed = CIL_FALSE;
7711 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7712 
7713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7714 
7715 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7716 
7717 	args->pass = CIL_PASS_MISC3;
7718 
7719 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next, args);
7720 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7721 }
7722 
test_cil_resolve_userlevel_user_neg(CuTest * tc)7723 void test_cil_resolve_userlevel_user_neg(CuTest *tc) {
7724 	char *line[] = {"(", "user",  "foo_u", ")",
7725 			"(", "category", "c0", ")",
7726 			"(", "sensitivity", "s0", ")",
7727 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7728 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7729 			"(", "userlevel", "DNE", "low", ")", NULL};
7730 
7731 	struct cil_tree *test_tree;
7732 	gen_test_tree(&test_tree, line);
7733 
7734 	struct cil_db *test_db;
7735 	cil_db_init(&test_db);
7736 
7737 	uint32_t changed = CIL_FALSE;
7738 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7739 
7740 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7741 
7742 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7743 
7744 	args->pass = CIL_PASS_MISC3;
7745 
7746 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7747 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7748 }
7749 
test_cil_resolve_userlevel_level_neg(CuTest * tc)7750 void test_cil_resolve_userlevel_level_neg(CuTest *tc) {
7751 	char *line[] = {"(", "user",  "foo_u", ")",
7752 			"(", "category", "c0", ")",
7753 			"(", "sensitivity", "s0", ")",
7754 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7755 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7756 			"(", "userlevel", "foo_u", "DNE", ")", NULL};
7757 
7758 	struct cil_tree *test_tree;
7759 	gen_test_tree(&test_tree, line);
7760 
7761 	struct cil_db *test_db;
7762 	cil_db_init(&test_db);
7763 
7764 	uint32_t changed = CIL_FALSE;
7765 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7766 
7767 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7768 
7769 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7770 
7771 	args->pass = CIL_PASS_MISC3;
7772 
7773 	int rc = cil_resolve_userlevel(test_db->ast->root->cl_head->next->next->next->next->next, args);
7774 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7775 }
7776 
test_cil_resolve_userrange(CuTest * tc)7777 void test_cil_resolve_userrange(CuTest *tc) {
7778 	char *line[] = {"(", "user",  "foo_u", ")",
7779 			"(", "category", "c0", ")",
7780 			"(", "sensitivity", "s0", ")",
7781 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7782 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7783 			"(", "userrange", "foo_u", "range", ")", NULL};
7784 
7785 	struct cil_tree *test_tree;
7786 	gen_test_tree(&test_tree, line);
7787 
7788 	struct cil_db *test_db;
7789 	cil_db_init(&test_db);
7790 
7791 	uint32_t changed = CIL_FALSE;
7792 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7793 
7794 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7795 
7796 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7797 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7798 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7799 }
7800 
test_cil_resolve_userrange_macro(CuTest * tc)7801 void test_cil_resolve_userrange_macro(CuTest *tc) {
7802 	char *line[] = {"(", "user",  "foo_u", ")",
7803 			"(", "category", "c0", ")",
7804 			"(", "sensitivity", "s0", ")",
7805 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7806 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7807 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7808 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
7809 				"(", "userrange", "foo_u", "range", ")", ")",
7810 			"(", "call", "mm", "(", "(", "low", "high", ")", ")", ")", NULL};
7811 
7812 	struct cil_tree *test_tree;
7813 	gen_test_tree(&test_tree, line);
7814 
7815 	struct cil_db *test_db;
7816 	cil_db_init(&test_db);
7817 
7818 	uint32_t changed = CIL_FALSE;
7819 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7820 
7821 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7822 
7823 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7824 
7825 	args->pass = CIL_PASS_CALL2;
7826 
7827 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7828 
7829 	args->pass = CIL_PASS_MISC2;
7830 
7831 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7832 
7833 	args->pass = CIL_PASS_MISC3;
7834 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
7835 
7836 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
7837 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7838 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
7839 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
7840 }
7841 
test_cil_resolve_userrange_macro_neg(CuTest * tc)7842 void test_cil_resolve_userrange_macro_neg(CuTest *tc) {
7843 	char *line[] = {"(", "user",  "foo_u", ")",
7844 			"(", "category", "c0", ")",
7845 			"(", "sensitivity", "s0", ")",
7846 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7847 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7848 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7849 			"(", "macro", "mm", "(", "(", "levelrange", "range", ")", ")",
7850 				"(", "userrange", "foo_u", "range", ")", ")",
7851 			"(", "call", "mm", "(", "(", "DNE", "high", ")", ")", ")", NULL};
7852 
7853 	struct cil_tree *test_tree;
7854 	gen_test_tree(&test_tree, line);
7855 
7856 	struct cil_db *test_db;
7857 	cil_db_init(&test_db);
7858 
7859 	uint32_t changed = CIL_FALSE;
7860 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
7861 
7862 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7863 
7864 	int rc2 = cil_resolve_call1(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7865 
7866 	args->pass = CIL_PASS_CALL2;
7867 
7868 	int rc3 = cil_resolve_call2(test_db->ast->root->cl_head->next->next->next->next->next->next->next, args);
7869 
7870 	args->pass = CIL_PASS_MISC2;
7871 
7872 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7873 
7874 	args->pass = CIL_PASS_MISC3;
7875 	args->callstack = test_db->ast->root->cl_head->next->next->next->next->next->next->next;
7876 
7877 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next->next->cl_head, args);
7878 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7879 	CuAssertIntEquals(tc, SEPOL_OK, rc2);
7880 	CuAssertIntEquals(tc, SEPOL_OK, rc3);
7881 }
7882 
test_cil_resolve_userrange_range_anon(CuTest * tc)7883 void test_cil_resolve_userrange_range_anon(CuTest *tc) {
7884 	char *line[] = {"(", "user",  "foo_u", ")",
7885 			"(", "category", "c0", ")",
7886 			"(", "sensitivity", "s0", ")",
7887 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7888 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7889 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7890 			"(", "userrange", "foo_u", "(", "low", "high", ")", ")", NULL};
7891 
7892 	struct cil_tree *test_tree;
7893 	gen_test_tree(&test_tree, line);
7894 
7895 	struct cil_db *test_db;
7896 	cil_db_init(&test_db);
7897 
7898 	uint32_t changed = CIL_FALSE;
7899 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7900 
7901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7902 
7903 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7904 
7905 	args->pass = CIL_PASS_MISC3;
7906 
7907 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
7908 	CuAssertIntEquals(tc, SEPOL_OK, rc);
7909 }
7910 
test_cil_resolve_userrange_range_anon_neg(CuTest * tc)7911 void test_cil_resolve_userrange_range_anon_neg(CuTest *tc) {
7912 	char *line[] = {"(", "user",  "foo_u", ")",
7913 			"(", "category", "c0", ")",
7914 			"(", "sensitivity", "s0", ")",
7915 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7916 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
7917 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
7918 			"(", "userrange", "foo_u", "(", "DNE", "high", ")", ")", NULL};
7919 
7920 	struct cil_tree *test_tree;
7921 	gen_test_tree(&test_tree, line);
7922 
7923 	struct cil_db *test_db;
7924 	cil_db_init(&test_db);
7925 
7926 	uint32_t changed = CIL_FALSE;
7927 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7928 
7929 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7930 
7931 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7932 
7933 	args->pass = CIL_PASS_MISC3;
7934 
7935 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next->next, args);
7936 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7937 }
7938 
test_cil_resolve_userrange_user_neg(CuTest * tc)7939 void test_cil_resolve_userrange_user_neg(CuTest *tc) {
7940 	char *line[] = {"(", "user",  "foo_u", ")",
7941 			"(", "category", "c0", ")",
7942 			"(", "sensitivity", "s0", ")",
7943 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7944 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7945 			"(", "userrange", "DNE", "range", ")", NULL};
7946 
7947 	struct cil_tree *test_tree;
7948 	gen_test_tree(&test_tree, line);
7949 
7950 	struct cil_db *test_db;
7951 	cil_db_init(&test_db);
7952 
7953 	uint32_t changed = CIL_FALSE;
7954 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7955 
7956 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7957 
7958 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7959 
7960 	args->pass = CIL_PASS_MISC3;
7961 
7962 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7963 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7964 }
7965 
test_cil_resolve_userrange_range_neg(CuTest * tc)7966 void test_cil_resolve_userrange_range_neg(CuTest *tc) {
7967 	char *line[] = {"(", "user",  "foo_u", ")",
7968 			"(", "category", "c0", ")",
7969 			"(", "sensitivity", "s0", ")",
7970 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
7971 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
7972 			"(", "userrange", "foo_u", "DNE", ")", NULL};
7973 
7974 	struct cil_tree *test_tree;
7975 	gen_test_tree(&test_tree, line);
7976 
7977 	struct cil_db *test_db;
7978 	cil_db_init(&test_db);
7979 
7980 	uint32_t changed = CIL_FALSE;
7981 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
7982 
7983 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
7984 
7985 	cil_resolve_senscat(test_db->ast->root->cl_head->next->next->next, args);
7986 
7987 	args->pass = CIL_PASS_MISC3;
7988 
7989 	int rc = cil_resolve_userrange(test_db->ast->root->cl_head->next->next->next->next->next, args);
7990 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
7991 }
7992 
test_cil_disable_children_helper_optional_enabled(CuTest * tc)7993 void test_cil_disable_children_helper_optional_enabled(CuTest *tc) {
7994 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
7995 
7996 	struct cil_tree *test_tree;
7997 	gen_test_tree(&test_tree, line);
7998 
7999 	struct cil_db *test_db;
8000 	cil_db_init(&test_db);
8001 
8002 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8003 
8004 	uint32_t finished = 0;
8005 
8006 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8007 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8008 }
8009 
test_cil_disable_children_helper_optional_disabled(CuTest * tc)8010 void test_cil_disable_children_helper_optional_disabled(CuTest *tc) {
8011 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "file", "(", "read", ")", ")", ")", ")", NULL};
8012 
8013 	struct cil_tree *test_tree;
8014 	gen_test_tree(&test_tree, line);
8015 
8016 	struct cil_db *test_db;
8017 	cil_db_init(&test_db);
8018 
8019 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8020 
8021 	uint32_t finished = 0;
8022 
8023 	((struct cil_optional *)test_db->ast->root->cl_head->data)->datum.state = CIL_STATE_DISABLED;
8024 
8025 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8026 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8027 }
8028 
test_cil_disable_children_helper_block(CuTest * tc)8029 void test_cil_disable_children_helper_block(CuTest *tc) {
8030 	char *line[] = {"(", "block", "a", "(", "type", "log", ")", ")", NULL};
8031 
8032 	struct cil_tree *test_tree;
8033 	gen_test_tree(&test_tree, line);
8034 
8035 	struct cil_db *test_db;
8036 	cil_db_init(&test_db);
8037 
8038 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8039 
8040 	uint32_t finished = 0;
8041 
8042 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8043 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8044 }
8045 
test_cil_disable_children_helper_user(CuTest * tc)8046 void test_cil_disable_children_helper_user(CuTest *tc) {
8047 	char *line[] = {"(", "user", "staff_u", NULL};
8048 
8049 	struct cil_tree *test_tree;
8050 	gen_test_tree(&test_tree, line);
8051 
8052 	struct cil_db *test_db;
8053 	cil_db_init(&test_db);
8054 
8055 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8056 
8057 	uint32_t finished = 0;
8058 
8059 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8060 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8061 }
8062 
test_cil_disable_children_helper_role(CuTest * tc)8063 void test_cil_disable_children_helper_role(CuTest *tc) {
8064 	char *line[] = {"(", "role", "role_r", NULL};
8065 
8066 	struct cil_tree *test_tree;
8067 	gen_test_tree(&test_tree, line);
8068 
8069 	struct cil_db *test_db;
8070 	cil_db_init(&test_db);
8071 
8072 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8073 
8074 	uint32_t finished = 0;
8075 
8076 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8077 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8078 }
8079 
test_cil_disable_children_helper_type(CuTest * tc)8080 void test_cil_disable_children_helper_type(CuTest *tc) {
8081 	char *line[] = {"(", "type", "type_t", NULL};
8082 
8083 	struct cil_tree *test_tree;
8084 	gen_test_tree(&test_tree, line);
8085 
8086 	struct cil_db *test_db;
8087 	cil_db_init(&test_db);
8088 
8089 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8090 
8091 	uint32_t finished = 0;
8092 
8093 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8094 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8095 }
8096 
test_cil_disable_children_helper_typealias(CuTest * tc)8097 void test_cil_disable_children_helper_typealias(CuTest *tc) {
8098 	char *line[] = {"(", "typealias", ".test.type", "type_t", ")", "(", "type", "test", ")", NULL};
8099 
8100 	struct cil_tree *test_tree;
8101 	gen_test_tree(&test_tree, line);
8102 
8103 	struct cil_db *test_db;
8104 	cil_db_init(&test_db);
8105 
8106 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8107 
8108 	uint32_t finished = 0;
8109 
8110 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8111 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8112 }
8113 
test_cil_disable_children_helper_common(CuTest * tc)8114 void test_cil_disable_children_helper_common(CuTest *tc) {
8115 	char *line[] = {"(", "common", "foo", "(", "read", ")", ")", NULL};
8116 
8117 	struct cil_tree *test_tree;
8118 	gen_test_tree(&test_tree, line);
8119 
8120 	struct cil_db *test_db;
8121 	cil_db_init(&test_db);
8122 
8123 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8124 
8125 	uint32_t finished = 0;
8126 
8127 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8128 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8129 }
8130 
test_cil_disable_children_helper_class(CuTest * tc)8131 void test_cil_disable_children_helper_class(CuTest *tc) {
8132 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
8133 
8134 	struct cil_tree *test_tree;
8135 	gen_test_tree(&test_tree, line);
8136 
8137 	struct cil_db *test_db;
8138 	cil_db_init(&test_db);
8139 
8140 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8141 
8142 	uint32_t finished = 0;
8143 
8144 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8145 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8146 }
8147 
test_cil_disable_children_helper_bool(CuTest * tc)8148 void test_cil_disable_children_helper_bool(CuTest *tc) {
8149 	char *line[] = {"(", "boolean", "foo", "true", ")", NULL};
8150 
8151 	struct cil_tree *test_tree;
8152 	gen_test_tree(&test_tree, line);
8153 
8154 	struct cil_db *test_db;
8155 	cil_db_init(&test_db);
8156 
8157 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8158 
8159 	uint32_t finished = 0;
8160 
8161 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8162 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8163 }
8164 
test_cil_disable_children_helper_sens(CuTest * tc)8165 void test_cil_disable_children_helper_sens(CuTest *tc) {
8166 	char *line[] = {"(", "sensitivity", "s0", ")", NULL};
8167 
8168 	struct cil_tree *test_tree;
8169 	gen_test_tree(&test_tree, line);
8170 
8171 	struct cil_db *test_db;
8172 	cil_db_init(&test_db);
8173 
8174 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8175 
8176 	uint32_t finished = 0;
8177 
8178 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8179 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8180 }
8181 
test_cil_disable_children_helper_cat(CuTest * tc)8182 void test_cil_disable_children_helper_cat(CuTest *tc) {
8183 	char *line[] = {"(", "category", "c0", ")", NULL};
8184 
8185 	struct cil_tree *test_tree;
8186 	gen_test_tree(&test_tree, line);
8187 
8188 	struct cil_db *test_db;
8189 	cil_db_init(&test_db);
8190 
8191 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8192 
8193 	uint32_t finished = 0;
8194 
8195 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8196 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8197 }
8198 
test_cil_disable_children_helper_catset(CuTest * tc)8199 void test_cil_disable_children_helper_catset(CuTest *tc) {
8200 	char *line[] = {"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8201 
8202 	struct cil_tree *test_tree;
8203 	gen_test_tree(&test_tree, line);
8204 
8205 	struct cil_db *test_db;
8206 	cil_db_init(&test_db);
8207 
8208 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8209 
8210 	uint32_t finished = 0;
8211 
8212 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8213 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8214 }
8215 
test_cil_disable_children_helper_sid(CuTest * tc)8216 void test_cil_disable_children_helper_sid(CuTest *tc) {
8217 	char *line[] = {"(", "sid", "foo", ")", NULL};
8218 
8219 	struct cil_tree *test_tree;
8220 	gen_test_tree(&test_tree, line);
8221 
8222 	struct cil_db *test_db;
8223 	cil_db_init(&test_db);
8224 
8225 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8226 
8227 	uint32_t finished = 0;
8228 
8229 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8230 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8231 }
8232 
test_cil_disable_children_helper_macro(CuTest * tc)8233 void test_cil_disable_children_helper_macro(CuTest *tc) {
8234 	char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8235 				"(", "type", "b", ")",
8236 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
8237 
8238 	struct cil_tree *test_tree;
8239 	gen_test_tree(&test_tree, line);
8240 
8241 	struct cil_db *test_db;
8242 	cil_db_init(&test_db);
8243 
8244 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8245 
8246 	uint32_t finished = 0;
8247 
8248 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8249 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8250 }
8251 
test_cil_disable_children_helper_context(CuTest * tc)8252 void test_cil_disable_children_helper_context(CuTest *tc) {
8253 	char *line[] = {"(", "context", "con",
8254                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")", NULL};
8255 
8256 	struct cil_tree *test_tree;
8257 	gen_test_tree(&test_tree, line);
8258 
8259 	struct cil_db *test_db;
8260 	cil_db_init(&test_db);
8261 
8262 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8263 
8264 	uint32_t finished = 0;
8265 
8266 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8267 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8268 }
8269 
test_cil_disable_children_helper_level(CuTest * tc)8270 void test_cil_disable_children_helper_level(CuTest *tc) {
8271 	char *line[] = {"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")", NULL};
8272 
8273 	struct cil_tree *test_tree;
8274 	gen_test_tree(&test_tree, line);
8275 
8276 	struct cil_db *test_db;
8277 	cil_db_init(&test_db);
8278 
8279 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8280 
8281 	uint32_t finished = 0;
8282 
8283 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8284 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8285 }
8286 
test_cil_disable_children_helper_policycap(CuTest * tc)8287 void test_cil_disable_children_helper_policycap(CuTest *tc) {
8288 	char *line[] = {"(", "policycap", "foo", NULL};
8289 
8290 	struct cil_tree *test_tree;
8291 	gen_test_tree(&test_tree, line);
8292 
8293 	struct cil_db *test_db;
8294 	cil_db_init(&test_db);
8295 
8296 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8297 
8298 	uint32_t finished = 0;
8299 
8300 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8301 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8302 }
8303 
test_cil_disable_children_helper_perm(CuTest * tc)8304 void test_cil_disable_children_helper_perm(CuTest *tc) {
8305 	char *line[] = {"(", "class", "foo", "(", "read", ")", ")", NULL};
8306 
8307 	struct cil_tree *test_tree;
8308 	gen_test_tree(&test_tree, line);
8309 
8310 	struct cil_db *test_db;
8311 	cil_db_init(&test_db);
8312 
8313 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8314 
8315 	uint32_t finished = 0;
8316 
8317 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head->cl_head, &finished, NULL);
8318 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8319 }
8320 
test_cil_disable_children_helper_catalias(CuTest * tc)8321 void test_cil_disable_children_helper_catalias(CuTest *tc) {
8322 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
8323 
8324 	struct cil_tree *test_tree;
8325 	gen_test_tree(&test_tree, line);
8326 
8327 	struct cil_db *test_db;
8328 	cil_db_init(&test_db);
8329 
8330 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8331 
8332 	uint32_t finished = 0;
8333 
8334 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8335 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8336 }
8337 
test_cil_disable_children_helper_sensalias(CuTest * tc)8338 void test_cil_disable_children_helper_sensalias(CuTest *tc) {
8339 	char *line[] = {"(", "sensitivityalias", "s0", "red", ")", NULL};
8340 
8341 	struct cil_tree *test_tree;
8342 	gen_test_tree(&test_tree, line);
8343 
8344 	struct cil_db *test_db;
8345 	cil_db_init(&test_db);
8346 
8347 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8348 
8349 	uint32_t finished = 0;
8350 
8351 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8352 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8353 }
8354 
test_cil_disable_children_helper_tunable(CuTest * tc)8355 void test_cil_disable_children_helper_tunable(CuTest *tc) {
8356 	char *line[] = {"(", "tunable", "foo", "false", ")", NULL};
8357 
8358 	struct cil_tree *test_tree;
8359 	gen_test_tree(&test_tree, line);
8360 
8361 	struct cil_db *test_db;
8362 	cil_db_init(&test_db);
8363 
8364 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8365 
8366 	uint32_t finished = 0;
8367 
8368 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8369 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8370 }
8371 
test_cil_disable_children_helper_unknown(CuTest * tc)8372 void test_cil_disable_children_helper_unknown(CuTest *tc) {
8373 	char *line[] = {"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
8374 
8375 	struct cil_tree *test_tree;
8376 	gen_test_tree(&test_tree, line);
8377 
8378 	struct cil_db *test_db;
8379 	cil_db_init(&test_db);
8380 
8381 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8382 
8383 	uint32_t finished = 0;
8384 
8385 	int rc = __cil_disable_children_helper(test_db->ast->root->cl_head, &finished, NULL);
8386 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8387 }
8388 
8389 
8390 /*
8391 	__cil_resolve_ast_node_helper test cases
8392 */
8393 
test_cil_resolve_ast_node_helper_call1(CuTest * tc)8394 void test_cil_resolve_ast_node_helper_call1(CuTest *tc) {
8395 	char *line[] = {"(", "type", "qaz", ")",
8396 			"(", "class", "file", "(", "read", ")", ")",
8397 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8398 				"(", "type", "b", ")",
8399 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8400 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
8401 
8402 	struct cil_tree *test_tree;
8403 	gen_test_tree(&test_tree, line);
8404 
8405 	struct cil_db *test_db;
8406 	cil_db_init(&test_db);
8407 
8408 	uint32_t changed = CIL_FALSE;
8409 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8410 
8411 	uint32_t finished = 0;
8412 
8413 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8414 
8415 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8416 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8417 	CuAssertIntEquals(tc, 0, finished);
8418 }
8419 
test_cil_resolve_ast_node_helper_call1_neg(CuTest * tc)8420 void test_cil_resolve_ast_node_helper_call1_neg(CuTest *tc) {
8421 	char *line[] = {"(", "type", "qaz", ")",
8422 			"(", "class", "file", "(", "read", ")", ")",
8423 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8424 				"(", "type", "b", ")",
8425 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8426 			"(", "call", "m", "(", "qaz", ")", ")", NULL};
8427 
8428 	struct cil_tree *test_tree;
8429 	gen_test_tree(&test_tree, line);
8430 
8431 	struct cil_db *test_db;
8432 	cil_db_init(&test_db);
8433 
8434 	uint32_t changed = CIL_FALSE;
8435 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8436 
8437 	uint32_t finished = 0;
8438 
8439 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8440 
8441 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8442 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8443 	CuAssertIntEquals(tc, 0, finished);
8444 }
8445 
test_cil_resolve_ast_node_helper_call2(CuTest * tc)8446 void test_cil_resolve_ast_node_helper_call2(CuTest *tc) {
8447 	char *line[] = {"(", "type", "qaz", ")",
8448 			"(", "class", "file", "(", "read", ")", ")",
8449 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8450 				"(", "type", "b", ")",
8451 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8452 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
8453 
8454 	struct cil_tree *test_tree;
8455 	gen_test_tree(&test_tree, line);
8456 
8457 	struct cil_db *test_db;
8458 	cil_db_init(&test_db);
8459 
8460 	uint32_t changed = CIL_FALSE;
8461 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8462 
8463 	uint32_t finished = 0;
8464 
8465 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8466 
8467 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
8468 
8469 	args->pass = CIL_PASS_CALL2;
8470 
8471 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8472 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8473 	CuAssertIntEquals(tc, 0, finished);
8474 }
8475 
test_cil_resolve_ast_node_helper_call2_neg(CuTest * tc)8476 void test_cil_resolve_ast_node_helper_call2_neg(CuTest *tc) {
8477 	char *line[] = {"(", "type", "qaz", ")",
8478 			"(", "class", "file", "(", "read", ")", ")",
8479 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
8480 				"(", "type", "b", ")",
8481 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
8482 			"(", "call", "mm", "(", "foo", "extra", ")", ")", NULL};
8483 
8484 	struct cil_tree *test_tree;
8485 	gen_test_tree(&test_tree, line);
8486 
8487 	struct cil_db *test_db;
8488 	cil_db_init(&test_db);
8489 
8490 	uint32_t changed = CIL_FALSE;
8491 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, NULL, NULL);
8492 	uint32_t finished = 0;
8493 
8494 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8495 
8496 	cil_resolve_call1(test_db->ast->root->cl_head->next->next->next, args);
8497 
8498 	args->pass = CIL_PASS_CALL2;
8499 
8500 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8501 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8502 }
8503 
test_cil_resolve_ast_node_helper_boolif(CuTest * tc)8504 void test_cil_resolve_ast_node_helper_boolif(CuTest *tc) {
8505 	char *line[] = {"(", "boolean", "foo", "true", ")",
8506 			"(", "boolean", "bar", "false", ")",
8507 			"(", "class", "baz", "(", "read", ")", ")",
8508 			"(", "booleanif", "(", "and", "foo", "bar", ")",
8509 			"(", "true",
8510 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8511 
8512 	struct cil_tree *test_tree;
8513 	gen_test_tree(&test_tree, line);
8514 
8515 	struct cil_db *test_db;
8516 	cil_db_init(&test_db);
8517 
8518 	uint32_t changed = CIL_FALSE;
8519 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8520 	uint32_t finished = 0;
8521 
8522 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8523 
8524 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8525 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8526 	CuAssertIntEquals(tc, 0, finished);
8527 }
8528 
test_cil_resolve_ast_node_helper_boolif_neg(CuTest * tc)8529 void test_cil_resolve_ast_node_helper_boolif_neg(CuTest *tc) {
8530 	char *line[] = {"(", "boolean", "foo", "true", ")",
8531 			"(", "boolean", "bar", "false", ")",
8532 			"(", "class", "baz", "(", "read", ")", ")",
8533 			"(", "booleanif", "(", "and", "dne", "N/A", ")",
8534 			"(", "true",
8535 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8536 
8537 	struct cil_tree *test_tree;
8538 	gen_test_tree(&test_tree, line);
8539 
8540 	struct cil_db *test_db;
8541 	cil_db_init(&test_db);
8542 
8543 	uint32_t changed = CIL_FALSE;
8544 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8545 	uint32_t finished = 0;
8546 
8547 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8548 
8549 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8550 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8551 	CuAssertIntEquals(tc, 0, finished);
8552 }
8553 
test_cil_resolve_ast_node_helper_tunif(CuTest * tc)8554 void test_cil_resolve_ast_node_helper_tunif(CuTest *tc) {
8555 	char *line[] = {"(", "tunable", "foo", "true", ")",
8556 			"(", "tunable", "bar", "false", ")",
8557 			"(", "class", "baz", "(", "read", ")", ")",
8558 			"(", "tunableif", "(", "and", "foo", "bar", ")",
8559 			"(", "false",
8560 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8561 
8562 	struct cil_tree *test_tree;
8563 	gen_test_tree(&test_tree, line);
8564 
8565 	struct cil_db *test_db;
8566 	cil_db_init(&test_db);
8567 
8568 	uint32_t changed = CIL_FALSE;
8569 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
8570 	uint32_t finished = 0;
8571 
8572 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8573 
8574 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8575 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8576 	CuAssertIntEquals(tc, 0, finished);
8577 }
8578 
test_cil_resolve_ast_node_helper_tunif_neg(CuTest * tc)8579 void test_cil_resolve_ast_node_helper_tunif_neg(CuTest *tc) {
8580 	char *line[] = {"(", "tunable", "foo", "true", ")",
8581 			"(", "tunable", "bar", "false", ")",
8582 			"(", "class", "baz", "(", "read", ")", ")",
8583 			"(", "tunableif", "(", "and", "dne", "N/A", ")",
8584 			"(", "true",
8585 			"(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", ")", NULL};
8586 
8587 	struct cil_tree *test_tree;
8588 	gen_test_tree(&test_tree, line);
8589 
8590 	struct cil_db *test_db;
8591 	cil_db_init(&test_db);
8592 
8593 	uint32_t changed = CIL_FALSE;
8594 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
8595 
8596 	uint32_t finished = 0;
8597 
8598 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8599 
8600 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8601 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8602 	CuAssertIntEquals(tc, 0, finished);
8603 }
8604 
test_cil_resolve_ast_node_helper_catorder(CuTest * tc)8605 void test_cil_resolve_ast_node_helper_catorder(CuTest *tc) {
8606 	char *line[] = {"(", "category", "c0", ")",
8607 			"(", "category", "c1", ")",
8608 			"(", "category", "c2", ")",
8609 			"(", "categoryorder", "(", "c0", "c1", ")", ")", NULL};
8610 
8611 	struct cil_tree *test_tree;
8612 	gen_test_tree(&test_tree, line);
8613 
8614 	struct cil_db *test_db;
8615 	cil_db_init(&test_db);
8616 
8617 	uint32_t changed = CIL_FALSE;
8618 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8619 	uint32_t finished = 0;
8620 
8621 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8622 
8623 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8624 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8625 	CuAssertIntEquals(tc, 0, finished);
8626 }
8627 
test_cil_resolve_ast_node_helper_catorder_neg(CuTest * tc)8628 void test_cil_resolve_ast_node_helper_catorder_neg(CuTest *tc) {
8629 	char *line[] = {"(", "category", "c0", ")",
8630 			"(", "category", "c1", ")",
8631 			"(", "category", "c2", ")",
8632 			"(", "categoryorder", "(", "c8", ")", ")", NULL};
8633 
8634 	struct cil_tree *test_tree;
8635 	gen_test_tree(&test_tree, line);
8636 
8637 	struct cil_db *test_db;
8638 	cil_db_init(&test_db);
8639 
8640 	uint32_t changed = CIL_FALSE;
8641 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8642 	uint32_t finished = 0;
8643 
8644 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8645 
8646 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8647 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8648 	CuAssertIntEquals(tc, 0, finished);
8649 }
8650 
test_cil_resolve_ast_node_helper_dominance(CuTest * tc)8651 void test_cil_resolve_ast_node_helper_dominance(CuTest *tc) {
8652 	char *line[] = {"(", "sensitivity", "s0", ")",
8653 			"(", "sensitivity", "s1", ")",
8654 			"(", "sensitivity", "s2", ")",
8655 			"(", "dominance", "(", "s0", "s1", ")", ")", NULL};
8656 
8657 	struct cil_tree *test_tree;
8658 	gen_test_tree(&test_tree, line);
8659 
8660 	struct cil_db *test_db;
8661 	cil_db_init(&test_db);
8662 
8663 	uint32_t changed = CIL_FALSE;
8664 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8665 	uint32_t finished = 0;
8666 
8667 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8668 
8669 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8670 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8671 	CuAssertIntEquals(tc, 0, finished);
8672 }
8673 
test_cil_resolve_ast_node_helper_dominance_neg(CuTest * tc)8674 void test_cil_resolve_ast_node_helper_dominance_neg(CuTest *tc) {
8675 	char *line[] = {"(", "sensitivity", "s0", ")",
8676 			"(", "sensitivity", "s1", ")",
8677 			"(", "sensitivity", "s2", ")",
8678 			"(", "dominance", "(", "s0", "s6", ")", ")", NULL};
8679 
8680 	struct cil_tree *test_tree;
8681 	gen_test_tree(&test_tree, line);
8682 
8683 	struct cil_db *test_db;
8684 	cil_db_init(&test_db);
8685 
8686 	uint32_t changed = CIL_FALSE;
8687 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8688 	uint32_t finished = 0;
8689 
8690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8691 
8692 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8693 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8694 	CuAssertIntEquals(tc, 0, finished);
8695 }
8696 
test_cil_resolve_ast_node_helper_roleallow(CuTest * tc)8697 void test_cil_resolve_ast_node_helper_roleallow(CuTest *tc) {
8698 	char *line[] = {"(", "role", "foo", ")", \
8699 			"(", "role", "bar", ")", \
8700 			"(", "roleallow", "foo", "bar", ")", NULL};
8701 
8702 	struct cil_tree *test_tree;
8703 	gen_test_tree(&test_tree, line);
8704 
8705 	struct cil_db *test_db;
8706 	cil_db_init(&test_db);
8707 
8708 	uint32_t changed = CIL_FALSE;
8709 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8710 
8711 	uint32_t finished = 0;
8712 
8713 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8714 
8715 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
8716 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8717 	CuAssertIntEquals(tc, 0, finished);
8718 }
8719 
test_cil_resolve_ast_node_helper_roleallow_neg(CuTest * tc)8720 void test_cil_resolve_ast_node_helper_roleallow_neg(CuTest *tc) {
8721 	char *line[] = {"(", "role", "foo", ")", \
8722 			"(", "roleallow", "foo", "bar", ")", NULL};
8723 
8724 	struct cil_tree *test_tree;
8725 	gen_test_tree(&test_tree, line);
8726 
8727 	struct cil_db *test_db;
8728 	cil_db_init(&test_db);
8729 
8730 	uint32_t changed = CIL_FALSE;
8731 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8732 
8733 	uint32_t finished = 0;
8734 
8735 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8736 
8737 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8738 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8739 	CuAssertIntEquals(tc, 0, finished);
8740 }
8741 
test_cil_resolve_ast_node_helper_sensalias(CuTest * tc)8742 void test_cil_resolve_ast_node_helper_sensalias(CuTest *tc) {
8743 	char *line[] = {"(", "sensitivity", "s0", ")",
8744 			"(", "sensitivityalias", "s0", "alias", ")", NULL};
8745 
8746 	struct cil_tree *test_tree;
8747 	gen_test_tree(&test_tree, line);
8748 
8749 	struct cil_db *test_db;
8750 	cil_db_init(&test_db);
8751 
8752 	uint32_t changed = CIL_FALSE;
8753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8754 
8755 	uint32_t finished = 0;
8756 
8757 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8758 
8759 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8760 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8761 	CuAssertIntEquals(tc, 0, finished);
8762 }
8763 
test_cil_resolve_ast_node_helper_sensalias_neg(CuTest * tc)8764 void test_cil_resolve_ast_node_helper_sensalias_neg(CuTest *tc) {
8765 	char *line[] = {"(", "sensitivityalias", "s0", "alias", ")", NULL};
8766 
8767 	struct cil_tree *test_tree;
8768 	gen_test_tree(&test_tree, line);
8769 
8770 	struct cil_db *test_db;
8771 	cil_db_init(&test_db);
8772 
8773 	uint32_t changed = CIL_FALSE;
8774 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8775 
8776 	uint32_t finished = 0;
8777 
8778 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8779 
8780 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
8781 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8782 	CuAssertIntEquals(tc, 0, finished);
8783 }
8784 
test_cil_resolve_ast_node_helper_catalias(CuTest * tc)8785 void test_cil_resolve_ast_node_helper_catalias(CuTest *tc) {
8786 	char *line[] = {"(", "category", "c0", ")",
8787 			"(", "categoryalias", "c0", "red", ")", NULL};
8788 
8789 	struct cil_tree *test_tree;
8790 	gen_test_tree(&test_tree, line);
8791 
8792 	struct cil_db *test_db;
8793 	cil_db_init(&test_db);
8794 
8795 	uint32_t changed = CIL_FALSE;
8796 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8797 
8798 	uint32_t finished = 0;
8799 
8800 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8801 
8802 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
8803 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8804 	CuAssertIntEquals(tc, 0, finished);
8805 }
8806 
test_cil_resolve_ast_node_helper_catalias_neg(CuTest * tc)8807 void test_cil_resolve_ast_node_helper_catalias_neg(CuTest *tc) {
8808 	char *line[] = {"(", "categoryalias", "c0", "red", ")", NULL};
8809 
8810 	struct cil_tree *test_tree;
8811 	gen_test_tree(&test_tree, line);
8812 
8813 	struct cil_db *test_db;
8814 	cil_db_init(&test_db);
8815 
8816 	uint32_t changed = CIL_FALSE;
8817 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
8818 	uint32_t finished = 0;
8819 
8820 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8821 
8822 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
8823 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8824 	CuAssertIntEquals(tc, 0, finished);
8825 }
8826 
test_cil_resolve_ast_node_helper_catset(CuTest * tc)8827 void test_cil_resolve_ast_node_helper_catset(CuTest *tc) {
8828 	char *line[] = {"(", "category", "c0", ")",
8829 			"(", "category", "c1", ")",
8830 			"(", "category", "c2", ")",
8831 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8832 
8833 	struct cil_tree *test_tree;
8834 	gen_test_tree(&test_tree, line);
8835 
8836 	struct cil_db *test_db;
8837 	cil_db_init(&test_db);
8838 
8839 	uint32_t changed = CIL_FALSE;
8840 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8841 
8842 	uint32_t finished = 0;
8843 
8844 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8845 
8846 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8847 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8848 	CuAssertIntEquals(tc, 0, finished);
8849 }
8850 
test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest * tc)8851 void test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest *tc) {
8852 	char *line[] = {"(", "category", "c0", ")",
8853 			"(", "category", "c1", ")",
8854 			"(", "categoryset", "somecats", "(", "c0", "c1", "c2", ")", ")", NULL};
8855 
8856 	struct cil_tree *test_tree;
8857 	gen_test_tree(&test_tree, line);
8858 
8859 	struct cil_db *test_db;
8860 	cil_db_init(&test_db);
8861 
8862 	uint32_t changed = CIL_FALSE;
8863 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8864 
8865 	uint32_t finished = 0;
8866 
8867 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8868 
8869 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
8870 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8871 	CuAssertIntEquals(tc, 0, finished);
8872 }
8873 
test_cil_resolve_ast_node_helper_catrange(CuTest * tc)8874 void test_cil_resolve_ast_node_helper_catrange(CuTest *tc) {
8875 	char *line[] = {"(", "category", "c0", ")",
8876                         "(", "category", "c255", ")",
8877                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
8878                         "(", "categoryrange", "range", "(", "c0", "c255", ")", ")", NULL};
8879 
8880 
8881 	struct cil_tree *test_tree;
8882 	gen_test_tree(&test_tree, line);
8883 
8884 	struct cil_db *test_db;
8885 	cil_db_init(&test_db);
8886 
8887 	uint32_t changed = CIL_FALSE;
8888 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8889 
8890 	uint32_t finished = 0;
8891 
8892 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8893 	cil_resolve_catorder(test_db->ast->root->cl_head->next->next, args);
8894 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8895 
8896 	args->pass = CIL_PASS_MLS;
8897 
8898 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8899 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8900 	CuAssertIntEquals(tc, 0, finished);
8901 }
8902 
test_cil_resolve_ast_node_helper_catrange_neg(CuTest * tc)8903 void test_cil_resolve_ast_node_helper_catrange_neg(CuTest *tc) {
8904 	char *line[] = {"(", "category", "c0", ")",
8905                         "(", "category", "c255", ")",
8906                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
8907                         "(", "categoryrange", "range", "(", "c255", "c0", ")", ")", NULL};
8908 
8909 	struct cil_tree *test_tree;
8910 	gen_test_tree(&test_tree, line);
8911 
8912 	struct cil_db *test_db;
8913 	cil_db_init(&test_db);
8914 
8915 	uint32_t changed = CIL_FALSE;
8916 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MLS, &changed, NULL, NULL, NULL);
8917 
8918 	uint32_t finished = 0;
8919 
8920 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8921 
8922 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8923 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
8924 	CuAssertIntEquals(tc, 0, finished);
8925 }
8926 
test_cil_resolve_ast_node_helper_level(CuTest * tc)8927 void test_cil_resolve_ast_node_helper_level(CuTest *tc) {
8928         char *line[] = {"(", "sensitivity", "s0", ")",
8929 			"(", "category", "c1", ")",
8930 			"(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
8931 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",  NULL};
8932 
8933 	struct cil_tree *test_tree;
8934 	gen_test_tree(&test_tree, line);
8935 
8936 	struct cil_db *test_db;
8937 	cil_db_init(&test_db);
8938 
8939 	uint32_t changed = CIL_FALSE;
8940 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8941 
8942 	uint32_t finished = 0;
8943 
8944 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8945 
8946 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
8947 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8948 
8949 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
8950 
8951 	args->pass = CIL_PASS_MLS;
8952 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8953 
8954 	args->pass = CIL_PASS_MISC2;
8955 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8956 
8957 	args->pass = CIL_PASS_MISC3;
8958 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8959 	CuAssertIntEquals(tc, SEPOL_OK, rc);
8960 	CuAssertIntEquals(tc, finished, 0);
8961 }
8962 
test_cil_resolve_ast_node_helper_level_neg(CuTest * tc)8963 void test_cil_resolve_ast_node_helper_level_neg(CuTest *tc) {
8964         char *line[] = {"(", "sensitivity", "s0", ")",
8965 			"(", "category", "c1", ")",
8966 			"(", "sensitivitycategory", "s0", "(", "c1", ")", ")",
8967 			"(", "level", "l2", "(", "s8", "(", "c1", ")", ")", ")", NULL};
8968 
8969 	struct cil_tree *test_tree;
8970 	gen_test_tree(&test_tree, line);
8971 
8972 	struct cil_db *test_db;
8973 	cil_db_init(&test_db);
8974 
8975 	uint32_t changed = CIL_FALSE;
8976 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
8977 
8978 	uint32_t finished = 0;
8979 
8980 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
8981 
8982 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
8983 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
8984 
8985 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
8986 
8987 	args->pass = CIL_PASS_MLS;
8988 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
8989 
8990 	args->pass = CIL_PASS_MISC3;
8991 
8992 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
8993 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
8994 	CuAssertIntEquals(tc, finished, 0);
8995 }
8996 
test_cil_resolve_ast_node_helper_levelrange(CuTest * tc)8997 void test_cil_resolve_ast_node_helper_levelrange(CuTest *tc) {
8998         char *line[] = {"(", "sensitivity", "s0", ")",
8999 			"(", "category", "c0", ")",
9000 			"(", "categoryorder", "(", "c0", ")", ")",
9001 			"(", "dominance", "(", "s0", ")", ")",
9002 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9003 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
9004 
9005 	struct cil_tree *test_tree;
9006 	gen_test_tree(&test_tree, line);
9007 
9008 	struct cil_db *test_db;
9009 	cil_db_init(&test_db);
9010 
9011 	uint32_t changed = CIL_FALSE;
9012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9013 
9014 	uint32_t finished = 0;
9015 
9016 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9017 
9018 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
9019 
9020 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9021 
9022 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9023 
9024 	args->pass = CIL_PASS_MLS;
9025 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9026 
9027 	args->pass = CIL_PASS_MISC2;
9028 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9029 
9030 	args->pass = CIL_PASS_MISC3;
9031 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
9032 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9033 	CuAssertIntEquals(tc, finished, 0);
9034 }
9035 
test_cil_resolve_ast_node_helper_levelrange_neg(CuTest * tc)9036 void test_cil_resolve_ast_node_helper_levelrange_neg(CuTest *tc) {
9037         char *line[] = {"(", "sensitivity", "s0", ")",
9038 			"(", "category", "c0", ")",
9039 			"(", "categoryorder", "(", "c0", ")", ")",
9040 			"(", "dominance", "(", "s0", ")", ")",
9041 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9042 			"(", "levelrange", "range", "(", "(", "DNE", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", NULL};
9043 
9044 	struct cil_tree *test_tree;
9045 	gen_test_tree(&test_tree, line);
9046 
9047 	struct cil_db *test_db;
9048 	cil_db_init(&test_db);
9049 
9050 	uint32_t changed = CIL_FALSE;
9051 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9052 
9053 	uint32_t finished = 0;
9054 
9055 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9056 
9057 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
9058 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9059 
9060 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9061 
9062 	args->pass = CIL_PASS_MLS;
9063 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9064 
9065 	args->pass = CIL_PASS_MISC3;
9066 
9067 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
9068 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9069 	CuAssertIntEquals(tc, finished, 0);
9070 }
9071 
test_cil_resolve_ast_node_helper_constrain(CuTest * tc)9072 void test_cil_resolve_ast_node_helper_constrain(CuTest *tc) {
9073         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
9074 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
9075 			"(", "sensitivity", "s0", ")",
9076 			"(", "category", "c1", ")",
9077 			"(", "role", "r1", ")",
9078 			"(", "role", "r2", ")",
9079 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
9080 
9081 	struct cil_tree *test_tree;
9082 	gen_test_tree(&test_tree, line);
9083 
9084 	struct cil_db *test_db;
9085 	cil_db_init(&test_db);
9086 
9087 	uint32_t changed = CIL_FALSE;
9088 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9089 
9090 	uint32_t finished = 0;
9091 
9092 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9093 
9094 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9095 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9096 	CuAssertIntEquals(tc, 0, finished);
9097 }
9098 
test_cil_resolve_ast_node_helper_constrain_neg(CuTest * tc)9099 void test_cil_resolve_ast_node_helper_constrain_neg(CuTest *tc) {
9100         char *line[] = {"(", "class", "file", "(", "create", ")", ")",
9101 			"(", "class", "dir", "(", "create", ")", ")",
9102 			"(", "sensitivity", "s0", ")",
9103 			"(", "category", "c1", ")",
9104 			"(", "role", "r1", ")",
9105 			"(", "role", "r2", ")",
9106 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "r1", "r2", ")", ")", NULL};
9107 
9108 	struct cil_tree *test_tree;
9109 	gen_test_tree(&test_tree, line);
9110 
9111 	struct cil_db *test_db;
9112 	cil_db_init(&test_db);
9113 
9114 	uint32_t changed = CIL_FALSE;
9115 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9116 
9117 	uint32_t finished = 0;
9118 
9119 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9120 
9121 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9122 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9123 	CuAssertIntEquals(tc, 0, finished);
9124 }
9125 
test_cil_resolve_ast_node_helper_mlsconstrain(CuTest * tc)9126 void test_cil_resolve_ast_node_helper_mlsconstrain(CuTest *tc) {
9127         char *line[] = {"(", "class", "file", "(", "create", "relabelto", ")", ")",
9128 			"(", "class", "dir", "(", "create", "relabelto", ")", ")",
9129 			"(", "sensitivity", "s0", ")",
9130 			"(", "category", "c1", ")",
9131 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
9132 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
9133 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
9134 
9135 	struct cil_tree *test_tree;
9136 	gen_test_tree(&test_tree, line);
9137 
9138 	struct cil_db *test_db;
9139 	cil_db_init(&test_db);
9140 
9141 	uint32_t changed = CIL_FALSE;
9142 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9143 
9144 	uint32_t finished = 0;
9145 
9146 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9147 
9148 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9149 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9150 	CuAssertIntEquals(tc, 0, finished);
9151 }
9152 
test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest * tc)9153 void test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest *tc) {
9154         char *line[] = {"(", "class", "file", "(", "read", ")", ")",
9155 			"(", "class", "dir", "(", "read", ")", ")",
9156 			"(", "sensitivity", "s0", ")",
9157 			"(", "category", "c1", ")",
9158 			"(", "level", "l2", "(", "s0", "(", "c1", ")", ")", ")",
9159 			"(", "level", "h2", "(", "s0", "(", "c1", ")", ")", ")",
9160 			"(", "mlsconstrain", "(", "file", "(", "create", "relabelto", ")", ")", "(", "eq", "l2", "h2", ")", ")", NULL};
9161 
9162 	struct cil_tree *test_tree;
9163 	gen_test_tree(&test_tree, line);
9164 
9165 	struct cil_db *test_db;
9166 	cil_db_init(&test_db);
9167 
9168 	uint32_t changed = CIL_FALSE;
9169 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9170 
9171 	uint32_t finished = 0;
9172 
9173 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9174 
9175 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9176 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9177 	CuAssertIntEquals(tc, 0, finished);
9178 }
9179 
test_cil_resolve_ast_node_helper_context(CuTest * tc)9180 void test_cil_resolve_ast_node_helper_context(CuTest *tc) {
9181 	char *line[] = {"(", "sensitivity", "s0", ")",
9182 			"(", "category", "c0", ")",
9183 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9184 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9185 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9186 			"(", "user", "system_u", ")",
9187 			"(", "role", "object_r", ")",
9188 			"(", "type", "netif_t", ")",
9189 			"(", "context", "con",
9190                         "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", NULL};
9191 
9192 	struct cil_tree *test_tree;
9193 	gen_test_tree(&test_tree, line);
9194 
9195 	struct cil_db *test_db;
9196 	cil_db_init(&test_db);
9197 
9198 	uint32_t changed = CIL_FALSE;
9199 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9200 
9201 	uint32_t finished = 0;
9202 
9203 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9204 
9205 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
9206 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9207 
9208 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9209 
9210 	args->pass = CIL_PASS_MLS;
9211 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9212 
9213 	args->pass = CIL_PASS_MISC3;
9214 
9215 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
9216 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9217 	CuAssertIntEquals(tc, finished, 0);
9218 }
9219 
test_cil_resolve_ast_node_helper_context_neg(CuTest * tc)9220 void test_cil_resolve_ast_node_helper_context_neg(CuTest *tc) {
9221 	char *line[] = {"(", "sensitivity", "s0", ")",
9222 			"(", "category", "c0", ")",
9223 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
9224 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9225 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9226 			"(", "user", "system_u", ")",
9227 			"(", "role", "object_r", ")",
9228 			"(", "type", "netif_t", ")",
9229 			"(", "context", "con",
9230                         "(", "system_u", "object_r", "netif_t", "DNE", "high", NULL};
9231 
9232 	struct cil_tree *test_tree;
9233 	gen_test_tree(&test_tree, line);
9234 
9235 	struct cil_db *test_db;
9236 	cil_db_init(&test_db);
9237 
9238 	uint32_t changed = CIL_FALSE;
9239 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC1, &changed, NULL, NULL, NULL);
9240 
9241 	uint32_t finished = 0;
9242 
9243 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9244 
9245 	cil_tree_walk(test_db->ast->root,  __cil_resolve_ast_node_helper, NULL, NULL, args);
9246 	__cil_verify_order(test_db->catorder, test_db->ast->root, CIL_CAT);
9247 
9248 	__cil_verify_order(test_db->dominance, test_db->ast->root, CIL_SENS);
9249 
9250 	args->pass = CIL_PASS_MLS;
9251 	cil_tree_walk(test_db->ast->root, __cil_resolve_ast_node_helper, NULL, NULL, args);
9252 
9253 	args->pass = CIL_PASS_MISC3;
9254 
9255 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
9256 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
9257 	CuAssertIntEquals(tc, finished, 0);
9258 }
9259 
test_cil_resolve_ast_node_helper_senscat(CuTest * tc)9260 void test_cil_resolve_ast_node_helper_senscat(CuTest *tc) {
9261 	char *line[] = {"(", "sensitivity", "s0", ")",
9262                         "(", "sensitivity", "s1", ")",
9263                         "(", "dominance", "(", "s0", "s1", ")", ")",
9264                         "(", "category", "c0", ")",
9265                         "(", "category", "c255", ")",
9266                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
9267                         "(", "sensitivitycategory", "s1", "(", "c0", "c255", ")", ")", NULL};
9268 
9269 	struct cil_tree *test_tree;
9270 	gen_test_tree(&test_tree, line);
9271 
9272 	struct cil_db *test_db;
9273 	cil_db_init(&test_db);
9274 
9275 	uint32_t changed = CIL_FALSE;
9276 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9277 
9278 	uint32_t finished = 0;
9279 
9280 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9281 
9282 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9283 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9284 	CuAssertIntEquals(tc, 0, finished);
9285 }
9286 
test_cil_resolve_ast_node_helper_senscat_neg(CuTest * tc)9287 void test_cil_resolve_ast_node_helper_senscat_neg(CuTest *tc) {
9288 	char *line[] = {"(", "sensitivity", "s0", ")",
9289                         "(", "sensitivity", "s1", ")",
9290                         "(", "dominance", "(", "s0", "s1", ")", ")",
9291                         "(", "category", "c0", ")",
9292                         "(", "category", "c255", ")",
9293                         "(", "categoryorder", "(", "c0", "c255", ")", ")",
9294                         "(", "sensitivitycategory", "s5", "foo", ")", NULL};
9295 
9296 	struct cil_tree *test_tree;
9297 	gen_test_tree(&test_tree, line);
9298 
9299 	struct cil_db *test_db;
9300 	cil_db_init(&test_db);
9301 
9302 	uint32_t changed = CIL_FALSE;
9303 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9304 
9305 	uint32_t finished = 0;
9306 
9307 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9308 
9309 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next, &finished, args);
9310 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9311 	CuAssertIntEquals(tc, 0, finished);
9312 }
9313 
test_cil_resolve_ast_node_helper_roletransition(CuTest * tc)9314 void test_cil_resolve_ast_node_helper_roletransition(CuTest *tc) {
9315 	char *line[] = {"(", "role", "foo_r", ")",
9316 			"(", "type", "bar_t", ")",
9317 			"(", "role", "foobar_r", ")",
9318 			"(", "class", "process", "(", "transition", ")", ")",
9319 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9320 
9321 	struct cil_tree *test_tree;
9322 	gen_test_tree(&test_tree, line);
9323 
9324 	struct cil_db *test_db;
9325 	cil_db_init(&test_db);
9326 
9327 	uint32_t changed = CIL_FALSE;
9328 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9329 
9330 	uint32_t finished = 0;
9331 
9332 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9333 
9334 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9335 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9336 	CuAssertIntEquals(tc, 0, finished);
9337 }
9338 
test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest * tc)9339 void test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest *tc) {
9340 	char *line[] = {"(", "type", "bar_t", ")",
9341 			"(", "role", "foobar_r", ")",
9342 			"(", "class", "process", "(", "transition", ")", ")",
9343 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9344 
9345 	struct cil_tree *test_tree;
9346 	gen_test_tree(&test_tree, line);
9347 
9348 	struct cil_db *test_db;
9349 	cil_db_init(&test_db);
9350 
9351 	uint32_t changed = CIL_FALSE;
9352 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9353 
9354 	uint32_t finished = 0;
9355 
9356 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9357 
9358 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9359 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9360 	CuAssertIntEquals(tc, 0, finished);
9361 }
9362 
test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest * tc)9363 void test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest *tc) {
9364 	char *line[] = {"(", "role", "foo_r", ")",
9365 			"(", "role", "foobar_r", ")",
9366 			"(", "class", "process", "(", "transition", ")", ")",
9367 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9368 
9369 	struct cil_tree *test_tree;
9370 	gen_test_tree(&test_tree, line);
9371 
9372 	struct cil_db *test_db;
9373 	cil_db_init(&test_db);
9374 
9375 	uint32_t changed = CIL_FALSE;
9376 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9377 
9378 	uint32_t finished = 0;
9379 
9380 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9381 
9382 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9383 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9384 	CuAssertIntEquals(tc, 0, finished);
9385 }
9386 
test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest * tc)9387 void test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest *tc) {
9388 	char *line[] = {"(", "role", "foo_r", ")",
9389 			"(", "type", "bar_t", ")",
9390 			"(", "class", "process", "(", "transition", ")", ")",
9391 			"(", "roletransition", "foo_r", "bar_t", "process", "foobar_r", ")", NULL};
9392 
9393 	struct cil_tree *test_tree;
9394 	gen_test_tree(&test_tree, line);
9395 
9396 	struct cil_db *test_db;
9397 	cil_db_init(&test_db);
9398 
9399 	uint32_t changed = CIL_FALSE;
9400 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9401 
9402 	uint32_t finished = 0;
9403 
9404 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9405 
9406 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9407 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9408 	CuAssertIntEquals(tc, 0, finished);
9409 }
9410 
test_cil_resolve_ast_node_helper_typeattributeset(CuTest * tc)9411 void test_cil_resolve_ast_node_helper_typeattributeset(CuTest *tc) {
9412 	char *line[] = {"(", "typeattribute", "attrs", ")",
9413 			"(", "type", "type_t", ")",
9414 			"(", "type", "type_tt", ")",
9415 			"(", "typeattributeset", "attrs", "(", "type_t", "type_tt", ")", ")", NULL};
9416 
9417 	struct cil_tree *test_tree;
9418 	gen_test_tree(&test_tree, line);
9419 
9420 	struct cil_db *test_db;
9421 	cil_db_init(&test_db);
9422 
9423 	uint32_t changed = CIL_FALSE;
9424 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9425 
9426 	uint32_t finished = 0;
9427 
9428 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9429 
9430 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9431 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9432 	CuAssertIntEquals(tc, 0, finished);
9433 }
9434 
test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest * tc)9435 void test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest *tc) {
9436 	char *line[] = {"(", "typeattribute", "attrs", ")",
9437 			"(", "type", "type_t", ")",
9438 			"(", "typeattributeset", "attrs", "(", "not", "t_t", ")", ")", NULL};
9439 
9440 	struct cil_tree *test_tree;
9441 	gen_test_tree(&test_tree, line);
9442 
9443 	struct cil_db *test_db;
9444 	cil_db_init(&test_db);
9445 
9446 	uint32_t changed = CIL_FALSE;
9447 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9448 
9449 	uint32_t finished = 0;
9450 
9451 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9452 
9453 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9454 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9455 	CuAssertIntEquals(tc, 0, finished);
9456 }
9457 
test_cil_resolve_ast_node_helper_typealias(CuTest * tc)9458 void test_cil_resolve_ast_node_helper_typealias(CuTest *tc) {
9459 	char *line[] = {"(", "block", "foo",
9460 				"(", "typealias", ".foo.test", "type_t", ")",
9461 				"(", "type", "test", ")", ")", NULL};
9462 
9463 	struct cil_tree *test_tree;
9464 	gen_test_tree(&test_tree, line);
9465 
9466 	struct cil_db *test_db;
9467 	cil_db_init(&test_db);
9468 
9469 	uint32_t changed = CIL_FALSE;
9470 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9471 
9472 	uint32_t finished = 0;
9473 
9474 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9475 
9476 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
9477 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9478 	CuAssertIntEquals(tc, 0, finished);
9479 }
9480 
test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest * tc)9481 void test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest *tc) {
9482 	char *line[] = {"(", "block", "bar",
9483 				"(", "typealias", ".bar.test", "type_t", ")", NULL};
9484 
9485 	struct cil_tree *test_tree;
9486 	gen_test_tree(&test_tree, line);
9487 
9488 	struct cil_db *test_db;
9489 	cil_db_init(&test_db);
9490 
9491 	uint32_t changed = CIL_FALSE;
9492 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
9493 
9494 	uint32_t finished = 0;
9495 
9496 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9497 
9498 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->cl_head, &finished, args);
9499 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9500 	CuAssertIntEquals(tc, 0, finished);
9501 }
9502 
test_cil_resolve_ast_node_helper_typebounds(CuTest * tc)9503 void test_cil_resolve_ast_node_helper_typebounds(CuTest *tc) {
9504 	char *line[] = {"(", "type", "type_a", ")",
9505 			"(", "type", "type_b", ")",
9506 			"(", "typebounds", "type_a", "type_b", ")", NULL};
9507 
9508 	struct cil_tree *test_tree;
9509 	gen_test_tree(&test_tree, line);
9510 
9511 	struct cil_db *test_db;
9512 	cil_db_init(&test_db);
9513 
9514 	uint32_t changed = CIL_FALSE;
9515 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9516 
9517 	uint32_t finished = 0;
9518 
9519 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9520 
9521 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9522 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9523 	CuAssertIntEquals(tc, 0, finished);
9524 }
9525 
test_cil_resolve_ast_node_helper_typebounds_neg(CuTest * tc)9526 void test_cil_resolve_ast_node_helper_typebounds_neg(CuTest *tc) {
9527 	char *line[] = {"(", "type", "type_b", ")",
9528 			"(", "typebounds", "type_a", "type_b", ")", NULL};
9529 
9530 	struct cil_tree *test_tree;
9531 	gen_test_tree(&test_tree, line);
9532 
9533 	struct cil_db *test_db;
9534 	cil_db_init(&test_db);
9535 
9536 	uint32_t changed = CIL_FALSE;
9537 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9538 
9539 	uint32_t finished = 0;
9540 
9541 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9542 
9543 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9544 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9545 	CuAssertIntEquals(tc, 0, finished);
9546 }
9547 
test_cil_resolve_ast_node_helper_typepermissive(CuTest * tc)9548 void test_cil_resolve_ast_node_helper_typepermissive(CuTest *tc) {
9549 	char *line[] = {"(", "type", "type_a", ")",
9550 			"(", "typepermissive", "type_a", ")", NULL};
9551 
9552 	struct cil_tree *test_tree;
9553 	gen_test_tree(&test_tree, line);
9554 
9555 	struct cil_db *test_db;
9556 	cil_db_init(&test_db);
9557 
9558 	uint32_t changed = CIL_FALSE;
9559 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9560 	uint32_t finished = 0;
9561 
9562 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9563 
9564 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9565 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9566 	CuAssertIntEquals(tc, 0, finished);
9567 }
9568 
test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest * tc)9569 void test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest *tc) {
9570 	char *line[] = {"(", "type", "type_b", ")",
9571 			"(", "typepermissive", "type_a", ")", NULL};
9572 
9573 	struct cil_tree *test_tree;
9574 	gen_test_tree(&test_tree, line);
9575 
9576 	struct cil_db *test_db;
9577 	cil_db_init(&test_db);
9578 
9579 	uint32_t changed = CIL_FALSE;
9580 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9581 
9582 	uint32_t finished = 0;
9583 
9584 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9585 
9586 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9587 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9588 	CuAssertIntEquals(tc, 0, finished);
9589 }
9590 
test_cil_resolve_ast_node_helper_rangetransition(CuTest * tc)9591 void test_cil_resolve_ast_node_helper_rangetransition(CuTest *tc) {
9592 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
9593 			"(", "type", "type_a", ")",
9594 			"(", "type", "type_b", ")",
9595 			"(", "sensitivity", "s0", ")",
9596 			"(", "category", "c0", ")",
9597 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9598 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9599 			"(", "rangetransition", "type_a", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
9600 
9601 	struct cil_tree *test_tree;
9602 	gen_test_tree(&test_tree, line);
9603 
9604 	struct cil_db *test_db;
9605 	cil_db_init(&test_db);
9606 
9607 	uint32_t changed = CIL_FALSE;
9608 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9609 
9610 	uint32_t finished = 0;
9611 
9612 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9613 
9614 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
9615 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9616 	CuAssertIntEquals(tc, 0, finished);
9617 }
9618 
test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest * tc)9619 void test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest *tc) {
9620 	char *line[] = {"(", "class", "class_", "(", "read", ")", ")",
9621 			"(", "type", "type_a", ")",
9622 			"(", "type", "type_b", ")",
9623 			"(", "sensitivity", "s0", ")",
9624 			"(", "category", "c0", ")",
9625 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
9626 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
9627 			"(", "rangetransition", "type_DNE", "type_b", "class_", "(", "low", "high", ")", ")", NULL};
9628 
9629 	struct cil_tree *test_tree;
9630 	gen_test_tree(&test_tree, line);
9631 
9632 	struct cil_db *test_db;
9633 	cil_db_init(&test_db);
9634 
9635 	uint32_t changed = CIL_FALSE;
9636 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9637 
9638 	uint32_t finished = 0;
9639 
9640 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9641 
9642 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
9643 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9644 	CuAssertIntEquals(tc, 0, finished);
9645 }
9646 
test_cil_resolve_ast_node_helper_nametypetransition(CuTest * tc)9647 void test_cil_resolve_ast_node_helper_nametypetransition(CuTest *tc) {
9648 	char *line[] = {"(", "type", "foo", ")",
9649 			"(", "type", "bar", ")",
9650 			"(", "class", "file", "(", "read", ")", ")",
9651 			"(", "type", "foobar", ")",
9652 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobar", ")", NULL};
9653 
9654 	struct cil_tree *test_tree;
9655 	gen_test_tree(&test_tree, line);
9656 
9657 	struct cil_db *test_db;
9658 	cil_db_init(&test_db);
9659 
9660 	uint32_t changed = CIL_FALSE;
9661 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9662 
9663 	uint32_t finished = 0;
9664 
9665 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9666 
9667 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9668 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9669 	CuAssertIntEquals(tc, 0, finished);
9670 }
9671 
test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest * tc)9672 void test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest *tc) {
9673 	char *line[] = {"(", "type", "foo", ")",
9674 			"(", "type", "bar", ")",
9675 			"(", "class", "file", "(", "read", ")", ")",
9676 			"(", "type", "foobar", ")",
9677 			"(", "nametypetransition", "str", "foo", "bar", "file", "foobarrr", ")", NULL};
9678 
9679 	struct cil_tree *test_tree;
9680 	gen_test_tree(&test_tree, line);
9681 
9682 	struct cil_db *test_db;
9683 	cil_db_init(&test_db);
9684 
9685 	uint32_t changed = CIL_FALSE;
9686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9687 
9688 	uint32_t finished = 0;
9689 
9690 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9691 
9692 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9693 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9694 	CuAssertIntEquals(tc, 0, finished);
9695 }
9696 
test_cil_resolve_ast_node_helper_avrule(CuTest * tc)9697 void test_cil_resolve_ast_node_helper_avrule(CuTest *tc) {
9698 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
9699 	                "(", "type", "test", ")",
9700 			"(", "type", "foo", ")",
9701 	                "(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9702 
9703 	struct cil_tree *test_tree;
9704 	gen_test_tree(&test_tree, line);
9705 
9706 	struct cil_db *test_db;
9707 	cil_db_init(&test_db);
9708 
9709 	uint32_t changed = CIL_FALSE;
9710 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9711 
9712 	uint32_t finished = 0;
9713 
9714 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9715 
9716 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9717 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9718 	CuAssertIntEquals(tc, 0, finished);
9719 }
9720 
test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest * tc)9721 void test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest *tc) {
9722 	char *line[] = {"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9723 
9724 	struct cil_tree *test_tree;
9725 	gen_test_tree(&test_tree, line);
9726 
9727 	struct cil_db *test_db;
9728 	cil_db_init(&test_db);
9729 
9730 	uint32_t changed = CIL_FALSE;
9731 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9732 
9733 	uint32_t finished = 0;
9734 
9735 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9736 
9737 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
9738 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9739 	CuAssertIntEquals(tc, 0, finished);
9740 }
9741 
test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest * tc)9742 void test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest *tc) {
9743 	char *line[] = {"(", "type", "test", ")",
9744 			"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9745 
9746 	struct cil_tree *test_tree;
9747 	gen_test_tree(&test_tree, line);
9748 
9749 	struct cil_db *test_db;
9750 	cil_db_init(&test_db);
9751 
9752 	uint32_t changed = CIL_FALSE;
9753 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9754 
9755 	uint32_t finished = 0;
9756 
9757 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9758 
9759 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
9760 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9761 	CuAssertIntEquals(tc, 0, finished);
9762 }
9763 
test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest * tc)9764 void test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest *tc) {
9765 	char *line[] = {"(", "type", "test", ")",
9766 			"(", "type", "foo", ")",
9767 			"(", "allow", "test", "foo", "(", "bar", "(", "read", "write", ")", ")", ")", NULL};
9768 
9769 	struct cil_tree *test_tree;
9770 	gen_test_tree(&test_tree, line);
9771 
9772 	struct cil_db *test_db;
9773 	cil_db_init(&test_db);
9774 
9775 	uint32_t changed = CIL_FALSE;
9776 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9777 
9778 	uint32_t finished = 0;
9779 
9780 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9781 
9782 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9783 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9784 	CuAssertIntEquals(tc, 0, finished);
9785 }
9786 
test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest * tc)9787 void test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest *tc) {
9788 	char *line[] = {"(", "class", "bar", "(", "read", "write", "open", ")", ")",
9789 	                "(", "type", "test", ")", "(", "type", "foo", ")",
9790 	                "(", "allow", "test", "foo", "(", "bar", "(","fake", ")", ")", ")", NULL};
9791 
9792 	struct cil_tree *test_tree;
9793 	gen_test_tree(&test_tree, line);
9794 
9795 	struct cil_db *test_db;
9796 	cil_db_init(&test_db);
9797 
9798 	uint32_t changed = CIL_FALSE;
9799 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9800 
9801 	uint32_t finished = 0;
9802 
9803 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9804 
9805 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9806 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9807 	CuAssertIntEquals(tc, 0, finished);
9808 }
9809 
test_cil_resolve_ast_node_helper_type_rule_transition(CuTest * tc)9810 void test_cil_resolve_ast_node_helper_type_rule_transition(CuTest *tc) {
9811 	char *line[] = {"(", "type", "foo", ")",
9812 			"(", "type", "bar", ")",
9813 			"(", "class", "file", "(", "write", ")", ")",
9814 			"(", "type", "foobar", ")",
9815 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
9816 
9817 	struct cil_tree *test_tree;
9818 	gen_test_tree(&test_tree, line);
9819 
9820 	struct cil_db *test_db;
9821 	cil_db_init(&test_db);
9822 
9823 	uint32_t changed = CIL_FALSE;
9824 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9825 
9826 	uint32_t finished = 0;
9827 
9828 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9829 
9830 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9831 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9832 	CuAssertIntEquals(tc, 0, finished);
9833 }
9834 
test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest * tc)9835 void test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest *tc) {
9836 	char *line[] = {"(", "type", "foo", ")",
9837 			"(", "class", "file", "(", "write", ")", ")",
9838 			"(", "type", "foobar", ")",
9839 			"(", "typetransition", "foo", "bar", "file", "foobar", ")", NULL};
9840 
9841 	struct cil_tree *test_tree;
9842 	gen_test_tree(&test_tree, line);
9843 
9844 	struct cil_db *test_db;
9845 	cil_db_init(&test_db);
9846 
9847 	uint32_t changed = CIL_FALSE;
9848 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9849 
9850 	uint32_t finished = 0;
9851 
9852 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9853 
9854 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9855 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9856 	CuAssertIntEquals(tc, 0, finished);
9857 }
9858 
test_cil_resolve_ast_node_helper_type_rule_change(CuTest * tc)9859 void test_cil_resolve_ast_node_helper_type_rule_change(CuTest *tc) {
9860 	char *line[] = {"(", "type", "foo", ")",
9861 			"(", "type", "bar", ")",
9862 			"(", "class", "file", "(", "write", ")", ")",
9863 			"(", "type", "foobar", ")",
9864 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
9865 
9866 	struct cil_tree *test_tree;
9867 	gen_test_tree(&test_tree, line);
9868 
9869 	struct cil_db *test_db;
9870 	cil_db_init(&test_db);
9871 
9872 	uint32_t changed = CIL_FALSE;
9873 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9874 
9875 	uint32_t finished = 0;
9876 
9877 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9878 
9879 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9880 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9881 	CuAssertIntEquals(tc, 0, finished);
9882 }
9883 
test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest * tc)9884 void test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest *tc) {
9885 	char *line[] = {"(", "type", "foo", ")",
9886 			"(", "class", "file", "(", "write", ")", ")",
9887 			"(", "type", "foobar", ")",
9888 			"(", "typechange", "foo", "bar", "file", "foobar", ")", NULL};
9889 
9890 	struct cil_tree *test_tree;
9891 	gen_test_tree(&test_tree, line);
9892 
9893 	struct cil_db *test_db;
9894 	cil_db_init(&test_db);
9895 
9896 	uint32_t changed = CIL_FALSE;
9897 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9898 
9899 	uint32_t finished = 0;
9900 
9901 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9902 
9903 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9904 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9905 	CuAssertIntEquals(tc, 0, finished);
9906 }
9907 
test_cil_resolve_ast_node_helper_type_rule_member(CuTest * tc)9908 void test_cil_resolve_ast_node_helper_type_rule_member(CuTest *tc) {
9909 	char *line[] = {"(", "type", "foo", ")",
9910 			"(", "type", "bar", ")",
9911 			"(", "class", "file", "(", "write", ")", ")",
9912 			"(", "type", "foobar", ")",
9913 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
9914 
9915 	struct cil_tree *test_tree;
9916 	gen_test_tree(&test_tree, line);
9917 
9918 	struct cil_db *test_db;
9919 	cil_db_init(&test_db);
9920 
9921 	uint32_t changed = CIL_FALSE;
9922 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9923 
9924 	uint32_t finished = 0;
9925 
9926 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9927 
9928 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next, &finished, args);
9929 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9930 	CuAssertIntEquals(tc, 0, finished);
9931 }
9932 
test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest * tc)9933 void test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest *tc) {
9934 	char *line[] = {"(", "type", "foo", ")",
9935 			"(", "class", "file", "(", "write", ")", ")",
9936 			"(", "type", "foobar", ")",
9937 			"(", "typemember", "foo", "bar", "file", "foobar", ")", NULL};
9938 
9939 	struct cil_tree *test_tree;
9940 	gen_test_tree(&test_tree, line);
9941 
9942 	struct cil_db *test_db;
9943 	cil_db_init(&test_db);
9944 
9945 	uint32_t changed = CIL_FALSE;
9946 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9947 
9948 	uint32_t finished = 0;
9949 
9950 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9951 
9952 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
9953 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
9954 	CuAssertIntEquals(tc, 0, finished);
9955 }
9956 
test_cil_resolve_ast_node_helper_userbounds(CuTest * tc)9957 void test_cil_resolve_ast_node_helper_userbounds(CuTest *tc) {
9958 	char *line[] = {"(", "user", "user1", ")",
9959 			"(", "user", "user2", ")",
9960 			"(", "userbounds", "user1", "user2", ")", NULL};
9961 
9962 	struct cil_tree *test_tree;
9963 	gen_test_tree(&test_tree, line);
9964 
9965 	struct cil_db *test_db;
9966 	cil_db_init(&test_db);
9967 
9968 	struct cil_tree_node *test_ast_node;
9969 	cil_tree_node_init(&test_ast_node);
9970 
9971 	uint32_t finished = 0;
9972 
9973 	uint32_t changed = CIL_FALSE;
9974 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
9975 
9976 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
9977 
9978 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
9979 	CuAssertIntEquals(tc, 0, finished);
9980 	CuAssertIntEquals(tc, SEPOL_OK, rc);
9981 }
9982 
test_cil_resolve_ast_node_helper_userbounds_neg(CuTest * tc)9983 void test_cil_resolve_ast_node_helper_userbounds_neg(CuTest *tc) {
9984 	char *line[] = {"(", "user", "user1", ")",
9985 			"(", "userbounds", "user1", "user2", ")", NULL};
9986 
9987 	struct cil_tree *test_tree;
9988 	gen_test_tree(&test_tree, line);
9989 
9990 	struct cil_db *test_db;
9991 	cil_db_init(&test_db);
9992 
9993 	struct cil_tree_node *test_ast_node;
9994 	cil_tree_node_init(&test_ast_node);
9995 
9996 	uint32_t finished = 0;
9997 
9998 	uint32_t changed = CIL_FALSE;
9999 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10000 
10001 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10002 
10003 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10004 	CuAssertIntEquals(tc, 0, finished);
10005 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10006 }
10007 
test_cil_resolve_ast_node_helper_roletype(CuTest * tc)10008 void test_cil_resolve_ast_node_helper_roletype(CuTest *tc) {
10009 	char *line[] = {"(", "role",  "admin_r", ")",
10010 			"(", "type", "admin_t", ")",
10011 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
10012 
10013 	struct cil_tree *test_tree;
10014 	gen_test_tree(&test_tree, line);
10015 
10016 	struct cil_db *test_db;
10017 	cil_db_init(&test_db);
10018 
10019 	struct cil_tree_node *test_ast_node;
10020 	cil_tree_node_init(&test_ast_node);
10021 
10022 	uint32_t finished = 0;
10023 
10024 	uint32_t changed = CIL_FALSE;
10025 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10026 
10027 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10028 
10029 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10030 	CuAssertIntEquals(tc, 0, finished);
10031 	CuAssertIntEquals(tc, SEPOL_OK, rc);
10032 }
10033 
test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest * tc)10034 void test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest *tc) {
10035 	char *line[] = {"(", "type", "admin_t", ")",
10036 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
10037 
10038 	struct cil_tree *test_tree;
10039 	gen_test_tree(&test_tree, line);
10040 
10041 	struct cil_db *test_db;
10042 	cil_db_init(&test_db);
10043 
10044 	struct cil_tree_node *test_ast_node;
10045 	cil_tree_node_init(&test_ast_node);
10046 
10047 	uint32_t finished = 0;
10048 
10049 	uint32_t changed = CIL_FALSE;
10050 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10051 
10052 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10053 
10054 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10055 	CuAssertIntEquals(tc, 0, finished);
10056 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10057 }
10058 
test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest * tc)10059 void test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest *tc) {
10060 	char *line[] = {"(", "role", "admin_r", ")",
10061 			"(", "roletype", "admin_r", "admin_t", ")", NULL};
10062 
10063 	struct cil_tree *test_tree;
10064 	gen_test_tree(&test_tree, line);
10065 
10066 	struct cil_db *test_db;
10067 	cil_db_init(&test_db);
10068 
10069 	struct cil_tree_node *test_ast_node;
10070 	cil_tree_node_init(&test_ast_node);
10071 
10072 	uint32_t finished = 0;
10073 
10074 	uint32_t changed = CIL_FALSE;
10075 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10076 
10077 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10078 
10079 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10080 	CuAssertIntEquals(tc, 0, finished);
10081 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10082 }
10083 
test_cil_resolve_ast_node_helper_userrole(CuTest * tc)10084 void test_cil_resolve_ast_node_helper_userrole(CuTest *tc) {
10085 	char *line[] = {"(", "role",  "staff_r", ")",
10086 			"(", "user", "staff_u", ")",
10087 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
10088 
10089 	struct cil_tree *test_tree;
10090 	gen_test_tree(&test_tree, line);
10091 
10092 	struct cil_db *test_db;
10093 	cil_db_init(&test_db);
10094 
10095 	struct cil_tree_node *test_ast_node;
10096 	cil_tree_node_init(&test_ast_node);
10097 
10098 	uint32_t finished = 0;
10099 
10100 	uint32_t changed = CIL_FALSE;
10101 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10102 
10103 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10104 
10105 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10106 	CuAssertIntEquals(tc, 0, finished);
10107 	CuAssertIntEquals(tc, SEPOL_OK, rc);
10108 }
10109 
test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest * tc)10110 void test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest *tc) {
10111 	char *line[] = {"(", "role",  "staff_r", ")",
10112 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
10113 
10114 	struct cil_tree *test_tree;
10115 	gen_test_tree(&test_tree, line);
10116 
10117 	struct cil_db *test_db;
10118 	cil_db_init(&test_db);
10119 
10120 	struct cil_tree_node *test_ast_node;
10121 	cil_tree_node_init(&test_ast_node);
10122 
10123 	uint32_t finished = 0;
10124 
10125 	uint32_t changed = CIL_FALSE;
10126 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10127 
10128 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10129 
10130 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10131 	CuAssertIntEquals(tc, 0, finished);
10132 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10133 }
10134 
test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest * tc)10135 void test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest *tc) {
10136 	char *line[] = {"(", "user",  "staff_u", ")",
10137 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
10138 
10139 	struct cil_tree *test_tree;
10140 	gen_test_tree(&test_tree, line);
10141 
10142 	struct cil_db *test_db;
10143 	cil_db_init(&test_db);
10144 
10145 	struct cil_tree_node *test_ast_node;
10146 	cil_tree_node_init(&test_ast_node);
10147 
10148 	uint32_t finished = 0;
10149 
10150 	uint32_t changed = CIL_FALSE;
10151 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10152 
10153 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10154 
10155 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10156 	CuAssertIntEquals(tc, 0, finished);
10157 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10158 }
10159 
test_cil_resolve_ast_node_helper_userlevel(CuTest * tc)10160 void test_cil_resolve_ast_node_helper_userlevel(CuTest *tc) {
10161 	char *line[] = {"(", "user",  "foo_u", ")",
10162 			"(", "category", "c0", ")",
10163 			"(", "sensitivity", "s0", ")",
10164 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10165 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10166 			"(", "userlevel", "foo_u", "low", ")", NULL};
10167 
10168 	struct cil_tree *test_tree;
10169 	gen_test_tree(&test_tree, line);
10170 
10171 	struct cil_db *test_db;
10172 	cil_db_init(&test_db);
10173 
10174 	struct cil_tree_node *test_ast_node;
10175 	cil_tree_node_init(&test_ast_node);
10176 
10177 	uint32_t finished = 0;
10178 
10179 	uint32_t changed = CIL_FALSE;
10180 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10181 
10182 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10183 
10184 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10185 	CuAssertIntEquals(tc, 0, finished);
10186 	CuAssertIntEquals(tc, SEPOL_OK, rc);
10187 }
10188 
test_cil_resolve_ast_node_helper_userlevel_neg(CuTest * tc)10189 void test_cil_resolve_ast_node_helper_userlevel_neg(CuTest *tc) {
10190 	char *line[] = {"(", "user",  "foo_u", ")",
10191 			"(", "category", "c0", ")",
10192 			"(", "sensitivity", "s0", ")",
10193 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10194 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10195 			"(", "userlevel", "DNE", "low", ")", NULL};
10196 
10197 	struct cil_tree *test_tree;
10198 	gen_test_tree(&test_tree, line);
10199 
10200 	struct cil_db *test_db;
10201 	cil_db_init(&test_db);
10202 
10203 	struct cil_tree_node *test_ast_node;
10204 	cil_tree_node_init(&test_ast_node);
10205 
10206 	uint32_t finished = 0;
10207 
10208 	uint32_t changed = CIL_FALSE;
10209 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10210 
10211 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10212 
10213 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10214 	CuAssertIntEquals(tc, 0, finished);
10215 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10216 }
10217 
test_cil_resolve_ast_node_helper_userrange(CuTest * tc)10218 void test_cil_resolve_ast_node_helper_userrange(CuTest *tc) {
10219 	char *line[] = {"(", "user",  "foo_u", ")",
10220 			"(", "category", "c0", ")",
10221 			"(", "sensitivity", "s0", ")",
10222 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10223 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
10224 			"(", "userrange", "foo_u", "range", ")", NULL};
10225 
10226 	struct cil_tree *test_tree;
10227 	gen_test_tree(&test_tree, line);
10228 
10229 	struct cil_db *test_db;
10230 	cil_db_init(&test_db);
10231 
10232 	struct cil_tree_node *test_ast_node;
10233 	cil_tree_node_init(&test_ast_node);
10234 
10235 	uint32_t finished = 0;
10236 
10237 	uint32_t changed = CIL_FALSE;
10238 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10239 
10240 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10241 
10242 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10243 	CuAssertIntEquals(tc, 0, finished);
10244 	CuAssertIntEquals(tc, SEPOL_OK, rc);
10245 }
10246 
test_cil_resolve_ast_node_helper_userrange_neg(CuTest * tc)10247 void test_cil_resolve_ast_node_helper_userrange_neg(CuTest *tc) {
10248 	char *line[] = {"(", "user",  "foo_u", ")",
10249 			"(", "category", "c0", ")",
10250 			"(", "sensitivity", "s0", ")",
10251 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10252 			"(", "levelrange", "range", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
10253 			"(", "userrange", "DNE", "range", ")", NULL};
10254 
10255 	struct cil_tree *test_tree;
10256 	gen_test_tree(&test_tree, line);
10257 
10258 	struct cil_db *test_db;
10259 	cil_db_init(&test_db);
10260 
10261 	struct cil_tree_node *test_ast_node;
10262 	cil_tree_node_init(&test_ast_node);
10263 
10264 	uint32_t finished = 0;
10265 
10266 	uint32_t changed = CIL_FALSE;
10267 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10268 
10269 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10270 
10271 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next, &finished, args);
10272 	CuAssertIntEquals(tc, 0, finished);
10273 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10274 }
10275 
test_cil_resolve_ast_node_helper_filecon(CuTest * tc)10276 void test_cil_resolve_ast_node_helper_filecon(CuTest *tc) {
10277 	char *line[] = {"(", "user", "user_u", ")",
10278 			"(", "role", "role_r", ")",
10279 			"(", "type", "type_t", ")",
10280 			"(", "category", "c0", ")",
10281 			"(", "sensitivity", "s0", ")",
10282 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10283 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10284 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10285 			"(", "filecon", "root", "path", "file", "con", ")", NULL};
10286 
10287 	struct cil_tree *test_tree;
10288         gen_test_tree(&test_tree, line);
10289 
10290         struct cil_db *test_db;
10291         cil_db_init(&test_db);
10292 
10293 	uint32_t changed = CIL_FALSE;
10294 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10295 
10296         uint32_t finished = 0;
10297 
10298         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10299 
10300         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10301         CuAssertIntEquals(tc, SEPOL_OK, rc);
10302         CuAssertIntEquals(tc, 0, finished);
10303 }
10304 
test_cil_resolve_ast_node_helper_filecon_neg(CuTest * tc)10305 void test_cil_resolve_ast_node_helper_filecon_neg(CuTest *tc) {
10306 	char *line[] = {"(", "user", "user_u", ")",
10307 			"(", "role", "role_r", ")",
10308 			"(", "type", "type_t", ")",
10309 			"(", "category", "c0", ")",
10310 			"(", "sensitivity", "s0", ")",
10311 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10312 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10313 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10314 			"(", "filecon", "root", "path", "file", "foo", ")", NULL};
10315 
10316         struct cil_tree *test_tree;
10317         gen_test_tree(&test_tree, line);
10318 
10319         struct cil_db *test_db;
10320         cil_db_init(&test_db);
10321 
10322 	uint32_t changed = CIL_FALSE;
10323 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10324 
10325         uint32_t finished = 0;
10326 
10327         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10328 
10329         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10330         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10331         CuAssertIntEquals(tc, 0, finished);
10332 }
10333 
test_cil_resolve_ast_node_helper_portcon(CuTest * tc)10334 void test_cil_resolve_ast_node_helper_portcon(CuTest *tc) {
10335 	char *line[] = {"(", "user", "user_u", ")",
10336 			"(", "role", "role_r", ")",
10337 			"(", "type", "type_t", ")",
10338 			"(", "category", "c0", ")",
10339 			"(", "sensitivity", "s0", ")",
10340 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10341 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10342 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10343 			"(", "portcon", "udp", "25", "con", ")", NULL};
10344 
10345 	struct cil_tree *test_tree;
10346         gen_test_tree(&test_tree, line);
10347 
10348         struct cil_db *test_db;
10349         cil_db_init(&test_db);
10350 
10351 	uint32_t changed = CIL_FALSE;
10352 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10353 
10354         uint32_t finished = 0;
10355 
10356         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10357 
10358         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10359         CuAssertIntEquals(tc, SEPOL_OK, rc);
10360         CuAssertIntEquals(tc, 0, finished);
10361 }
10362 
test_cil_resolve_ast_node_helper_portcon_neg(CuTest * tc)10363 void test_cil_resolve_ast_node_helper_portcon_neg(CuTest *tc) {
10364 	char *line[] = {"(", "user", "user_u", ")",
10365 			"(", "role", "role_r", ")",
10366 			"(", "type", "type_t", ")",
10367 			"(", "category", "c0", ")",
10368 			"(", "sensitivity", "s0", ")",
10369 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10370 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10371 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10372 			"(", "portcon", "udp", "25", "foo", ")", NULL};
10373 
10374         struct cil_tree *test_tree;
10375         gen_test_tree(&test_tree, line);
10376 
10377         struct cil_db *test_db;
10378         cil_db_init(&test_db);
10379 
10380 	uint32_t changed = CIL_FALSE;
10381 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10382 
10383         uint32_t finished = 0;
10384 
10385         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10386 
10387         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10388         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10389         CuAssertIntEquals(tc, 0, finished);
10390 }
10391 
test_cil_resolve_ast_node_helper_genfscon(CuTest * tc)10392 void test_cil_resolve_ast_node_helper_genfscon(CuTest *tc) {
10393 	char *line[] = {"(", "user", "user_u", ")",
10394 			"(", "role", "role_r", ")",
10395 			"(", "type", "type_t", ")",
10396 			"(", "category", "c0", ")",
10397 			"(", "sensitivity", "s0", ")",
10398 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10399 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10400 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10401 			"(", "genfscon", "type", "path", "con", ")", NULL};
10402 
10403 	struct cil_tree *test_tree;
10404         gen_test_tree(&test_tree, line);
10405 
10406         struct cil_db *test_db;
10407         cil_db_init(&test_db);
10408 
10409 	uint32_t changed = CIL_FALSE;
10410 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10411 
10412         uint32_t finished = 0;
10413 
10414         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10415 
10416         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10417         CuAssertIntEquals(tc, SEPOL_OK, rc);
10418         CuAssertIntEquals(tc, 0, finished);
10419 }
10420 
test_cil_resolve_ast_node_helper_genfscon_neg(CuTest * tc)10421 void test_cil_resolve_ast_node_helper_genfscon_neg(CuTest *tc) {
10422 	char *line[] = {"(", "user", "user_u", ")",
10423 			"(", "role", "role_r", ")",
10424 			"(", "type", "type_t", ")",
10425 			"(", "category", "c0", ")",
10426 			"(", "sensitivity", "s0", ")",
10427 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10428 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10429 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10430 			"(", "genfscon", "type", "path", "foo", ")", NULL};
10431 
10432         struct cil_tree *test_tree;
10433         gen_test_tree(&test_tree, line);
10434 
10435         struct cil_db *test_db;
10436         cil_db_init(&test_db);
10437 
10438 	uint32_t changed = CIL_FALSE;
10439 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10440 
10441         uint32_t finished = 0;
10442 
10443         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10444 
10445         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next, &finished, args);
10446         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10447         CuAssertIntEquals(tc, 0, finished);
10448 }
10449 
test_cil_resolve_ast_node_helper_nodecon(CuTest * tc)10450 void test_cil_resolve_ast_node_helper_nodecon(CuTest *tc) {
10451 	char *line[] = {"(", "user", "user_u", ")",
10452 			"(", "role", "role_r", ")",
10453 			"(", "type", "type_t", ")",
10454 			"(", "category", "c0", ")",
10455 			"(", "sensitivity", "s0", ")",
10456 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10457 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10458 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10459 			"(", "ipaddr", "ip", "192.168.1.1", ")",
10460 			"(", "nodecon", "ip", "ip", "con", ")", NULL};
10461 
10462 	struct cil_tree *test_tree;
10463         gen_test_tree(&test_tree, line);
10464 
10465         struct cil_db *test_db;
10466         cil_db_init(&test_db);
10467 
10468 	uint32_t changed = CIL_FALSE;
10469 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10470 
10471         uint32_t finished = 0;
10472 
10473         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10474 
10475         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10476         CuAssertIntEquals(tc, SEPOL_OK, rc);
10477         CuAssertIntEquals(tc, 0, finished);
10478 }
10479 
test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest * tc)10480 void test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest *tc) {
10481 	char *line[] = {"(", "user", "user_u", ")",
10482 			"(", "role", "role_r", ")",
10483 			"(", "type", "type_t", ")",
10484 			"(", "category", "c0", ")",
10485 			"(", "sensitivity", "s0", ")",
10486 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10487 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10488 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10489 			"(", "ipaddr", "ip", "192.168.1.1", ")",
10490 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
10491 			"(", "nodecon", "ipp", "netmask", "foo", ")", NULL};
10492 
10493         struct cil_tree *test_tree;
10494         gen_test_tree(&test_tree, line);
10495 
10496         struct cil_db *test_db;
10497         cil_db_init(&test_db);
10498 
10499 	uint32_t changed = CIL_FALSE;
10500 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10501 
10502         uint32_t finished = 0;
10503 
10504         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10505 
10506         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
10507         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10508         CuAssertIntEquals(tc, 0, finished);
10509 }
10510 
test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest * tc)10511 void test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest *tc) {
10512 	char *line[] = {"(", "user", "user_u", ")",
10513 			"(", "role", "role_r", ")",
10514 			"(", "type", "type_t", ")",
10515 			"(", "category", "c0", ")",
10516 			"(", "sensitivity", "s0", ")",
10517 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10518 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10519 			"(", "context", "con", "(", "user_u", "role_r", "type_t", "(", "low", "high", ")", ")", ")",
10520 			"(", "ipaddr", "ip", "192.168.1.1", ")",
10521 			"(", "ipaddr", "netmask", "192.168.1.1", ")",
10522 			"(", "nodecon", "ip", "nnetmask", "foo", ")", NULL};
10523 
10524         struct cil_tree *test_tree;
10525         gen_test_tree(&test_tree, line);
10526 
10527         struct cil_db *test_db;
10528         cil_db_init(&test_db);
10529 
10530 	uint32_t changed = CIL_FALSE;
10531 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10532 
10533         uint32_t finished = 0;
10534 
10535         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10536 
10537         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next->next, &finished, args);
10538         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10539         CuAssertIntEquals(tc, 0, finished);
10540 }
10541 
test_cil_resolve_ast_node_helper_netifcon(CuTest * tc)10542 void test_cil_resolve_ast_node_helper_netifcon(CuTest *tc) {
10543 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10544 			"(", "context", "packet_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10545 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10546 
10547 	struct cil_tree *test_tree;
10548         gen_test_tree(&test_tree, line);
10549 
10550         struct cil_db *test_db;
10551         cil_db_init(&test_db);
10552 
10553 	uint32_t changed = CIL_FALSE;
10554 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10555 
10556         uint32_t finished = 0;
10557 
10558         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10559 
10560         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10561         CuAssertIntEquals(tc, SEPOL_OK, rc);
10562         CuAssertIntEquals(tc, 0, finished);
10563 }
10564 
test_cil_resolve_ast_node_helper_netifcon_neg(CuTest * tc)10565 void test_cil_resolve_ast_node_helper_netifcon_neg(CuTest *tc) {
10566 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10567 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10568 
10569         struct cil_tree *test_tree;
10570         gen_test_tree(&test_tree, line);
10571 
10572         struct cil_db *test_db;
10573         cil_db_init(&test_db);
10574 
10575 	uint32_t changed = CIL_FALSE;
10576 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10577 
10578         uint32_t finished = 0;
10579 
10580         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10581 
10582         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10583         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10584         CuAssertIntEquals(tc, 0, finished);
10585 }
10586 
test_cil_resolve_ast_node_helper_pirqcon(CuTest * tc)10587 void test_cil_resolve_ast_node_helper_pirqcon(CuTest *tc) {
10588 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10589 			"(", "pirqcon", "1", "con", ")", NULL};
10590 
10591 	struct cil_tree *test_tree;
10592         gen_test_tree(&test_tree, line);
10593 
10594         struct cil_db *test_db;
10595         cil_db_init(&test_db);
10596 
10597 	uint32_t changed = CIL_FALSE;
10598 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10599 
10600         uint32_t finished = 0;
10601 
10602         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10603 
10604         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10605         CuAssertIntEquals(tc, SEPOL_OK, rc);
10606         CuAssertIntEquals(tc, 0, finished);
10607 }
10608 
test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest * tc)10609 void test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest *tc) {
10610 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10611 			"(", "pirqcon", "1", "dne", ")", NULL};
10612 
10613         struct cil_tree *test_tree;
10614         gen_test_tree(&test_tree, line);
10615 
10616         struct cil_db *test_db;
10617         cil_db_init(&test_db);
10618 
10619 	uint32_t changed = CIL_FALSE;
10620 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10621 
10622         uint32_t finished = 0;
10623 
10624         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10625 
10626         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10627         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10628         CuAssertIntEquals(tc, 0, finished);
10629 }
10630 
test_cil_resolve_ast_node_helper_iomemcon(CuTest * tc)10631 void test_cil_resolve_ast_node_helper_iomemcon(CuTest *tc) {
10632 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10633 			"(", "iomemcon", "1", "con", ")", NULL};
10634 
10635 	struct cil_tree *test_tree;
10636         gen_test_tree(&test_tree, line);
10637 
10638         struct cil_db *test_db;
10639         cil_db_init(&test_db);
10640 
10641 	uint32_t changed = CIL_FALSE;
10642 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10643 
10644         uint32_t finished = 0;
10645 
10646         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10647 
10648         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10649         CuAssertIntEquals(tc, SEPOL_OK, rc);
10650         CuAssertIntEquals(tc, 0, finished);
10651 }
10652 
test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest * tc)10653 void test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest *tc) {
10654 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10655 			"(", "iomemcon", "1", "dne", ")", NULL};
10656 
10657         struct cil_tree *test_tree;
10658         gen_test_tree(&test_tree, line);
10659 
10660         struct cil_db *test_db;
10661         cil_db_init(&test_db);
10662 
10663 	uint32_t changed = CIL_FALSE;
10664 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10665 
10666         uint32_t finished = 0;
10667 
10668         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10669 
10670         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10671         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10672         CuAssertIntEquals(tc, 0, finished);
10673 }
10674 
test_cil_resolve_ast_node_helper_ioportcon(CuTest * tc)10675 void test_cil_resolve_ast_node_helper_ioportcon(CuTest *tc) {
10676 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10677 			"(", "ioportcon", "1", "con", ")", NULL};
10678 
10679 	struct cil_tree *test_tree;
10680         gen_test_tree(&test_tree, line);
10681 
10682         struct cil_db *test_db;
10683         cil_db_init(&test_db);
10684 
10685 	uint32_t changed = CIL_FALSE;
10686 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10687 
10688         uint32_t finished = 0;
10689 
10690         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10691 
10692         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10693         CuAssertIntEquals(tc, SEPOL_OK, rc);
10694         CuAssertIntEquals(tc, 0, finished);
10695 }
10696 
test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest * tc)10697 void test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest *tc) {
10698 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10699 			"(", "ioportcon", "1", "dne", ")", NULL};
10700 
10701         struct cil_tree *test_tree;
10702         gen_test_tree(&test_tree, line);
10703 
10704         struct cil_db *test_db;
10705         cil_db_init(&test_db);
10706 
10707 	uint32_t changed = CIL_FALSE;
10708 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10709 
10710         uint32_t finished = 0;
10711 
10712         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10713 
10714         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10715         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10716         CuAssertIntEquals(tc, 0, finished);
10717 }
10718 
test_cil_resolve_ast_node_helper_pcidevicecon(CuTest * tc)10719 void test_cil_resolve_ast_node_helper_pcidevicecon(CuTest *tc) {
10720 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10721 			"(", "pcidevicecon", "1", "con", ")", NULL};
10722 
10723 	struct cil_tree *test_tree;
10724         gen_test_tree(&test_tree, line);
10725 
10726         struct cil_db *test_db;
10727         cil_db_init(&test_db);
10728 
10729 	uint32_t changed = CIL_FALSE;
10730 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10731 
10732         uint32_t finished = 0;
10733 
10734         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10735 
10736         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10737         CuAssertIntEquals(tc, SEPOL_OK, rc);
10738         CuAssertIntEquals(tc, 0, finished);
10739 }
10740 
test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest * tc)10741 void test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest *tc) {
10742 	char *line[] = {"(", "context", "con", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10743 			"(", "pcidevicecon", "1", "dne", ")", NULL};
10744 
10745         struct cil_tree *test_tree;
10746         gen_test_tree(&test_tree, line);
10747 
10748         struct cil_db *test_db;
10749         cil_db_init(&test_db);
10750 
10751 	uint32_t changed = CIL_FALSE;
10752 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10753 
10754         uint32_t finished = 0;
10755 
10756         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10757 
10758         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10759         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10760         CuAssertIntEquals(tc, 0, finished);
10761 }
10762 
test_cil_resolve_ast_node_helper_fsuse(CuTest * tc)10763 void test_cil_resolve_ast_node_helper_fsuse(CuTest *tc) {
10764 	char *line[] = {"(", "sensitivity", "s0", ")",
10765 			"(", "category", "c0", ")",
10766 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10767 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10768 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10769 			"(", "user", "system_u", ")",
10770 			"(", "role", "object_r", ")",
10771 			"(", "type", "netif_t", ")",
10772 			"(", "context", "con", "(", "system_u", "object_r", "netif_t", "(", "low", "high", ")", ")", ")",
10773 			"(", "fsuse", "xattr", "ext3", "con", ")", NULL};
10774 
10775 	struct cil_tree *test_tree;
10776         gen_test_tree(&test_tree, line);
10777 
10778         struct cil_db *test_db;
10779         cil_db_init(&test_db);
10780 
10781 	uint32_t changed = CIL_FALSE;
10782 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10783 
10784         uint32_t finished = 0;
10785 
10786         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10787 
10788         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10789         CuAssertIntEquals(tc, SEPOL_OK, rc);
10790         CuAssertIntEquals(tc, 0, finished);
10791 }
10792 
test_cil_resolve_ast_node_helper_fsuse_neg(CuTest * tc)10793 void test_cil_resolve_ast_node_helper_fsuse_neg(CuTest *tc) {
10794 	char *line[] = {"(", "context", "if_default", "(", "system_u", "object_r", "etc_t", "(", "low", "high", ")", ")", ")",
10795 			"(", "netifcon", "eth0", "if_default", "packet_default", ")", NULL};
10796 
10797         struct cil_tree *test_tree;
10798         gen_test_tree(&test_tree, line);
10799 
10800         struct cil_db *test_db;
10801         cil_db_init(&test_db);
10802 
10803 	uint32_t changed = CIL_FALSE;
10804 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10805 
10806         uint32_t finished = 0;
10807 
10808         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10809 
10810         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10811         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10812         CuAssertIntEquals(tc, 0, finished);
10813 }
10814 
test_cil_resolve_ast_node_helper_sidcontext(CuTest * tc)10815 void test_cil_resolve_ast_node_helper_sidcontext(CuTest *tc) {
10816 	char *line[] = {"(", "category", "c0", ")",
10817 			"(", "categoryorder", "(", "c0", ")", ")",
10818 			"(", "sensitivity", "s0", ")",
10819 			"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10820 			"(", "type", "blah_t", ")",
10821 			"(", "role", "blah_r", ")",
10822 			"(", "user", "blah_u", ")",
10823 			"(", "level", "low", "(", "s0", "(", "c0", ")", ")", ")",
10824 			"(", "level", "high", "(", "s0", "(", "c0", ")", ")", ")",
10825 			"(", "sid", "test", "(", "blah_u", "blah_r", "blah_t", "(", "low", "high", ")", ")", ")", NULL};
10826 
10827 	struct cil_tree *test_tree;
10828         gen_test_tree(&test_tree, line);
10829 
10830         struct cil_db *test_db;
10831         cil_db_init(&test_db);
10832 
10833 	uint32_t changed = CIL_FALSE;
10834 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10835 
10836         uint32_t finished = 0;
10837 
10838         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10839 
10840         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next->next->next, &finished, args);
10841         CuAssertIntEquals(tc, SEPOL_OK, rc);
10842         CuAssertIntEquals(tc, 0, finished);
10843 }
10844 
test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest * tc)10845 void test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest *tc) {
10846        	char *line[] = {"(", "category", "c0", ")",
10847                         "(", "categoryorder", "(", "c0", ")", ")",
10848                         "(", "sensitivity", "s0", ")",
10849                         "(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
10850                         "(", "type", "blah_t", ")",
10851                         "(", "role", "blah_r", ")",
10852                         "(", "user", "blah_u", ")",
10853                         "(", "sidcontext", "test", "(", "", "blah_r", "blah_t", "(", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")", ")", NULL};
10854 
10855         struct cil_tree *test_tree;
10856         gen_test_tree(&test_tree, line);
10857 
10858         struct cil_db *test_db;
10859         cil_db_init(&test_db);
10860 
10861 	uint32_t changed = CIL_FALSE;
10862 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10863 
10864         uint32_t finished = 0;
10865 
10866         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10867 
10868         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next->next->next->next->next, &finished, args);
10869         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10870         CuAssertIntEquals(tc, 0, finished);
10871 }
10872 
test_cil_resolve_ast_node_helper_blockinherit(CuTest * tc)10873 void test_cil_resolve_ast_node_helper_blockinherit(CuTest *tc) {
10874 	char *line[] = {"(", "block", "baz", "(", "type", "foo", ")", ")",
10875 			"(", "block", "bar", "(", "type", "a", ")",
10876 				"(", "blockinherit", "baz", ")", ")", NULL};
10877 
10878 	struct cil_tree *test_tree;
10879         gen_test_tree(&test_tree, line);
10880 
10881         struct cil_db *test_db;
10882         cil_db_init(&test_db);
10883 
10884 	uint32_t changed = CIL_FALSE;
10885 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_BLKIN, &changed, NULL, NULL, NULL);
10886 
10887         uint32_t finished = 0;
10888 
10889         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10890 
10891         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->cl_head->next, &finished, args);
10892         CuAssertIntEquals(tc, SEPOL_OK, rc);
10893         CuAssertIntEquals(tc, 0, finished);
10894 }
10895 
test_cil_resolve_ast_node_helper_classcommon(CuTest * tc)10896 void test_cil_resolve_ast_node_helper_classcommon(CuTest *tc) {
10897 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
10898 			"(", "common", "file", "(", "write", ")", ")",
10899 			"(", "classcommon", "file", "file", ")", NULL};
10900 
10901 	struct cil_tree *test_tree;
10902         gen_test_tree(&test_tree, line);
10903 
10904         struct cil_db *test_db;
10905         cil_db_init(&test_db);
10906 
10907 	uint32_t changed = CIL_FALSE;
10908 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
10909 
10910         uint32_t finished = 0;
10911 
10912         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10913 
10914         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10915         CuAssertIntEquals(tc, SEPOL_OK, rc);
10916         CuAssertIntEquals(tc, 0, finished);
10917 }
10918 
test_cil_resolve_ast_node_helper_classcommon_neg(CuTest * tc)10919 void test_cil_resolve_ast_node_helper_classcommon_neg(CuTest *tc) {
10920 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
10921 			"(", "classcommon", "file", "file", ")", NULL};
10922 
10923 	struct cil_tree *test_tree;
10924         gen_test_tree(&test_tree, line);
10925 
10926         struct cil_db *test_db;
10927         cil_db_init(&test_db);
10928 
10929 	uint32_t changed = CIL_FALSE;
10930 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, NULL, NULL);
10931 
10932         uint32_t finished = 0;
10933 
10934         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10935 
10936         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10937         CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10938         CuAssertIntEquals(tc, 0, finished);
10939 }
10940 
test_cil_resolve_ast_node_helper_rolebounds(CuTest * tc)10941 void test_cil_resolve_ast_node_helper_rolebounds(CuTest *tc) {
10942 	char *line[] = {"(", "role", "role1", ")",
10943 			"(", "role", "role2", ")",
10944 			"(", "rolebounds", "role1", "role2", ")", NULL};
10945 
10946 	struct cil_tree *test_tree;
10947 	gen_test_tree(&test_tree, line);
10948 
10949 	struct cil_db *test_db;
10950 	cil_db_init(&test_db);
10951 
10952 	struct cil_tree_node *test_ast_node;
10953 	cil_tree_node_init(&test_ast_node);
10954 
10955 	uint32_t finished = 0;
10956 
10957 	uint32_t changed = CIL_FALSE;
10958 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10959 
10960 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10961 
10962 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
10963 	CuAssertIntEquals(tc, 0, finished);
10964 	CuAssertIntEquals(tc, SEPOL_OK, rc);
10965 }
10966 
test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest * tc)10967 void test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest *tc) {
10968 	char *line[] = {"(", "role", "role1", ")",
10969 			"(", "rolebounds", "role1", "role2", ")", NULL};
10970 
10971 	struct cil_tree *test_tree;
10972 	gen_test_tree(&test_tree, line);
10973 
10974 	struct cil_db *test_db;
10975 	cil_db_init(&test_db);
10976 
10977 	struct cil_tree_node *test_ast_node;
10978 	cil_tree_node_init(&test_ast_node);
10979 
10980 	uint32_t finished = 0;
10981 
10982 	uint32_t changed = CIL_FALSE;
10983 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
10984 
10985 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
10986 
10987 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
10988 	CuAssertIntEquals(tc, 0, finished);
10989 	CuAssertIntEquals(tc, SEPOL_ENOENT, rc);
10990 }
10991 
10992 
test_cil_resolve_ast_node_helper_callstack(CuTest * tc)10993 void test_cil_resolve_ast_node_helper_callstack(CuTest *tc) {
10994 	char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
10995 
10996 	struct cil_tree *test_tree;
10997 	gen_test_tree(&test_tree, line);
10998 
10999 	struct cil_db *test_db;
11000 	cil_db_init(&test_db);
11001 
11002 	struct cil_tree_node *test_ast_node;
11003 	cil_tree_node_init(&test_ast_node);
11004 
11005 	struct cil_tree_node *test_ast_node_call;
11006 	cil_tree_node_init(&test_ast_node_call);
11007 	test_ast_node_call->flavor = CIL_CALL;
11008 
11009 	uint32_t finished = 0;
11010 
11011 	uint32_t changed = CIL_FALSE;
11012 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11013 
11014 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11015 
11016 	__cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11017 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11018 	CuAssertIntEquals(tc, SEPOL_OK, rc);
11019 }
11020 
test_cil_resolve_ast_node_helper_call(CuTest * tc)11021 void test_cil_resolve_ast_node_helper_call(CuTest *tc) {
11022 	char *line[] = {"(", "call", "mm", "(", "foo", ")", ")", NULL};
11023 
11024 	struct cil_tree *test_tree;
11025 	gen_test_tree(&test_tree, line);
11026 
11027 	struct cil_db *test_db;
11028 	cil_db_init(&test_db);
11029 
11030 	struct cil_tree_node *test_ast_node;
11031 	cil_tree_node_init(&test_ast_node);
11032 
11033 	struct cil_tree_node *test_ast_node_call;
11034 	cil_tree_node_init(&test_ast_node_call);
11035 	test_ast_node_call->flavor = CIL_CALL;
11036 
11037 	uint32_t finished = 0;
11038 
11039 	uint32_t changed = CIL_FALSE;
11040 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11041 
11042 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11043 
11044 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11045 	CuAssertIntEquals(tc, SEPOL_OK, rc);
11046 }
11047 
test_cil_resolve_ast_node_helper_optional(CuTest * tc)11048 void test_cil_resolve_ast_node_helper_optional(CuTest *tc) {
11049 	char *line[] = {"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
11050 
11051 	struct cil_tree *test_tree;
11052 	gen_test_tree(&test_tree, line);
11053 
11054 	struct cil_db *test_db;
11055 	cil_db_init(&test_db);
11056 
11057 	struct cil_tree_node *test_ast_node;
11058 	cil_tree_node_init(&test_ast_node);
11059 
11060 	struct cil_tree_node *test_ast_node_opt;
11061 	cil_tree_node_init(&test_ast_node_opt);
11062 	test_ast_node_opt->flavor = CIL_OPTIONAL;
11063 
11064 	uint32_t finished = 0;
11065 
11066 	uint32_t changed = CIL_FALSE;
11067 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11068 
11069 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11070 
11071 	// set optional to disabled
11072 	((struct cil_symtab_datum *)test_db->ast->root->cl_head->data)->state = CIL_STATE_DISABLED;
11073 
11074 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11075 	CuAssertIntEquals(tc, SEPOL_OK, rc);
11076 }
11077 
test_cil_resolve_ast_node_helper_macro(CuTest * tc)11078 void test_cil_resolve_ast_node_helper_macro(CuTest *tc) {
11079 	char *line[] = {"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
11080 				"(", "type", "b", ")",
11081 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")", NULL};
11082 
11083 	struct cil_tree *test_tree;
11084 	gen_test_tree(&test_tree, line);
11085 
11086 	struct cil_db *test_db;
11087 	cil_db_init(&test_db);
11088 
11089 	struct cil_tree_node *test_ast_node;
11090 	cil_tree_node_init(&test_ast_node);
11091 
11092 	uint32_t finished = 0;
11093 
11094 	uint32_t changed = CIL_FALSE;
11095 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11096 
11097 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11098 
11099 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11100 	CuAssertIntEquals(tc, SEPOL_OK, rc);
11101 }
11102 
test_cil_resolve_ast_node_helper_optstack(CuTest * tc)11103 void test_cil_resolve_ast_node_helper_optstack(CuTest *tc) {
11104 	char *line[] = {"(", "class", "baz", "(", "read", ")", ")",
11105 			"(", "type", "foo", ")",
11106 			"(", "type", "bar", ")",
11107 			"(", "optional", "opt", "(", "allow", "foo", "bar", "(", "baz", "(", "read", ")", ")", ")", ")", NULL};
11108 
11109 	struct cil_tree *test_tree;
11110 	gen_test_tree(&test_tree, line);
11111 
11112 	struct cil_db *test_db;
11113 	cil_db_init(&test_db);
11114 
11115 	struct cil_tree_node *test_ast_node;
11116 	cil_tree_node_init(&test_ast_node);
11117 
11118 	struct cil_tree_node *test_ast_node_opt;
11119 	cil_tree_node_init(&test_ast_node_opt);
11120 	test_ast_node_opt->flavor = CIL_OPTIONAL;
11121 
11122 	uint32_t finished = 0;
11123 
11124 	uint32_t changed = CIL_FALSE;
11125 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11126 
11127 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11128 
11129 	__cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
11130 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next->next, &finished, args);
11131 	CuAssertIntEquals(tc, SEPOL_OK, rc);
11132 }
11133 
test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest * tc)11134 void test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest *tc) {
11135 	char *line[] = {"(", "tunable", "foo", "true", ")", NULL};
11136 
11137 	struct cil_tree *test_tree;
11138 	gen_test_tree(&test_tree, line);
11139 
11140 	struct cil_db *test_db;
11141 	cil_db_init(&test_db);
11142 
11143 	struct cil_tree_node *test_ast_node_opt;
11144 	cil_tree_node_init(&test_ast_node_opt);
11145 	test_ast_node_opt->flavor = CIL_OPTIONAL;
11146 
11147 	uint32_t changed = CIL_FALSE;
11148 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, test_ast_node_opt, NULL);
11149 
11150 	uint32_t finished = 0;
11151 
11152 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11153 
11154 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head, &finished, args);
11155 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11156 }
11157 
test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest * tc)11158 void test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest *tc) {
11159 	char *line[] = {"(", "type", "qaz", ")",
11160 			"(", "class", "file", "(", "read", ")", ")",
11161 			"(", "macro", "mm", "(", "(", "type", "a", ")", ")",
11162 				"(", "type", "b", ")",
11163 				"(", "allow", "a", "b", "(", "file", "(", "read", ")", ")", ")", ")",
11164 			"(", "call", "mm", "(", "qaz", ")", ")", NULL};
11165 
11166 	struct cil_tree *test_tree;
11167 	gen_test_tree(&test_tree, line);
11168 
11169 	struct cil_db *test_db;
11170 	cil_db_init(&test_db);
11171 
11172 	struct cil_tree_node *test_ast_node_opt;
11173 	cil_tree_node_init(&test_ast_node_opt);
11174 	test_ast_node_opt->flavor = CIL_OPTIONAL;
11175 
11176 	uint32_t changed = CIL_FALSE;
11177 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_CALL1, &changed, NULL, test_ast_node_opt, NULL);
11178 
11179 	uint32_t finished = 0;
11180 
11181 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11182 
11183 	cil_resolve_call1(test_db->ast->root->cl_head->next->next, args);
11184 
11185 	args->pass = CIL_PASS_CALL2;
11186 
11187 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11188 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11189 	CuAssertIntEquals(tc, 0, finished);
11190 }
11191 
test_cil_resolve_ast_node_helper_nodenull_neg(CuTest * tc)11192 void test_cil_resolve_ast_node_helper_nodenull_neg(CuTest *tc) {
11193 	char *line[] = {"(", "role",  "staff_r", ")",
11194 			"(", "user", "staff_u", ")",
11195 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
11196 
11197 	struct cil_tree *test_tree;
11198 	gen_test_tree(&test_tree, line);
11199 
11200 	struct cil_db *test_db;
11201 	cil_db_init(&test_db);
11202 
11203 	struct cil_tree_node *test_ast_node;
11204 	cil_tree_node_init(&test_ast_node);
11205 
11206 	uint32_t changed = CIL_FALSE;
11207 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_TIF, &changed, NULL, NULL, NULL);
11208 
11209 	uint32_t finished = 0;
11210 
11211 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11212 
11213 	int rc = __cil_resolve_ast_node_helper(NULL, &finished, args);
11214 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11215 }
11216 
test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest * tc)11217 void test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest *tc) {
11218 	char *line[] = {"(", "role",  "staff_r", ")",
11219 			"(", "user", "staff_u", ")",
11220 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
11221 
11222 	struct cil_tree *test_tree;
11223 	gen_test_tree(&test_tree, line);
11224 
11225 	struct cil_db *test_db;
11226 	cil_db_init(&test_db);
11227 
11228 	struct cil_tree_node *test_ast_node;
11229 	cil_tree_node_init(&test_ast_node);
11230 
11231 	uint32_t finished = 0;
11232 
11233 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11234 
11235 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, NULL);
11236 	CuAssertIntEquals(tc, 0, finished);
11237 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11238 }
11239 
test_cil_resolve_ast_node_helper_dbflavor_neg(CuTest * tc)11240 void test_cil_resolve_ast_node_helper_dbflavor_neg(CuTest *tc) {
11241 	char *line[] = {"(", "role",  "staff_r", ")",
11242 			"(", "user", "staff_u", ")",
11243 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
11244 
11245 	struct cil_tree *test_tree;
11246 	gen_test_tree(&test_tree, line);
11247 
11248 	struct cil_db *test_db;
11249 	cil_db_init(&test_db);
11250 
11251 	struct cil_tree_node *test_ast_node;
11252 	cil_tree_node_init(&test_ast_node);
11253 
11254 	uint32_t finished = 0;
11255 
11256 	uint32_t changed = CIL_FALSE;
11257 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11258 
11259 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11260 
11261 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11262 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11263 }
11264 
test_cil_resolve_ast_node_helper_pass_neg(CuTest * tc)11265 void test_cil_resolve_ast_node_helper_pass_neg(CuTest *tc) {
11266 	char *line[] = {"(", "role",  "staff_r", ")",
11267 			"(", "user", "staff_u", ")",
11268 			"(", "userrole", "staff_u", "staff_r", ")", NULL};
11269 
11270 	struct cil_tree *test_tree;
11271 	gen_test_tree(&test_tree, line);
11272 
11273 	struct cil_db *test_db;
11274 	cil_db_init(&test_db);
11275 
11276 	struct cil_tree_node *test_ast_node;
11277 	cil_tree_node_init(&test_ast_node);
11278 
11279 	uint32_t finished = 0;
11280 
11281 	uint32_t changed = CIL_FALSE;
11282 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC3, &changed, NULL, NULL, NULL);
11283 
11284 	cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11285 
11286 	int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next->next, &finished, args);
11287 	CuAssertIntEquals(tc, SEPOL_ERR, rc);
11288 }
11289 
test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest * tc)11290 void test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest *tc) {
11291 	char *line[] = {"(", "class", "file", "(", "read", ")", ")",
11292 			"(", "classcommon", "file", "file", ")", NULL};
11293 
11294 	struct cil_tree *test_tree;
11295         gen_test_tree(&test_tree, line);
11296 
11297         struct cil_db *test_db;
11298         cil_db_init(&test_db);
11299 
11300 	struct cil_optional *opt;
11301 	cil_optional_init(&opt);
11302 
11303 	struct cil_tree_node *test_ast_node_opt;
11304 	cil_tree_node_init(&test_ast_node_opt);
11305 	test_ast_node_opt->flavor = CIL_OPTIONAL;
11306 	test_ast_node_opt->data = opt;
11307 
11308 	uint32_t changed = CIL_FALSE;
11309 	struct cil_args_resolve *args = gen_resolve_args(test_db, CIL_PASS_MISC2, &changed, NULL, test_ast_node_opt, NULL);
11310 
11311         uint32_t finished = 0;
11312 
11313         cil_build_ast(test_db, test_tree->root, test_db->ast->root);
11314 
11315         int rc = __cil_resolve_ast_node_helper(test_db->ast->root->cl_head->next, &finished, args);
11316         CuAssertIntEquals(tc, SEPOL_OK, rc);
11317         CuAssertIntEquals(tc, 0, finished);
11318 }
11319 
11320