xref: /aosp_15_r20/external/selinux/libsemanage/tests/test_fcontext.c (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba)

/*
 * Authors: Jan Zarsky <[email protected]>
 *
 * Copyright (C) 2019 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#include "utilities.h"
#include "test_fcontext.h"

char FCONTEXTS[] =
    "/etc/selinux(/.*) -s system_u:object_r:first_t:s0\n"
    "/etc/selinux/targeted -- system_u:object_r:second_t:s0\n"
    "/etc/selinux(/.*) -b system_u:object_r:third_t:s0\n";
unsigned int FCONTEXTS_LEN = sizeof(FCONTEXTS);

#define FCONTEXTS_COUNT 3

#define FCONTEXT1_EXPR "/etc/selinux(/.*)"
#define FCONTEXT1_TYPE SEMANAGE_FCONTEXT_SOCK
#define FCONTEXT1_CON "system_u:object_r:first_t:s0"

#define FCONTEXT2_EXPR "/etc/selinux/targeted"
#define FCONTEXT2_TYPE SEMANAGE_FCONTEXT_REG
#define FCONTEXT2_CON "system_u:object_r:second_t:s0"

#define FCONTEXT3_EXPR "/etc/selinux(/.*)"
#define FCONTEXT3_TYPE SEMANAGE_FCONTEXT_BLOCK
#define FCONTEXT3_CON "system_u:object_r:third_t:s0"

#define FCONTEXT_NONEXISTENT_EXPR "/asdf"
#define FCONTEXT_NONEXISTENT_TYPE SEMANAGE_FCONTEXT_ALL

/* fcontext_record.h */
static void test_fcontext_compare(void);
static void test_fcontext_compare2(void);
static void test_fcontext_key_create(void);
static void test_fcontext_key_extract(void);
static void test_fcontext_get_set_expr(void);
static void test_fcontext_get_set_type(void);
static void test_fcontext_get_type_str(void);
static void test_fcontext_get_set_con(void);
static void test_fcontext_create(void);
static void test_fcontext_clone(void);

/* fcontext_policy.h */
static void test_fcontext_query(void);
static void test_fcontext_exists(void);
static void test_fcontext_count(void);
static void test_fcontext_iterate(void);
static void test_fcontext_list(void);

/* fcontext_local.h */
static void test_fcontext_modify_del_local(void);
static void test_fcontext_query_local(void);
static void test_fcontext_exists_local(void);
static void test_fcontext_count_local(void);
static void test_fcontext_iterate_local(void);
static void test_fcontext_list_local(void);

extern semanage_handle_t *sh;

static int write_file_contexts(const char *data, unsigned int data_len)
{
	FILE *fptr = fopen("test-policy/store/active/file_contexts", "w+");

	if (!fptr) {
		perror("fopen");
		return -1;
	}

	if (fwrite(data, data_len, 1, fptr) != 1) {
		perror("fwrite");
		fclose(fptr);
		return -1;
	}

	fclose(fptr);

	return 0;
}

int fcontext_test_init(void)
{
	if (create_test_store() < 0) {
		fprintf(stderr, "Could not create test store\n");
		return 1;
	}

	if (write_test_policy_from_file("test_fcontext.policy") < 0) {
		fprintf(stderr, "Could not write test policy\n");
		return 1;
	}

	if (write_file_contexts(FCONTEXTS, FCONTEXTS_LEN) < 0) {
		fprintf(stderr, "Could not write file contexts\n");
		return 1;
	}

	return 0;
}

int fcontext_test_cleanup(void)
{
	if (destroy_test_store() < 0) {
		fprintf(stderr, "Could not destroy test store\n");
		return 1;
	}

	return 0;
}

int fcontext_add_tests(CU_pSuite suite)
{
	CU_add_test(suite, "test_fcontext_compare", test_fcontext_compare);
	CU_add_test(suite, "test_fcontext_compare2", test_fcontext_compare2);
	CU_add_test(suite, "test_fcontext_key_create",
		    test_fcontext_key_create);
	CU_add_test(suite, "test_fcontext_key_extract",
		    test_fcontext_key_extract);
	CU_add_test(suite, "test_fcontext_get_set_expr",
		    test_fcontext_get_set_expr);
	CU_add_test(suite, "test_fcontext_get_set_type",
		    test_fcontext_get_set_type);
	CU_add_test(suite, "test_fcontext_get_type_str",
		    test_fcontext_get_type_str);
	CU_add_test(suite, "test_fcontext_get_set_con",
		    test_fcontext_get_set_con);
	CU_add_test(suite, "test_fcontext_create", test_fcontext_create);
	CU_add_test(suite, "test_fcontext_clone", test_fcontext_clone);

	CU_add_test(suite, "test_fcontext_query", test_fcontext_query);
	CU_add_test(suite, "test_fcontext_exists", test_fcontext_exists);
	CU_add_test(suite, "test_fcontext_count", test_fcontext_count);
	CU_add_test(suite, "test_fcontext_iterate", test_fcontext_iterate);
	CU_add_test(suite, "test_fcontext_list", test_fcontext_list);
	CU_add_test(suite, "test_fcontext_modify_del_local",
		    test_fcontext_modify_del_local);
	CU_add_test(suite, "test_fcontext_query_local",
		    test_fcontext_query_local);
	CU_add_test(suite, "test_fcontext_exists_local",
		    test_fcontext_exists_local);
	CU_add_test(suite, "test_fcontext_count_local",
		    test_fcontext_count_local);
	CU_add_test(suite, "test_fcontext_iterate_local",
		    test_fcontext_iterate_local);
	CU_add_test(suite, "test_fcontext_list_local",
		    test_fcontext_list_local);

	return 0;
}

/* Helpers */

static semanage_fcontext_t *get_fcontext_nth(int idx)
{
	semanage_fcontext_t **records;
	semanage_fcontext_t *fcontext;
	unsigned int count;

	if (idx == I_NULL)
		return NULL;

	CU_ASSERT_FATAL(semanage_fcontext_list(sh, &records, &count) >= 0);
	CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);

	fcontext = records[idx];

	for (unsigned int i = 0; i < count; i++)
		if (i != (unsigned int) idx)
			semanage_fcontext_free(records[i]);

	free(records);

	return fcontext;
}

static semanage_fcontext_key_t *get_fcontext_key_nth(int idx)
{
	semanage_fcontext_key_t *key;
	semanage_fcontext_t *fcontext;

	if (idx == I_NULL)
		return NULL;

	fcontext = get_fcontext_nth(idx);

	CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL_FATAL(key);

	semanage_fcontext_free(fcontext);

	return key;
}

static void add_local_fcontext(int fcontext_idx)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_key_t *key = NULL;

	CU_ASSERT_FATAL(fcontext_idx != I_NULL);

	fcontext = get_fcontext_nth(fcontext_idx);

	CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL_FATAL(key);

	CU_ASSERT_FATAL(semanage_fcontext_modify_local(sh, key, fcontext) >= 0);

	/* cleanup */
	semanage_fcontext_key_free(key);
	semanage_fcontext_free(fcontext);
}

static void delete_local_fcontext(int fcontext_idx)
{
	semanage_fcontext_key_t *key = NULL;

	CU_ASSERT_FATAL(fcontext_idx != I_NULL);

	key = get_fcontext_key_nth(fcontext_idx);

	CU_ASSERT_FATAL(semanage_fcontext_del_local(sh, key) >= 0);

	semanage_fcontext_key_free(key);
}

static semanage_fcontext_key_t *get_fcontext_key_from_str(const char *str, int type)
{
	semanage_fcontext_key_t *key;
	int res;

	if (str == NULL)
		return NULL;

	res = semanage_fcontext_key_create(sh, str, type, &key);

	CU_ASSERT_FATAL(res >= 0);
	CU_ASSERT_PTR_NOT_NULL_FATAL(key);

	return key;
}

/* Function semanage_fcontext_compare */
static void test_fcontext_compare(void)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_key_t *key1;
	semanage_fcontext_key_t *key2;
	semanage_fcontext_key_t *key3;

	/* setup */
	setup_handle(SH_CONNECT);

	fcontext = get_fcontext_nth(I_FIRST);

	key1 = get_fcontext_key_nth(I_FIRST);
	key2 = get_fcontext_key_nth(I_SECOND);
	key3 = get_fcontext_key_nth(I_THIRD);

	/* test */
	CU_ASSERT(semanage_fcontext_compare(fcontext, key1) == 0);
	CU_ASSERT(semanage_fcontext_compare(fcontext, key2) < 0);
	CU_ASSERT(semanage_fcontext_compare(fcontext, key3) > 0);

	/* cleanup */
	semanage_fcontext_free(fcontext);
	semanage_fcontext_key_free(key1);
	semanage_fcontext_key_free(key2);
	semanage_fcontext_key_free(key3);
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_compare2 */
static void test_fcontext_compare2(void)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_t *fcontext1;
	semanage_fcontext_t *fcontext2;
	semanage_fcontext_t *fcontext3;

	/* setup */
	setup_handle(SH_CONNECT);

	fcontext = get_fcontext_nth(I_FIRST);
	fcontext1 = get_fcontext_nth(I_FIRST);
	fcontext2 = get_fcontext_nth(I_SECOND);
	fcontext3 = get_fcontext_nth(I_THIRD);

	/* test */
	CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext1) == 0);
	CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext2) < 0);
	CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext3) > 0);

	/* cleanup */
	semanage_fcontext_free(fcontext);
	semanage_fcontext_free(fcontext1);
	semanage_fcontext_free(fcontext2);
	semanage_fcontext_free(fcontext3);
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_key_create */
static void test_fcontext_key_create(void)
{
	semanage_fcontext_key_t *key = NULL;

	/* setup */
	setup_handle(SH_CONNECT);

	/* test */
	CU_ASSERT(semanage_fcontext_key_create(sh, "", SEMANAGE_FCONTEXT_ALL,
					       &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL(key);

	semanage_fcontext_key_free(key);

	key = NULL;

	CU_ASSERT(semanage_fcontext_key_create(sh, "testfcontext",
					     SEMANAGE_FCONTEXT_ALL, &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL(key);

	semanage_fcontext_key_free(key);

	/* cleanup */
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_key_extract */
static void test_fcontext_key_extract(void)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_key_t *key;

	/* setup */
	setup_handle(SH_CONNECT);
	fcontext = get_fcontext_nth(I_FIRST);

	/* test */
	CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL(key);

	/* cleanup */
	semanage_fcontext_key_free(key);
	semanage_fcontext_free(fcontext);
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_get_expr, semanage_fcontext_set_expr */
static void test_fcontext_get_set_expr(void)
{
	semanage_fcontext_t *fcontext;
	const char *expr = NULL;
	const char *expr_exp = "/asdf";

	/* setup */
	setup_handle(SH_CONNECT);
	fcontext = get_fcontext_nth(I_FIRST);

	/* test */
	CU_ASSERT(semanage_fcontext_set_expr(sh, fcontext, expr_exp) >= 0);
	expr = semanage_fcontext_get_expr(fcontext);
	CU_ASSERT_PTR_NOT_NULL(expr);
	assert(expr);
	CU_ASSERT_STRING_EQUAL(expr, expr_exp);

	/* cleanup */
	semanage_fcontext_free(fcontext);
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_get_type, semanage_fcontext_set_type */
static void test_fcontext_get_set_type(void)
{
	semanage_fcontext_t *fcontext;
	int type_exp = SEMANAGE_FCONTEXT_SOCK;
	int type;

	/* setup */
	setup_handle(SH_CONNECT);
	fcontext = get_fcontext_nth(I_FIRST);

	/* test */
	semanage_fcontext_set_type(fcontext, type_exp);
	type = semanage_fcontext_get_type(fcontext);
	CU_ASSERT(type == type_exp);

	/* cleanup */
	semanage_fcontext_free(fcontext);
	cleanup_handle(SH_CONNECT);
}

/* Function semanage_fcontext_get_type_str */
static void helper_fcontext_get_type_str(int type, const char *exp_str)
{
	CU_ASSERT_STRING_EQUAL(semanage_fcontext_get_type_str(type), exp_str);
}

static void test_fcontext_get_type_str(void)
{
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL, "all files");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_REG, "regular file");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_DIR, "directory");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_CHAR,
				     "character device");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_BLOCK, "block device");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_SOCK, "socket");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_LINK, "symbolic link");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE, "named pipe");

	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL - 1, "????");
	helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE + 1, "????");
}

/* Function semanage_fcontext_get_con, semanage_fcontext_set_con */
static void helper_fcontext_get_set_con(level_t level, int fcontext_idx,
				 const char *con_str)
{
	semanage_fcontext_t *fcontext;
	semanage_context_t *con = NULL;
	semanage_context_t *new_con = NULL;

	/* setup */
	setup_handle(level);
	fcontext = get_fcontext_nth(fcontext_idx);

	if (con_str != NULL) {
		CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
		CU_ASSERT_PTR_NOT_NULL(con);
	} else {
		con = NULL;
	}

	/* test */
	CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);
	new_con = semanage_fcontext_get_con(fcontext);

	if (con_str != NULL) {
		CU_ASSERT_CONTEXT_EQUAL(con, new_con);
	} else {
		CU_ASSERT_PTR_NULL(new_con);
	}

	/* cleanup */
	semanage_context_free(con);
	semanage_fcontext_free(fcontext);
	cleanup_handle(level);
}

static void test_fcontext_get_set_con(void)
{
	helper_fcontext_get_set_con(SH_CONNECT, I_FIRST, NULL);
	helper_fcontext_get_set_con(SH_CONNECT, I_FIRST,
				    "user_u:role_r:type_t:s0");
	helper_fcontext_get_set_con(SH_CONNECT, I_SECOND,
				    "user_u:role_r:type_t:s0");
	helper_fcontext_get_set_con(SH_TRANS, I_FIRST, NULL);
	helper_fcontext_get_set_con(SH_TRANS, I_FIRST,
				    "user_u:role_r:type_t:s0");
	helper_fcontext_get_set_con(SH_TRANS, I_SECOND,
				    "user_u:role_r:type_t:s0");
}

/* Function semanage_fcontext_create */
static void helper_fcontext_create(level_t level)
{
	semanage_fcontext_t *fcontext;

	/* setup */
	setup_handle(level);

	/* test */
	CU_ASSERT(semanage_fcontext_create(sh, &fcontext) >= 0);
	CU_ASSERT_PTR_NULL(semanage_fcontext_get_expr(fcontext));
	CU_ASSERT(semanage_fcontext_get_type(fcontext)
		  == SEMANAGE_FCONTEXT_ALL);
	CU_ASSERT_PTR_NULL(semanage_fcontext_get_con(fcontext));

	/* cleanup */
	semanage_fcontext_free(fcontext);
	cleanup_handle(level);
}

static void test_fcontext_create(void)
{
	helper_fcontext_create(SH_NULL);
	helper_fcontext_create(SH_HANDLE);
	helper_fcontext_create(SH_CONNECT);
	helper_fcontext_create(SH_TRANS);
}

/* Function semanage_fcontext_clone */
static void helper_fcontext_clone(level_t level, int fcontext_idx)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_t *fcontext_clone;
	const char *expr;
	const char *expr_clone;
	int type;
	int type_clone;
	semanage_context_t *con;
	semanage_context_t *con_clone;

	/* setup */
	setup_handle(level);
	fcontext = get_fcontext_nth(fcontext_idx);

	/* test */
	CU_ASSERT(semanage_fcontext_clone(sh, fcontext, &fcontext_clone) >= 0);

	expr = semanage_fcontext_get_expr(fcontext);
	expr_clone = semanage_fcontext_get_expr(fcontext_clone);
	CU_ASSERT_STRING_EQUAL(expr, expr_clone);

	type = semanage_fcontext_get_type(fcontext);
	type_clone = semanage_fcontext_get_type(fcontext_clone);
	CU_ASSERT_EQUAL(type, type_clone);

	con = semanage_fcontext_get_con(fcontext);
	con_clone = semanage_fcontext_get_con(fcontext_clone);
	CU_ASSERT_CONTEXT_EQUAL(con, con_clone);

	/* cleanup */
	semanage_fcontext_free(fcontext);
	semanage_fcontext_free(fcontext_clone);
	cleanup_handle(level);
}

static void test_fcontext_clone(void)
{
	helper_fcontext_clone(SH_CONNECT, I_FIRST);
	helper_fcontext_clone(SH_CONNECT, I_SECOND);
	helper_fcontext_clone(SH_TRANS, I_FIRST);
	helper_fcontext_clone(SH_TRANS, I_SECOND);
}

/* Function semanage_fcontext_query */
static void helper_fcontext_query(level_t level, const char *fcontext_expr,
			   int fcontext_type, int exp_res)
{
	semanage_fcontext_key_t *key;
	semanage_fcontext_t *resp = (void *) 42;
	int res;

	/* setup */
	setup_handle(level);
	key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);

	/* test */
	res = semanage_fcontext_query(sh, key, &resp);

	if (exp_res >= 0) {
		CU_ASSERT(res >= 0);
		const char *expr = semanage_fcontext_get_expr(resp);
		CU_ASSERT_STRING_EQUAL(expr, fcontext_expr);
		semanage_fcontext_free(resp);
	} else {
		CU_ASSERT(res < 0);
		CU_ASSERT(resp == (void *) 42);
	}

	/* cleanup */
	semanage_fcontext_key_free(key);
	cleanup_handle(level);
}

static void test_fcontext_query(void)
{
	helper_fcontext_query(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
			      FCONTEXT_NONEXISTENT_TYPE, -1);
	helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
	helper_fcontext_query(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
	helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
	helper_fcontext_query(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
			      FCONTEXT_NONEXISTENT_TYPE, -1);
	helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
	helper_fcontext_query(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
	helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
}

/* Function semanage_fcontext_exists */
static void helper_fcontext_exists(level_t level, const char *fcontext_expr,
			    int fcontext_type, int exp_resp)
{
	semanage_fcontext_key_t *key;
	int resp;

	/* setup */
	setup_handle(level);
	key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);

	/* test */
	CU_ASSERT(semanage_fcontext_exists(sh, key, &resp) >= 0);
	CU_ASSERT(resp == exp_resp);

	/* cleanup */
	semanage_fcontext_key_free(key);
	cleanup_handle(level);
}

static void test_fcontext_exists(void)
{
	helper_fcontext_exists(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
			       FCONTEXT_NONEXISTENT_TYPE, 0);
	helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
	helper_fcontext_exists(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
	helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
	helper_fcontext_exists(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
			       FCONTEXT_NONEXISTENT_TYPE, 0);
	helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
	helper_fcontext_exists(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
	helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
}

/* Function semanage_fcontext_count */
static void test_fcontext_count(void)
{
	unsigned int resp;

	/* handle */
	setup_handle(SH_HANDLE);
	CU_ASSERT(semanage_fcontext_count(sh, &resp) < 0);
	CU_ASSERT(semanage_fcontext_count(sh, NULL) < 0);
	cleanup_handle(SH_HANDLE);

	/* connect */
	resp = 0;
	setup_handle(SH_CONNECT);
	CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
	CU_ASSERT(resp == FCONTEXTS_COUNT);
	cleanup_handle(SH_CONNECT);

	/* trans */
	resp = 0;
	setup_handle(SH_TRANS);
	CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
	CU_ASSERT(resp == FCONTEXTS_COUNT);
	cleanup_handle(SH_TRANS);
}

/* Function semanage_fcontext_iterate */
unsigned int counter_fcontext_iterate = 0;

static int handler_fcontext_iterate(const semanage_fcontext_t *record, void *varg)
{
	CU_ASSERT_PTR_NOT_NULL(record);
	counter_fcontext_iterate++;
	return 0;
}

static void helper_fcontext_iterate_invalid(void)
{
	/* setup */
	setup_handle(SH_HANDLE);

	/* test */
	CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
				            NULL) < 0);
	CU_ASSERT(semanage_fcontext_iterate(sh, NULL, NULL) < 0);

	/* cleanup */
	cleanup_handle(SH_HANDLE);
}

static void helper_fcontext_iterate(level_t level)
{
	/* setup */
	setup_handle(level);
	counter_fcontext_iterate = 0;

	/* test */
	CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
					    NULL) >= 0);
	CU_ASSERT(counter_fcontext_iterate == FCONTEXTS_COUNT);

	/* cleanup */
	cleanup_handle(level);
}

static void test_fcontext_iterate(void)
{
	helper_fcontext_iterate_invalid();
	helper_fcontext_iterate(SH_CONNECT);
	helper_fcontext_iterate(SH_TRANS);
}

/* Function semanage_fcontext_list */
static void helper_fcontext_list_invalid(void)
{
	semanage_fcontext_t **records;
	unsigned int count;

	/* setup */
	setup_handle(SH_HANDLE);

	/* test */
	CU_ASSERT(semanage_fcontext_list(sh, &records, &count) < 0);
	CU_ASSERT(semanage_fcontext_list(sh, NULL, &count) < 0);
	CU_ASSERT(semanage_fcontext_list(sh, &records, NULL) < 0);

	/* cleanup */
	cleanup_handle(SH_HANDLE);
}

static void helper_fcontext_list(level_t level)
{
	semanage_fcontext_t **records;
	unsigned int count;

	/* setup */
	setup_handle(level);

	/* test */
	CU_ASSERT(semanage_fcontext_list(sh, &records, &count) >= 0);
	CU_ASSERT(count == FCONTEXTS_COUNT);

	for (unsigned int i = 0; i < count; i++)
		CU_ASSERT_PTR_NOT_NULL(records[i]);

	for (unsigned int i = 0; i < count; i++)
		semanage_fcontext_free(records[i]);

	free(records);

	/* cleanup */
	cleanup_handle(level);
}

static void test_fcontext_list(void)
{
	helper_fcontext_list_invalid();
	helper_fcontext_list(SH_CONNECT);
	helper_fcontext_list(SH_TRANS);
}

/* Function semanage_fcontext_modify_local, semanage_fcontext_del_local */
static void helper_fcontext_modify_del_local(level_t level, int fcontext_idx,
				      const char *con_str, int exp_res)
{
	semanage_fcontext_t *fcontext;
	semanage_fcontext_t *fcontext_local = NULL;
	semanage_fcontext_key_t *key = NULL;
	semanage_context_t *con = NULL;
	int res;

	/* setup */
	setup_handle(level);
	fcontext = get_fcontext_nth(fcontext_idx);
	CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
	CU_ASSERT_PTR_NOT_NULL(key);

	if (con_str != NULL) {
		CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
		CU_ASSERT_PTR_NOT_NULL(con);
	} else {
		con = NULL;
	}

	CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);

	/* test */
	res = semanage_fcontext_modify_local(sh, key, fcontext);

	if (exp_res >= 0) {
		CU_ASSERT(res >= 0);

		if (level == SH_TRANS) {
			helper_commit();
			helper_begin_transaction();
		}

		CU_ASSERT(semanage_fcontext_query_local(sh, key,
					                &fcontext_local) >= 0);
		CU_ASSERT(semanage_fcontext_compare2(fcontext_local,
						     fcontext) == 0);
		semanage_fcontext_free(fcontext_local);

		CU_ASSERT(semanage_fcontext_del_local(sh, key) >= 0);
		CU_ASSERT(semanage_fcontext_query_local(sh, key,
					                &fcontext_local) < 0);
	} else {
		CU_ASSERT(res < 0);
	}

	/* cleanup */
	semanage_context_free(con);
	semanage_fcontext_key_free(key);
	semanage_fcontext_free(fcontext);
	cleanup_handle(level);
}

static void test_fcontext_modify_del_local(void)
{
	helper_fcontext_modify_del_local(SH_CONNECT, I_FIRST,
					 "system_u:object_r:tmp_t:s0", -1);
	helper_fcontext_modify_del_local(SH_CONNECT, I_SECOND,
					 "system_u:object_r:tmp_t:s0", -1);
	helper_fcontext_modify_del_local(SH_TRANS, I_FIRST,
					 "system_u:object_r:tmp_t:s0", 1);
	helper_fcontext_modify_del_local(SH_TRANS, I_SECOND,
					 "system_u:object_r:tmp_t:s0", 1);
}

/* Function semanage_fcontext_query_local */
static void test_fcontext_query_local(void)
{
	semanage_fcontext_key_t *key = NULL;
	semanage_fcontext_t *resp = NULL;

	/* connect */
	setup_handle(SH_CONNECT);

	key = get_fcontext_key_nth(I_FIRST);
	CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
	CU_ASSERT_PTR_NULL(resp);

	cleanup_handle(SH_CONNECT);

	/* transaction */
	setup_handle(SH_TRANS);

	semanage_fcontext_key_free(key);
	key = get_fcontext_key_nth(I_FIRST);
	CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
	CU_ASSERT_PTR_NULL(resp);

	add_local_fcontext(I_FIRST);
	CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
	CU_ASSERT_PTR_NOT_NULL(resp);
	semanage_fcontext_free(resp);
	resp = NULL;

	semanage_fcontext_key_free(key);
	key = get_fcontext_key_nth(I_SECOND);
	add_local_fcontext(I_SECOND);
	CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
	CU_ASSERT_PTR_NOT_NULL(resp);
	semanage_fcontext_free(resp);
	resp = NULL;

	/* cleanup */
	semanage_fcontext_key_free(key);
	delete_local_fcontext(I_FIRST);
	delete_local_fcontext(I_SECOND);
	cleanup_handle(SH_TRANS);
}

/* Function semanage_fcontext_exists_local */
static void test_fcontext_exists_local(void)
{
	int resp = -1;
	semanage_fcontext_key_t *key;

	/* setup */
	setup_handle(SH_TRANS);
	key = get_fcontext_key_nth(I_FIRST);

	/* test */
	CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
	CU_ASSERT(resp == 0);

	add_local_fcontext(I_FIRST);
	resp = -1;

	CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
	CU_ASSERT(resp == 1);

	delete_local_fcontext(I_FIRST);
	resp = -1;

	CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
	CU_ASSERT(resp == 0);

	resp = -1;

	CU_ASSERT(semanage_fcontext_exists_local(sh, NULL, &resp) >= 0);
	CU_ASSERT(resp == 0);

	/* cleanup */
	semanage_fcontext_key_free(key);
	cleanup_handle(SH_TRANS);
}

/* Function semanage_fcontext_count_local */
static void test_fcontext_count_local(void)
{
	unsigned int resp;

	/* handle */
	setup_handle(SH_HANDLE);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) < 0);
	cleanup_handle(SH_HANDLE);

	/* connect */
	setup_handle(SH_CONNECT);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
	CU_ASSERT(resp == 0);
	cleanup_handle(SH_CONNECT);

	/* transaction */
	setup_handle(SH_TRANS);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
	CU_ASSERT(resp == 0);

	add_local_fcontext(I_FIRST);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
	CU_ASSERT(resp == 1);

	add_local_fcontext(I_SECOND);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
	CU_ASSERT(resp == 2);

	delete_local_fcontext(I_SECOND);
	CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
	CU_ASSERT(resp == 1);

	/* cleanup */
	delete_local_fcontext(I_FIRST);
	cleanup_handle(SH_TRANS);
}

/* Function semanage_fcontext_iterate_local */
unsigned int counter_fcontext_iterate_local = 0;

static int handler_fcontext_iterate_local(const semanage_fcontext_t *record,
				   void *varg)
{
	CU_ASSERT_PTR_NOT_NULL(record);
	counter_fcontext_iterate_local++;
	return 0;
}

static void test_fcontext_iterate_local(void)
{
	/* handle */
	setup_handle(SH_HANDLE);

	CU_ASSERT(semanage_fcontext_iterate_local(sh,
				    &handler_fcontext_iterate_local, NULL) < 0);
	CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) < 0);

	cleanup_handle(SH_HANDLE);

	/* connect */
	setup_handle(SH_CONNECT);

	counter_fcontext_iterate_local = 0;
	CU_ASSERT(semanage_fcontext_iterate_local(sh,
				   &handler_fcontext_iterate_local, NULL) >= 0);
	CU_ASSERT(counter_fcontext_iterate_local == 0);
	CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) >= 0);

	cleanup_handle(SH_CONNECT);

	/* transaction */
	setup_handle(SH_TRANS);

	counter_fcontext_iterate_local = 0;
	CU_ASSERT(semanage_fcontext_iterate_local(sh,
				   &handler_fcontext_iterate_local, NULL) >= 0);
	CU_ASSERT(counter_fcontext_iterate_local == 0);

	add_local_fcontext(I_FIRST);
	counter_fcontext_iterate_local = 0;
	CU_ASSERT(semanage_fcontext_iterate_local(sh,
				   &handler_fcontext_iterate_local, NULL) >= 0);
	CU_ASSERT(counter_fcontext_iterate_local == 1);

	add_local_fcontext(I_SECOND);
	counter_fcontext_iterate_local = 0;
	CU_ASSERT(semanage_fcontext_iterate_local(sh,
				   &handler_fcontext_iterate_local, NULL) >= 0);
	CU_ASSERT(counter_fcontext_iterate_local == 2);

	/* cleanup */
	delete_local_fcontext(I_FIRST);
	delete_local_fcontext(I_SECOND);
	cleanup_handle(SH_TRANS);
}

/* Function semanage_fcontext_list_local */
static void test_fcontext_list_local(void)
{
	semanage_fcontext_t **records;
	unsigned int count;

	/* handle */
	setup_handle(SH_HANDLE);

	CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) < 0);
	CU_ASSERT(semanage_fcontext_list_local(sh, NULL, &count) < 0);
	CU_ASSERT(semanage_fcontext_list_local(sh, &records, NULL) < 0);

	cleanup_handle(SH_HANDLE);

	/* connect */
	setup_handle(SH_CONNECT);

	CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
	CU_ASSERT(count == 0);

	cleanup_handle(SH_CONNECT);

	/* transaction */
	setup_handle(SH_TRANS);

	CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
	CU_ASSERT(count == 0);

	add_local_fcontext(I_FIRST);
	CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
	CU_ASSERT(count == 1);
	CU_ASSERT_PTR_NOT_NULL(records[0]);
	semanage_fcontext_free(records[0]);
	free(records);

	add_local_fcontext(I_SECOND);
	CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
	CU_ASSERT(count == 2);
	CU_ASSERT_PTR_NOT_NULL(records[0]);
	CU_ASSERT_PTR_NOT_NULL(records[1]);
	semanage_fcontext_free(records[0]);
	semanage_fcontext_free(records[1]);
	free(records);

	/* cleanup */
	delete_local_fcontext(I_FIRST);
	delete_local_fcontext(I_SECOND);
	cleanup_handle(SH_TRANS);
}