1*2d543d20SAndroid Build Coastguard Worker /* Authors: Christopher Ashworth <[email protected]>
2*2d543d20SAndroid Build Coastguard Worker *
3*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2006 Tresys Technology, LLC
4*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2019 Red Hat, Inc.
5*2d543d20SAndroid Build Coastguard Worker *
6*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or
7*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public
8*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either
9*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version.
10*2d543d20SAndroid Build Coastguard Worker *
11*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful,
12*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of
13*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details.
15*2d543d20SAndroid Build Coastguard Worker *
16*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public
17*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software
18*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19*2d543d20SAndroid Build Coastguard Worker */
20*2d543d20SAndroid Build Coastguard Worker
21*2d543d20SAndroid Build Coastguard Worker /* The purpose of this file is to provide some functions commonly needed
22*2d543d20SAndroid Build Coastguard Worker * by our unit tests.
23*2d543d20SAndroid Build Coastguard Worker */
24*2d543d20SAndroid Build Coastguard Worker
25*2d543d20SAndroid Build Coastguard Worker #include "utilities.h"
26*2d543d20SAndroid Build Coastguard Worker
27*2d543d20SAndroid Build Coastguard Worker int test_store_enabled = 0;
28*2d543d20SAndroid Build Coastguard Worker
29*2d543d20SAndroid Build Coastguard Worker semanage_handle_t *sh = NULL;
30*2d543d20SAndroid Build Coastguard Worker
31*2d543d20SAndroid Build Coastguard Worker /* Silence any error output caused by our tests
32*2d543d20SAndroid Build Coastguard Worker * by using this dummy function to catch messages.
33*2d543d20SAndroid Build Coastguard Worker */
test_msg_handler(void * varg,semanage_handle_t * handle,const char * fmt,...)34*2d543d20SAndroid Build Coastguard Worker void test_msg_handler(void *varg, semanage_handle_t *handle, const char *fmt,
35*2d543d20SAndroid Build Coastguard Worker ...)
36*2d543d20SAndroid Build Coastguard Worker {
37*2d543d20SAndroid Build Coastguard Worker }
38*2d543d20SAndroid Build Coastguard Worker
create_test_store(void)39*2d543d20SAndroid Build Coastguard Worker int create_test_store(void) {
40*2d543d20SAndroid Build Coastguard Worker FILE *fptr;
41*2d543d20SAndroid Build Coastguard Worker
42*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy", 0700) < 0)
43*2d543d20SAndroid Build Coastguard Worker return -1;
44*2d543d20SAndroid Build Coastguard Worker
45*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/store", 0700) < 0)
46*2d543d20SAndroid Build Coastguard Worker return -1;
47*2d543d20SAndroid Build Coastguard Worker
48*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/store/active", 0700) < 0)
49*2d543d20SAndroid Build Coastguard Worker return -1;
50*2d543d20SAndroid Build Coastguard Worker
51*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/store/active/modules", 0700) < 0)
52*2d543d20SAndroid Build Coastguard Worker return -1;
53*2d543d20SAndroid Build Coastguard Worker
54*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/etc", 0700) < 0)
55*2d543d20SAndroid Build Coastguard Worker return -1;
56*2d543d20SAndroid Build Coastguard Worker
57*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/etc/selinux", 0700) < 0)
58*2d543d20SAndroid Build Coastguard Worker return -1;
59*2d543d20SAndroid Build Coastguard Worker
60*2d543d20SAndroid Build Coastguard Worker fptr = fopen("test-policy/etc/selinux/semanage.conf", "w+");
61*2d543d20SAndroid Build Coastguard Worker
62*2d543d20SAndroid Build Coastguard Worker if (!fptr)
63*2d543d20SAndroid Build Coastguard Worker return -1;
64*2d543d20SAndroid Build Coastguard Worker
65*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
66*2d543d20SAndroid Build Coastguard Worker
67*2d543d20SAndroid Build Coastguard Worker enable_test_store();
68*2d543d20SAndroid Build Coastguard Worker return 0;
69*2d543d20SAndroid Build Coastguard Worker }
70*2d543d20SAndroid Build Coastguard Worker
disable_test_store(void)71*2d543d20SAndroid Build Coastguard Worker void disable_test_store(void) {
72*2d543d20SAndroid Build Coastguard Worker test_store_enabled = 0;
73*2d543d20SAndroid Build Coastguard Worker }
74*2d543d20SAndroid Build Coastguard Worker
enable_test_store(void)75*2d543d20SAndroid Build Coastguard Worker void enable_test_store(void) {
76*2d543d20SAndroid Build Coastguard Worker test_store_enabled = 1;
77*2d543d20SAndroid Build Coastguard Worker }
78*2d543d20SAndroid Build Coastguard Worker
write_test_policy(char * data,size_t data_len)79*2d543d20SAndroid Build Coastguard Worker static int write_test_policy(char *data, size_t data_len) {
80*2d543d20SAndroid Build Coastguard Worker FILE *fptr = fopen("test-policy/store/active/policy.kern", "wb+");
81*2d543d20SAndroid Build Coastguard Worker
82*2d543d20SAndroid Build Coastguard Worker if (!fptr) {
83*2d543d20SAndroid Build Coastguard Worker perror("fopen");
84*2d543d20SAndroid Build Coastguard Worker return -1;
85*2d543d20SAndroid Build Coastguard Worker }
86*2d543d20SAndroid Build Coastguard Worker
87*2d543d20SAndroid Build Coastguard Worker if (fwrite(data, data_len, 1, fptr) != 1) {
88*2d543d20SAndroid Build Coastguard Worker perror("fwrite");
89*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
90*2d543d20SAndroid Build Coastguard Worker return -1;
91*2d543d20SAndroid Build Coastguard Worker }
92*2d543d20SAndroid Build Coastguard Worker
93*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
94*2d543d20SAndroid Build Coastguard Worker
95*2d543d20SAndroid Build Coastguard Worker return 0;
96*2d543d20SAndroid Build Coastguard Worker }
97*2d543d20SAndroid Build Coastguard Worker
write_test_policy_from_file(const char * filename)98*2d543d20SAndroid Build Coastguard Worker int write_test_policy_from_file(const char *filename) {
99*2d543d20SAndroid Build Coastguard Worker char *buf = NULL;
100*2d543d20SAndroid Build Coastguard Worker size_t len = 0;
101*2d543d20SAndroid Build Coastguard Worker FILE *fptr = fopen(filename, "rb");
102*2d543d20SAndroid Build Coastguard Worker int rc;
103*2d543d20SAndroid Build Coastguard Worker
104*2d543d20SAndroid Build Coastguard Worker if (!fptr) {
105*2d543d20SAndroid Build Coastguard Worker perror("fopen");
106*2d543d20SAndroid Build Coastguard Worker return -1;
107*2d543d20SAndroid Build Coastguard Worker }
108*2d543d20SAndroid Build Coastguard Worker
109*2d543d20SAndroid Build Coastguard Worker fseek(fptr, 0, SEEK_END);
110*2d543d20SAndroid Build Coastguard Worker len = ftell(fptr);
111*2d543d20SAndroid Build Coastguard Worker fseek(fptr, 0, SEEK_SET);
112*2d543d20SAndroid Build Coastguard Worker
113*2d543d20SAndroid Build Coastguard Worker buf = (char *) malloc(len);
114*2d543d20SAndroid Build Coastguard Worker
115*2d543d20SAndroid Build Coastguard Worker if (!buf) {
116*2d543d20SAndroid Build Coastguard Worker perror("malloc");
117*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
118*2d543d20SAndroid Build Coastguard Worker return -1;
119*2d543d20SAndroid Build Coastguard Worker }
120*2d543d20SAndroid Build Coastguard Worker
121*2d543d20SAndroid Build Coastguard Worker fread(buf, len, 1, fptr);
122*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
123*2d543d20SAndroid Build Coastguard Worker
124*2d543d20SAndroid Build Coastguard Worker rc = write_test_policy(buf, len);
125*2d543d20SAndroid Build Coastguard Worker free(buf);
126*2d543d20SAndroid Build Coastguard Worker return rc;
127*2d543d20SAndroid Build Coastguard Worker }
128*2d543d20SAndroid Build Coastguard Worker
write_test_policy_src(unsigned char * data,unsigned int data_len)129*2d543d20SAndroid Build Coastguard Worker int write_test_policy_src(unsigned char *data, unsigned int data_len) {
130*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/store/active/modules/100", 0700) < 0)
131*2d543d20SAndroid Build Coastguard Worker return -1;
132*2d543d20SAndroid Build Coastguard Worker
133*2d543d20SAndroid Build Coastguard Worker if (mkdir("test-policy/store/active/modules/100/base", 0700) < 0)
134*2d543d20SAndroid Build Coastguard Worker return -1;
135*2d543d20SAndroid Build Coastguard Worker
136*2d543d20SAndroid Build Coastguard Worker FILE *fptr = fopen("test-policy/store/active/modules/100/base/cil",
137*2d543d20SAndroid Build Coastguard Worker "w+");
138*2d543d20SAndroid Build Coastguard Worker
139*2d543d20SAndroid Build Coastguard Worker if (!fptr) {
140*2d543d20SAndroid Build Coastguard Worker perror("fopen");
141*2d543d20SAndroid Build Coastguard Worker return -1;
142*2d543d20SAndroid Build Coastguard Worker }
143*2d543d20SAndroid Build Coastguard Worker
144*2d543d20SAndroid Build Coastguard Worker if (fwrite(data, data_len, 1, fptr) != 1) {
145*2d543d20SAndroid Build Coastguard Worker perror("fwrite");
146*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
147*2d543d20SAndroid Build Coastguard Worker return -1;
148*2d543d20SAndroid Build Coastguard Worker }
149*2d543d20SAndroid Build Coastguard Worker
150*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
151*2d543d20SAndroid Build Coastguard Worker
152*2d543d20SAndroid Build Coastguard Worker fptr = fopen("test-policy/store/active/modules/100/base/lang_ext",
153*2d543d20SAndroid Build Coastguard Worker "w+");
154*2d543d20SAndroid Build Coastguard Worker
155*2d543d20SAndroid Build Coastguard Worker if (!fptr) {
156*2d543d20SAndroid Build Coastguard Worker perror("fopen");
157*2d543d20SAndroid Build Coastguard Worker return -1;
158*2d543d20SAndroid Build Coastguard Worker }
159*2d543d20SAndroid Build Coastguard Worker
160*2d543d20SAndroid Build Coastguard Worker if (fwrite("cil", sizeof("cil"), 1, fptr) != 1) {
161*2d543d20SAndroid Build Coastguard Worker perror("fwrite");
162*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
163*2d543d20SAndroid Build Coastguard Worker return -1;
164*2d543d20SAndroid Build Coastguard Worker }
165*2d543d20SAndroid Build Coastguard Worker
166*2d543d20SAndroid Build Coastguard Worker fclose(fptr);
167*2d543d20SAndroid Build Coastguard Worker
168*2d543d20SAndroid Build Coastguard Worker return 0;
169*2d543d20SAndroid Build Coastguard Worker }
170*2d543d20SAndroid Build Coastguard Worker
destroy_test_store(void)171*2d543d20SAndroid Build Coastguard Worker int destroy_test_store(void) {
172*2d543d20SAndroid Build Coastguard Worker FTS *ftsp = NULL;
173*2d543d20SAndroid Build Coastguard Worker FTSENT *curr = NULL;
174*2d543d20SAndroid Build Coastguard Worker int ret = 0;
175*2d543d20SAndroid Build Coastguard Worker
176*2d543d20SAndroid Build Coastguard Worker disable_test_store();
177*2d543d20SAndroid Build Coastguard Worker
178*2d543d20SAndroid Build Coastguard Worker char *files[] = { (char *) "test-policy", NULL };
179*2d543d20SAndroid Build Coastguard Worker
180*2d543d20SAndroid Build Coastguard Worker ftsp = fts_open(files, FTS_NOCHDIR | FTS_PHYSICAL | FTS_XDEV, NULL);
181*2d543d20SAndroid Build Coastguard Worker
182*2d543d20SAndroid Build Coastguard Worker if (!ftsp)
183*2d543d20SAndroid Build Coastguard Worker return -1;
184*2d543d20SAndroid Build Coastguard Worker
185*2d543d20SAndroid Build Coastguard Worker while ((curr = fts_read(ftsp)))
186*2d543d20SAndroid Build Coastguard Worker switch (curr->fts_info) {
187*2d543d20SAndroid Build Coastguard Worker case FTS_DP:
188*2d543d20SAndroid Build Coastguard Worker case FTS_F:
189*2d543d20SAndroid Build Coastguard Worker case FTS_SL:
190*2d543d20SAndroid Build Coastguard Worker case FTS_SLNONE:
191*2d543d20SAndroid Build Coastguard Worker case FTS_DEFAULT:
192*2d543d20SAndroid Build Coastguard Worker if (remove(curr->fts_accpath) < 0)
193*2d543d20SAndroid Build Coastguard Worker ret = -1;
194*2d543d20SAndroid Build Coastguard Worker default:
195*2d543d20SAndroid Build Coastguard Worker break;
196*2d543d20SAndroid Build Coastguard Worker }
197*2d543d20SAndroid Build Coastguard Worker
198*2d543d20SAndroid Build Coastguard Worker fts_close(ftsp);
199*2d543d20SAndroid Build Coastguard Worker
200*2d543d20SAndroid Build Coastguard Worker return ret;
201*2d543d20SAndroid Build Coastguard Worker }
202*2d543d20SAndroid Build Coastguard Worker
helper_handle_create(void)203*2d543d20SAndroid Build Coastguard Worker void helper_handle_create(void) {
204*2d543d20SAndroid Build Coastguard Worker if (test_store_enabled)
205*2d543d20SAndroid Build Coastguard Worker semanage_set_root("test-policy");
206*2d543d20SAndroid Build Coastguard Worker
207*2d543d20SAndroid Build Coastguard Worker sh = semanage_handle_create();
208*2d543d20SAndroid Build Coastguard Worker CU_ASSERT_PTR_NOT_NULL(sh);
209*2d543d20SAndroid Build Coastguard Worker
210*2d543d20SAndroid Build Coastguard Worker semanage_msg_set_callback(sh, test_msg_handler, NULL);
211*2d543d20SAndroid Build Coastguard Worker
212*2d543d20SAndroid Build Coastguard Worker if (test_store_enabled) {
213*2d543d20SAndroid Build Coastguard Worker semanage_set_create_store(sh, 1);
214*2d543d20SAndroid Build Coastguard Worker semanage_set_reload(sh, 0);
215*2d543d20SAndroid Build Coastguard Worker semanage_set_store_root(sh, "");
216*2d543d20SAndroid Build Coastguard Worker semanage_select_store(sh, (char *) "store",
217*2d543d20SAndroid Build Coastguard Worker SEMANAGE_CON_DIRECT);
218*2d543d20SAndroid Build Coastguard Worker }
219*2d543d20SAndroid Build Coastguard Worker }
220*2d543d20SAndroid Build Coastguard Worker
helper_handle_destroy(void)221*2d543d20SAndroid Build Coastguard Worker void helper_handle_destroy(void) {
222*2d543d20SAndroid Build Coastguard Worker semanage_handle_destroy(sh);
223*2d543d20SAndroid Build Coastguard Worker }
224*2d543d20SAndroid Build Coastguard Worker
helper_connect(void)225*2d543d20SAndroid Build Coastguard Worker void helper_connect(void) {
226*2d543d20SAndroid Build Coastguard Worker CU_ASSERT(semanage_connect(sh) >= 0);
227*2d543d20SAndroid Build Coastguard Worker }
228*2d543d20SAndroid Build Coastguard Worker
helper_disconnect(void)229*2d543d20SAndroid Build Coastguard Worker void helper_disconnect(void) {
230*2d543d20SAndroid Build Coastguard Worker CU_ASSERT(semanage_disconnect(sh) >= 0);
231*2d543d20SAndroid Build Coastguard Worker }
232*2d543d20SAndroid Build Coastguard Worker
helper_begin_transaction(void)233*2d543d20SAndroid Build Coastguard Worker void helper_begin_transaction(void) {
234*2d543d20SAndroid Build Coastguard Worker CU_ASSERT(semanage_begin_transaction(sh) >= 0);
235*2d543d20SAndroid Build Coastguard Worker }
236*2d543d20SAndroid Build Coastguard Worker
helper_commit(void)237*2d543d20SAndroid Build Coastguard Worker void helper_commit(void) {
238*2d543d20SAndroid Build Coastguard Worker CU_ASSERT(semanage_commit(sh) >= 0);
239*2d543d20SAndroid Build Coastguard Worker }
240*2d543d20SAndroid Build Coastguard Worker
setup_handle(level_t level)241*2d543d20SAndroid Build Coastguard Worker void setup_handle(level_t level) {
242*2d543d20SAndroid Build Coastguard Worker if (level >= SH_NULL)
243*2d543d20SAndroid Build Coastguard Worker sh = NULL;
244*2d543d20SAndroid Build Coastguard Worker
245*2d543d20SAndroid Build Coastguard Worker if (level >= SH_HANDLE)
246*2d543d20SAndroid Build Coastguard Worker helper_handle_create();
247*2d543d20SAndroid Build Coastguard Worker
248*2d543d20SAndroid Build Coastguard Worker if (level >= SH_CONNECT)
249*2d543d20SAndroid Build Coastguard Worker helper_connect();
250*2d543d20SAndroid Build Coastguard Worker
251*2d543d20SAndroid Build Coastguard Worker if (level >= SH_TRANS)
252*2d543d20SAndroid Build Coastguard Worker helper_begin_transaction();
253*2d543d20SAndroid Build Coastguard Worker }
254*2d543d20SAndroid Build Coastguard Worker
cleanup_handle(level_t level)255*2d543d20SAndroid Build Coastguard Worker void cleanup_handle(level_t level) {
256*2d543d20SAndroid Build Coastguard Worker if (level >= SH_TRANS)
257*2d543d20SAndroid Build Coastguard Worker helper_commit();
258*2d543d20SAndroid Build Coastguard Worker
259*2d543d20SAndroid Build Coastguard Worker if (level >= SH_CONNECT)
260*2d543d20SAndroid Build Coastguard Worker helper_disconnect();
261*2d543d20SAndroid Build Coastguard Worker
262*2d543d20SAndroid Build Coastguard Worker if (level >= SH_HANDLE)
263*2d543d20SAndroid Build Coastguard Worker helper_handle_destroy();
264*2d543d20SAndroid Build Coastguard Worker
265*2d543d20SAndroid Build Coastguard Worker if (level >= SH_NULL)
266*2d543d20SAndroid Build Coastguard Worker sh = NULL;
267*2d543d20SAndroid Build Coastguard Worker }
268*2d543d20SAndroid Build Coastguard Worker
setup_handle_invalid_store(level_t level)269*2d543d20SAndroid Build Coastguard Worker void setup_handle_invalid_store(level_t level) {
270*2d543d20SAndroid Build Coastguard Worker CU_ASSERT(level >= SH_HANDLE);
271*2d543d20SAndroid Build Coastguard Worker
272*2d543d20SAndroid Build Coastguard Worker helper_handle_create();
273*2d543d20SAndroid Build Coastguard Worker
274*2d543d20SAndroid Build Coastguard Worker semanage_select_store(sh, (char *) "", SEMANAGE_CON_INVALID);
275*2d543d20SAndroid Build Coastguard Worker
276*2d543d20SAndroid Build Coastguard Worker if (level >= SH_CONNECT)
277*2d543d20SAndroid Build Coastguard Worker helper_connect();
278*2d543d20SAndroid Build Coastguard Worker
279*2d543d20SAndroid Build Coastguard Worker if (level >= SH_TRANS)
280*2d543d20SAndroid Build Coastguard Worker helper_begin_transaction();
281*2d543d20SAndroid Build Coastguard Worker }
282