getfilecon(_raw), setfilecon(_raw), lgetfilecon(_raw), fgetfilecon(_raw), lsetfilecon(_raw); --- tests/test_file_labeling.py | 408 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 408 insertions(+) create mode 100755 tests/test_file_labeling.py diff --git a/tests/test_file_labeling.py b/tests/test_file_labeling.py new file mode 100755 index 0000000..420dc78 --- /dev/null +++ b/tests/test_file_labeling.py @@ -0,0 +1,408 @@ +#!/usr/bin/env python + +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#For more information see <http://www.gnu.org/licenses/> + +"""Tests for: +getfilecon(_raw), setfilecon(_raw), lgetfilecon(_raw), fgetfilecon(_raw) +lsetfilecon(_raw) +""" + +import selinux +import unittest +import xattr +import os +import sys +import errno +import uuid +import helper + +class auxiliaryTestCase(unittest.TestCase): + """Auxiliary class. + + Atributes: + testfile: path to testing file. + testfile_symlink: path to link of testing file. + fo_testfile: file object of testfile. + fo_testfile_symlink: file object of testfile_symlink. + raw_con: testing selinux context. + wrong_con: non-existing selinux context. + """ + + def __init__(self, test_method="runTest"): + unittest.TestCase.__init__(self, test_method) + self.fo_testfile = None + self.fo_testfile_symlink = None + self.raw_con = "system_u:object_r:tmp_t:s0" + self.trans_con = "system_u:object_r:tmp_t:SystemLow" + self.wrong_con = "WRONG CONTEXT" + + def setUp(self): + self.setUpFileOnly() + #Creates unique filename for symlink + self.testfile_symlink = "/tmp/" + str(uuid.uuid4()) + #Use that unique filename for creating file + self.create_test_file_symlink() + + def setUpFileOnly(self): + """SetUp only file without symlink + """ + self.testfile = "/tmp/" + str(uuid.uuid4()) + self.create_test_file() + + def remove_file(self, path): + try: + os.remove(path) + #If file with path did not exist continue + except OSError as e: + if e.errno != errno.ENOENT: + raise e + + def tearDown(self): + self.remove_file(self.testfile_symlink) + self.testfile_symlink = "" + self.fo_testfile_symlink = None + self.tearDownFileOnly() + + + def tearDownFileOnly(self): + self.remove_file(self.testfile) + self.testfile = "" + self.fo_testfile = None + + + def create_test_file(self): + """Creates test file. + + Creates file with filename saved in self.testfile and + sets attribute self.fo_testfile with file object of the new file. + """ + + self.fo_testfile = open(self.testfile,"w") + + def create_test_file_symlink(self): + """Creates symlink to test file. + + Creates symlink for self.testfile. + """ + + os.symlink(self.testfile, self.testfile_symlink) + self.fo_testfile_symlink = open(self.testfile_symlink, "r") + + + def read_file_con(self, filepath, nofollow=False): + """Reads selinux context from file. + + Args: + filepath: Path to file, from which context shall be read. + nofollow: If true function will read con of symlink. + Returns: + List where [0] is length of context with \00. + [1] is selinux context string without trailing \00. + """ + + output_list = [] + if nofollow: + context = xattr.get(filepath, "security.selinux", True) + else: + context = xattr.get(filepath,"security.selinux") + output_list.append(len(context)) + output_list.append(context[:-1]) + return output_list + + def set_file_con(self, fileid, context, nofollow=False): + """Writes selinux context from file. + + Args: + fileid: Path or fd of the file, to which context shall be written. + context: Context we want to write to the file. + nofollow: If true function will write con to the symlink. + """ + + xattr.set(fileid, "security.selinux", context, 0, nofollow) + + +class setfileconRawTestCase(auxiliaryTestCase): + """TestCase for setfilecon_raw() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + def test_setfileconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.setfilecon_raw(self.testfile, self.raw_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "setfilecon_raw()!") + + def test_setfileconRaw_FileDoesNotExist_OSErrorRaised(self): + os.remove(self.testfile) + self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.setfilecon_raw, + self.testfile, self.raw_con) + + def test_setfileconRaw_InsertWrongCon_OSErrorRaised(self): + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setfilecon_raw, + self.testfile, self.wrong_con) + + + + +class setfileconTestCase(auxiliaryTestCase): + """TestCase for setfilecon() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation inactive!") + def test_setfilecon_InsertTransCon_InsertedSuccessfully(self): + selinux.setfilecon(self.testfile, self.trans_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "setfilecon()!") + + def test_setfilecon_InsertRawCon_InsertedSuccessfully(self): + selinux.setfilecon(self.testfile, self.raw_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "setfilecon()!") + + + +class lsetfileconRawTestCase(auxiliaryTestCase): + """TestCase for lsetfilecon_raw() function. + """ + + def test_lsetfileconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.lsetfilecon_raw(self.testfile_symlink, self.raw_con) + self.assertEqual(self.read_file_con(self.testfile_symlink, True)[1], + self.raw_con, "File context of symbolic link to" + "testfile was not changed after call" + "lsetfilecon_raw()!") + + def test_lsetfileconRaw_FileDoesNotExist_OSErrorRaised(self): + self.fo_testfile.close() + self.remove_file(self.testfile_symlink) + self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.lsetfilecon, + self.testfile_symlink, self.raw_con) + + def test_lsetfileconRaw_InsertWrongCon_OSErrorRaised(self): + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.lsetfilecon, + self.testfile_symlink, self.wrong_con) + + +class lsetfileconTestCase(auxiliaryTestCase): + """TestCase for lsetfilecon_raw() function. + """ + + def test_lsetfilecon_InsertRawCon_InsertedSuccessfully(self): + selinux.lsetfilecon(self.testfile_symlink, self.raw_con) + self.assertEqual(self.read_file_con(self.testfile_symlink, True)[1], self.raw_con, + "File context of symbolic link to testfile was not " + "changed after call lsetfilecon()!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation inactive!") + def test_lsetfilecon_InsertTransCon_InsertedSuccessfully(self): + selinux.lsetfilecon(self.testfile_symlink, self.trans_con) + self.assertEqual(self.read_file_con(self.testfile_symlink, True)[1], self.raw_con, + "File context of symbolic link to testfile was not " + "changed after call lsetfilecon()!") + + + +class fsetfileconRawTestCase(auxiliaryTestCase): + """TestCase for fsetfilecon_raw() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + def test_fsetfileconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.fsetfilecon_raw(self.fo_testfile.fileno(), self.raw_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "fsetfilecon_raw()!") + + def test_fsetfileconRaw_InsertWrongCon_OSErrorRaised(self): + fd = self.fo_testfile.fileno() + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.fsetfilecon_raw, fd, + self.wrong_con) + + def test_fsetfileconRaw_BadDescriptorUsed_OSErrorRaised(self): + fd = self.fo_testfile.fileno() + self.fo_testfile.close() + self.assertRaisesRegexp(OSError, '\[Errno 9\]', selinux.fsetfilecon_raw, fd, + self.raw_con) + + +class fsetfileconTestCase(auxiliaryTestCase): + """TestCase for fsetfilecon() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + def test_fsetfileconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.fsetfilecon(self.fo_testfile.fileno(), self.raw_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "fsetfilecon()!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation inactive!") + def test_fsetfileconRaw_InsertTransCon_InsertedSuccessfully(self): + selinux.fsetfilecon(self.fo_testfile.fileno(), self.trans_con) + self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con, + "File context of testfile was not changed after call " + "fsetfilecon()!") + +class getfileconRawTestCase(auxiliaryTestCase): + """TestCase for getfilecon_raw() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + def test_getfileconRaw_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.getfilecon_raw(self.testfile) + output_list2 = self.read_file_con(self.testfile) + self.assertListEqual(output_list1, output_list2, "getfilecon_raw()" + "did not return the right context!") + + def test_getfileconRaw_FileDoesNotExist_OSErrorRaised(self): + self.remove_file(self.testfile) + self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.getfilecon_raw, + self.testfile) + +class getfileconTestCase(auxiliaryTestCase): + """TestCase for getfilecon() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + @unittest.skipIf(helper.contextTranslation(), "Context-translation active!") + def test_getfilecon_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.getfilecon(self.testfile) + output_list2 = self.read_file_con(self.testfile) + self.assertListEqual(output_list1, output_list2, "getfilecon() did not " + "return the right context!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation inactive!") + def test_getfilecon_GatherTransCon_ReturnedGoodOne(self): + self.set_file_con(self.testfile, self.raw_con) + self.assertEqual(selinux.getfilecon(self.testfile)[1], self.trans_con, + "File context, which was gathered after " + "calling getfilecon() is not right one!") + + +class lgetfileconRawTestCase(auxiliaryTestCase): + """TestCase for lgetfilecon_raw() function. + """ + + def test_lgetfileconRaw_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.lgetfilecon_raw(self.testfile_symlink) + output_list2 = self.read_file_con(self.testfile_symlink, True) + self.assertListEqual(output_list1, output_list2, "lgetfilecon_raw() did" + "not return the right context!") + + def test_getfileconRaw_FileDoesNotExist_OSErrorRaised(self): + self.remove_file(self.testfile_symlink) + self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.lgetfilecon_raw, + self.testfile_symlink) + + +class lgetfileconTestCase(auxiliaryTestCase): + """TestCase for lgetfilecon() function. + """ + + @unittest.skipIf(helper.contextTranslation(), "Context-translation active!") + def test_lgetfilecon_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.lgetfilecon(self.testfile_symlink) + output_list2 = self.read_file_con(self.testfile_symlink) + self.assertListEqual(output_list1, output_list2, "lgetfilecon() did not " + "return the right context!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation inactive!") + def test_lgetfilecon_GatherTransCon_ReturnedGoodOne(self): + self.set_file_con(self.testfile_symlink, self.raw_con, True) + self.assertEqual(selinux.lgetfilecon(self.testfile_symlink)[1], + self.trans_con, "File context, which was gathered " + "after calling lgetfilecon() is not right one!") + +class fgetfileconRawTestCase(auxiliaryTestCase): + """TestCase for fgetfilecon_raw() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + def test_fgetfileconRaw_BadDescriptorUsed_OSErrorRaised(self): + fd = self.fo_testfile.fileno() + self.fo_testfile.close() + self.assertRaisesRegexp(OSError, '\[Errno 9\]', selinux.fgetfilecon_raw, fd) + + def test_fgetfileconRaw_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.fgetfilecon_raw(self.fo_testfile.fileno()) + output_list2 = self.read_file_con(self.testfile) + self.assertListEqual(output_list1, output_list2, "fgetfilecon_raw() " + "did not return the right context!") + + +class fgetfileconTestCase(auxiliaryTestCase): + """TestCase for fgetfilecon() function. + """ + + def setUp(self): + self.setUpFileOnly() + + def tearDown(self): + self.tearDownFileOnly() + + @unittest.skipIf(helper.contextTranslation(), "Context-translation active!") + def test_fgetfilecon_GatherContext_ReturnedGoodOne(self): + output_list1 = selinux.fgetfilecon(self.fo_testfile.fileno()) + output_list2 = self.read_file_con(self.testfile) + self.assertListEqual(output_list1, output_list2, "fgetfilecon() did not " + "return the right context!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-translation " + "inactive!") + def test_fgetfilecon_GatherTransCon_ReturnedGoodOne(self): + fd = self.fo_testfile.fileno() + self.set_file_con(fd, self.raw_con) + self.assertEqual(selinux.fgetfilecon(fd)[1], self.trans_con, + "File context, which was gathered after " + "calling fgetfilecon() is not right one!") + +if __name__ == "__main__": + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[auxiliaryTestCase.__module__]) + unittest.TextTestRunner(verbosity=2).run(suite) -- 1.9.0 -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
