getcon(_raw), setcon(_raw), getexeccon(_raw), setexeccon(_raw), getpidcon(_raw), getprevcon(_raw), --- tests/test_process_labeling.py | 298 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 298 insertions(+) create mode 100755 tests/test_process_labeling.py diff --git a/tests/test_process_labeling.py b/tests/test_process_labeling.py new file mode 100755 index 0000000..507738c --- /dev/null +++ b/tests/test_process_labeling.py @@ -0,0 +1,298 @@ +#!/usr/bin/env python + + +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#For more information see <http://www.gnu.org/licenses/> + +"""Tests for: +getcon(_raw), setcon(_raw), getexeccon(_raw), setexeccon(_raw), +getpidcon(_raw), getprevcon(_raw) +""" + +import selinux +import unittest +import subprocess +import os +import sys +import errno +import helper + + +class auxiliaryTestCase(unittest.TestCase): + """Auxiliary class. + + Atributes: + raw_con: raw selinux context used in tests. + trans_con: translated version of raw_con + wrong_con: wrong context which is used as bad input. + raw_default_con: raw default context for unconfined process + trans_default_con: translated version of raw_default_con + cmds: tuple containing path to testing process and its input. + """ + + def __init__(self, test_method="runTest"): + unittest.TestCase.__init__(self, test_method) + self.raw_con = "unconfined_u:unconfined_r:unconfined_t:s0" + self.trans_con = "unconfined_u:unconfined_r:unconfined_t:SystemLow" + self.wrong_con = "WRONG CONTEXT" + self.raw_default_con = "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" + self.trans_default_con = "unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh" + self.pid = os.getpid() + + + def kill_test_process(self, process): + """Kills testing process. + """ + + process.kill() + process.wait() + + def start_test_process(self): + """Starts testing process. + + Returns: + A object of started process. + """ + + p = subprocess.Popen(self.cmd) + return p + + def read_current(self, pid="self"): + """Reads selinux context from /proc/self/attr/current file. + + Args: + pid: PID of process whose /proc/.../current file should be read. + Returns: + Current selinux context of the process. + """ + return helper.read_attr_file(pid, "current") + + def read_prev(self, pid="self"): + """Reads selinux context from /proc/self/attr/prev file. + + Args: + pid: PID of process whose /proc/.../prev file should be read. + Returns: + Previous selinux context of the process. + """ + return helper.read_attr_file(pid, "prev") + + def read_exec(self, pid="self"): + """Reads selinux context from /proc/self/attr/exec file. + + Args: + pid: PID of process whose /proc/.../exec file should be read. + Returns: + None if /proc/.../exec contains "". + Exec selinux context otherwise. + """ + return helper.read_attr_file(pid, "exec") + + +class setexecconRawTestCase(auxiliaryTestCase): + """TestCase for setexeccon() function. + """ + def setUp(self): + selinux.setexeccon_raw(None) + + def test_setexecconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.setexeccon_raw(self.raw_con) + self.assertEqual(self.read_exec(), self.raw_con, "raw_con was " + "not put into /proc/.../exec file!") + + def test_setexecconRaw_RawConRemoval_RawConRemoved(self): + selinux.setexeccon_raw(self.raw_con) + selinux.setexeccon_raw(None) + self.assertNotEqual(self.read_exec(), self.raw_con, "Removal " + "of raw_con has failed! setexeccon_raw(None) " + "did not work!") + + def test_setexecconRaw_WrongContextUsed_OSErrorRaised(self): + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setexeccon_raw, + self.wrong_con) + + +class setexecconTestCase(auxiliaryTestCase): + """TestCase for setexeccon() function. + """ + def setUp(self): + selinux.setexeccon(None) + + def test_setexeccon_InsertRawCon_InsertedSuccessfully(self): + selinux.setexeccon(self.raw_con) + self.assertEqual(self.read_exec(), self.raw_con, "raw_con was " + "not set as expected!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-trans inactive!") + def test_setexeccon_InsertTransCon_InsertedSuccessfully(self): + selinux.setexeccon(self.trans_con) + self.assertEqual(self.read_exec(), self.raw_con, "trans_con was " + "not set as expected!") + + +class getexecconRawTestCase(auxiliaryTestCase): + """TestCase for getexeccon_raw() function. + """ + def setUp(self): + selinux.setexeccon_raw(None) + + def test_getexecconRaw_ExecIsEmpty_ReturnedNone(self): + selinux.setexeccon_raw(None) + self.assertEqual(selinux.getexeccon_raw()[1], None, "Gathered context from " + "/proc/.../exec file should be None!") + + def test_getexecconRaw_RawConInExec_ReturnedRawCon(self): + selinux.setexeccon(self.raw_con) + self.assertEqual(selinux.getexeccon_raw()[1], self.raw_con, "raw_con was " + "not returned as expected!") + + +class getexecconTestCase(auxiliaryTestCase): + """TestCase for getexeccon_raw() function. + """ + def setUp(self): + selinux.setexeccon_raw(None) + + @unittest.skipIf(helper.contextTranslation(), "Context-trans active!") + def test_getexeccon_RawContextInExec_ReturnedRawContext(self): + selinux.setexeccon_raw(self.raw_con) + self.assertEqual(selinux.getexeccon()[1], self.raw_con, "raw_con was " + "not returned as expected!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-trans inactive!") + def test_getexeccon_RawContextInExec_ReturnedTransContext(self): + selinux.setexeccon_raw(self.raw_con) + self.assertEqual(selinux.getexeccon()[1], self.trans_con, "trans_con was " + "not returned as expected!") + + +class setconTestCaseRaw(auxiliaryTestCase): + """TestCase for setcon() function. + """ + + def setUp(self): + selinux.setcon_raw(self.raw_default_con) + + def test_setconRaw_InsertRawCon_InsertedSuccessfully(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(self.read_current(), self.raw_con, "raw_con was " + "not put into /proc/.../current file!") + + def test_setconRaw_RawConRemoval_OSErrorRaised(self): + #We cannot clear current context + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setcon_raw, + None) + + def test_setconRaw_WrongContextUsed_OSErrorRaised(self): + self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setcon_raw, + self.wrong_con) + + +class setconTestCase(auxiliaryTestCase): + """TestCase for setcon() function. + """ + def setUp(self): + selinux.setcon(self.raw_default_con) + + def test_setcon_InsertRawCon_InsertedSuccessfully(self): + selinux.setcon(self.raw_con) + self.assertEqual(self.read_current(), self.raw_con, "raw_con was " + "not set as expected!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-trans inactive!") + def test_setcon_InsertTransCon_InsertedSuccessfully(self): + selinux.setcon(self.trans_con) + self.assertEqual(self.read_current(), self.raw_con, "trans_con was " + "not set as expected!") + + +class getconTestRawCase(auxiliaryTestCase): + """TestCase for getcon() function. + """ + def setUp(self): + selinux.setcon_raw(self.raw_default_con) + + def test_getconRaw_RawConInCurrent_ReturnedRawCon(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getcon_raw()[1], self.raw_con, "raw_con was " + "not returned as expected!") + + +class getconTestCase(auxiliaryTestCase): + """TestCase for getcon() function. + """ + def setUp(self): + selinux.setcon_raw(self.raw_default_con) + + @unittest.skipIf(helper.contextTranslation(), "Context-trans active!") + def test_getcon_RawContextInCurrent_ReturnedRawContext(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getcon()[1], self.raw_con, "raw_con was " + "not returned as expected!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-trans inactive!") + def test_getcon_RawContextInCurrent_ReturnedTransContext(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getcon()[1], self.trans_con, "trans_con was " + "not returned as expected!") + +class getpidconRawTestCase(auxiliaryTestCase): + """TestCase for getpidcon_raw() function. + """ + def test_getpidconRaw_RawConInCurrent_ReturnedRawCon(self): + #self.pid contains pid of current process + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getpidcon_raw(self.pid)[1], self.raw_con, "raw_con was " + "not returned as expected!") + +class getpidconTestCase(auxiliaryTestCase): + """TestCase for getpidcon() function. + """ + def setUp(self): + selinux.setcon_raw(self.raw_default_con) + + @unittest.skipIf(helper.contextTranslation(), "Context-trans active!") + def test_getpidcon_RawContextInCurrent_ReturnedRawContext(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getpidcon(self.pid)[1], self.raw_con, "raw_con was " + "not returned as expected!") + + @unittest.skipUnless(helper.contextTranslation(), "Context-trans inactive!") + def test_getpidcon_RawContextInCurrent_ReturnedTransContext(self): + selinux.setcon_raw(self.raw_con) + self.assertEqual(selinux.getpidcon(self.pid)[1], self.trans_con, "trans_con was " + "not returned as expected!") + +class getprevconRawTestCase(auxiliaryTestCase): + """TestCase for getprevcon_raw() function. + """ + def test_getprevconRaw_ReadingPrevCon_ReadSuccessfully(self): + self.assertEqual(self.read_prev(), selinux.getprevcon_raw()[1], "prev con was " + "not returned as expected!") + +class getprevconTestCase(auxiliaryTestCase): + """TestCase for getprevcon_raw() function. + """ + @unittest.skipUnless(helper.contextTranslation(), "Context-trans active!") + def test_getprevcon_ReadingPrevCon_TransConReadSuccessfully(self): + self.assertEqual(selinux.getprevcon()[1], self.trans_default_con , "translated " + " prev con was not returned as expected!") + + @unittest.skipIf(helper.contextTranslation(), "Context-trans inactive!") + def test_getprevcon_ReadingPrevCon_RawConReadSuccessfully(self): + self.assertEqual(selinux.getprevcon()[1], self.raw_default_con, "raw " + "previous con was not returned as expected!") + + +if __name__ == "__main__": + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[auxiliaryTestCase.__module__]) + unittest.TextTestRunner(verbosity=2).run(suite) + -- 1.9.0 -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
