-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJpNxgACgkQrlYvE4MpobPyNQCginQXbcG6/6yTTfBR/XiTusy1
UdUAni5NJ+9lPyIu1OXS4pXb4yJkLu/w
=qF2Q
-----END PGP SIGNATURE-----
>From b2fc2519f0fef74ce155ce7983965e9acb7921f8 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 11 Oct 2013 09:55:35 -0400
Subject: [PATCH 61/74] Add new test suite for sepolicy tool set.
This test should be run before we do any builds to make sure there are
no regressions
---
policycoreutils/sepolicy/Makefile | 5 +-
policycoreutils/sepolicy/test_sepolicy.py | 123 ++++++++++++++++++++++++++++++
2 files changed, 127 insertions(+), 1 deletion(-)
create mode 100644 policycoreutils/sepolicy/test_sepolicy.py
diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile
index af90c04..71d661c 100644
--- a/policycoreutils/sepolicy/Makefile
+++ b/policycoreutils/sepolicy/Makefile
@@ -9,7 +9,7 @@ LOCALEDIR ?= /usr/share/locale
PYTHON ?= /usr/bin/python
BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/
SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared
+override CFLAGS = -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared
BASHCOMPLETIONS=sepolicy-bash-completion.sh
@@ -22,6 +22,9 @@ clean:
$(PYTHON) setup.py clean
-rm -rf build *~ \#* *pyc .#*
+test:
+ @python test_sepolicy.py -v
+
install:
$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
diff --git a/policycoreutils/sepolicy/test_sepolicy.py b/policycoreutils/sepolicy/test_sepolicy.py
new file mode 100644
index 0000000..3e3725d
--- /dev/null
+++ b/policycoreutils/sepolicy/test_sepolicy.py
@@ -0,0 +1,123 @@
+import unittest, os, shutil
+from tempfile import mkdtemp
+from subprocess import Popen, PIPE
+
+class SepolicyTests(unittest.TestCase):
+ def assertDenied(self, err):
+ self.assert_('Permission denied' in err,
+ '"Permission denied" not found in %r' % err)
+ def assertNotFound(self, err):
+ self.assert_('not found' in err,
+ '"not found" not found in %r' % err)
+
+ def assertFailure(self, status):
+ self.assert_(status != 0,
+ '"Succeeded when it should have failed')
+
+ def assertSuccess(self, status, err):
+ self.assert_(status == 0,
+ '"sepolicy should have succeeded for this test %r' % err)
+
+ def test_man_domain(self):
+ "Verify sepolicy manpage -d works"
+ p = Popen(['sepolicy', 'manpage', '-d', 'httpd_t'], stdout = PIPE)
+ out, err = p.communicate()
+ print out, err
+ self.assertSuccess(p.returncode, err)
+
+ def test_man_all(self):
+ "Verify sepolicy manpage -a works"
+ p = Popen(['sepolicy', 'manpage', '-a'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_network_l(self):
+ "Verify sepolicy network -l works"
+ p = Popen(['sepolicy', 'network', '-l'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_network_t(self):
+ "Verify sepolicy network -t works"
+ p = Popen(['sepolicy', 'network', '-t', 'http_port_t'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_network_p(self):
+ "Verify sepolicy network -p works"
+ p = Popen(['sepolicy', 'network', '-p', '80'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_network_d(self):
+ "Verify sepolicy network -d works"
+ p = Popen(['sepolicy', 'network', '-d', 'httpd_t'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_transition_s(self):
+ "Verify sepolicy transition -l works"
+ p = Popen(['sepolicy', 'transition', '-s', 'httpd_t'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_transition_t(self):
+ "Verify sepolicy transition -t works"
+ p = Popen(['sepolicy', 'transition', '-s', 'httpd_t', '-t', 'sendmail_t'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_booleans_l(self):
+ "Verify sepolicy booleans -l fails"
+ p = Popen(['sepolicy', 'booleans', '-l'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_booleans_a(self):
+ "Verify sepolicy booleans -a works"
+ p = Popen(['sepolicy', 'booleans', '-a'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_booleans_b_alias(self):
+ "Verify sepolicy booleans -b works"
+ p = Popen(['sepolicy', 'booleans', '-b', 'allow_ypbind'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_booleans_b(self):
+ "Verify sepolicy booleans -b works"
+ p = Popen(['sepolicy', 'booleans', '-b', 'nis_enabled'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_interface_l(self):
+ "Verify sepolicy interface -l works"
+ p = Popen(['sepolicy', 'interface', '-l'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_interface_a(self):
+ "Verify sepolicy interface -a works"
+ p = Popen(['sepolicy', 'interface', '-a'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_interface_p(self):
+ "Verify sepolicy interface -u works"
+ p = Popen(['sepolicy', 'interface', '-u'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_interface_ci(self):
+ "Verify sepolicy interface -c -i works"
+ p = Popen(['sepolicy', 'interface', '-c', '-i', 'apache_admin'], stdout = PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+if __name__ == "__main__":
+ import selinux
+ if selinux.security_getenforce() == 1:
+ unittest.main()
+ else:
+ print "SELinux must be in enforcing mode for this test"
--
1.8.3.1
