8:36 p.m.
getfilecon(_raw), setfilecon(_raw),
lgetfilecon(_raw), fgetfilecon(_raw),
lsetfilecon(_raw);
---
tests/test_file_labeling.py | 408 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 408 insertions(+)
create mode 100755 tests/test_file_labeling.py
diff --git a/tests/test_file_labeling.py b/tests/test_file_labeling.py
new file mode 100755
index 0000000..420dc78
--- /dev/null
+++ b/tests/test_file_labeling.py
@@ -0,0 +1,408 @@
+#!/usr/bin/env python
+
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#For more information see <http://www.gnu.org/licenses/>
+
+"""Tests for:
+getfilecon(_raw), setfilecon(_raw), lgetfilecon(_raw), fgetfilecon(_raw)
+lsetfilecon(_raw)
+"""
+
+import selinux
+import unittest
+import xattr
+import os
+import sys
+import errno
+import uuid
+import helper
+
+class auxiliaryTestCase(unittest.TestCase):
+ """Auxiliary class.
+
+ Atributes:
+ testfile: path to testing file.
+ testfile_symlink: path to link of testing file.
+ fo_testfile: file object of testfile.
+ fo_testfile_symlink: file object of testfile_symlink.
+ raw_con: testing selinux context.
+ wrong_con: non-existing selinux context.
+ """
+
+ def __init__(self, test_method="runTest"):
+ unittest.TestCase.__init__(self, test_method)
+ self.fo_testfile = None
+ self.fo_testfile_symlink = None
+ self.raw_con = "system_u:object_r:tmp_t:s0"
+ self.trans_con = "system_u:object_r:tmp_t:SystemLow"
+ self.wrong_con = "WRONG CONTEXT"
+
+ def setUp(self):
+ self.setUpFileOnly()
+ #Creates unique filename for symlink
+ self.testfile_symlink = "/tmp/" + str(uuid.uuid4())
+ #Use that unique filename for creating file
+ self.create_test_file_symlink()
+
+ def setUpFileOnly(self):
+ """SetUp only file without symlink
+ """
+ self.testfile = "/tmp/" + str(uuid.uuid4())
+ self.create_test_file()
+
+ def remove_file(self, path):
+ try:
+ os.remove(path)
+ #If file with path did not exist continue
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise e
+
+ def tearDown(self):
+ self.remove_file(self.testfile_symlink)
+ self.testfile_symlink = ""
+ self.fo_testfile_symlink = None
+ self.tearDownFileOnly()
+
+
+ def tearDownFileOnly(self):
+ self.remove_file(self.testfile)
+ self.testfile = ""
+ self.fo_testfile = None
+
+
+ def create_test_file(self):
+ """Creates test file.
+
+ Creates file with filename saved in self.testfile and
+ sets attribute self.fo_testfile with file object of the new file.
+ """
+
+ self.fo_testfile = open(self.testfile,"w")
+
+ def create_test_file_symlink(self):
+ """Creates symlink to test file.
+
+ Creates symlink for self.testfile.
+ """
+
+ os.symlink(self.testfile, self.testfile_symlink)
+ self.fo_testfile_symlink = open(self.testfile_symlink, "r")
+
+
+ def read_file_con(self, filepath, nofollow=False):
+ """Reads selinux context from file.
+
+ Args:
+ filepath: Path to file, from which context shall be read.
+ nofollow: If true function will read con of symlink.
+ Returns:
+ List where [0] is length of context with \00.
+ [1] is selinux context string without trailing \00.
+ """
+
+ output_list = []
+ if nofollow:
+ context = xattr.get(filepath, "security.selinux", True)
+ else:
+ context = xattr.get(filepath,"security.selinux")
+ output_list.append(len(context))
+ output_list.append(context[:-1])
+ return output_list
+
+ def set_file_con(self, fileid, context, nofollow=False):
+ """Writes selinux context from file.
+
+ Args:
+ fileid: Path or fd of the file, to which context shall be written.
+ context: Context we want to write to the file.
+ nofollow: If true function will write con to the symlink.
+ """
+
+ xattr.set(fileid, "security.selinux", context, 0, nofollow)
+
+
+class setfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for setfilecon_raw() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ def test_setfileconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setfilecon_raw(self.testfile, self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "setfilecon_raw()!")
+
+ def test_setfileconRaw_FileDoesNotExist_OSErrorRaised(self):
+ os.remove(self.testfile)
+ self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.setfilecon_raw,
+ self.testfile, self.raw_con)
+
+ def test_setfileconRaw_InsertWrongCon_OSErrorRaised(self):
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]',
selinux.setfilecon_raw,
+ self.testfile, self.wrong_con)
+
+
+
+
+class setfileconTestCase(auxiliaryTestCase):
+ """TestCase for setfilecon() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ @unittest.skipUnless(helper.contextTranslation(),
"Context-translation inactive!")
+ def test_setfilecon_InsertTransCon_InsertedSuccessfully(self):
+ selinux.setfilecon(self.testfile, self.trans_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "setfilecon()!")
+
+ def test_setfilecon_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setfilecon(self.testfile, self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "setfilecon()!")
+
+
+
+class lsetfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for lsetfilecon_raw() function.
+ """
+
+ def test_lsetfileconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.lsetfilecon_raw(self.testfile_symlink, self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile_symlink, True)[1],
+ self.raw_con, "File context of symbolic link to"
+ "testfile was not changed after call"
+ "lsetfilecon_raw()!")
+
+ def test_lsetfileconRaw_FileDoesNotExist_OSErrorRaised(self):
+ self.fo_testfile.close()
+ self.remove_file(self.testfile_symlink)
+ self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.lsetfilecon,
+ self.testfile_symlink, self.raw_con)
+
+ def test_lsetfileconRaw_InsertWrongCon_OSErrorRaised(self):
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.lsetfilecon,
+ self.testfile_symlink, self.wrong_con)
+
+
+class lsetfileconTestCase(auxiliaryTestCase):
+ """TestCase for lsetfilecon_raw() function.
+ """
+
+ def test_lsetfilecon_InsertRawCon_InsertedSuccessfully(self):
+ selinux.lsetfilecon(self.testfile_symlink, self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile_symlink,
True)[1], self.raw_con,
+ "File context of symbolic link to testfile was not "
+ "changed after call lsetfilecon()!")
+
+ @unittest.skipUnless(helper.contextTranslation(),
"Context-translation inactive!")
+ def test_lsetfilecon_InsertTransCon_InsertedSuccessfully(self):
+ selinux.lsetfilecon(self.testfile_symlink, self.trans_con)
+ self.assertEqual(self.read_file_con(self.testfile_symlink,
True)[1], self.raw_con,
+ "File context of symbolic link to testfile was not "
+ "changed after call lsetfilecon()!")
+
+
+
+class fsetfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for fsetfilecon_raw() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ def test_fsetfileconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.fsetfilecon_raw(self.fo_testfile.fileno(), self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "fsetfilecon_raw()!")
+
+ def test_fsetfileconRaw_InsertWrongCon_OSErrorRaised(self):
+ fd = self.fo_testfile.fileno()
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]',
selinux.fsetfilecon_raw, fd,
+ self.wrong_con)
+
+ def test_fsetfileconRaw_BadDescriptorUsed_OSErrorRaised(self):
+ fd = self.fo_testfile.fileno()
+ self.fo_testfile.close()
+ self.assertRaisesRegexp(OSError, '\[Errno 9\]',
selinux.fsetfilecon_raw, fd,
+ self.raw_con)
+
+
+class fsetfileconTestCase(auxiliaryTestCase):
+ """TestCase for fsetfilecon() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ def test_fsetfileconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.fsetfilecon(self.fo_testfile.fileno(), self.raw_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "fsetfilecon()!")
+
+ @unittest.skipUnless(helper.contextTranslation(),
"Context-translation inactive!")
+ def test_fsetfileconRaw_InsertTransCon_InsertedSuccessfully(self):
+ selinux.fsetfilecon(self.fo_testfile.fileno(), self.trans_con)
+ self.assertEqual(self.read_file_con(self.testfile)[1], self.raw_con,
+ "File context of testfile was not changed after call
"
+ "fsetfilecon()!")
+
+class getfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for getfilecon_raw() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ def test_getfileconRaw_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.getfilecon_raw(self.testfile)
+ output_list2 = self.read_file_con(self.testfile)
+ self.assertListEqual(output_list1, output_list2, "getfilecon_raw()"
+ "did not return the right context!")
+
+ def test_getfileconRaw_FileDoesNotExist_OSErrorRaised(self):
+ self.remove_file(self.testfile)
+ self.assertRaisesRegexp(OSError, '\[Errno 2\]', selinux.getfilecon_raw,
+ self.testfile)
+
+class getfileconTestCase(auxiliaryTestCase):
+ """TestCase for getfilecon() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ @unittest.skipIf(helper.contextTranslation(),
"Context-translation active!")
+ def test_getfilecon_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.getfilecon(self.testfile)
+ output_list2 = self.read_file_con(self.testfile)
+ self.assertListEqual(output_list1, output_list2,
"getfilecon() did not "
+ "return the right context!")
+
+ @unittest.skipUnless(helper.contextTranslation(),
"Context-translation inactive!")
+ def test_getfilecon_GatherTransCon_ReturnedGoodOne(self):
+ self.set_file_con(self.testfile, self.raw_con)
+ self.assertEqual(selinux.getfilecon(self.testfile)[1], self.trans_con,
+ "File context, which was gathered after "
+ "calling getfilecon() is not right one!")
+
+
+class lgetfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for lgetfilecon_raw() function.
+ """
+
+ def test_lgetfileconRaw_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.lgetfilecon_raw(self.testfile_symlink)
+ output_list2 = self.read_file_con(self.testfile_symlink, True)
+ self.assertListEqual(output_list1, output_list2,
"lgetfilecon_raw() did"
+ "not return the right context!")
+
+ def test_getfileconRaw_FileDoesNotExist_OSErrorRaised(self):
+ self.remove_file(self.testfile_symlink)
+ self.assertRaisesRegexp(OSError, '\[Errno 2\]',
selinux.lgetfilecon_raw,
+ self.testfile_symlink)
+
+
+class lgetfileconTestCase(auxiliaryTestCase):
+ """TestCase for lgetfilecon() function.
+ """
+
+ @unittest.skipIf(helper.contextTranslation(),
"Context-translation active!")
+ def test_lgetfilecon_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.lgetfilecon(self.testfile_symlink)
+ output_list2 = self.read_file_con(self.testfile_symlink)
+ self.assertListEqual(output_list1, output_list2,
"lgetfilecon() did not "
+ "return the right context!")
+
+ @unittest.skipUnless(helper.contextTranslation(),
"Context-translation inactive!")
+ def test_lgetfilecon_GatherTransCon_ReturnedGoodOne(self):
+ self.set_file_con(self.testfile_symlink, self.raw_con, True)
+ self.assertEqual(selinux.lgetfilecon(self.testfile_symlink)[1],
+ self.trans_con, "File context, which was gathered "
+ "after calling lgetfilecon() is not right one!")
+
+class fgetfileconRawTestCase(auxiliaryTestCase):
+ """TestCase for fgetfilecon_raw() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ def test_fgetfileconRaw_BadDescriptorUsed_OSErrorRaised(self):
+ fd = self.fo_testfile.fileno()
+ self.fo_testfile.close()
+ self.assertRaisesRegexp(OSError, '\[Errno 9\]',
selinux.fgetfilecon_raw, fd)
+
+ def test_fgetfileconRaw_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.fgetfilecon_raw(self.fo_testfile.fileno())
+ output_list2 = self.read_file_con(self.testfile)
+ self.assertListEqual(output_list1, output_list2, "fgetfilecon_raw() "
+ "did not return the right context!")
+
+
+class fgetfileconTestCase(auxiliaryTestCase):
+ """TestCase for fgetfilecon() function.
+ """
+
+ def setUp(self):
+ self.setUpFileOnly()
+
+ def tearDown(self):
+ self.tearDownFileOnly()
+
+ @unittest.skipIf(helper.contextTranslation(),
"Context-translation active!")
+ def test_fgetfilecon_GatherContext_ReturnedGoodOne(self):
+ output_list1 = selinux.fgetfilecon(self.fo_testfile.fileno())
+ output_list2 = self.read_file_con(self.testfile)
+ self.assertListEqual(output_list1, output_list2,
"fgetfilecon() did not "
+ "return the right context!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-translation "
+ "inactive!")
+ def test_fgetfilecon_GatherTransCon_ReturnedGoodOne(self):
+ fd = self.fo_testfile.fileno()
+ self.set_file_con(fd, self.raw_con)
+ self.assertEqual(selinux.fgetfilecon(fd)[1], self.trans_con,
+ "File context, which was gathered after "
+ "calling fgetfilecon() is not right one!")
+
+if __name__ == "__main__":
+ suite =
unittest.TestLoader().loadTestsFromModule(sys.modules[auxiliaryTestCase.__module__])
+ unittest.TextTestRunner(verbosity=2).run(suite)
--
1.9.0