[PATCH for f20 3/4] Add tests for process labeling functions
Rastislav Hepner
rastislav.hepner at gmail.com
Tue May 20 01:36:27 UTC 2014
getcon(_raw), setcon(_raw), getexeccon(_raw),
setexeccon(_raw), getpidcon(_raw), getprevcon(_raw),
---
tests/test_process_labeling.py | 298 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 298 insertions(+)
create mode 100755 tests/test_process_labeling.py
diff --git a/tests/test_process_labeling.py b/tests/test_process_labeling.py
new file mode 100755
index 0000000..507738c
--- /dev/null
+++ b/tests/test_process_labeling.py
@@ -0,0 +1,298 @@
+#!/usr/bin/env python
+
+
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#For more information see <http://www.gnu.org/licenses/>
+
+"""Tests for:
+getcon(_raw), setcon(_raw), getexeccon(_raw), setexeccon(_raw),
+getpidcon(_raw), getprevcon(_raw)
+"""
+
+import selinux
+import unittest
+import subprocess
+import os
+import sys
+import errno
+import helper
+
+
+class auxiliaryTestCase(unittest.TestCase):
+ """Auxiliary class.
+
+ Atributes:
+ raw_con: raw selinux context used in tests.
+ trans_con: translated version of raw_con
+ wrong_con: wrong context which is used as bad input.
+ raw_default_con: raw default context for unconfined process
+ trans_default_con: translated version of raw_default_con
+ cmds: tuple containing path to testing process and its input.
+ """
+
+ def __init__(self, test_method="runTest"):
+ unittest.TestCase.__init__(self, test_method)
+ self.raw_con = "unconfined_u:unconfined_r:unconfined_t:s0"
+ self.trans_con = "unconfined_u:unconfined_r:unconfined_t:SystemLow"
+ self.wrong_con = "WRONG CONTEXT"
+ self.raw_default_con =
"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
+ self.trans_default_con =
"unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh"
+ self.pid = os.getpid()
+
+
+ def kill_test_process(self, process):
+ """Kills testing process.
+ """
+
+ process.kill()
+ process.wait()
+
+ def start_test_process(self):
+ """Starts testing process.
+
+ Returns:
+ A object of started process.
+ """
+
+ p = subprocess.Popen(self.cmd)
+ return p
+
+ def read_current(self, pid="self"):
+ """Reads selinux context from /proc/self/attr/current file.
+
+ Args:
+ pid: PID of process whose /proc/.../current file should be read.
+ Returns:
+ Current selinux context of the process.
+ """
+ return helper.read_attr_file(pid, "current")
+
+ def read_prev(self, pid="self"):
+ """Reads selinux context from /proc/self/attr/prev file.
+
+ Args:
+ pid: PID of process whose /proc/.../prev file should be read.
+ Returns:
+ Previous selinux context of the process.
+ """
+ return helper.read_attr_file(pid, "prev")
+
+ def read_exec(self, pid="self"):
+ """Reads selinux context from /proc/self/attr/exec file.
+
+ Args:
+ pid: PID of process whose /proc/.../exec file should be read.
+ Returns:
+ None if /proc/.../exec contains "".
+ Exec selinux context otherwise.
+ """
+ return helper.read_attr_file(pid, "exec")
+
+
+class setexecconRawTestCase(auxiliaryTestCase):
+ """TestCase for setexeccon() function.
+ """
+ def setUp(self):
+ selinux.setexeccon_raw(None)
+
+ def test_setexecconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setexeccon_raw(self.raw_con)
+ self.assertEqual(self.read_exec(), self.raw_con, "raw_con was "
+ "not put into /proc/.../exec file!")
+
+ def test_setexecconRaw_RawConRemoval_RawConRemoved(self):
+ selinux.setexeccon_raw(self.raw_con)
+ selinux.setexeccon_raw(None)
+ self.assertNotEqual(self.read_exec(), self.raw_con, "Removal "
+ "of raw_con has failed! setexeccon_raw(None) "
+ "did not work!")
+
+ def test_setexecconRaw_WrongContextUsed_OSErrorRaised(self):
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]',
selinux.setexeccon_raw,
+ self.wrong_con)
+
+
+class setexecconTestCase(auxiliaryTestCase):
+ """TestCase for setexeccon() function.
+ """
+ def setUp(self):
+ selinux.setexeccon(None)
+
+ def test_setexeccon_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setexeccon(self.raw_con)
+ self.assertEqual(self.read_exec(), self.raw_con, "raw_con was "
+ "not set as expected!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans
inactive!")
+ def test_setexeccon_InsertTransCon_InsertedSuccessfully(self):
+ selinux.setexeccon(self.trans_con)
+ self.assertEqual(self.read_exec(), self.raw_con, "trans_con was "
+ "not set as expected!")
+
+
+class getexecconRawTestCase(auxiliaryTestCase):
+ """TestCase for getexeccon_raw() function.
+ """
+ def setUp(self):
+ selinux.setexeccon_raw(None)
+
+ def test_getexecconRaw_ExecIsEmpty_ReturnedNone(self):
+ selinux.setexeccon_raw(None)
+ self.assertEqual(selinux.getexeccon_raw()[1], None, "Gathered
context from "
+ "/proc/.../exec file should be None!")
+
+ def test_getexecconRaw_RawConInExec_ReturnedRawCon(self):
+ selinux.setexeccon(self.raw_con)
+ self.assertEqual(selinux.getexeccon_raw()[1], self.raw_con,
"raw_con was "
+ "not returned as expected!")
+
+
+class getexecconTestCase(auxiliaryTestCase):
+ """TestCase for getexeccon_raw() function.
+ """
+ def setUp(self):
+ selinux.setexeccon_raw(None)
+
+ @unittest.skipIf(helper.contextTranslation(), "Context-trans active!")
+ def test_getexeccon_RawContextInExec_ReturnedRawContext(self):
+ selinux.setexeccon_raw(self.raw_con)
+ self.assertEqual(selinux.getexeccon()[1], self.raw_con, "raw_con was "
+ "not returned as expected!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans
inactive!")
+ def test_getexeccon_RawContextInExec_ReturnedTransContext(self):
+ selinux.setexeccon_raw(self.raw_con)
+ self.assertEqual(selinux.getexeccon()[1], self.trans_con,
"trans_con was "
+ "not returned as expected!")
+
+
+class setconTestCaseRaw(auxiliaryTestCase):
+ """TestCase for setcon() function.
+ """
+
+ def setUp(self):
+ selinux.setcon_raw(self.raw_default_con)
+
+ def test_setconRaw_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(self.read_current(), self.raw_con, "raw_con was "
+ "not put into /proc/.../current file!")
+
+ def test_setconRaw_RawConRemoval_OSErrorRaised(self):
+ #We cannot clear current context
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setcon_raw,
+ None)
+
+ def test_setconRaw_WrongContextUsed_OSErrorRaised(self):
+ self.assertRaisesRegexp(OSError, '\[Errno 22\]', selinux.setcon_raw,
+ self.wrong_con)
+
+
+class setconTestCase(auxiliaryTestCase):
+ """TestCase for setcon() function.
+ """
+ def setUp(self):
+ selinux.setcon(self.raw_default_con)
+
+ def test_setcon_InsertRawCon_InsertedSuccessfully(self):
+ selinux.setcon(self.raw_con)
+ self.assertEqual(self.read_current(), self.raw_con, "raw_con was "
+ "not set as expected!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans
inactive!")
+ def test_setcon_InsertTransCon_InsertedSuccessfully(self):
+ selinux.setcon(self.trans_con)
+ self.assertEqual(self.read_current(), self.raw_con, "trans_con was "
+ "not set as expected!")
+
+
+class getconTestRawCase(auxiliaryTestCase):
+ """TestCase for getcon() function.
+ """
+ def setUp(self):
+ selinux.setcon_raw(self.raw_default_con)
+
+ def test_getconRaw_RawConInCurrent_ReturnedRawCon(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getcon_raw()[1], self.raw_con, "raw_con was "
+ "not returned as expected!")
+
+
+class getconTestCase(auxiliaryTestCase):
+ """TestCase for getcon() function.
+ """
+ def setUp(self):
+ selinux.setcon_raw(self.raw_default_con)
+
+ @unittest.skipIf(helper.contextTranslation(), "Context-trans active!")
+ def test_getcon_RawContextInCurrent_ReturnedRawContext(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getcon()[1], self.raw_con, "raw_con was "
+ "not returned as expected!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans
inactive!")
+ def test_getcon_RawContextInCurrent_ReturnedTransContext(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getcon()[1], self.trans_con, "trans_con was "
+ "not returned as expected!")
+
+class getpidconRawTestCase(auxiliaryTestCase):
+ """TestCase for getpidcon_raw() function.
+ """
+ def test_getpidconRaw_RawConInCurrent_ReturnedRawCon(self):
+ #self.pid contains pid of current process
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getpidcon_raw(self.pid)[1],
self.raw_con, "raw_con was "
+ "not returned as expected!")
+
+class getpidconTestCase(auxiliaryTestCase):
+ """TestCase for getpidcon() function.
+ """
+ def setUp(self):
+ selinux.setcon_raw(self.raw_default_con)
+
+ @unittest.skipIf(helper.contextTranslation(), "Context-trans active!")
+ def test_getpidcon_RawContextInCurrent_ReturnedRawContext(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getpidcon(self.pid)[1],
self.raw_con, "raw_con was "
+ "not returned as expected!")
+
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans
inactive!")
+ def test_getpidcon_RawContextInCurrent_ReturnedTransContext(self):
+ selinux.setcon_raw(self.raw_con)
+ self.assertEqual(selinux.getpidcon(self.pid)[1],
self.trans_con, "trans_con was "
+ "not returned as expected!")
+
+class getprevconRawTestCase(auxiliaryTestCase):
+ """TestCase for getprevcon_raw() function.
+ """
+ def test_getprevconRaw_ReadingPrevCon_ReadSuccessfully(self):
+ self.assertEqual(self.read_prev(),
selinux.getprevcon_raw()[1], "prev con was "
+ "not returned as expected!")
+
+class getprevconTestCase(auxiliaryTestCase):
+ """TestCase for getprevcon_raw() function.
+ """
+ @unittest.skipUnless(helper.contextTranslation(), "Context-trans active!")
+ def test_getprevcon_ReadingPrevCon_TransConReadSuccessfully(self):
+ self.assertEqual(selinux.getprevcon()[1],
self.trans_default_con , "translated "
+ " prev con was not returned as expected!")
+
+ @unittest.skipIf(helper.contextTranslation(), "Context-trans inactive!")
+ def test_getprevcon_ReadingPrevCon_RawConReadSuccessfully(self):
+ self.assertEqual(selinux.getprevcon()[1], self.raw_default_con, "raw "
+ "previous con was not returned as expected!")
+
+
+if __name__ == "__main__":
+ suite = unittest.TestLoader().loadTestsFromModule(sys.modules[auxiliaryTestCase.__module__])
+ unittest.TextTestRunner(verbosity=2).run(suite)
+
--
1.9.0
More information about the selinux
mailing list