libselinux/tests/selinux_set_callback/test_callback.c
Rachel Sibley aba7ab1e5f Initial commit for downstream tests to be run using the standard test interface
The following steps are used to execute the tests using the standard test interface:

Docker

    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS=docker:docker.io/library/fedora:26 TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags container tests.yml

Classic

    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml

https://src.fedoraproject.org/rpms/libselinux/pull-request/1
2017-10-31 21:18:48 +01:00

128 lines
3.6 KiB
C

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <errno.h>
#include <selinux/selinux.h>
#include <selinux/avc.h>
#include <selinux/label.h>
int validate_counter = 0;
int my_log(int type, const char *fmt, ...) {
printf("function my_log, type: %d, fmt: %s\n", type, fmt);
return 0;
}
int my_audit(void *auditdata, security_class_t cls, char *msgbuf, size_t msgbufsize) {
printf("function my_audit, auditdata: %p, cls: %u, msgbuf: %s, msgbufsize: %lu\n", auditdata, cls, msgbuf, msgbufsize);
return 0;
}
int my_validate(char **ctx) {
if (validate_counter++ == 0)
printf("function my_validate, ctx: %p\n", (void *) ctx);
return 0;
}
int my_setenforce(int enforcing) {
printf("function my_setenforce, enforcing: %d\n", enforcing);
return 0;
}
int my_policyload(int seqno) {
printf("function my_policyload, seqno: %d\n", seqno);
return 0;
}
int main (int argc, char **argv) {
int exit_code = 0;
// LOG
printf("setting LOG callback\n");
selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) my_log);
if (selinux_get_callback(SELINUX_CB_LOG).func_log != my_log) {
printf("ERROR: selinux_get_callback() does not match\n");
exit_code = 1;
}
// AUDIT
printf("setting AUDIT callback\n");
selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) my_audit);
if (selinux_get_callback(SELINUX_CB_AUDIT).func_audit != my_audit) {
printf("ERROR: selinux_get_callback() does not match\n");
exit_code = 1;
}
printf("calling avc_audit to call audit and log functions\n");
avc_init("", NULL, NULL, NULL, NULL);
struct security_id ssid = { "asdf", 5 };
struct security_id tsid = { "asdf", 5 };
struct av_decision avd = { 1, 0, 1, 0, 0, 0 };
avc_audit(&ssid, &tsid, 0, 1, &avd, 0, NULL);
// VALIDATE
printf("setting VALIDATE callback\n");
selinux_set_callback(SELINUX_CB_VALIDATE, (union selinux_callback) my_validate);
if (selinux_get_callback(SELINUX_CB_VALIDATE).func_validate != my_validate) {
printf("ERROR: selinux_get_callback() does not match\n");
exit_code = 1;
}
struct selabel_handle *hnd = NULL;
struct selinux_opt selabel_option [] = {
{ SELABEL_OPT_VALIDATE, (char *) 1 }
};
hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 1);
selabel_close(hnd);
// SETENFORCE
printf("setting SETENFORCE callback\n");
selinux_set_callback(SELINUX_CB_SETENFORCE, (union selinux_callback) my_setenforce);
if (selinux_get_callback(SELINUX_CB_SETENFORCE).func_setenforce != my_setenforce) {
printf("ERROR: selinux_get_callback() does not match\n");
exit_code = 1;
}
int enforcing = security_getenforce();
printf("calling security_setenforce to call setenforce function\n");
if (enforcing == 1) {
security_setenforce(0);
security_setenforce(1);
}
else {
security_setenforce(1);
security_setenforce(0);
}
// triggers callbacks
avc_has_perm_noaudit(&ssid, &tsid, 0, 1, NULL, &avd);
// POLICYLOAD
printf("setting POLICYLOAD callback\n");
selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback) my_policyload);
if (selinux_get_callback(SELINUX_CB_POLICYLOAD).func_policyload != my_policyload) {
printf("ERROR: selinux_get_callback() does not match\n");
exit_code = 1;
}
selinux_mkload_policy(1);
// triggers callbacks
avc_has_perm_noaudit(&ssid, &tsid, 0, 1, NULL, &avd);
return exit_code;
}