#1 Initial commit for downstream tests to be run using the standard test interface
Closed a year ago by plautrba. Opened 2 years ago by rasibley.
rpms/ rasibley/libselinux libselinux-tests  into  master

@@ -0,0 +1,64 @@ 

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /CoreOS/libselinux/Sanity/getsebool

+ #   Description: Does getsebool work as expected?

+ #   Author: Milos Malik <mmalik@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2017 Red Hat, Inc.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/CoreOS/libselinux/Sanity/getsebool

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh Makefile PURPOSE

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	test -x runtest.sh || chmod a+x runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     Does getsebool work as expected?" >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        5m" >> $(METADATA)

+ 	@echo "RunFor:          libselinux" >> $(METADATA)

+ 	@echo "Requires:        libselinux" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

+ 

@@ -0,0 +1,5 @@ 

+ PURPOSE of /CoreOS/libselinux/Sanity/getsebool

+ Author: Milos Malik <mmalik@redhat.com>

+ 

+ Does getsebool work as expected?

+ 

@@ -0,0 +1,68 @@ 

+ #!/bin/bash

+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /CoreOS/libselinux/Sanity/getsebool

+ #   Description: Does getsebool work as expected?

+ #   Author: Milos Malik <mmalik@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2017 Red Hat, Inc.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include Beaker environment

+ . /usr/share/beakerlib/beakerlib.sh || exit 1

+ 

+ PACKAGE="libselinux"

+ if rlIsRHEL 5 6 ; then

+     SELINUX_FS_MOUNT="/selinux"

+ else # RHEL-7 and above

+     SELINUX_FS_MOUNT="/sys/fs/selinux"

+ fi

+ 

+ rlJournalStart

+     rlPhaseStartSetup

+         rlAssertRpm ${PACKAGE}

+         rlAssertRpm ${PACKAGE}-utils

+         rlRun "getsebool" 0,1

+         OUTPUT_FILE=`mktemp`

+     rlPhaseEnd

+ 

+     rlPhaseStartTest 

+         rlRun "getsebool -a"

+         rlRun "umount ${SELINUX_FS_MOUNT}"

+         rlRun "getsebool -a 2>&1 | tee ${OUTPUT_FILE}"

+         rlAssertGrep "selinux.*disabled" ${OUTPUT_FILE} -i

+         rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}"

+         rlRun "mkdir booleans"

+         rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"

+         rlRun "getsebool -a 2>&1 | tee ${OUTPUT_FILE}"

+         rlAssertGrep "unable to get boolean name.*no such file or directory" ${OUTPUT_FILE} -i

+         rlRun "getsebool xen_use_nfs 2>&1 | tee ${OUTPUT_FILE}"

+         rlAssertGrep "error getting active value for" ${OUTPUT_FILE} -i

+         rlRun "umount ${SELINUX_FS_MOUNT}/booleans"

+         rlRun "rmdir booleans"

+     rlPhaseEnd

+ 

+     rlPhaseStartCleanup

+         rm -f ${OUTPUT_FILE}

+     rlPhaseEnd

+ rlJournalPrintText

+ rlJournalEnd

+ 

@@ -0,0 +1,63 @@ 

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /CoreOS/libselinux/Sanity/realpath_not_final-function

+ #   Description: Test realpath_not_final function

+ #   Author: Jan Zarsky <jzarsky@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2016 Red Hat, Inc.

+ #

+ #   This program is free software: you can redistribute it and/or

+ #   modify it under the terms of the GNU General Public License as

+ #   published by the Free Software Foundation, either version 2 of

+ #   the License, or (at your option) any later version.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE.  See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public License

+ #   along with this program. If not, see http://www.gnu.org/licenses/.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/CoreOS/libselinux/Sanity/realpath_not_final-function

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh Makefile PURPOSE test*.c

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	test -x runtest.sh || chmod a+x runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ 

+ include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           Jan Zarsky <jzarsky@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     Test realpath_not_final function" >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        5m" >> $(METADATA)

+ 	@echo "RunFor:          libselinux" >> $(METADATA)

+ 	@echo "Requires:        libselinux libselinux-devel glibc gcc" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2+" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

@@ -0,0 +1,3 @@ 

+ PURPOSE of /CoreOS/libselinux/Sanity/realpath_not_final-function

+ Description: Test realpath_not_final function

+ Author: Jan Zarsky <jzarsky@redhat.com>

@@ -0,0 +1,66 @@ 

+ #!/bin/bash

+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /CoreOS/libselinux/Sanity/realpath_not_final-function

+ #   Description: Test realpath_not_final function

+ #   Author: Jan Zarsky <jzarsky@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2016 Red Hat, Inc.

+ #

+ #   This program is free software: you can redistribute it and/or

+ #   modify it under the terms of the GNU General Public License as

+ #   published by the Free Software Foundation, either version 2 of

+ #   the License, or (at your option) any later version.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE.  See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public License

+ #   along with this program. If not, see http://www.gnu.org/licenses/.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include Beaker environment

+ . /usr/share/beakerlib/beakerlib.sh || exit 1

+ 

+ PACKAGE="libselinux"

+ 

+ rlJournalStart

+     rlPhaseStartSetup

+         rlAssertRpm ${PACKAGE}

+         rlAssertRpm ${PACKAGE}-devel

+         rlAssertRpm "glibc"

+         rlAssertRpm "gcc"

+ 

+         rlRun -l "gcc test.c -o test -lselinux -Wall -Wextra -std=c99"

+     rlPhaseEnd

+ 

+     rlPhaseStartTest

+         # syntax: ./test name [resolved_path]

+         rlRun "./test NULL" 139

+         rlRun "./test /somedir/somefile NULL" 255

+         rlRun "./test NULL NULL" 139

+ 

+         rlRun "./test /tmp | tee output"

+         rlRun "grep 'realpath_not_final: /tmp' output"

+ 

+         rlRun "./test //tmp | tee output"

+         rlRun "grep -E 'realpath_not_final: /tmp|realpath_not_final: //tmp' output"

+ 

+         rlRun "./test ///tmp | tee output"

+         rlRun "grep -E 'realpath_not_final: /tmp|realpath_not_final: //tmp' output"

+         

+         rlRun "./test ////tmp | tee output"

+         rlRun "grep -E 'realpath_not_final: /tmp|realpath_not_final: //tmp' output"

+     rlPhaseEnd

+ 

+     rlPhaseStartCleanup

+         rlRun "rm -f test output"

+     rlPhaseEnd

+ rlJournalPrintText

+ rlJournalEnd

@@ -0,0 +1,44 @@ 

+ #include <stdio.h>

+ #include <stdlib.h>

+ #include <string.h>

+ #include <errno.h>

+ #include <selinux/selinux.h>

+ #include <linux/limits.h>

+ 

+ int main (int argc, char **argv) {

+     if (argc < 2) {

+         printf("Invalid number of arguments\n");

+         return -1;

+     }

+ 

+     char *name;

+ 

+     if (strcmp(argv[1], "NULL") == 0) {

+         name = NULL;

+     }

+     else {

+         name = argv[1];

+     }

+ 

+     char *resolved_path;

+ 

+     if (argc == 3 && (strcmp(argv[1], "NULL") == 0)) {

+         resolved_path = NULL;

+     }

+     else {

+         resolved_path = malloc(PATH_MAX);

+ 

+         if (resolved_path == NULL) {

+             printf("Error while allocating memory\n");

+         }

+     }

+ 

+     printf("Executing: realpath_not_final(%s, resolved_path)\n", name);

+ 

+     int result = realpath_not_final(name, resolved_path);

+ 

+     printf("realpath_not_final: %s\n", resolved_path);

+ 

+     free(resolved_path);

+     return result;

+ }

@@ -0,0 +1,63 @@ 

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /CoreOS/libselinux/Sanity/selabel-functions

+ #   Description: Test selabel functions

+ #   Author: Jan Zarsky <jzarsky@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2016 Red Hat, Inc.

+ #

+ #   This program is free software: you can redistribute it and/or

+ #   modify it under the terms of the GNU General Public License as

+ #   published by the Free Software Foundation, either version 2 of

+ #   the License, or (at your option) any later version.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE.  See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public License

+ #   along with this program. If not, see http://www.gnu.org/licenses/.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/CoreOS/libselinux/Sanity/selabel-functions

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh Makefile PURPOSE test_*.c

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	test -x runtest.sh || chmod a+x runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ 

+ include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           Jan Zarsky <jzarsky@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     Test selabel functions" >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        5m" >> $(METADATA)

+ 	@echo "RunFor:          libselinux" >> $(METADATA)

+ 	@echo "Requires:        libselinux libselinux-devel glibc gcc" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2+" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

@@ -0,0 +1,3 @@ 

+ PURPOSE of /CoreOS/libselinux/Sanity/selabel-functions

+ Description: Test selabel functions

+ Author: Jan Zarsky <jzarsky@redhat.com>

@@ -0,0 +1,858 @@ 

+ #!/bin/bash

+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /CoreOS/libselinux/Sanity/selabel-functions

+ #   Description: Test selabel functions

+ #   Author: Jan Zarsky <jzarsky@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2016 Red Hat, Inc.

+ #

+ #   This program is free software: you can redistribute it and/or

+ #   modify it under the terms of the GNU General Public License as

+ #   published by the Free Software Foundation, either version 2 of

+ #   the License, or (at your option) any later version.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE.  See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public License

+ #   along with this program. If not, see http://www.gnu.org/licenses/.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include Beaker environment

+ . /usr/bin/rhts-environment.sh || exit 1

+ . /usr/share/beakerlib/beakerlib.sh || exit 1

+ 

+ PACKAGE="libselinux"

+ 

+ rlJournalStart

+     rlPhaseStartSetup

+         rlAssertRpm ${PACKAGE}

+         rlAssertRpm ${PACKAGE}-devel

+         rlAssertRpm "glibc"

+         rlAssertRpm "gcc"

+ 

+         if rlIsRHEL 6; then

+             rlRun -l "gcc test_open.c -o test_open -lselinux -Wall -Wextra -std=c99 -DRHEL6"

+             rlRun -l "gcc test_lookup.c -o test_lookup -lselinux -Wall -Wextra -std=c99 -DRHEL6"

+             rlRun -l "gcc test_stats.c -o test_stats -lselinux -Wall -Wextra -std=c99 -DRHEL6"

+         else

+             rlRun -l "gcc test_open.c -o test_open -lselinux -Wall -Wextra -std=c99"

+             rlRun -l "gcc test_lookup.c -o test_lookup -lselinux -Wall -Wextra -std=c99"

+             rlRun -l "gcc test_partial.c -o test_partial -lselinux -Wall -Wextra -std=c99"

+             rlRun -l "gcc test_best.c -o test_best -lselinux -Wall -Wextra -std=c99"

+             rlRun -l "gcc test_stats.c -o test_stats -lselinux -Wall -Wextra -std=c99"

+             rlRun -l "gcc test_digest.c -o test_digest -lselinux -Wall -Wextra -std=c99"

+         fi

+ 

+         rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "selabel_open"

+         # syntax: ./test_open BACKEND OPT_PATH OPT_SUBSET OPT_VALIDATE OPT_BASEONLY [nopt]

+ 

+         rlLogInfo "Normal run"

+         rlRun "./test_open CTX_FILE NULL NULL 0 0"

+ 

+         rlLogInfo "Backends"

+         rlRun "./test_open CTX_MEDIA NULL NULL 0 0" 0

+         rlRun "./test_open CTX_X NULL NULL 0 0" 0

+         rlRun "./test_open CTX_DB NULL NULL 0 0" 0

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 0 0" 0

+             rlRun "./test_open 5 NULL NULL 0 0" 22

+         fi

+         rlRun "./test_open 2147483647 NULL NULL 0 0" 22

+ 

+         rlLogInfo "Parameter nopt"

+         rlRun "./test_open CTX_FILE NULL NULL 0 0 2147483647" 22,139

+         rlRun "./test_open CTX_MEDIA NULL NULL 0 0 2147483647" 22,139

+         rlRun "./test_open CTX_X NULL NULL 0 0 2147483647" 22,139

+         rlRun "./test_open CTX_DB NULL NULL 0 0 2147483647" 22,139

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 0 0 2147483647" 22,139

+         fi

+ 

+         rlRun "./test_open CTX_FILE NULL NULL 0 0 1"

+         rlRun "./test_open CTX_MEDIA NULL NULL 0 0 1"

+         rlRun "./test_open CTX_X NULL NULL 0 0 1"

+         rlRun "./test_open CTX_DB NULL NULL 0 0 1"

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 0 0 1"

+         fi

+ 

+         rlRun "./test_open CTX_FILE NULL NULL 0 0 0"

+         rlRun "./test_open CTX_MEDIA NULL NULL 0 0 0"

+         rlRun "./test_open CTX_X NULL NULL 0 0 0"

+         rlRun "./test_open CTX_DB NULL NULL 0 0 0"

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 0 0 0"

+         fi

+ 

+         rlRun "./test_open CTX_FILE NULL NULL 0 0 -1" 22,139

+         rlRun "./test_open CTX_MEDIA NULL NULL 0 0 -1" 22,139

+         rlRun "./test_open CTX_X NULL NULL 0 0 -1" 22,139

+         rlRun "./test_open CTX_DB NULL NULL 0 0 -1" 22,139

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 0 0 -1" 22,139

+         fi

+ 

+         rlLogInfo "Path option"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+ 

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 0 0"

+         rlRun "./test_open CTX_MEDIA $TmpDir/my_contexts NULL 0 0"

+         rlRun "./test_open CTX_X $TmpDir/my_contexts NULL 0 0"

+         rlRun "./test_open CTX_DB $TmpDir/my_contexts NULL 0 0"

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP $TmpDir/my_contexts NULL 0 0"

+         fi

+ 

+         rlRun "./test_open CTX_FILE /nonexistent NULL 0 0" 2

+         rlRun "./test_open CTX_MEDIA /nonexistent NULL 0 0" 2

+         rlRun "./test_open CTX_X /nonexistent NULL 0 0" 2

+         rlRun "./test_open CTX_DB /nonexistent NULL 0 0" 2

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP /nonexistent NULL 0 0" 2

+         fi

+ 

+         rlLogInfo "Subset option"

+         rlRun "./test_open CTX_FILE NULL /etc 0 0"

+ 

+         rlLogInfo "Baseonly option"

+         rlRun "./test_open CTX_FILE NULL NULL 0 1"

+ 

+         rlLogInfo "Validate option"

+         rlRun "./test_open CTX_FILE NULL NULL 1 0"

+         rlRun "./test_open CTX_MEDIA NULL NULL 1 0"

+         rlRun "./test_open CTX_X NULL NULL 1 0"

+         rlRun "./test_open CTX_DB NULL NULL 1 0"

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_open CTX_ANDROID_PROP NULL NULL 1 0"

+         fi

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "selabel_lookup and selabel_lookup_raw"

+         rlLogInfo "Handle"

+         rlRun "./test_lookup CTX_FILE NULL NULL 0 0 some_input 0 nohandle" 139

+         rlRun "./test_lookup CTX_MEDIA NULL NULL 0 0 some_input 0 nohandle" 139

+         rlRun "./test_lookup CTX_X NULL NULL 0 0 some_input 0 nohandle" 139

+         rlRun "./test_lookup CTX_DB NULL NULL 0 0 some_input 0 nohandle" 139

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_lookup CTX_ANDROID_PROP NULL NULL 0 0 some_input 0 nohandle" 139

+         fi

+ 

+         rlLogInfo "Path"

+         if rlIsRHEL 6; then

+             rlRun "./test_lookup CTX_FILE NULL NULL 0 0 NULL 0" 2,139

+             rlRun "./test_lookup CTX_MEDIA NULL NULL 0 0 NULL 0" 2,139

+             rlRun "./test_lookup CTX_X NULL NULL 0 0 NULL 0" 2,139

+             rlRun "./test_lookup CTX_DB NULL NULL 0 0 NULL 0" 2,139

+         else

+             rlRun "./test_lookup CTX_FILE NULL NULL 0 0 NULL 0" 22

+             rlRun "./test_lookup CTX_MEDIA NULL NULL 0 0 NULL 0" 22

+             rlRun "./test_lookup CTX_X NULL NULL 0 0 NULL 0" 22

+             rlRun "./test_lookup CTX_DB NULL NULL 0 0 NULL 0" 22

+             # ANDROID_PROP backend does not set handle and returns NULL as handle

+             # (see test_lookup.c for handling NULL handle)

+             rlRun "./test_lookup CTX_ANDROID_PROP NULL NULL 0 0 NULL 0" 255

+         fi

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "validate option"

+         rlLogInfo "Invalid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         rlRun "grep 'line' output" 1

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ one

+ EOF"

+         if rlIsRHEL 6; then

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         else

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         fi

+         rlRun "grep 'line 1 is missing fields' output"

+         

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir my_user_u:my_role_r:my_type_t:s0

+ EOF"

+         if rlIsFedora ">27"; then

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         else

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         fi

+         rlRun "grep 'line 1 has invalid context my_user_u:my_role_r:my_type_t:s0' output"

+         

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir invalid_file_type system_u:object_r:var_t:s0

+ EOF"

+         if rlIsRHEL 6; then

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         else

+             rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         fi

+         rlRun "grep 'line 1 has invalid file type invalid_file_type' output"

+         

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir <<none>>

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         rlRun "grep 'line 1' output" 1

+         

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ #$TmpDir system_u:object_r:var_t:s0

+ $TmpDir system_u:object_r:var_t:s0 

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         rlRun "grep 'Multiple same specifications' output" 1

+ 

+         rlLogInfo "Two same rules for the same path"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir system_u:object_r:var_t:s0

+ $TmpDir system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         rlRun "grep 'Multiple same specifications' output"

+ 

+         rlLogInfo "Two different rules for the same path"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir system_u:object_r:bin_t:s0

+ $TmpDir system_u:object_r:usr_t:s0

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         rlRun "grep 'Multiple different specifications' output"

+ 

+         rlLogInfo "Two different rules for same path but with different file type"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir -- system_u:object_r:bin_t:s0

+ $TmpDir -d system_u:object_r:usr_t:s0

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 0

+         rlRun "grep 'Multiple different specifications' output" 1

+ 

+         rlLogInfo "Two different rules for same path one general and one with file type"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir system_u:object_r:bin_t:s0

+ $TmpDir -- system_u:object_r:usr_t:s0

+ EOF"

+         rlRun "./test_open CTX_FILE $TmpDir/my_contexts NULL 1 0 2> >(tee output >&2)" 22

+         rlRun "grep 'Multiple different specifications' output"

+     rlPhaseEnd

+ 

+     if rlIsRHEL ">=7" || rlIsFedora; then

+     rlPhaseStartTest "file contexts files"

+         rlLogInfo "subs file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir system_u:object_r:var_t:s0

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.subs <<EOF

+ /somepath $TmpDir

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somepath 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+         rlRun "rm -f $TmpDir/my_contexts.subs"

+         

+         rlLogInfo "subs_dist file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir system_u:object_r:var_t:s0

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.subs_dist <<EOF

+ /somepath $TmpDir

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somepath 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+         rlRun "rm -f $TmpDir/my_contexts.subs_dist"

+ 

+         rlLogInfo "local file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.local <<EOF

+ $TmpDir system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+         rlRun "rm -f $TmpDir/my_contexts.local"

+ 

+         rlLogInfo "homedirs file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.homedirs <<EOF

+ $TmpDir system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+         rlRun "rm -f $TmpDir/my_contexts.homedirs"

+ 

+         rlLogInfo "Normal run"

+         rlRun "./test_lookup CTX_FILE NULL NULL 0 0 /nonexistent 0 | tee output" 0 \

+             "Run selabel_lookup"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:etc_runtime_t:s0' output" 0 \

+             "Check context returned by selabel_lookup"

+         rlRun "grep 'selabel_lookup_raw context: system_u:object_r:etc_runtime_t:s0' output" 0 \

+             "Check context returned by selabel_lookup_raw"

+ 

+         rlLogInfo "Context is <<none>>"

+         rlRun "./test_lookup CTX_FILE NULL NULL 0 0 /tmp/somefile 0 2> >(tee output >&2)" 2 \

+             "Run selabel_lookup on file with default context <<none>>"

+         rlRun "grep 'selabel_lookup - ERROR: No such file or directory' output" 0

+     rlPhaseEnd

+     fi

+ 

+     rlPhaseStartTest "media contexts files"

+         rlLogInfo "Valid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ floppy system_u:object_r:tmp_t:s0

+ cdrom system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ floppy system_u:object_r:tmp_t:s0

+ floppy system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+ 

+         rlLogInfo "No entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 2> >(tee output >&2)" 2

+         rlRun "grep 'selabel_lookup - ERROR: No such file or directory' output"

+ 

+         rlLogInfo "Invalid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ floppy

+ EOF"

+         rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 is missing fields' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ floppy some_u:some_r:some_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 2> >(tee output >&2)" 22

+         rlRun "grep 'has invalid context some_u:some_r:some_t:s0' output"

+ 

+ #        defaultContext=$(cat /etc/selinux/targeted/contexts/removable_context)

+ 

+ #        rlLogInfo "empty contexts file"

+ #        rlRun "cat > $TmpDir/my_contexts <<EOF

+ #EOF"

+ #        rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 | tee output" 0

+ #        rlRun "grep 'selabel_lookup context: $defaultContext' output" 0

+ 

+ #        rlLogInfo "invalid contexts file"

+ #        rlRun "cat > $TmpDir/my_contexts <<EOF

+ #some_removable some_u:some_r:some_t:s0

+ #EOF"

+ #        rlRun "./test_lookup CTX_MEDIA $TmpDir/my_contexts NULL 1 0 floppy 0 | tee output" 0

+ #        rlRun "grep 'selabel_lookup context: $defaultContext' output" 0

+ 

+         rlLogInfo "CTX_MEDIA backend"

+         # syntax: ./test_lookup CTX_MEDIA OPT_PATH NULL OPT_VALIDATE 0 path 0

+ 

+         rlLogInfo "Normal run"

+         rlRun "./test_lookup CTX_MEDIA NULL NULL 0 0 floppy 0 | tee output" 0 \

+             "Run selabel_lookup"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:removable_device_t:s0' output" 0 \

+             "Check context returned by selabel_lookup"

+         rlRun "grep 'selabel_lookup_raw context: system_u:object_r:removable_device_t:s0' output" 0 \

+             "Check context returned by selabel_lookup_raw"

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "x contexts files"

+         rlLogInfo "Valid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ client * system_u:object_r:tmp_t:s0

+ selection PRIMARY system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output"

+ 

+         rlLogInfo "Comments and empty lines"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ # some comment

+ client * system_u:object_r:tmp_t:s0

+ 

+ selection PRIMARY system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output"

+ 

+         rlLogInfo "Object names"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property * system_u:object_r:tmp_t:s0

+ selection * system_u:object_r:var_t:s0

+ extension * system_u:object_r:usr_t:s0

+ event * system_u:object_r:man_t:s0

+ client * system_u:object_r:lib_t:s0

+ poly_property * system_u:object_r:bin_t:s0

+ poly_selection * system_u:object_r:remote_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_SELN | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_EXT | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_EVENT | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:man_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_CLIENT | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:lib_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_POLYPROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:bin_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 '*' X_POLYSELN | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:remote_t:s0' output"

+ 

+         rlLogInfo "Empty file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN" 2

+ 

+         rlLogInfo "Invalid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 is missing fields' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property *

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 is missing fields' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ some_property * system_u:object_r:tmp_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 PRIMARY X_SELN 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 has invalid object type some_property' output"

+ 

+         rlLogInfo "Wildcard matching"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property * system_u:object_r:tmp_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 SOME_PROPERTY X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property CUT_BUFFER0 system_u:object_r:tmp_t:s0

+ property * system_u:object_r:usr_t:s0

+ property CUT_BUFFER1 system_u:object_r:var_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 CUT_BUFFER0 X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 CUT_BUFFER1 X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 CUT_BUFFER2 X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+ 

+         rlLogInfo "Substitution matching"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ property CUT_BUFFER? system_u:object_r:tmp_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_X $TmpDir/my_contexts NULL 1 0 CUT_BUFFER3 X_PROP | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+ 

+         rlLogInfo "Normal run"

+         rlRun "./test_lookup CTX_X NULL NULL 0 0 asdf X_CLIENT | tee output" 0 \

+             "Run selabel_lookup"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:remote_t:s0' output" 0 \

+             "Check context returned by selabel_lookup"

+         rlRun "grep 'selabel_lookup_raw context: system_u:object_r:remote_t:s0' output" 0 \

+             "Check context returned by selabel_lookup_raw"

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "db contexts files"

+         rlLogInfo "Valid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ db_database     my_database     system_u:object_r:sepgsql_db_t:s0

+ db_schema       my_schema       system_u:object_r:sepgsql_schema_t:s0

+ db_view         my_view         system_u:object_r:sepgsql_view_t:s0

+ db_table        my_table        system_u:object_r:sepgsql_table_t:s0

+ db_column       my_column       system_u:object_r:var_t:s0

+ db_tuple        my_tuple        system_u:object_r:tmp_t:s0

+ db_procedure    my_procedure    system_u:object_r:sepgsql_proc_exec_t:s0

+ db_sequence     my_sequence     system_u:object_r:sepgsql_seq_t:s0

+ db_blob         my_blob         system_u:object_r:sepgsql_blob_t:s0

+ EOF"

+         if rlIsRHEL ">=7" || rlIsFedora; then

+             rlRun "cat >> $TmpDir/my_contexts <<EOF

+ db_language     my_language     system_u:object_r:sepgsql_lang_t:s0

+ db_exception    my_exception    system_u:object_r:usr_t:s0

+ db_datatype     my_datatype     system_u:object_r:bin_t:s0

+ EOF"

+         fi

+ 

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_db_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_schema DB_SCHEMA | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_schema_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_view DB_VIEW | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_view_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_table DB_TABLE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_table_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_column DB_COLUMN | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_tuple DB_TUPLE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:tmp_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_procedure DB_PROCEDURE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_proc_exec_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_sequence DB_SEQUENCE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_seq_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_blob DB_BLOB | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_blob_t:s0' output"

+ 

+         if rlIsRHEL ">=7" || rlIsFedora; then

+             rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_language DB_LANGUAGE | tee output" 0

+             rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_lang_t:s0' output"

+             rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_exception DB_EXCEPTION | tee output" 0

+             rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+             rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_datatype DB_DATATYPE | tee output" 0

+             rlRun "grep 'selabel_lookup context: system_u:object_r:bin_t:s0' output"

+         fi

+ 

+         rlLogInfo "Comments and empty lines"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ # something

+ 

+ db_database     my_database     system_u:object_r:sepgsql_db_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_db_t:s0' output"

+ 

+         rlLogInfo "Wildcard matching"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ db_database     my_database     system_u:object_r:var_t:s0

+ db_database     my_database*    system_u:object_r:bin_t:s0

+ db_database     *               system_u:object_r:usr_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database_asdf DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:bin_t:s0' output"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_asdf DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ db_database     *       system_u:object_r:usr_t:s0

+ db_database     my_*    system_u:object_r:bin_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database DB_DATABASE | tee output" 0

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output"

+ 

+         rlLogInfo "Empty file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 1 0 my_database DB_DATABASE " 2

+ 

+         rlLogInfo "Invalid entries"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ one

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 0 0 my_database DB_DATABASE 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 has invalid format' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ one two

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 0 0 my_database DB_DATABASE 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 has invalid format' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ one two three

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 0 0 my_database DB_DATABASE 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 has invalid object type one' output"

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ one two three four

+ EOF"

+         rlRun "./test_lookup CTX_DB $TmpDir/my_contexts NULL 0 0 my_database DB_DATABASE 2> >(tee output >&2)" 2

+         rlRun "grep 'line 1 has invalid format' output"

+ 

+         rlLogInfo "Normal run"

+         rlRun "./test_lookup CTX_DB NULL NULL 0 0 my_database DB_DATABASE | tee output"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:sepgsql_db_t:s0' output"

+         rlRun "grep 'selabel_lookup_raw context: system_u:object_r:sepgsql_db_t:s0' output"

+     rlPhaseEnd

+ 

+     if rlIsRHEL ">=7" || rlIsFedora; then

+     rlPhaseStartTest "baseonly option"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir.* system_u:object_r:var_t:s0

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.subs <<EOF

+ /somepath $TmpDir

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.local <<EOF

+ $TmpDir/local system_u:object_r:bin_t:s0

+ EOF"

+         rlRun "cat > $TmpDir/my_contexts.homedirs <<EOF

+ $TmpDir/homedirs system_u:object_r:usr_t:s0

+ EOF"

+ 

+         # without baseonly option, the rule in my_contexts will be overridden

+         # by a rule in my_contexts.local file

+         # .subs file should work even with baseonly option

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somepath/local 0 | tee output" 0 \

+             "Running selabel_open without baseonly option"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:bin_t:s0' output" 0

+ 

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 1 /somepath/local 0 | tee output" 0 \

+             "Running selabel_open with baseonly option"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+ 

+         # without baseonly option, the rule in my_contexts will be overridden

+         # by a rule in my_contexts.homedirs file

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somepath/homedirs 0 | tee output" 0 \

+             "Running selabel_open without baseonly option"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:usr_t:s0' output" 0

+ 

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 1 /somepath/homedirs 0 | tee output" 0 \

+             "Running selabel_open with baseonly option"

+         rlRun "grep 'selabel_lookup context: system_u:object_r:var_t:s0' output" 0

+ 

+         rlRun "rm -f $TmpDir/my_contexts.subs"

+         rlRun "rm -f $TmpDir/my_contexts.local"

+         rlRun "rm -f $TmpDir/my_contexts.homedirs"

+     rlPhaseEnd

+     fi

+ 

+     rlPhaseStartTest "selabel_lookup advanced tests"

+         rlLogInfo "Custom file contexts file"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir my_user_u:my_role_r:my_type_t:s0

+ EOF"

+ 

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: my_user_u:my_role_r:my_type_t:s0' output" 0

+ 

+         rlLogInfo "Rules for different file types"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ $TmpDir -- user_u:role_r:regular_type_t:s0

+ $TmpDir -b user_u:role_r:block_type_t:s0

+ $TmpDir -c user_u:role_r:char_type_t:s0

+ $TmpDir -d user_u:role_r:dir_type_t:s0

+ $TmpDir -p user_u:role_r:pipe_type_t:s0

+ $TmpDir -l user_u:role_r:symlink_type_t:s0

+ $TmpDir -s user_u:role_r:socket_type_t:s0

+ EOF"

+ 

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0010000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:pipe_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0020000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:char_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0040000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:dir_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0060000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:block_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0100000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:regular_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0120000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:symlink_type_t:s0' output"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 $TmpDir 0140000 | tee output"

+         rlRun "grep 'selabel_lookup context: user_u:role_r:socket_type_t:s0' output"

+     rlPhaseEnd

+ 

+     if rlIsRHEL ">=7" || rlIsFedora; then

+     rlPhaseStartTest "selabel_partial_match"

+         # syntax: ./test_partial BACKEND OPT_PATH OPT_SUBSET OPT_VALIDATE OPT_BASEONLY path [nohandle]

+ 

+         rlLogInfo "nonsupporting backends"

+         rlRun "./test_partial CTX_MEDIA NULL NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: true' output" 0

+         rlRun "./test_partial CTX_DB NULL NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: true' output" 0

+         rlRun "./test_partial CTX_X NULL NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: true' output" 0

+ 

+         rlLogInfo "null as handle"

+         rlRun "./test_partial CTX_FILE NULL NULL 0 0 /somedir nohandle" 22,139

+         

+         rlLogInfo "nonexisting entry"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         rlRun "./test_partial CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: false' output" 0

+ 

+         rlLogInfo "full match"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /somedir user_u:role_r:type_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: user_u:role_r:type_t:s0' output"

+ 

+         rlRun "./test_partial CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: true' output" 0

+ 

+         rlLogInfo "partial match"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /somedir42 user_u:role_r:type_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         rlRun "./test_partial CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir | tee output" 0

+         rlRun "grep 'selabel_partial_match: true' output" 0

+     rlPhaseEnd

+     fi

+ 

+     if rlIsRHEL ">=7" || rlIsFedora; then

+     rlPhaseStartTest "selabel_best_match"

+         # syntax: ./test_best BACKEND OPT_PATH OPT_SUBSET OPT_VALIDATE OPT_BASEONLY path mode [nohandle]

+ 

+         rlLogInfo "nonsupported backends"

+         rlRun "./test_best CTX_MEDIA NULL NULL 0 0 /somedir 0" 95

+         rlRun "./test_best CTX_DB NULL NULL 0 0 /somedir 0" 95

+         rlRun "./test_best CTX_X NULL NULL 0 0 /somedir 0" 95

+ 

+         rlLogInfo "null as handle"

+         rlRun "./test_best CTX_FILE NULL NULL 0 0 /somedir 0 nohandle" 22,139

+ 

+         rlLogInfo "null as key"

+         rlRun "./test_best CTX_FILE NULL NULL 0 0 NULL 0" 22

+ 

+         rlLogInfo "nonexisting entry"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         rlLogInfo "exact match without aliases"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /somedir user_u:role_r:type_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: user_u:role_r:type_t:s0' output"

+ 

+         # same as selabel_lookup

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:type_t:s0' output"

+ 

+         rlLogInfo "regex match without aliases"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /some.* user_u:role_r:type_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: user_u:role_r:type_t:s0' output"

+ 

+         # same as selabel_lookup

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:type_t:s0' output"

+ 

+         rlLogInfo "exact match with exactly matching alias"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /somedir user_u:role_r:orig_t:s0

+ /somesymlink user_u:role_r:link_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: user_u:role_r:orig_t:s0' output"

+ 

+         # original context should be chosen when found

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 /somesymlink | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:orig_t:s0' output"

+ 

+         rlLogInfo "no match with exactly matching alias"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /somesymlink user_u:role_r:type_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         # when there is no context for path, alias context should be chosen

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 /somesymlink | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:type_t:s0' output"

+ 

+         rlLogInfo "no match with multiple exactly matching aliases"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /firstsymlink user_u:role_r:first_t:s0

+ /secondsymlink user_u:role_r:second_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         # with no context for path and multiple aliases, first exact match should be chosen

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 /firstsymlink /secondsymlink | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:first_t:s0' output"

+ 

+         rlLogInfo "no match with multiple regex matching aliases"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /short.* user_u:role_r:short_t:s0

+ /verylong.* user_u:role_r:long_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0" 2

+ 

+         # with no context for path and multiple regex aliases, match with longest prefix should be chosen

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 /shortsymlink /verylongsymlink | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:long_t:s0' output"

+ 

+         rlLogInfo "regex match with multiple regex matching aliases"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ /some.* user_u:role_r:orig_t:s0

+ /short.* user_u:role_r:short_t:s0

+ /verylong.* user_u:role_r:long_t:s0

+ EOF"

+         rlRun "./test_lookup CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 | tee output" 0

+         rlRun "grep 'selabel_lookup context: user_u:role_r:orig_t:s0' output"

+ 

+         # with regex matching context for path and multiple regex aliases, match with longest prefix should be chosen

+         # (among both original path and aliases)

+         rlRun "./test_best CTX_FILE $TmpDir/my_contexts NULL 0 0 /somedir 0 /shortsymlink /verylongsymlink | tee output" 0

+         rlRun "grep 'selabel_lookup_best_match context: user_u:role_r:long_t:s0' output"

+     rlPhaseEnd

+     fi

+ 

+     rlPhaseStartTest "selabel_stats"

+         # syntax: ./test_stats BACKEND OPT_PATH OPT_VALIDATE [nohandle]

+ 

+         rlLogInfo "calling selabel_test - not checking output"

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         rlRun "./test_stats CTX_FILE $TmpDir/my_contexts 0" 0

+         rlRun "./test_stats CTX_MEDIA $TmpDir/my_contexts 0" 0

+         rlRun "./test_stats CTX_X $TmpDir/my_contexts 0" 0

+         rlRun "./test_stats CTX_DB $TmpDir/my_contexts 0" 0

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_stats CTX_ANDROID_PROP $TmpDir/my_contexts 0" 0

+         fi

+         

+         rlRun "./test_stats CTX_FILE $TmpDir/my_contexts 0 nohandle" 139

+     rlPhaseEnd

+ 

+     if rlIsRHEL ">=7" || rlIsFedora; then

+     rlPhaseStartTest "selabel_digest"

+         # syntax: ./test_digest BACKEND OPT_PATH OPT_VALIDATE OPT_DIGEST [nohandle]

+ 

+         rlRun "./test_digest CTX_FILE NULL 0 0" 22

+         rlRun "./test_digest CTX_FILE NULL 0 0 nohandle" 139

+ 

+         rlRun "./test_digest CTX_FILE NULL 0 1" 0

+         rlRun "./test_digest CTX_MEDIA NULL 0 1" 0

+         rlRun "./test_digest CTX_X NULL 0 1" 0

+         rlRun "./test_digest CTX_DB NULL 0 1" 0

+ 

+         rlRun "cat > $TmpDir/my_contexts <<EOF

+ EOF"

+         if rlIsRHEL "7" || rlIsFedora "<26"; then

+             rlRun "./test_digest CTX_ANDROID_PROP $TmpDir/my_contexts 0 1" 0

+         fi

+     rlPhaseEnd

+     fi

+ 

+     rlPhaseStartCleanup

+         rlRun "rm -r $TmpDir" 0 "Removing tmp directory"

+         rlRun "rm -f test_open test_lookup test_partial test_best test_stats test_digest output"

+     rlPhaseEnd

+ rlJournalPrintText

+ rlJournalEnd

@@ -0,0 +1,159 @@ 

+ #include <stdio.h>

+ #include <stdlib.h>

+ #include <string.h>

+ #include <stdint.h>

+ #include <errno.h>

+ #include <selinux/selinux.h>

+ #include <selinux/label.h>

+ 

+ int main (int argc, char **argv)

+ {

+     struct selabel_handle *hnd = NULL;

+     unsigned int backend = 0;

+ 

+     struct selinux_opt selabel_option [] = {

+         { SELABEL_OPT_PATH, NULL },

+         { SELABEL_OPT_SUBSET, NULL },

+         { SELABEL_OPT_VALIDATE, (char *) 1 },

+         { SELABEL_OPT_BASEONLY, (char *) 1 }

+     };

+ 

+     if (argc < 8) {

+         fprintf(stderr, "Invalid number of arguments\n");

+         return 255;

+     }

+ 

+     // set backend

+     if (strcmp(argv[1], "CTX_FILE") == 0)

+         backend = SELABEL_CTX_FILE;

+     else if (strcmp(argv[1], "CTX_MEDIA") == 0)

+         backend = SELABEL_CTX_MEDIA;

+     else if (strcmp(argv[1], "CTX_X") == 0)

+         backend = SELABEL_CTX_X;

+     else if (strcmp(argv[1], "CTX_DB") == 0)

+         backend = SELABEL_CTX_DB;

+ #ifndef RHEL6

+     else if (strcmp(argv[1], "CTX_ANDROID_PROP") == 0)

+         backend = SELABEL_CTX_ANDROID_PROP;

+ #endif

+     else

+         backend = strtoul(argv[1], NULL, 10);

+ 

+     if ((argc == 9) && (strcmp(argv[8], "nohandle") == 0)) {

+         hnd = NULL;

+     }

+     else {

+         // set file contexts path

+         if (strcmp(argv[2], "NULL") == 0) {

+             selabel_option[0].value = NULL;

+         }

+         else {

+             selabel_option[0].value = argv[2];

+         }

+ 

+         // set subset

+         if (strcmp(argv[3], "NULL") == 0) {

+             selabel_option[1].value = NULL;

+         }

+         else {

+             selabel_option[1].value = argv[3];

+         }

+ 

+         // set validate

+         if (strcmp(argv[4], "0") == 0) {

+             selabel_option[2].value = NULL;

+         }

+         else {

+             selabel_option[2].value = (char *) 1;

+         }

+ 

+         // set baseonly

+         if (strcmp(argv[5], "0") == 0) {

+             selabel_option[3].value = NULL;

+         }

+         else {

+             selabel_option[3].value = (char *) 1;

+         }

+ 

+         printf("selabel_options: "); 

+         printf("SELABEL_OPT_PATH = %s, ", selabel_option[0].value);

+         printf("SELABEL_OPT_SUBSET = %s, ", selabel_option[1].value);

+         printf("SELABEL_OPT_VALIDATE = %ld, ", (long int)(intptr_t) selabel_option[2].value);

+         printf("SELABEL_OPT_BASEONLY = %ld\n", (long int)(intptr_t) selabel_option[3].value);

+ 

+         printf("Executing: selabel_open(SELABEL_%s, &selabel_option, 4)\n", argv[1]);

+ 

+         errno = 0;

+ 

+         if ((hnd = selabel_open(backend, selabel_option, 4)) == NULL) {

+             perror("selabel_open - ERROR");

+             return 255;

+         }

+     }

+ 

+     int result;

+     security_context_t selabel_context;

+     char *path;

+ 

+     if (strcmp(argv[6], "NULL") == 0) {

+         path = NULL;

+     }

+     else {

+         path = argv[6];

+     }

+ 

+     // notice the base 8

+     int mode = strtol(argv[7], NULL, 8);

+ 

+     int alias_cnt = argc-8;

+     const char **aliases = malloc((alias_cnt + 1)*sizeof(const char *));

+ 

+     if (aliases == NULL)

+         return 255;

+ 

+     printf("aliases:");

+ 

+     for (int i = 0; i < alias_cnt; i++) {

+         aliases[i] = argv[8 + i];

+         printf(" %s", argv[8 + i]);

+     }

+ 

+     printf("\n");

+ 

+     aliases[alias_cnt] = NULL;

+ 

+     printf("Executing: selabel_lookup_best_match(hnd, &selabel_context, %s, aliases, %d)\n", path, mode);

+ 

+     errno = 0;

+     int e1 = 0, e2 = 0;

+ 

+     if ((result = selabel_lookup_best_match(hnd, &selabel_context, path, aliases, mode)) == -1) {

+         e1 = errno;

+         perror("selabel_lookup_best_match - ERROR");

+     }

+     else {

+         printf("selabel_lookup_best_match context: %s\n", selabel_context);

+         freecon(selabel_context);

+     }

+ 

+     printf("Executing: selabel_lookup_best_match_raw(hnd, &selabel_context, %s, aliases, %d)\n", path, mode);

+ 

+     errno = 0;

+ 

+     if ((result = selabel_lookup_best_match_raw(hnd, &selabel_context, path, aliases, mode)) == -1) {

+         e2 = errno;

+         perror("selabel_lookup_best_match_raw - ERROR");

+     }

+     else {

+         printf("selabel_lookup_best_match_raw context: %s\n", selabel_context);

+         freecon(selabel_context);

+     }

+ 

+     if (hnd != NULL)

+         selabel_close(hnd);

+ 

+     if (e1 == e2)

+         return e1;

+     else

+         return 255;

+ }

@@ -0,0 +1,121 @@ 

+ #include <stdio.h>

+ #include <stdlib.h>

+ #include <string.h>

+ #include <stdint.h>

+ #include <errno.h>

+ #include <selinux/selinux.h>

+ #include <selinux/label.h>

+ 

+ int main (int argc, char **argv)

+ {

+     struct selabel_handle *hnd = NULL;

+     unsigned int backend = 0;

+ 

+     struct selinux_opt selabel_option [] = {

+         { SELABEL_OPT_PATH, NULL },

+         { SELABEL_OPT_VALIDATE, (char *) 1 },

+         { SELABEL_OPT_DIGEST, (char *) 1 }

+     };

+ 

+     if (argc < 5) {

+         fprintf(stderr, "Invalid number of arguments\n");