Skip to content

Commit fc2d3da

Browse files
tweksteentweksteen
committed
Add tests for nlmsg extended permission
The "Test" prefix is added to TERuleQueryXperm to ensure it is executed. Signed-off-by: Thiébaud Weksteen <tweek@google.com>
1 parent e2254a2 commit fc2d3da

6 files changed

Lines changed: 139 additions & 112 deletions

File tree

tests/library/policyrep/rules.conf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ common infoflow
1717
low_r
1818
med_r
1919
hi_r
20-
ioctl
20+
ioctl
21+
nlmsg
2122
}
2223

2324
class infoflow
@@ -120,7 +121,7 @@ if (a_bool) {
120121
type_transition type31b system:infoflow4 type30 "the_filename";
121122

122123
allowxperm type30 type31a:infoflow ioctl 0x00ff;
123-
auditallowxperm type31a type31b:infoflow ioctl { 0x001-0x0003 };
124+
auditallowxperm type31a type31b:infoflow nlmsg { 0x001-0x0003 };
124125

125126
allow system self:infoflow hi_w;
126127
range_transition type30 system:infoflow7 s0:c1 - s2:c0.c4;

tests/library/policyrep/selinuxpolicy.conf

Lines changed: 107 additions & 106 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ class infoflow6
8686
setuid
8787
setpcap
8888
linux_immutable
89+
nlmsg
8990
}
9091

9192
class infoflow7
@@ -2026,38 +2027,38 @@ allowxperm type6 type8:infoflow6 ioctl 0x1234;
20262027
allowxperm type7 type9:infoflow6 ioctl 0x1234;
20272028
allowxperm type8 type10:infoflow6 ioctl 0x1234;
20282029
allowxperm type9 type11:infoflow6 ioctl 0x1234;
2029-
allowxperm type10 type12:infoflow6 ioctl 0x1234;
2030-
allowxperm type11 type13:infoflow6 ioctl 0x1234;
2031-
allowxperm type12 type14:infoflow6 ioctl 0x1234;
2032-
allowxperm type13 type15:infoflow6 ioctl 0x1234;
2033-
allowxperm type14 type16:infoflow6 ioctl 0x1234;
2034-
allowxperm type15 type17:infoflow6 ioctl 0x1234;
2035-
allowxperm type16 type18:infoflow6 ioctl 0x1234;
2036-
allowxperm type17 type19:infoflow6 ioctl 0x1234;
2037-
allowxperm type18 type20:infoflow6 ioctl 0x1234;
2038-
allowxperm type19 type21:infoflow6 ioctl 0x1234;
2039-
allowxperm type20 type22:infoflow6 ioctl 0x1234;
2040-
allowxperm type21 type23:infoflow6 ioctl 0x1234;
2041-
allowxperm type22 type24:infoflow6 ioctl 0x1234;
2042-
allowxperm type23 type25:infoflow6 ioctl 0x1234;
2043-
allowxperm type24 type26:infoflow6 ioctl 0x1234;
2044-
allowxperm type25 type27:infoflow6 ioctl 0x1234;
2045-
allowxperm type26 type28:infoflow6 ioctl 0x1234;
2046-
allowxperm type27 type29:infoflow6 ioctl 0x1234;
2047-
allowxperm type28 type30:infoflow6 ioctl 0x1234;
2048-
allowxperm type29 type31:infoflow6 ioctl 0x1234;
2049-
allowxperm type30 type32:infoflow6 ioctl 0x1234;
2050-
allowxperm type31 type33:infoflow6 ioctl 0x1234;
2051-
allowxperm type32 type34:infoflow6 ioctl 0x1234;
2052-
allowxperm type33 type35:infoflow6 ioctl 0x1234;
2053-
allowxperm type34 type36:infoflow6 ioctl 0x1234;
2054-
allowxperm type35 type37:infoflow6 ioctl 0x1234;
2055-
allowxperm type36 type38:infoflow6 ioctl 0x1234;
2056-
allowxperm type37 type39:infoflow6 ioctl 0x1234;
2057-
allowxperm type38 type40:infoflow6 ioctl 0x1234;
2058-
allowxperm type39 type41:infoflow6 ioctl 0x1234;
2059-
allowxperm type40 type42:infoflow6 ioctl 0x1234;
2060-
allowxperm type41 type43:infoflow6 ioctl 0x1234;
2030+
allowxperm type10 type12:infoflow6 nlmsg 0x1234;
2031+
allowxperm type11 type13:infoflow6 nlmsg 0x1234;
2032+
allowxperm type12 type14:infoflow6 nlmsg 0x1234;
2033+
allowxperm type13 type15:infoflow6 nlmsg 0x1234;
2034+
allowxperm type14 type16:infoflow6 nlmsg 0x1234;
2035+
allowxperm type15 type17:infoflow6 nlmsg 0x1234;
2036+
allowxperm type16 type18:infoflow6 nlmsg 0x1234;
2037+
allowxperm type17 type19:infoflow6 nlmsg 0x1234;
2038+
allowxperm type18 type20:infoflow6 nlmsg 0x1234;
2039+
allowxperm type19 type21:infoflow6 nlmsg 0x1234;
2040+
allowxperm type20 type22:infoflow6 nlmsg 0x1234;
2041+
allowxperm type21 type23:infoflow6 nlmsg 0x1234;
2042+
allowxperm type22 type24:infoflow6 nlmsg 0x1234;
2043+
allowxperm type23 type25:infoflow6 nlmsg 0x1234;
2044+
allowxperm type24 type26:infoflow6 nlmsg 0x1234;
2045+
allowxperm type25 type27:infoflow6 nlmsg 0x1234;
2046+
allowxperm type26 type28:infoflow6 nlmsg 0x1234;
2047+
allowxperm type27 type29:infoflow6 nlmsg 0x1234;
2048+
allowxperm type28 type30:infoflow6 nlmsg 0x1234;
2049+
allowxperm type29 type31:infoflow6 nlmsg 0x1234;
2050+
allowxperm type30 type32:infoflow6 nlmsg 0x1234;
2051+
allowxperm type31 type33:infoflow6 nlmsg 0x1234;
2052+
allowxperm type32 type34:infoflow6 nlmsg 0x1234;
2053+
allowxperm type33 type35:infoflow6 nlmsg 0x1234;
2054+
allowxperm type34 type36:infoflow6 nlmsg 0x1234;
2055+
allowxperm type35 type37:infoflow6 nlmsg 0x1234;
2056+
allowxperm type36 type38:infoflow6 nlmsg 0x1234;
2057+
allowxperm type37 type39:infoflow6 nlmsg 0x1234;
2058+
allowxperm type38 type40:infoflow6 nlmsg 0x1234;
2059+
allowxperm type39 type41:infoflow6 nlmsg 0x1234;
2060+
allowxperm type40 type42:infoflow6 nlmsg 0x1234;
2061+
allowxperm type41 type43:infoflow6 nlmsg 0x1234;
20612062

20622063
# 181 auditallowxperm rules
20632064
auditallowxperm type0 type2:infoflow6 ioctl 0x1234;
@@ -2207,40 +2208,40 @@ auditallowxperm type6 type9:infoflow6 ioctl 0x1234;
22072208
auditallowxperm type7 type10:infoflow6 ioctl 0x1234;
22082209
auditallowxperm type8 type11:infoflow6 ioctl 0x1234;
22092210
auditallowxperm type9 type12:infoflow6 ioctl 0x1234;
2210-
auditallowxperm type10 type13:infoflow6 ioctl 0x1234;
2211-
auditallowxperm type11 type14:infoflow6 ioctl 0x1234;
2212-
auditallowxperm type12 type15:infoflow6 ioctl 0x1234;
2213-
auditallowxperm type13 type16:infoflow6 ioctl 0x1234;
2214-
auditallowxperm type14 type17:infoflow6 ioctl 0x1234;
2215-
auditallowxperm type15 type18:infoflow6 ioctl 0x1234;
2216-
auditallowxperm type16 type19:infoflow6 ioctl 0x1234;
2217-
auditallowxperm type17 type20:infoflow6 ioctl 0x1234;
2218-
auditallowxperm type18 type21:infoflow6 ioctl 0x1234;
2219-
auditallowxperm type19 type22:infoflow6 ioctl 0x1234;
2220-
auditallowxperm type20 type23:infoflow6 ioctl 0x1234;
2221-
auditallowxperm type21 type24:infoflow6 ioctl 0x1234;
2222-
auditallowxperm type22 type25:infoflow6 ioctl 0x1234;
2223-
auditallowxperm type23 type26:infoflow6 ioctl 0x1234;
2224-
auditallowxperm type24 type27:infoflow6 ioctl 0x1234;
2225-
auditallowxperm type25 type28:infoflow6 ioctl 0x1234;
2226-
auditallowxperm type26 type29:infoflow6 ioctl 0x1234;
2227-
auditallowxperm type27 type30:infoflow6 ioctl 0x1234;
2228-
auditallowxperm type28 type31:infoflow6 ioctl 0x1234;
2229-
auditallowxperm type29 type32:infoflow6 ioctl 0x1234;
2230-
auditallowxperm type30 type33:infoflow6 ioctl 0x1234;
2231-
auditallowxperm type31 type34:infoflow6 ioctl 0x1234;
2232-
auditallowxperm type32 type35:infoflow6 ioctl 0x1234;
2233-
auditallowxperm type33 type36:infoflow6 ioctl 0x1234;
2234-
auditallowxperm type34 type37:infoflow6 ioctl 0x1234;
2235-
auditallowxperm type35 type38:infoflow6 ioctl 0x1234;
2236-
auditallowxperm type36 type39:infoflow6 ioctl 0x1234;
2237-
auditallowxperm type37 type40:infoflow6 ioctl 0x1234;
2238-
auditallowxperm type38 type41:infoflow6 ioctl 0x1234;
2239-
auditallowxperm type39 type42:infoflow6 ioctl 0x1234;
2240-
auditallowxperm type40 type43:infoflow6 ioctl 0x1234;
2241-
auditallowxperm type41 type44:infoflow6 ioctl 0x1234;
2242-
auditallowxperm type42 type45:infoflow6 ioctl 0x1234;
2243-
auditallowxperm type43 type46:infoflow6 ioctl 0x1234;
2211+
auditallowxperm type10 type13:infoflow6 nlmsg 0x1234;
2212+
auditallowxperm type11 type14:infoflow6 nlmsg 0x1234;
2213+
auditallowxperm type12 type15:infoflow6 nlmsg 0x1234;
2214+
auditallowxperm type13 type16:infoflow6 nlmsg 0x1234;
2215+
auditallowxperm type14 type17:infoflow6 nlmsg 0x1234;
2216+
auditallowxperm type15 type18:infoflow6 nlmsg 0x1234;
2217+
auditallowxperm type16 type19:infoflow6 nlmsg 0x1234;
2218+
auditallowxperm type17 type20:infoflow6 nlmsg 0x1234;
2219+
auditallowxperm type18 type21:infoflow6 nlmsg 0x1234;
2220+
auditallowxperm type19 type22:infoflow6 nlmsg 0x1234;
2221+
auditallowxperm type20 type23:infoflow6 nlmsg 0x1234;
2222+
auditallowxperm type21 type24:infoflow6 nlmsg 0x1234;
2223+
auditallowxperm type22 type25:infoflow6 nlmsg 0x1234;
2224+
auditallowxperm type23 type26:infoflow6 nlmsg 0x1234;
2225+
auditallowxperm type24 type27:infoflow6 nlmsg 0x1234;
2226+
auditallowxperm type25 type28:infoflow6 nlmsg 0x1234;
2227+
auditallowxperm type26 type29:infoflow6 nlmsg 0x1234;
2228+
auditallowxperm type27 type30:infoflow6 nlmsg 0x1234;
2229+
auditallowxperm type28 type31:infoflow6 nlmsg 0x1234;
2230+
auditallowxperm type29 type32:infoflow6 nlmsg 0x1234;
2231+
auditallowxperm type30 type33:infoflow6 nlmsg 0x1234;
2232+
auditallowxperm type31 type34:infoflow6 nlmsg 0x1234;
2233+
auditallowxperm type32 type35:infoflow6 nlmsg 0x1234;
2234+
auditallowxperm type33 type36:infoflow6 nlmsg 0x1234;
2235+
auditallowxperm type34 type37:infoflow6 nlmsg 0x1234;
2236+
auditallowxperm type35 type38:infoflow6 nlmsg 0x1234;
2237+
auditallowxperm type36 type39:infoflow6 nlmsg 0x1234;
2238+
auditallowxperm type37 type40:infoflow6 nlmsg 0x1234;
2239+
auditallowxperm type38 type41:infoflow6 nlmsg 0x1234;
2240+
auditallowxperm type39 type42:infoflow6 nlmsg 0x1234;
2241+
auditallowxperm type40 type43:infoflow6 nlmsg 0x1234;
2242+
auditallowxperm type41 type44:infoflow6 nlmsg 0x1234;
2243+
auditallowxperm type42 type45:infoflow6 nlmsg 0x1234;
2244+
auditallowxperm type43 type46:infoflow6 nlmsg 0x1234;
22442245

22452246
# 191 neverallowxperm rules
22462247
neverallowxperm type0 type4:infoflow6 ioctl 0x1234;
@@ -2420,20 +2421,20 @@ neverallowxperm type36 type41:infoflow6 ioctl 0x1234;
24202421
neverallowxperm type37 type42:infoflow6 ioctl 0x1234;
24212422
neverallowxperm type38 type43:infoflow6 ioctl 0x1234;
24222423
neverallowxperm type39 type44:infoflow6 ioctl 0x1234;
2423-
neverallowxperm type40 type45:infoflow6 ioctl 0x1234;
2424-
neverallowxperm type41 type46:infoflow6 ioctl 0x1234;
2425-
neverallowxperm type42 type47:infoflow6 ioctl 0x1234;
2426-
neverallowxperm type43 type48:infoflow6 ioctl 0x1234;
2427-
neverallowxperm type44 type49:infoflow6 ioctl 0x1234;
2428-
neverallowxperm type45 type50:infoflow6 ioctl 0x1234;
2429-
neverallowxperm type46 type51:infoflow6 ioctl 0x1234;
2430-
neverallowxperm type47 type52:infoflow6 ioctl 0x1234;
2431-
neverallowxperm type48 type53:infoflow6 ioctl 0x1234;
2432-
neverallowxperm type49 type54:infoflow6 ioctl 0x1234;
2433-
neverallowxperm type50 type55:infoflow6 ioctl 0x1234;
2434-
neverallowxperm type51 type56:infoflow6 ioctl 0x1234;
2435-
neverallowxperm type52 type57:infoflow6 ioctl 0x1234;
2436-
neverallowxperm type53 type58:infoflow6 ioctl 0x1234;
2424+
neverallowxperm type40 type45:infoflow6 nlmsg 0x1234;
2425+
neverallowxperm type41 type46:infoflow6 nlmsg 0x1234;
2426+
neverallowxperm type42 type47:infoflow6 nlmsg 0x1234;
2427+
neverallowxperm type43 type48:infoflow6 nlmsg 0x1234;
2428+
neverallowxperm type44 type49:infoflow6 nlmsg 0x1234;
2429+
neverallowxperm type45 type50:infoflow6 nlmsg 0x1234;
2430+
neverallowxperm type46 type51:infoflow6 nlmsg 0x1234;
2431+
neverallowxperm type47 type52:infoflow6 nlmsg 0x1234;
2432+
neverallowxperm type48 type53:infoflow6 nlmsg 0x1234;
2433+
neverallowxperm type49 type54:infoflow6 nlmsg 0x1234;
2434+
neverallowxperm type50 type55:infoflow6 nlmsg 0x1234;
2435+
neverallowxperm type51 type56:infoflow6 nlmsg 0x1234;
2436+
neverallowxperm type52 type57:infoflow6 nlmsg 0x1234;
2437+
neverallowxperm type53 type58:infoflow6 nlmsg 0x1234;
24372438

24382439
# 193 dontauditxperm rules
24392440
dontauditxperm type0 type5:infoflow6 ioctl 0x1234;
@@ -2603,32 +2604,32 @@ dontauditxperm type26 type32:infoflow6 ioctl 0x1234;
26032604
dontauditxperm type27 type33:infoflow6 ioctl 0x1234;
26042605
dontauditxperm type28 type34:infoflow6 ioctl 0x1234;
26052606
dontauditxperm type29 type35:infoflow6 ioctl 0x1234;
2606-
dontauditxperm type30 type36:infoflow6 ioctl 0x1234;
2607-
dontauditxperm type31 type37:infoflow6 ioctl 0x1234;
2608-
dontauditxperm type32 type38:infoflow6 ioctl 0x1234;
2609-
dontauditxperm type33 type39:infoflow6 ioctl 0x1234;
2610-
dontauditxperm type34 type40:infoflow6 ioctl 0x1234;
2611-
dontauditxperm type35 type41:infoflow6 ioctl 0x1234;
2612-
dontauditxperm type36 type42:infoflow6 ioctl 0x1234;
2613-
dontauditxperm type37 type43:infoflow6 ioctl 0x1234;
2614-
dontauditxperm type38 type44:infoflow6 ioctl 0x1234;
2615-
dontauditxperm type39 type45:infoflow6 ioctl 0x1234;
2616-
dontauditxperm type40 type46:infoflow6 ioctl 0x1234;
2617-
dontauditxperm type41 type47:infoflow6 ioctl 0x1234;
2618-
dontauditxperm type42 type48:infoflow6 ioctl 0x1234;
2619-
dontauditxperm type43 type49:infoflow6 ioctl 0x1234;
2620-
dontauditxperm type44 type50:infoflow6 ioctl 0x1234;
2621-
dontauditxperm type45 type51:infoflow6 ioctl 0x1234;
2622-
dontauditxperm type46 type52:infoflow6 ioctl 0x1234;
2623-
dontauditxperm type47 type53:infoflow6 ioctl 0x1234;
2624-
dontauditxperm type48 type54:infoflow6 ioctl 0x1234;
2625-
dontauditxperm type49 type55:infoflow6 ioctl 0x1234;
2626-
dontauditxperm type50 type56:infoflow6 ioctl 0x1234;
2627-
dontauditxperm type51 type57:infoflow6 ioctl 0x1234;
2628-
dontauditxperm type52 type58:infoflow6 ioctl 0x1234;
2629-
dontauditxperm type53 type59:infoflow6 ioctl 0x1234;
2630-
dontauditxperm type54 type60:infoflow6 ioctl 0x1234;
2631-
dontauditxperm type55 type61:infoflow6 ioctl 0x1234;
2607+
dontauditxperm type30 type36:infoflow6 nlmsg 0x1234;
2608+
dontauditxperm type31 type37:infoflow6 nlmsg 0x1234;
2609+
dontauditxperm type32 type38:infoflow6 nlmsg 0x1234;
2610+
dontauditxperm type33 type39:infoflow6 nlmsg 0x1234;
2611+
dontauditxperm type34 type40:infoflow6 nlmsg 0x1234;
2612+
dontauditxperm type35 type41:infoflow6 nlmsg 0x1234;
2613+
dontauditxperm type36 type42:infoflow6 nlmsg 0x1234;
2614+
dontauditxperm type37 type43:infoflow6 nlmsg 0x1234;
2615+
dontauditxperm type38 type44:infoflow6 nlmsg 0x1234;
2616+
dontauditxperm type39 type45:infoflow6 nlmsg 0x1234;
2617+
dontauditxperm type40 type46:infoflow6 nlmsg 0x1234;
2618+
dontauditxperm type41 type47:infoflow6 nlmsg 0x1234;
2619+
dontauditxperm type42 type48:infoflow6 nlmsg 0x1234;
2620+
dontauditxperm type43 type49:infoflow6 nlmsg 0x1234;
2621+
dontauditxperm type44 type50:infoflow6 nlmsg 0x1234;
2622+
dontauditxperm type45 type51:infoflow6 nlmsg 0x1234;
2623+
dontauditxperm type46 type52:infoflow6 nlmsg 0x1234;
2624+
dontauditxperm type47 type53:infoflow6 nlmsg 0x1234;
2625+
dontauditxperm type48 type54:infoflow6 nlmsg 0x1234;
2626+
dontauditxperm type49 type55:infoflow6 nlmsg 0x1234;
2627+
dontauditxperm type50 type56:infoflow6 nlmsg 0x1234;
2628+
dontauditxperm type51 type57:infoflow6 nlmsg 0x1234;
2629+
dontauditxperm type52 type58:infoflow6 nlmsg 0x1234;
2630+
dontauditxperm type53 type59:infoflow6 nlmsg 0x1234;
2631+
dontauditxperm type54 type60:infoflow6 nlmsg 0x1234;
2632+
dontauditxperm type55 type61:infoflow6 nlmsg 0x1234;
26322633

26332634
################################################################################
26342635

tests/library/policyrep/test_rules.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,8 +60,8 @@ class RuleTestCase:
6060
xperm="ioctl", perms=setools.XpermSet((0x00ff,)), type_=setools.AVRuleXperm,
6161
statement="allowxperm type30 type31a:infoflow ioctl 0x00ff;"),
6262
RuleTestCase(setools.TERuletype.auditallowxperm, "type31a", "type31b", tclass="infoflow",
63-
xperm="ioctl", perms=setools.XpermSet((1, 2, 3)), type_=setools.AVRuleXperm,
64-
statement="auditallowxperm type31a type31b:infoflow ioctl 0x0001-0x0003;")]
63+
xperm="nlmsg", perms=setools.XpermSet((1, 2, 3)), type_=setools.AVRuleXperm,
64+
statement="auditallowxperm type31a type31b:infoflow nlmsg 0x0001-0x0003;")]
6565

6666

6767
@pytest.mark.obj_args("tests/library/policyrep/rules.conf")

tests/library/policyrep/test_selinuxpolicy.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ def test_nodecon_count(self, compiled_policy: setools.SELinuxPolicy) -> None:
115115

116116
def test_permission_count(self, compiled_policy: setools.SELinuxPolicy) -> None:
117117
"""SELinuxPolicy: permission count"""
118-
assert compiled_policy.permission_count == 29
118+
assert compiled_policy.permission_count == 30
119119

120120
def test_permissive_types_count(self, compiled_policy: setools.SELinuxPolicy) -> None:
121121
"""SELinuxPolicy: permissive types count"""

tests/library/terulequery2.conf

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ class infoflow4
55
class infoflow5
66
class infoflow6
77
class infoflow7
8+
class infoflow8
89

910
sid kernel
1011
sid security
@@ -54,6 +55,11 @@ inherits infoflow
5455
super_unmapped
5556
}
5657

58+
class infoflow8
59+
{
60+
nlmsg
61+
}
62+
5763
sensitivity low_s;
5864
sensitivity medium_s alias med;
5965
sensitivity high_s;
@@ -245,6 +251,16 @@ allowxperm test101b self:infoflow7 ioctl { 0x9011-0x9012 };
245251
allowxperm test101c self:infoflow7 ioctl { 0x9011-0x9013 };
246252
allowxperm test101d self:infoflow7 ioctl { 0x9011-0x9014 };
247253

254+
# test 102
255+
# ruletype: unset
256+
# source: test102a, direct, no regex
257+
# target: unset
258+
# class: unset
259+
# perms: unset
260+
attribute test102a;
261+
type test102s, test102a;
262+
type test102t;
263+
allowxperm test102a test102t:infoflow8 nlmsg { 0x01-0xf1 };
248264
############# END XPERM ############################
249265

250266
role system;

tests/library/test_terulequery.py

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -289,7 +289,7 @@ def test_issue111_3(self, compiled_policy: setools.SELinuxPolicy) -> None:
289289

290290

291291
@pytest.mark.obj_args("tests/library/terulequery2.conf")
292-
class TERuleQueryXperm:
292+
class TestTERuleQueryXperm:
293293

294294
"""TE Rule Query with extended permission rules."""
295295

@@ -463,3 +463,12 @@ def test_xperm_equal(self, compiled_policy: setools.SELinuxPolicy) -> None:
463463
util.validate_rule(r[0], TRT.allowxperm, "test101c", "test101c", tclass="infoflow7",
464464
perms=setools.XpermSet([0x9011, 0x9012, 0x9013]), xperm="ioctl")
465465

466+
def test_nlmsg(self, compiled_policy: setools.SELinuxPolicy) -> None:
467+
"""Xperm rule query with exact, direct, source match."""
468+
q = TERuleQuery(
469+
compiled_policy, source="test102a", source_indirect=False, source_regex=False)
470+
471+
r = sorted(q.results())
472+
assert len(r) == 1
473+
util.validate_rule(r[0], TRT.allowxperm, "test102a", "test102t", tclass="infoflow8",
474+
perms=setools.XpermSet(range(0x1, 0xf1+1)), xperm="nlmsg")

0 commit comments

Comments
 (0)