github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/sandbox/selinux/selinux_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2014-2018 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package selinux_test 21 22 import ( 23 "errors" 24 25 . "gopkg.in/check.v1" 26 27 "github.com/snapcore/snapd/sandbox/selinux" 28 ) 29 30 type selinuxBasicSuite struct{} 31 32 var _ = Suite(&selinuxBasicSuite{}) 33 34 func (s *selinuxBasicSuite) TestProbeNone(c *C) { 35 restore := selinux.MockIsEnabled(func() (bool, error) { return false, nil }) 36 defer restore() 37 38 level, status := selinux.ProbeSELinux() 39 c.Assert(level, Equals, selinux.Unsupported) 40 c.Assert(status, Equals, "") 41 42 c.Assert(selinux.ProbedLevel(), Equals, level) 43 c.Assert(selinux.Summary(), Equals, status) 44 } 45 46 func (s *selinuxBasicSuite) TestProbeEnforcingHappy(c *C) { 47 restore := selinux.MockIsEnabled(func() (bool, error) { return true, nil }) 48 defer restore() 49 restore = selinux.MockIsEnforcing(func() (bool, error) { return true, nil }) 50 defer restore() 51 52 level, status := selinux.ProbeSELinux() 53 c.Assert(level, Equals, selinux.Enforcing) 54 c.Assert(status, Equals, "SELinux is enabled and in enforcing mode") 55 56 c.Assert(selinux.ProbedLevel(), Equals, level) 57 c.Assert(selinux.Summary(), Equals, status) 58 } 59 60 func (s *selinuxBasicSuite) TestProbeEnabledError(c *C) { 61 restore := selinux.MockIsEnabled(func() (bool, error) { return true, errors.New("so much fail") }) 62 defer restore() 63 64 level, status := selinux.ProbeSELinux() 65 c.Assert(level, Equals, selinux.Unsupported) 66 c.Assert(status, Equals, "so much fail") 67 68 c.Assert(selinux.ProbedLevel(), Equals, level) 69 c.Assert(selinux.Summary(), Equals, status) 70 } 71 72 func (s *selinuxBasicSuite) TestProbeEnforcingError(c *C) { 73 restore := selinux.MockIsEnabled(func() (bool, error) { return true, nil }) 74 defer restore() 75 restore = selinux.MockIsEnforcing(func() (bool, error) { return true, errors.New("so much fail") }) 76 defer restore() 77 78 level, status := selinux.ProbeSELinux() 79 c.Assert(level, Equals, selinux.Unsupported) 80 c.Assert(status, Equals, "SELinux is enabled, but status cannot be determined: so much fail") 81 82 c.Assert(selinux.ProbedLevel(), Equals, level) 83 c.Assert(selinux.Summary(), Equals, status) 84 } 85 86 func (s *selinuxBasicSuite) TestProbePermissive(c *C) { 87 restore := selinux.MockIsEnabled(func() (bool, error) { return true, nil }) 88 defer restore() 89 restore = selinux.MockIsEnforcing(func() (bool, error) { return false, nil }) 90 defer restore() 91 92 level, status := selinux.ProbeSELinux() 93 c.Assert(level, Equals, selinux.Permissive) 94 c.Assert(status, Equals, "SELinux is enabled but in permissive mode") 95 96 c.Assert(selinux.ProbedLevel(), Equals, level) 97 c.Assert(selinux.Summary(), Equals, status) 98 }