Best Python code snippet using lisa_python
test-capability.py
Source:test-capability.py
1#!/usr/bin/python32# ----------------------------------------------------------------------3# Copyright (C) 2014 Christian Boltz <apparmor@cboltz.de>4#5# This program is free software; you can redistribute it and/or6# modify it under the terms of version 2 of the GNU General Public7# License as published by the Free Software Foundation.8#9# This program is distributed in the hope that it will be useful,10# but WITHOUT ANY WARRANTY; without even the implied warranty of11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the12# GNU General Public License for more details.13#14# ----------------------------------------------------------------------15import unittest16from common_test import AATest, setup_all_loops17from apparmor.rule.capability import CapabilityRule, CapabilityRuleset18from apparmor.rule import BaseRule19import apparmor.severity as severity20from apparmor.common import AppArmorException, AppArmorBug, hasher21from apparmor.logparser import ReadLog22from apparmor.translations import init_translation23_ = init_translation()24# --- tests for single CapabilityRule --- #25class CapabilityTest(AATest):26 def _compare_obj_with_rawrule(self, rawrule, expected):27 obj = CapabilityRule.parse(rawrule)28 self.assertTrue(CapabilityRule.match(rawrule))29 self.assertEqual(rawrule.strip(), obj.raw_rule)30 self._compare_obj(obj, expected)31 def _compare_obj(self, obj, expected):32 self.assertEqual(expected['allow_keyword'], obj.allow_keyword)33 self.assertEqual(expected['audit'], obj.audit)34 self.assertEqual(expected['capability'], obj.capability)35 self.assertEqual(expected['all_caps'], obj.all_caps)36 self.assertEqual(expected['deny'], obj.deny)37 self.assertEqual(expected['comment'], obj.comment)38 def test_cap_allow_all(self):39 self._compare_obj_with_rawrule("capability,", {40 'allow_keyword': False,41 'deny': False,42 'audit': False,43 'capability': set(),44 'all_caps': True,45 'comment': "",46 })47 def test_cap_allow_sys_admin(self):48 self._compare_obj_with_rawrule("capability sys_admin,", {49 'allow_keyword': False,50 'deny': False,51 'audit': False,52 'capability': {'sys_admin'},53 'all_caps': False,54 'comment': "",55 })56 def test_cap_deny_sys_admin(self):57 self._compare_obj_with_rawrule(" deny capability sys_admin, # some comment", {58 'allow_keyword': False,59 'deny': True,60 'audit': False,61 'capability': {'sys_admin'},62 'all_caps': False,63 'comment': " # some comment",64 })65 def test_cap_multi(self):66 self._compare_obj_with_rawrule("capability sys_admin dac_override,", {67 'allow_keyword': False,68 'deny': False,69 'audit': False,70 'capability': {'sys_admin', 'dac_override'},71 'all_caps': False,72 'comment': "",73 })74 # Template for test_cap_* functions75 # def test_cap_(self):76 # self._compare_obj_with_rawrule("capability,", {77 # 'allow_keyword': False,78 # 'deny': False,79 # 'audit': False,80 # 'capability': set(), # (or {'foo'} if not empty)81 # 'all_caps': False,82 # 'comment': "",83 # })84 def test_cap_from_log(self):85 parser = ReadLog('', '', '')86 event = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="net_raw"'87 parsed_event = parser.parse_event(event)88 self.assertEqual(parsed_event, {89 'request_mask': None,90 'denied_mask': None,91 'error_code': 0,92 'magic_token': 0,93 'parent': 0,94 'profile': '/bin/ping',95 'operation': 'capable',96 'resource': None,97 'info': None,98 'aamode': 'PERMITTING',99 'time': 1415403814,100 'active_hat': None,101 'pid': 15454,102 'task': 0,103 'attr': None,104 'name2': None,105 'name': 'net_raw',106 'family': None,107 'protocol': None,108 'sock_type': None,109 })110 obj = CapabilityRule(parsed_event['name'], log_event=parsed_event)111 self._compare_obj(obj, {112 'allow_keyword': False,113 'deny': False,114 'audit': False,115 'capability': {'net_raw'},116 'all_caps': False,117 'comment': "",118 })119 self.assertEqual(obj.get_raw(1), ' capability net_raw,')120# def test_cap_from_invalid_log(self):121# parser = ReadLog('', '', '')122# # invalid log entry, name= should contain the capability name123# event = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname=""'124#125# parsed_event = parser.parse_event(event)126#127# obj = CapabilityRule()128#129# with self.assertRaises(AppArmorBug):130# obj.set_log(parsed_event)131#132# with self.assertRaises(AppArmorBug):133# obj.get_raw(1)134#135# def test_cap_from_non_cap_log(self):136# parser = ReadLog('', '', '')137# # log entry for different rule type138# event = 'type=AVC msg=audit(1415403814.973:667): apparmor="ALLOWED" operation="setsockopt" profile="/home/sys-tmp/ping" pid=15454 comm="ping" lport=1 family="inet" sock_type="raw" protocol=1'139#140# parsed_event = parser.parse_event(event)141#142# obj = CapabilityRule()143#144# with self.assertRaises(AppArmorBug):145# obj.set_log(parsed_event)146#147# with self.assertRaises(AppArmorBug):148# obj.get_raw(1)149 def test_cap_from_init_01(self):150 obj = CapabilityRule('chown')151 self._compare_obj(obj, {152 'allow_keyword': False,153 'deny': False,154 'audit': False,155 'capability': {'chown'},156 'all_caps': False,157 'comment': "",158 })159 def test_cap_from_init_02(self):160 obj = CapabilityRule(['chown'])161 self._compare_obj(obj, {162 'allow_keyword': False,163 'deny': False,164 'audit': False,165 'capability': {'chown'},166 'all_caps': False,167 'comment': "",168 })169 def test_cap_from_init_03(self):170 obj = CapabilityRule('chown', audit=True, deny=True)171 self._compare_obj(obj, {172 'allow_keyword': False,173 'deny': True,174 'audit': True,175 'capability': {'chown'},176 'all_caps': False,177 'comment': "",178 })179 def test_cap_from_init_04(self):180 obj = CapabilityRule(['chown', 'fsetid'], deny=True)181 self._compare_obj(obj, {182 'allow_keyword': False,183 'deny': True,184 'audit': False,185 'capability': {'chown', 'fsetid'},186 'all_caps': False,187 'comment': "",188 })189class InvalidCapabilityTest(AATest):190 def _check_invalid_rawrule(self, rawrule):191 obj = None192 with self.assertRaises(AppArmorException):193 obj = CapabilityRule.parse(rawrule)194 self.assertFalse(CapabilityRule.match(rawrule))195 self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')196 def test_invalid_cap_missing_comma(self):197 self._check_invalid_rawrule('capability') # missing comma198 def test_invalid_cap_non_CapabilityRule(self):199 self._check_invalid_rawrule('network,') # not a capability rule200 def test_empty_cap_set(self):201 obj = CapabilityRule('chown')202 obj.capability.clear()203 # no capability set, and ALL not set204 with self.assertRaises(AppArmorBug):205 obj.get_clean(1)206 def test_empty_cap_list(self):207 with self.assertRaises(AppArmorBug):208 CapabilityRule([])209 def test_no_cap_list_arg(self):210 with self.assertRaises(TypeError):211 CapabilityRule()212 def test_space_cap(self):213 with self.assertRaises(AppArmorBug):214 CapabilityRule(' ') # the whitespace capability ;-)215 def test_space_list_1(self):216 with self.assertRaises(AppArmorBug):217 CapabilityRule([' ', ' ', ' ']) # the whitespace capability ;-)218 def test_space_list_2(self):219 with self.assertRaises(AppArmorBug):220 CapabilityRule(['chown', ' ', 'setgid']) # includes the whitespace capability ;-)221 def test_wrong_type_for_cap(self):222 with self.assertRaises(AppArmorBug):223 CapabilityRule(dict())224class WriteCapabilityTest(AATest):225 def _check_write_rule(self, rawrule, cleanrule):226 obj = CapabilityRule.parse(rawrule)227 clean = obj.get_clean()228 raw = obj.get_raw()229 self.assertTrue(CapabilityRule.match(rawrule))230 self.assertEqual(cleanrule.strip(), clean, 'unexpected clean rule')231 self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')232 def test_write_all(self):233 self._check_write_rule(' capability , # foo ', 'capability, # foo')234 def test_write_sys_admin(self):235 self._check_write_rule(' audit capability sys_admin,', 'audit capability sys_admin,')236 def test_write_sys_multi(self):237 self._check_write_rule(' deny capability sys_admin audit_write,# foo bar', 'deny capability audit_write sys_admin, # foo bar')238 def test_write_manually(self):239 obj = CapabilityRule(['ptrace', 'audit_write'], allow_keyword=True)240 expected = ' allow capability audit_write ptrace,'241 self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')242 self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')243class CapabilityCoveredTest(AATest):244 def _is_covered(self, obj, rule_to_test):245 self.assertTrue(CapabilityRule.match(rule_to_test))246 return obj.is_covered(CapabilityRule.parse(rule_to_test))247 def _is_covered_exact(self, obj, rule_to_test):248 self.assertTrue(CapabilityRule.match(rule_to_test))249 return obj.is_covered(CapabilityRule.parse(rule_to_test), True, True)250 def _is_equal(self, obj, rule_to_test, strict):251 self.assertTrue(CapabilityRule.match(rule_to_test))252 return obj.is_equal(CapabilityRule.parse(rule_to_test), strict)253 def test_covered_single(self):254 obj = CapabilityRule.parse('capability sys_admin,')255 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))256 self.assertFalse(self._is_covered(obj, 'audit capability sys_admin,'))257 self.assertFalse(self._is_covered(obj, 'audit capability,'))258 self.assertFalse(self._is_covered(obj, 'capability chown,'))259 self.assertFalse(self._is_covered(obj, 'capability,'))260 def test_covered_audit(self):261 obj = CapabilityRule.parse('audit capability sys_admin,')262 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))263 self.assertTrue(self._is_covered(obj, 'audit capability sys_admin,'))264 self.assertFalse(self._is_covered(obj, 'audit capability,'))265 self.assertFalse(self._is_covered(obj, 'capability chown,'))266 self.assertFalse(self._is_covered(obj, 'capability,'))267 def test_covered_check_audit(self):268 obj = CapabilityRule.parse('audit capability sys_admin,')269 self.assertFalse(self._is_covered_exact(obj, 'capability sys_admin,'))270 self.assertTrue(self._is_covered_exact(obj, 'audit capability sys_admin,'))271 self.assertFalse(self._is_covered_exact(obj, 'audit capability,'))272 self.assertFalse(self._is_covered_exact(obj, 'capability chown,'))273 self.assertFalse(self._is_covered_exact(obj, 'capability,'))274 def test_equal(self):275 obj = CapabilityRule.parse('capability sys_admin,')276 self.assertTrue(self._is_equal(obj, 'capability sys_admin,', True))277 self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))278 self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))279 self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', True))280 self.assertTrue(self._is_equal(obj, 'capability sys_admin,', False))281 self.assertTrue(self._is_equal(obj, 'allow capability sys_admin,', False))282 self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', False))283 def test_covered_multi(self):284 obj = CapabilityRule.parse('capability audit_write sys_admin,')285 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))286 self.assertTrue(self._is_covered(obj, 'capability audit_write,'))287 self.assertTrue(self._is_covered(obj, 'capability audit_write sys_admin,'))288 self.assertTrue(self._is_covered(obj, 'capability sys_admin audit_write,'))289 self.assertFalse(self._is_covered(obj, 'audit capability,'))290 self.assertFalse(self._is_covered(obj, 'capability chown,'))291 self.assertFalse(self._is_covered(obj, 'capability,'))292 def test_covered_all(self):293 obj = CapabilityRule.parse('capability,')294 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))295 self.assertTrue(self._is_covered(obj, 'capability audit_write,'))296 self.assertTrue(self._is_covered(obj, 'capability audit_write sys_admin,'))297 self.assertTrue(self._is_covered(obj, 'capability sys_admin audit_write,'))298 self.assertTrue(self._is_covered(obj, 'capability,'))299 self.assertFalse(self._is_covered(obj, 'audit capability,'))300 def test_covered_deny(self):301 obj = CapabilityRule.parse('capability sys_admin,')302 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))303 self.assertFalse(self._is_covered(obj, 'audit deny capability sys_admin,'))304 self.assertFalse(self._is_covered(obj, 'deny capability sys_admin,'))305 self.assertFalse(self._is_covered(obj, 'capability chown,'))306 self.assertFalse(self._is_covered(obj, 'capability,'))307 def test_covered_deny_2(self):308 obj = CapabilityRule.parse('deny capability sys_admin,')309 self.assertTrue(self._is_covered(obj, 'deny capability sys_admin,'))310 self.assertFalse(self._is_covered(obj, 'audit deny capability sys_admin,'))311 self.assertFalse(self._is_covered(obj, 'capability sys_admin,'))312 self.assertFalse(self._is_covered(obj, 'deny capability chown,'))313 self.assertFalse(self._is_covered(obj, 'deny capability,'))314 def test_invalid_is_covered(self):315 obj = CapabilityRule.parse('capability sys_admin,')316 testobj = BaseRule() # different type317 with self.assertRaises(AppArmorBug):318 obj.is_covered(testobj)319 def test_borked_obj_is_covered(self):320 obj = CapabilityRule.parse('capability sys_admin,')321 testobj = CapabilityRule('chown')322 testobj.capability.clear()323 with self.assertRaises(AppArmorBug):324 obj.is_covered(testobj)325 def test_invalid_is_equal(self):326 obj = CapabilityRule.parse('capability sys_admin,')327 testobj = BaseRule() # different type328 with self.assertRaises(AppArmorBug):329 obj.is_equal(testobj)330 def test_empty_init(self):331 # add to internal set instead of using .set_* (which overwrites the internal set) to make sure obj and obj2 use separate storage332 obj = CapabilityRule('fsetid')333 obj2 = CapabilityRule('fsetid')334 obj.capability.add('sys_admin')335 obj2.capability.add('ptrace')336 self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))337 self.assertFalse(self._is_covered(obj, 'capability ptrace,'))338 self.assertFalse(self._is_covered(obj2, 'capability sys_admin,'))339 self.assertTrue(self._is_covered(obj2, 'capability ptrace,'))340class CapabiliySeverityTest(AATest):341 tests = [342 ('fsetid', 9),343 ('dac_read_search', 7),344 (['fsetid', 'dac_read_search'], 9),345 (CapabilityRule.ALL, 10),346 ('foo', 'unknown'),347 ]348 def _run_test(self, params, expected):349 sev_db = severity.Severity('../severity.db', 'unknown')350 obj = CapabilityRule(params)351 rank = obj.severity(sev_db)352 self.assertEqual(rank, expected)353class CapabilityLogprofHeaderTest(AATest):354 tests = [355 ('capability,', [ _('Capability'), _('ALL'), ]),356 ('capability chown,', [ _('Capability'), 'chown', ]),357 ('capability chown fsetid,', [ _('Capability'), 'chown fsetid', ]),358 ('audit capability,', [_('Qualifier'), 'audit', _('Capability'), _('ALL'), ]),359 ('deny capability chown,', [_('Qualifier'), 'deny', _('Capability'), 'chown', ]),360 ('allow capability chown fsetid,', [_('Qualifier'), 'allow', _('Capability'), 'chown fsetid', ]),361 ('audit deny capability,', [_('Qualifier'), 'audit deny', _('Capability'), _('ALL'), ]),362 ]363 def _run_test(self, params, expected):364 obj = CapabilityRule.parse(params)365 self.assertEqual(obj.logprof_header(), expected)366# --- tests for CapabilityRuleset --- #367class CapabilityRulesTest(AATest):368 def test_empty_ruleset(self):369 ruleset = CapabilityRuleset()370 ruleset_2 = CapabilityRuleset()371 self.assertEqual([], ruleset.get_raw(2))372 self.assertEqual([], ruleset.get_clean(2))373 self.assertEqual([], ruleset_2.get_raw(2))374 self.assertEqual([], ruleset_2.get_clean(2))375 def test_ruleset_1(self):376 ruleset = CapabilityRuleset()377 rules = [378 'capability sys_admin,',379 'capability chown,',380 ]381 expected_raw = [382 'capability sys_admin,',383 'capability chown,',384 '',385 ]386 expected_clean = [387 'capability chown,',388 'capability sys_admin,',389 '',390 ]391 for rule in rules:392 ruleset.add(CapabilityRule.parse(rule))393 self.assertEqual(expected_raw, ruleset.get_raw())394 self.assertEqual(expected_clean, ruleset.get_clean())395 def test_ruleset_2(self):396 ruleset = CapabilityRuleset()397 rules = [398 'capability chown,',399 'allow capability sys_admin,',400 'deny capability chgrp, # example comment',401 ]402 expected_raw = [403 ' capability chown,',404 ' allow capability sys_admin,',405 ' deny capability chgrp, # example comment',406 '',407 ]408 expected_clean = [409 ' deny capability chgrp, # example comment',410 '',411 ' allow capability sys_admin,',412 ' capability chown,',413 '',414 ]415 for rule in rules:416 ruleset.add(CapabilityRule.parse(rule))417 self.assertEqual(expected_raw, ruleset.get_raw(1))418 self.assertEqual(expected_clean, ruleset.get_clean(1))419 def test_ruleset_add(self):420 rule = CapabilityRule('chgrp', comment=' # example comment')421 ruleset = CapabilityRuleset()422 ruleset.add(rule)423 expected_raw = [424 ' capability chgrp, # example comment',425 '',426 ]427 expected_clean = expected_raw428 self.assertEqual(expected_raw, ruleset.get_raw(1))429 self.assertEqual(expected_clean, ruleset.get_clean(1))430class CapabilityRulesCoveredTest(AATest):431 def AASetup(self):432 self.ruleset = CapabilityRuleset()433 rules = [434 'capability chown,',435 'capability setuid setgid,',436 'allow capability sys_admin,',437 'audit capability kill,',438 'deny capability chgrp, # example comment',439 ]440 for rule in rules:441 self.ruleset.add(CapabilityRule.parse(rule))442 def test_ruleset_is_covered_1(self):443 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chown,')))444 def test_ruleset_is_covered_2(self):445 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin,')))446 def test_ruleset_is_covered_3(self):447 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability sys_admin,')))448 def test_ruleset_is_covered_4(self):449 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setuid,')))450 def test_ruleset_is_covered_5(self):451 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability setgid,')))452 def test_ruleset_is_covered_6(self):453 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setgid setuid,')))454 def test_ruleset_is_covered_7(self):455 pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin chown,'))) # fails because it is split over two rule objects internally456 def test_ruleset_is_covered_8(self):457 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability kill,')))458 def test_ruleset_is_covered_9(self):459 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,')))460 def test_ruleset_is_covered_10(self):461 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin,')))462 def test_ruleset_is_covered_11(self):463 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin chown,')))464 def test_ruleset_is_covered_12(self):465 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability setgid,')))466 def test_ruleset_is_covered_13(self):467 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability kill,')))468 def test_ruleset_is_covered_14(self):469 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chown,')))470 def test_ruleset_is_covered_15(self):471 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin,')))472 def test_ruleset_is_covered_16(self):473 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin chown,')))474 def test_ruleset_is_covered_17(self):475 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability setgid,')))476 def test_ruleset_is_covered_18(self):477 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('audit capability kill,')))478 def test_ruleset_is_covered_19(self):479 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('deny capability chgrp,')))480 def test_ruleset_is_covered_20(self):481 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit deny capability chgrp,')))482 def test_ruleset_is_covered_21(self):483 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chgrp,')))484 def test_ruleset_is_covered_22(self):485 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,')))486 def test_ruleset_is_covered_23(self):487 self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,'), check_allow_deny=False))488 def test_ruleset_is_covered_24(self):489 self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,'), check_allow_deny=False))490# XXX - disabling these until we decide whether or not checking whether491# a log is covered by rules should be a separate entry point, possibly492# handling the log structure directly, or whether coverage should be493# solely based on Rule objects and marshaling of a log message into a494# Rule object should occur outside of the Rule classes themselves.495#496# def _test_log_covered(self, expected, capability):497# event_base = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="%s"'498# parser = ReadLog('', '', '')499# self.assertEqual(expected, self.ruleset.is_log_covered(parser.parse_event(event_base%capability)))500#501# def test_ruleset_is_log_covered_1(self):502# self._test_log_covered(False, 'net_raw')503# def test_ruleset_is_log_covered_2(self):504# self._test_log_covered(True, 'chown')505# def test_ruleset_is_log_covered_3(self):506# self._test_log_covered(True, 'sys_admin')507# def test_ruleset_is_log_covered_4(self):508# self._test_log_covered(True, 'kill')509# def test_ruleset_is_log_covered_5(self):510# self._test_log_covered(False, 'chgrp')511# def test_ruleset_is_log_covered_6(self):512# event_base = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="%s"'513#514# parser = ReadLog('', '', '')515# self.assertEqual(True, self.ruleset.is_log_covered(parser.parse_event(event_base%'chgrp'), False)) # ignores allow/deny516class CapabilityGlobTest(AATest):517 def AASetup(self):518 self.ruleset = CapabilityRuleset()519 def test_glob(self):520 self.assertEqual(self.ruleset.get_glob('capability net_raw,'), 'capability,')521 def test_glob_ext(self):522 with self.assertRaises(NotImplementedError):523 self.ruleset.get_glob_ext('capability net_raw,')524class CapabilityDeleteTest(AATest):525 def AASetup(self):526 self.ruleset = CapabilityRuleset()527 rules = [528 'capability chown,',529 'allow capability sys_admin,',530 'deny capability chgrp, # example comment',531 ]532 for rule in rules:533 self.ruleset.add(CapabilityRule.parse(rule))534 def test_delete(self):535 expected_raw = [536 ' capability chown,',537 ' deny capability chgrp, # example comment',538 '',539 ]540 expected_clean = [541 ' deny capability chgrp, # example comment',542 '',543 ' capability chown,',544 '',545 ]546 self.ruleset.delete(CapabilityRule(['sys_admin']))547 self.assertEqual(expected_raw, self.ruleset.get_raw(1))548 self.assertEqual(expected_clean, self.ruleset.get_clean(1))549 def test_delete_with_allcaps(self):550 expected_raw = [551 ' capability chown,',552 ' deny capability chgrp, # example comment',553 ' capability,',554 '',555 ]556 expected_clean = [557 ' deny capability chgrp, # example comment',558 '',559 ' capability chown,',560 ' capability,',561 '',562 ]563 self.ruleset.add(CapabilityRule(CapabilityRule.ALL))564 self.ruleset.delete(CapabilityRule('sys_admin'))565 self.assertEqual(expected_raw, self.ruleset.get_raw(1))566 self.assertEqual(expected_clean, self.ruleset.get_clean(1))567 def test_delete_with_multi(self):568 expected_raw = [569 ' capability chown,',570 ' allow capability sys_admin,',571 ' deny capability chgrp, # example comment',572 '',573 ]574 expected_clean = [575 ' deny capability chgrp, # example comment',576 '',577 ' allow capability sys_admin,',578 ' capability chown,',579 '',580 ]581 self.ruleset.add(CapabilityRule(['audit_read', 'audit_write']))582 self.ruleset.delete(CapabilityRule(['audit_read', 'audit_write']))583 self.assertEqual(expected_raw, self.ruleset.get_raw(1))584 self.assertEqual(expected_clean, self.ruleset.get_clean(1))585 def test_delete_with_multi_2(self):586 self.ruleset.add(CapabilityRule(['audit_read', 'audit_write']))587 with self.assertRaises(AppArmorBug):588 # XXX ideally delete_raw should remove audit_read from the "capability audit_read audit_write," ruleset589 # but that's quite some work to cover a corner case.590 self.ruleset.delete(CapabilityRule('audit_read'))591 def test_delete_raw_notfound(self):592 with self.assertRaises(AppArmorBug):593 self.ruleset.delete(CapabilityRule('audit_write'))594 def test_delete_duplicates(self):595 inc = CapabilityRuleset()596 rules = [597 'capability chown,',598 'deny capability chgrp, # example comment',599 ]600 for rule in rules:601 inc.add(CapabilityRule.parse(rule))602 expected_raw = [603 ' allow capability sys_admin,',604 '',605 ]606 expected_clean = expected_raw607 self.assertEqual(self.ruleset.delete_duplicates(inc), 2)608 self.assertEqual(expected_raw, self.ruleset.get_raw(1))609 self.assertEqual(expected_clean, self.ruleset.get_clean(1))610 def test_delete_duplicates_2(self):611 inc = CapabilityRuleset()612 rules = [613 'capability audit_write,',614 'capability chgrp, # example comment',615 ]616 for rule in rules:617 inc.add(CapabilityRule.parse(rule))618 expected_raw = [619 ' capability chown,',620 ' allow capability sys_admin,',621 ' deny capability chgrp, # example comment',622 '',623 ]624 expected_clean = [625 ' deny capability chgrp, # example comment',626 '',627 ' allow capability sys_admin,',628 ' capability chown,',629 '',630 ]631 self.assertEqual(self.ruleset.delete_duplicates(inc), 0)632 self.assertEqual(expected_raw, self.ruleset.get_raw(1))633 self.assertEqual(expected_clean, self.ruleset.get_clean(1))634 def test_delete_duplicates_3(self):635 self.ruleset.add(CapabilityRule.parse('audit capability dac_override,'))636 inc = CapabilityRuleset()637 rules = [638 'capability dac_override,',639 ]640 for rule in rules:641 inc.add(CapabilityRule.parse(rule))642 expected_raw = [643 ' capability chown,',644 ' allow capability sys_admin,',645 ' deny capability chgrp, # example comment',646 ' audit capability dac_override,',647 '',648 ]649 expected_clean = [650 ' deny capability chgrp, # example comment',651 '',652 ' allow capability sys_admin,',653 ' audit capability dac_override,',654 ' capability chown,',655 '',656 ]657 self.assertEqual(self.ruleset.delete_duplicates(inc), 0)658 self.assertEqual(expected_raw, self.ruleset.get_raw(1))659 self.assertEqual(expected_clean, self.ruleset.get_clean(1))660 def test_delete_duplicates_4(self):661 inc = CapabilityRuleset()662 rules = [663 'capability,',664 ]665 for rule in rules:666 inc.add(CapabilityRule.parse(rule))667 expected_raw = [668 ' deny capability chgrp, # example comment',669 '',670 ]671 expected_clean = [672 ' deny capability chgrp, # example comment',673 '',674 ]675 self.assertEqual(self.ruleset.delete_duplicates(inc), 2)676 self.assertEqual(expected_raw, self.ruleset.get_raw(1))677 self.assertEqual(expected_clean, self.ruleset.get_clean(1))678 def test_delete_duplicates_none(self):679 expected_raw = [680 ' capability chown,',681 ' allow capability sys_admin,',682 ' deny capability chgrp, # example comment',683 '',684 ]685 expected_clean = [686 ' deny capability chgrp, # example comment',687 '',688 ' allow capability sys_admin,',689 ' capability chown,',690 '',691 ]692 self.assertEqual(self.ruleset.delete_duplicates(None), 0)693 self.assertEqual(expected_raw, self.ruleset.get_raw(1))694 self.assertEqual(expected_clean, self.ruleset.get_clean(1))695 def test_delete_duplicates_hasher(self):696 expected_raw = [697 ' capability chown,',698 ' allow capability sys_admin,',699 ' deny capability chgrp, # example comment',700 '',701 ]702 expected_clean = [703 ' deny capability chgrp, # example comment',704 '',705 ' allow capability sys_admin,',706 ' capability chown,',707 '',708 ]709 self.assertEqual(self.ruleset.delete_duplicates(hasher()), 0)710 self.assertEqual(expected_raw, self.ruleset.get_raw(1))711 self.assertEqual(expected_clean, self.ruleset.get_clean(1))712 def _check_test_delete_duplicates_in_profile(self, rules, expected_raw, expected_clean, expected_deleted):713 obj = CapabilityRuleset()714 for rule in rules:715 obj.add(CapabilityRule.parse(rule))716 deleted = obj.delete_duplicates(None)717 self.assertEqual(expected_raw, obj.get_raw(1))718 self.assertEqual(expected_clean, obj.get_clean(1))719 self.assertEqual(deleted, expected_deleted)720 def test_delete_duplicates_in_profile_01(self):721 rules = [722 'audit capability chown,',723 'audit capability,',724 'capability dac_override,',725 ]726 expected_raw = [727 ' audit capability,',728 '',729 ]730 expected_clean = [731 ' audit capability,',732 '',733 ]734 expected_deleted = 2735 self._check_test_delete_duplicates_in_profile(rules, expected_raw, expected_clean, expected_deleted)736 def test_delete_duplicates_in_profile_02(self):737 rules = [738 'audit capability chown,',739 'audit capability,',740 'audit capability dac_override,',741 'capability ,',742 'audit capability ,',743 ]744 expected_raw = [745 ' audit capability,',746 '',747 ]748 expected_clean = [749 ' audit capability,',750 '',751 ]752 expected_deleted = 4753 self._check_test_delete_duplicates_in_profile(rules, expected_raw, expected_clean, expected_deleted)754 def test_delete_duplicates_in_profile_03(self):755 rules = [756 'audit capability chown,',757 'capability dac_override,',758 'deny capability dac_override,',759 'capability dac_override,',760 'audit capability chown,',761 'deny capability chown,',762 'audit deny capability chown,',763 'capability,',764 'audit capability,',765 ]766 expected_raw = [767 ' deny capability dac_override,',768 ' audit deny capability chown,',769 ' audit capability,',770 '',771 ]772 expected_clean = [773 ' audit deny capability chown,',774 ' deny capability dac_override,',775 '',776 ' audit capability,',777 '',778 ]779 expected_deleted = 6780 self._check_test_delete_duplicates_in_profile(rules, expected_raw, expected_clean, expected_deleted)781 def test_delete_duplicates_in_profile_04(self):782 rules = [783 'audit capability chown,',784 'deny capability chown,',785 ]786 expected_raw = [787 ' audit capability chown,',788 ' deny capability chown,',789 '',790 ]791 expected_clean = [792 ' deny capability chown,',793 '',794 ' audit capability chown,',795 '',796 ]797 expected_deleted = 0798 self._check_test_delete_duplicates_in_profile(rules, expected_raw, expected_clean, expected_deleted)799setup_all_loops(__name__)800if __name__ == '__main__':...
hostapd_constants.py
Source:hostapd_constants.py
1#!/usr/bin/env python32#3# Copyright 2017 - Google4#5# Licensed under the Apache License, Version 2.0 (the "License");6# you may not use this file except in compliance with the License.7# You may obtain a copy of the License at8#9# http://www.apache.org/licenses/LICENSE-2.010#11# Unless required by applicable law or agreed to in writing, software12# distributed under the License is distributed on an "AS IS" BASIS,13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14# See the License for the specific language governing permissions and15# limitations under the License.16import itertools17BAND_2G = '2g'18BAND_5G = '5g'19WPA1 = 120WPA2 = 221MIXED = 322MAX_WPA_PSK_LENGTH = 6423MIN_WPA_PSK_LENGTH = 824WPA_STRICT_REKEY = 125WPA_DEFAULT_CIPHER = 'TKIP'26WPA2_DEFAULT_CIPER = 'CCMP'27WPA_GROUP_KEY_ROTATION_TIME = 60028WPA_STRICT_REKEY_DEFAULT = True29WPA_STRING = 'wpa'30WPA2_STRING = 'wpa2'31WPA_MIXED_STRING = 'wpa/wpa2'32WLAN0_STRING = 'wlan0'33WLAN1_STRING = 'wlan1'34WLAN2_STRING = 'wlan2'35WLAN3_STRING = 'wlan3'36AP_DEFAULT_CHANNEL_2G = 637AP_DEFAULT_CHANNEL_5G = 3638AP_DEFAULT_MAX_SSIDS_2G = 839AP_DEFAULT_MAX_SSIDS_5G = 840AP_SSID_LENGTH_2G = 841AP_PASSPHRASE_LENGTH_2G = 1042AP_SSID_LENGTH_5G = 843AP_PASSPHRASE_LENGTH_5G = 1044# A mapping of frequency to channel number. This includes some45# frequencies used outside the US.46CHANNEL_MAP = {47 2412: 1,48 2417: 2,49 2422: 3,50 2427: 4,51 2432: 5,52 2437: 6,53 2442: 7,54 2447: 8,55 2452: 9,56 2457: 10,57 2462: 11,58 # 12, 13 are only legitimate outside the US.59 # 2467: 12,60 # 2472: 13,61 # 14 is for Japan, DSSS and CCK only.62 # 2484: 14,63 # 34 valid in Japan.64 # 5170: 34,65 # 36-116 valid in the US, except 38, 42, and 46, which have66 # mixed international support.67 5180: 36,68 5190: 38,69 5200: 40,70 5210: 42,71 5220: 44,72 5230: 46,73 5240: 48,74 # DFS channels.75 5260: 52,76 5280: 56,77 5300: 60,78 5320: 64,79 5500: 100,80 5520: 104,81 5540: 108,82 5560: 112,83 5580: 116,84 # 120, 124, 128 valid in Europe/Japan.85 5600: 120,86 5620: 124,87 5640: 128,88 # 132+ valid in US.89 5660: 132,90 5680: 136,91 5700: 140,92 # 144 is supported by a subset of WiFi chips93 # (e.g. bcm4354, but not ath9k).94 5720: 144,95 # End DFS channels.96 5745: 149,97 5755: 151,98 5765: 153,99 5775: 155,100 5795: 159,101 5785: 157,102 5805: 161,103 5825: 165104}105MODE_11A = 'a'106MODE_11B = 'b'107MODE_11G = 'g'108MODE_11N_MIXED = 'n-mixed'109MODE_11N_PURE = 'n-only'110MODE_11AC_MIXED = 'ac-mixed'111MODE_11AC_PURE = 'ac-only'112N_CAPABILITY_LDPC = object()113N_CAPABILITY_HT20 = object()114N_CAPABILITY_HT40_PLUS = object()115N_CAPABILITY_HT40_MINUS = object()116N_CAPABILITY_GREENFIELD = object()117N_CAPABILITY_SGI20 = object()118N_CAPABILITY_SGI40 = object()119N_CAPABILITY_TX_STBC = object()120N_CAPABILITY_RX_STBC1 = object()121N_CAPABILITY_RX_STBC12 = object()122N_CAPABILITY_RX_STBC123 = object()123N_CAPABILITY_DSSS_CCK_40 = object()124N_CAPABILITIES_MAPPING = {125 N_CAPABILITY_LDPC: '[LDPC]',126 N_CAPABILITY_HT20: '[HT20]',127 N_CAPABILITY_HT40_PLUS: '[HT40+]',128 N_CAPABILITY_HT40_MINUS: '[HT40-]',129 N_CAPABILITY_GREENFIELD: '[GF]',130 N_CAPABILITY_SGI20: '[SHORT-GI-20]',131 N_CAPABILITY_SGI40: '[SHORT-GI-40]',132 N_CAPABILITY_TX_STBC: '[TX-STBC]',133 N_CAPABILITY_RX_STBC1: '[RX-STBC1]',134 N_CAPABILITY_RX_STBC12: '[RX-STBC12]',135 N_CAPABILITY_RX_STBC123: '[RX-STBC123]',136 N_CAPABILITY_DSSS_CCK_40: '[DSSS_CCK-40]'137}138N_CAPABILITY_HT40_MINUS_CHANNELS = object()139N_CAPABILITY_HT40_PLUS_CHANNELS = object()140AC_CAPABILITY_VHT160 = object()141AC_CAPABILITY_VHT160_80PLUS80 = object()142AC_CAPABILITY_RXLDPC = object()143AC_CAPABILITY_SHORT_GI_80 = object()144AC_CAPABILITY_SHORT_GI_160 = object()145AC_CAPABILITY_TX_STBC_2BY1 = object()146AC_CAPABILITY_RX_STBC_1 = object()147AC_CAPABILITY_RX_STBC_12 = object()148AC_CAPABILITY_RX_STBC_123 = object()149AC_CAPABILITY_RX_STBC_1234 = object()150AC_CAPABILITY_SU_BEAMFORMER = object()151AC_CAPABILITY_SU_BEAMFORMEE = object()152AC_CAPABILITY_BF_ANTENNA_2 = object()153AC_CAPABILITY_SOUNDING_DIMENSION_2 = object()154AC_CAPABILITY_MU_BEAMFORMER = object()155AC_CAPABILITY_MU_BEAMFORMEE = object()156AC_CAPABILITY_VHT_TXOP_PS = object()157AC_CAPABILITY_HTC_VHT = object()158AC_CAPABILITY_MAX_A_MPDU_LEN_EXP0 = object()159AC_CAPABILITY_MAX_A_MPDU_LEN_EXP1 = object()160AC_CAPABILITY_MAX_A_MPDU_LEN_EXP2 = object()161AC_CAPABILITY_MAX_A_MPDU_LEN_EXP3 = object()162AC_CAPABILITY_MAX_A_MPDU_LEN_EXP4 = object()163AC_CAPABILITY_MAX_A_MPDU_LEN_EXP5 = object()164AC_CAPABILITY_MAX_A_MPDU_LEN_EXP6 = object()165AC_CAPABILITY_MAX_A_MPDU_LEN_EXP7 = object()166AC_CAPABILITY_VHT_LINK_ADAPT2 = object()167AC_CAPABILITY_VHT_LINK_ADAPT3 = object()168AC_CAPABILITY_RX_ANTENNA_PATTERN = object()169AC_CAPABILITY_TX_ANTENNA_PATTERN = object()170AC_CAPABILITY_MAX_MPDU_7991 = object()171AC_CAPABILITY_MAX_MPDU_11454 = object()172AC_CAPABILITIES_MAPPING = {173 AC_CAPABILITY_VHT160: '[VHT160]',174 AC_CAPABILITY_VHT160_80PLUS80: '[VHT160-80PLUS80]',175 AC_CAPABILITY_RXLDPC: '[RXLDPC]',176 AC_CAPABILITY_SHORT_GI_80: '[SHORT-GI-80]',177 AC_CAPABILITY_SHORT_GI_160: '[SHORT-GI-160]',178 AC_CAPABILITY_TX_STBC_2BY1: '[TX-STBC-2BY1]',179 AC_CAPABILITY_RX_STBC_1: '[RX-STBC-1]',180 AC_CAPABILITY_RX_STBC_12: '[RX-STBC-12]',181 AC_CAPABILITY_RX_STBC_123: '[RX-STBC-123]',182 AC_CAPABILITY_RX_STBC_1234: '[RX-STBC-1234]',183 AC_CAPABILITY_SU_BEAMFORMER: '[SU-BEAMFORMER]',184 AC_CAPABILITY_SU_BEAMFORMEE: '[SU-BEAMFORMEE]',185 AC_CAPABILITY_BF_ANTENNA_2: '[BF-ANTENNA-2]',186 AC_CAPABILITY_SOUNDING_DIMENSION_2: '[SOUNDING-DIMENSION-2]',187 AC_CAPABILITY_MU_BEAMFORMER: '[MU-BEAMFORMER]',188 AC_CAPABILITY_MU_BEAMFORMEE: '[MU-BEAMFORMEE]',189 AC_CAPABILITY_VHT_TXOP_PS: '[VHT-TXOP-PS]',190 AC_CAPABILITY_HTC_VHT: '[HTC-VHT]',191 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP0: '[MAX-A-MPDU-LEN-EXP0]',192 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP1: '[MAX-A-MPDU-LEN-EXP1]',193 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP2: '[MAX-A-MPDU-LEN-EXP2]',194 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP3: '[MAX-A-MPDU-LEN-EXP3]',195 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP4: '[MAX-A-MPDU-LEN-EXP4]',196 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP5: '[MAX-A-MPDU-LEN-EXP5]',197 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP6: '[MAX-A-MPDU-LEN-EXP6]',198 AC_CAPABILITY_MAX_A_MPDU_LEN_EXP7: '[MAX-A-MPDU-LEN-EXP7]',199 AC_CAPABILITY_VHT_LINK_ADAPT2: '[VHT-LINK-ADAPT2]',200 AC_CAPABILITY_VHT_LINK_ADAPT3: '[VHT-LINK-ADAPT3]',201 AC_CAPABILITY_RX_ANTENNA_PATTERN: '[RX-ANTENNA-PATTERN]',202 AC_CAPABILITY_TX_ANTENNA_PATTERN: '[TX-ANTENNA-PATTERN]',203 AC_CAPABILITY_MAX_MPDU_11454: '[MAX-MPDU-11454]',204 AC_CAPABILITY_MAX_MPDU_7991: '[MAX-MPDU-7991]'205}206VHT_CHANNEL_WIDTH_40 = 0207VHT_CHANNEL_WIDTH_80 = 1208VHT_CHANNEL_WIDTH_160 = 2209VHT_CHANNEL_WIDTH_80_80 = 3210# This is a loose merging of the rules for US and EU regulatory211# domains as taken from IEEE Std 802.11-2012 Appendix E. For instance,212# we tolerate HT40 in channels 149-161 (not allowed in EU), but also213# tolerate HT40+ on channel 7 (not allowed in the US). We take the loose214# definition so that we don't prohibit testing in either domain.215HT40_ALLOW_MAP = {216 N_CAPABILITY_HT40_MINUS_CHANNELS:217 tuple(218 itertools.chain(219 range(6, 14), range(40, 65, 8), range(104, 137, 8), [153, 161])),220 N_CAPABILITY_HT40_PLUS_CHANNELS:221 tuple(222 itertools.chain(223 range(1, 8), range(36, 61, 8), range(100, 133, 8), [149, 157]))224}225PMF_SUPPORT_DISABLED = 0226PMF_SUPPORT_ENABLED = 1227PMF_SUPPORT_REQUIRED = 2228PMF_SUPPORT_VALUES = (PMF_SUPPORT_DISABLED, PMF_SUPPORT_ENABLED,229 PMF_SUPPORT_REQUIRED)230DRIVER_NAME = 'nl80211'231CENTER_CHANNEL_MAP = {232 VHT_CHANNEL_WIDTH_40: {233 'delta': 2,234 'channels': ((36, 40), (44, 48), (52, 56), (60, 64), (100, 104),235 (108, 112), (116, 120), (124, 128), (132, 136),236 (140, 144), (149, 153), (147, 161))237 },238 VHT_CHANNEL_WIDTH_80: {239 'delta': 6,240 'channels': ((36, 48), (52, 64), (100, 112), (116, 128), (132, 144),241 (149, 161))242 },243 VHT_CHANNEL_WIDTH_160: {244 'delta': 14,245 'channels': ((36, 64), (100, 128))246 }...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!