| dcashman | 9b61575 | 2015-01-07 14:23:11 -0800 | [diff] [blame] | 1 | #!/usr/bin/env python |
| dcashman | b34ae0b | 2014-10-24 16:16:30 -0700 | [diff] [blame] | 2 | |
| 3 | import re |
| 4 | import sys |
| 5 | import SELinuxNeverallowTestFrame |
| 6 | |
| 7 | usage = "Usage: ./gen_SELinux_CTS_neverallows.py <input policy file> <output cts java source>" |
| 8 | |
| 9 | # extract_neverallow_rules - takes an intermediate policy file and pulls out the |
| 10 | # neverallow rules by taking all of the non-commented text between the 'neverallow' |
| 11 | # keyword and a terminating ';' |
| 12 | # returns: a list of strings representing these rules |
| 13 | def extract_neverallow_rules(policy_file): |
| 14 | with open(policy_file, 'r') as in_file: |
| 15 | policy_str = in_file.read() |
| 16 | # remove comments |
| 17 | no_comments = re.sub(r'#.+?$', r'', policy_str, flags = re.M) |
| 18 | # match neverallow rules |
| 19 | return re.findall(r'(^neverallow\s.+?;)', no_comments, flags = re.M |re.S); |
| 20 | |
| 21 | # neverallow_rule_to_test - takes a neverallow statement and transforms it into |
| 22 | # the output necessary to form a cts unit test in a java source file. |
| 23 | # returns: a string representing a generic test method based on this rule. |
| 24 | def neverallow_rule_to_test(neverallow_rule, test_num): |
| 25 | squashed_neverallow = neverallow_rule.replace("\n", " ") |
| 26 | method = SELinuxNeverallowTestFrame.src_method |
| 27 | method = method.replace("testNeverallowRules()", |
| 28 | "testNeverallowRules" + str(test_num) + "()") |
| 29 | return method.replace("$NEVERALLOW_RULE_HERE$", squashed_neverallow) |
| 30 | |
| 31 | if __name__ == "__main__": |
| 32 | # check usage |
| 33 | if len(sys.argv) != 3: |
| 34 | print usage |
| 35 | exit() |
| 36 | input_file = sys.argv[1] |
| 37 | output_file = sys.argv[2] |
| 38 | |
| 39 | src_header = SELinuxNeverallowTestFrame.src_header |
| 40 | src_body = SELinuxNeverallowTestFrame.src_body |
| 41 | src_footer = SELinuxNeverallowTestFrame.src_footer |
| 42 | |
| 43 | # grab the neverallow rules from the policy file and transform into tests |
| 44 | neverallow_rules = extract_neverallow_rules(input_file) |
| 45 | i = 0 |
| 46 | for rule in neverallow_rules: |
| 47 | src_body += neverallow_rule_to_test(rule, i) |
| 48 | i += 1 |
| 49 | |
| 50 | with open(output_file, 'w') as out_file: |
| 51 | out_file.write(src_header) |
| 52 | out_file.write(src_body) |
| 53 | out_file.write(src_footer) |