Add new test suite for sepolicy tool set.

This test should be run before we do any builds to make sure there are
no regressions

policycoreutils/sepolicy/Makefile

@@ -9,7 +9,7 @@ LOCALEDIR ?= /usr/share/locale
 PYTHON ?= /usr/bin/python
 BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
+override CFLAGS = -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
 
 BASHCOMPLETIONS=sepolicy-bash-completion.sh
 
@@ -22,6 +22,9 @@ clean:
 	$(PYTHON) setup.py clean
 	-rm -rf build *~ \#* *pyc .#*
 
+test:
+	@python test_sepolicy.py -v
+
 install:
 	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)

policycoreutils/sepolicy/test_sepolicy.py

@@ -0,0 +1,123 @@
+import unittest, os, shutil
+from tempfile import mkdtemp
+from subprocess import Popen, PIPE
+
+class SepolicyTests(unittest.TestCase):
+    def assertDenied(self, err):
+        self.assert_('Permission denied' in err,
+                     '"Permission denied" not found in %r' % err)
+    def assertNotFound(self, err):
+        self.assert_('not found' in err,
+                     '"not found" not found in %r' % err)
+
+    def assertFailure(self, status):
+        self.assert_(status != 0,
+                     '"Succeeded when it should have failed')
+
+    def assertSuccess(self, status, err):
+        self.assert_(status == 0,
+                     '"sepolicy should have succeeded for this test %r' %  err)
+
+    def test_man_domain(self):
+        "Verify sepolicy manpage -d works"
+        p = Popen(['sepolicy', 'manpage', '-d', 'httpd_t'], stdout = PIPE)
+        out, err = p.communicate()
+        print out, err
+        self.assertSuccess(p.returncode, err)
+
+    def test_man_all(self):
+        "Verify sepolicy manpage -a works"
+        p = Popen(['sepolicy', 'manpage', '-a'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_network_l(self):
+        "Verify sepolicy network -l works"
+        p = Popen(['sepolicy', 'network', '-l'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_network_t(self):
+        "Verify sepolicy network -t works"
+        p = Popen(['sepolicy', 'network', '-t', 'http_port_t'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_network_p(self):
+        "Verify sepolicy network -p works"
+        p = Popen(['sepolicy', 'network', '-p', '80'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_network_d(self):
+        "Verify sepolicy network -d works"
+        p = Popen(['sepolicy', 'network', '-d', 'httpd_t'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_transition_s(self):
+        "Verify sepolicy transition -l works"
+        p = Popen(['sepolicy', 'transition', '-s', 'httpd_t'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_transition_t(self):
+        "Verify sepolicy transition -t works"
+        p = Popen(['sepolicy', 'transition', '-s', 'httpd_t', '-t', 'sendmail_t'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_booleans_l(self):
+        "Verify sepolicy booleans -l fails"
+        p = Popen(['sepolicy', 'booleans', '-l'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertFailure(p.returncode)
+
+    def test_booleans_a(self):
+        "Verify sepolicy booleans -a works"
+        p = Popen(['sepolicy', 'booleans', '-a'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_booleans_b_alias(self):
+        "Verify sepolicy booleans -b works"
+        p = Popen(['sepolicy', 'booleans', '-b', 'allow_ypbind'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_booleans_b(self):
+        "Verify sepolicy booleans -b works"
+        p = Popen(['sepolicy', 'booleans', '-b', 'nis_enabled'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_interface_l(self):
+        "Verify sepolicy interface -l works"
+        p = Popen(['sepolicy', 'interface', '-l'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_interface_a(self):
+        "Verify sepolicy interface -a works"
+        p = Popen(['sepolicy', 'interface', '-a'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_interface_p(self):
+        "Verify sepolicy interface -u works"
+        p = Popen(['sepolicy', 'interface', '-u'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+    def test_interface_ci(self):
+        "Verify sepolicy interface -c -i works"
+        p = Popen(['sepolicy', 'interface', '-c', '-i', 'apache_admin'], stdout = PIPE)
+        out, err = p.communicate()
+        self.assertSuccess(p.returncode, err)
+
+if __name__ == "__main__":
+    import selinux
+    if selinux.security_getenforce() == 1:
+        unittest.main()
+    else:
+        print "SELinux must be in enforcing mode for this test"