tests: Add use-of-aliases-in-plugins

tests/Regression/use-of-aliases-in-plugins/runtest.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/setroubleshoot-plugins/Regression/use-of-aliases-in-plugins
+#   Description: Make sure all types used in setroubleshoot plugins are
+#                defined in the policy and are not aliases
+#   Author: Vit Mojzis <vmojzis@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2020 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="setroubleshoot-plugins"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm ${PACKAGE}
+        rlRun "selinuxenabled" 0
+    rlPhaseEnd
+
+    rlPhaseStartTest "bz#1794807 - look for aliases and undefined types in plugins"
+        # lists all types not defined in the policy as "type_t not found"
+        # and all aliases as "alias_t is an alias of type_t"
+        # all issues are prefixed with a list of offending plugins
+        # returns 1 if an issue was found
+        rlRun "./test_aliases.py" 0
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
+

tests/Regression/use-of-aliases-in-plugins/test_aliases.py

@@ -0,0 +1,65 @@
+#!/usr/bin/python3
+
+# lists all types not defined in the policy as "type_t not found"
+# and all aliases as "alias_t is an alias of type_t"
+# all issues are prefixed with a list of offending plugins
+# returns 1 if an issue was found
+
+import subprocess
+import sepolicy
+import sys
+import re
+from collections import defaultdict
+
+plugin_path = "/usr/share/setroubleshoot/plugins"
+error_code = 0
+
+if len(sys.argv) > 1:
+	plugin_path = sys.argv[1]
+
+try:
+	# search all plugin files in given location for the following pattern
+	# <plugin path>:<delimiter><type name>_t<delimiter>
+	g = subprocess.check_output('grep -I [^A-Za-z_][A-Za-z][A-Za-z_]*_t[^A-Za-z_] -o {}/*.py'.format(plugin_path),
+				     universal_newlines=True, shell=True)
+	lines = g.split('\n')
+except:
+	exit(1)
+# matches 2 groups: file name and type name
+# <path to plugins>(<plugin file name>):<delimiter>(<type name>_t)<delimiter>
+reg = re.compile('.*/(.+):[^A-Za-z_]([A-Za-z_]*_t)[^A-Za-z_]')
+# generate a dictionary of of all type names used in setroubleshoot plugins
+# where types are keys and lists of files where each type appeared are data
+found = defaultdict(set)
+
+for l in lines:
+	m = reg.match(l)
+
+	if m is None:
+		continue
+
+	try:
+		t = m.group(2)
+		if "_TYPE_" in t:
+			continue
+		found[t].add(m.group(1))
+	except:
+		# failed to match
+		continue
+
+for t in sorted(found.keys()):
+	try:
+		# try to find each type in system policy
+		i = next(sepolicy.info(sepolicy.TYPE, t))['name']
+		if t != i:
+			# <plugin file names>: alias_t is an alias of type_t
+			print("{}: {} is an alias of {}".format(", ".join(found[t]), t, i))
+			error_code = 1
+	except:
+		# skip types defined in selinux-policy modules that are not shipped any more
+		if t not in ["vbetool_t"]:
+			# <plugin file names>: type_t not found
+			print("{}: {} not found".format(", ".join(found[t]), t))
+			error_code = 1
+
+exit(error_code)

tests/tests.yml

@@ -0,0 +1,11 @@
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    tests:
+    - Regression/use-of-aliases-in-plugins
+    required_packages:
+    - setroubleshoot-plugins
+    - selinux-policy-targeted
+    - python3-policycoreutils