[apparmor] [PATCH] clarify "deleted" test case

[Kees Cook]

Fixes "deleted" test case to match the documentation for the expected
outcome. Adds additional positive test, fixes spelling.


=== modified file 'tests/regression/apparmor/deleted.c'
--- tests/regression/apparmor/deleted.c	2006-05-19 17:32:14 +0000
+++ tests/regression/apparmor/deleted.c	2010-07-24 16:05:00 +0000
@@ -90,7 +90,7 @@
         }
 
 	/* test that we can create the file.  Not necessarily a (deleted)
-	 * case but lets use flush out other combinations
+	 * case but lets us flush out other combinations.
 	 */
 	fd2=creat(argv[2], S_IRUSR | S_IWUSR);
 	if (fd2 == -1){

=== modified file 'tests/regression/apparmor/deleted.sh'
--- tests/regression/apparmor/deleted.sh	2007-12-23 01:00:19 +0000
+++ tests/regression/apparmor/deleted.sh	2010-07-24 16:05:00 +0000
@@ -1,7 +1,7 @@
 #! /bin/bash
-# $Id$
-
+#
 #	Copyright (C) 2002-2005 Novell/SUSE
+#	Copyright (C) 2010 Canonical, Ltd
 #
 #	This program is free software; you can redistribute it and/or
 #	modify it under the terms of the GNU General Public License as
@@ -10,7 +10,7 @@
 
 #=NAME deleted
 #=DESCRIPTION 
-# Test subdomain is properly working around a kernel in which the kernel 
+# Test AppArmor is properly working around a kernel in which the kernel 
 # appends (deleted) to deleted files verifies that the d_path appending 
 # (deleted) fix is working
 #=END
@@ -24,6 +24,7 @@
 
 file=$tmpdir/file
 file2="$tmpdir/file (deleted)"
+file3="$tmpdir/unavailable"
 okperm=rwl
 
 subtest=sub
@@ -40,8 +41,8 @@
 # NO CHANGEHAT TEST - doesn't force revalidation
 
 genprofile $file:$okperm
-
 runchecktest "NO CHANGEHAT (access file)" pass nochange $file
+runchecktest "NO CHANGEHAT (cannot access unavailable)" fail nochange $file3
 
 genprofile "$file2":$okperm
 runchecktest "NO CHANGEHAT (access file (delete))" pass nochange "$file2"
@@ -49,6 +50,7 @@
 # CHANGEHAT TEST - force revalidation using changehat
 genprofile $file:$okperm hat:$subtest $file:$okperm
 runchecktest "CHANGEHAT (access file)" pass $subtest $file
+runchecktest "CHANGEHAT (cannot access unavailable)" fail $subtest $file3
 
 genprofile "$file2":$okperm hat:$subtest "$file2":$okperm
 runchecktest "CHANGEHAT (access file (deleted))" pass $subtest "$file2"
@@ -115,7 +117,7 @@
 # FAIL - confined client, w access to the file
 
 genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw
-runchecktest "fd passing; confined client w/ w only" pass $file $socket $fd_client "delete_file"
+runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client "delete_file"
 
 sleep 1
 rm -f ${socket}


-- 
Kees Cook
Ubuntu Security Team