[apparmor] [PATCH 2/2] libaalogparse: Regression tests for dbus-daemon audit messages
Tyler Hicks
tyhicks at canonical.com
Thu Aug 1 07:31:31 UTC 2013
Test a set of send, bind, and receive denials routed through the syslog,
as well as a set routed through auditd.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
libraries/libapparmor/testsuite/test_multi.c | 16 ++++++++++++++++
.../testsuite/test_multi/testcase_dbus_01.err | 0
.../testsuite/test_multi/testcase_dbus_01.in | 1 +
.../testsuite/test_multi/testcase_dbus_01.out | 15 +++++++++++++++
.../testsuite/test_multi/testcase_dbus_02.err | 0
.../testsuite/test_multi/testcase_dbus_02.in | 1 +
.../testsuite/test_multi/testcase_dbus_02.out | 11 +++++++++++
.../testsuite/test_multi/testcase_dbus_03.err | 0
.../testsuite/test_multi/testcase_dbus_03.in | 1 +
.../testsuite/test_multi/testcase_dbus_03.out | 16 ++++++++++++++++
.../testsuite/test_multi/testcase_dbus_04.err | 0
.../testsuite/test_multi/testcase_dbus_04.in | 1 +
.../testsuite/test_multi/testcase_dbus_04.out | 17 +++++++++++++++++
.../testsuite/test_multi/testcase_dbus_05.err | 0
.../testsuite/test_multi/testcase_dbus_05.in | 1 +
.../testsuite/test_multi/testcase_dbus_05.out | 13 +++++++++++++
.../testsuite/test_multi/testcase_dbus_06.err | 0
.../testsuite/test_multi/testcase_dbus_06.in | 1 +
.../testsuite/test_multi/testcase_dbus_06.out | 18 ++++++++++++++++++
19 files changed, 112 insertions(+)
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.out
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.out
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.out
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.out
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.out
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.err
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.in
create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.out
diff --git a/libraries/libapparmor/testsuite/test_multi.c b/libraries/libapparmor/testsuite/test_multi.c
index 1732e31..eb73279 100644
--- a/libraries/libapparmor/testsuite/test_multi.c
+++ b/libraries/libapparmor/testsuite/test_multi.c
@@ -137,6 +137,10 @@ int print_results(aa_log_record *record)
{
printf("Profile: %s\n", record->profile);
}
+ if (record->peer_profile != NULL)
+ {
+ printf("Peer profile: %s\n", record->peer_profile);
+ }
if (record->name != NULL)
{
printf("Name: %s\n", record->name);
@@ -173,6 +177,10 @@ int print_results(aa_log_record *record)
{
printf("Info: %s\n", record->info);
}
+ if (record->peer_info != NULL)
+ {
+ printf("Peer info: %s\n", record->peer_info);
+ }
if (record->error_code)
{
printf("ErrorCode: %d\n", record->error_code);
@@ -181,6 +189,10 @@ int print_results(aa_log_record *record)
{
printf("PID: %ld\n", record->pid);
}
+ if (record->peer_pid != 0)
+ {
+ printf("Peer PID: %ld\n", record->peer_pid);
+ }
if (record->active_hat != NULL)
{
printf("Active hat: %s\n", record->active_hat);
@@ -201,6 +213,10 @@ int print_results(aa_log_record *record)
print_string("Foreign addr", record->net_foreign_addr);
print_long("Local port", record->net_local_port, 0);
print_long("Foreign port", record->net_foreign_port, 0);
+ print_string("DBus bus", record->dbus_bus);
+ print_string("DBus path", record->dbus_path);
+ print_string("DBus interface", record->dbus_interface);
+ print_string("DBus member", record->dbus_member);
printf("Epoch: %lu\n", record->epoch);
printf("Audit subid: %u\n", record->audit_sub_id);
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.in
new file mode 100644
index 0000000..56c1d08
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.in
@@ -0,0 +1 @@
+Jul 31 17:10:35 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="dbus_method_call" bus="session" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=2922 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_profile="unconfined"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.out
new file mode 100644
index 0000000..e679b8e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.out
@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_dbus_01.in
+Event type: AA_RECORD_DENIED
+Operation: dbus_method_call
+Denied Mask: send
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Peer profile: unconfined
+Name: org.freedesktop.DBus
+PID: 2922
+DBus bus: session
+DBus path: /org/freedesktop/DBus
+DBus interface: org.freedesktop.DBus
+DBus member: Hello
+Epoch: 0
+Audit subid: 0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.in
new file mode 100644
index 0000000..4a90758
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.in
@@ -0,0 +1 @@
+Jul 31 17:11:16 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="dbus_bind" bus="session" name="com.apparmor.Test" mask="bind" pid=2940 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.out
new file mode 100644
index 0000000..bf63d05
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_02.out
@@ -0,0 +1,11 @@
+START
+File: test_multi/testcase_dbus_02.in
+Event type: AA_RECORD_DENIED
+Operation: dbus_bind
+Denied Mask: bind
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Name: com.apparmor.Test
+PID: 2940
+DBus bus: session
+Epoch: 0
+Audit subid: 0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.in
new file mode 100644
index 0000000..48d9401
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.in
@@ -0,0 +1 @@
+Jul 31 17:11:58 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="dbus_signal" bus="session" name="com.apparmor.Test" path="/com/apparmor/Test" interface="com.apparmor.Test" member="Signal" mask="receive" pid=2945 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_pid=2947 peer_profile="unconfined"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.out
new file mode 100644
index 0000000..9101fd0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_03.out
@@ -0,0 +1,16 @@
+START
+File: test_multi/testcase_dbus_03.in
+Event type: AA_RECORD_DENIED
+Operation: dbus_signal
+Denied Mask: receive
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Peer profile: unconfined
+Name: com.apparmor.Test
+PID: 2945
+Peer PID: 2947
+DBus bus: session
+DBus path: /com/apparmor/Test
+DBus interface: com.apparmor.Test
+DBus member: Signal
+Epoch: 0
+Audit subid: 0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.in
new file mode 100644
index 0000000..b3fc527
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.in
@@ -0,0 +1 @@
+type=USER_AVC msg=audit(1375323372.644:157): pid=363 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=2833 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_profile="unconfined" exe="/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.out
new file mode 100644
index 0000000..cd81768
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_04.out
@@ -0,0 +1,17 @@
+START
+File: test_multi/testcase_dbus_04.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1375323372.644:157
+Operation: dbus_method_call
+Denied Mask: send
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Peer profile: unconfined
+Name: org.freedesktop.DBus
+Command: /bin/dbus-daemon
+PID: 2833
+DBus bus: system
+DBus path: /org/freedesktop/DBus
+DBus interface: org.freedesktop.DBus
+DBus member: Hello
+Epoch: 1375323372
+Audit subid: 157
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.in
new file mode 100644
index 0000000..ec63000
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.in
@@ -0,0 +1 @@
+type=USER_AVC msg=audit(1375323416.656:167): pid=363 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_bind" bus="system" name="org.freedesktop.nm_dhcp_client" mask="bind" pid=2838 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" exe="/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.out
new file mode 100644
index 0000000..9d896d8
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_05.out
@@ -0,0 +1,13 @@
+START
+File: test_multi/testcase_dbus_05.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1375323416.656:167
+Operation: dbus_bind
+Denied Mask: bind
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Name: org.freedesktop.nm_dhcp_client
+Command: /bin/dbus-daemon
+PID: 2838
+DBus bus: system
+Epoch: 1375323416
+Audit subid: 167
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.in
new file mode 100644
index 0000000..090a3cf
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.in
@@ -0,0 +1 @@
+type=USER_AVC msg=audit(1375323488.608:182): pid=363 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_signal" bus="system" name="org.freedesktop.nm_dhcp_client" path="/org/freedesktop/nm_dhcp_client" interface="org.freedesktop.nm_dhcp_client" member="Signal" mask="receive" pid=2859 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_pid=2875 peer_profile="unconfined" exe="/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.out
new file mode 100644
index 0000000..54ebc45
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_06.out
@@ -0,0 +1,18 @@
+START
+File: test_multi/testcase_dbus_06.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1375323488.608:182
+Operation: dbus_signal
+Denied Mask: receive
+Profile: /tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service
+Peer profile: unconfined
+Name: org.freedesktop.nm_dhcp_client
+Command: /bin/dbus-daemon
+PID: 2859
+Peer PID: 2875
+DBus bus: system
+DBus path: /org/freedesktop/nm_dhcp_client
+DBus interface: org.freedesktop.nm_dhcp_client
+DBus member: Signal
+Epoch: 1375323488
+Audit subid: 182
--
1.8.3.2
More information about the AppArmor
mailing list