[apparmor] [PATCH 4/5] parser: Update equality tests for the new eavesdrop permission

Seth Arnold seth.arnold at canonical.com
Fri Dec 6 02:17:10 UTC 2013 

On Tue, Nov 19, 2013 at 06:16:24PM -0800, Tyler Hicks wrote:
> Rules using implied permissions may pick up the eavesdropping
> permission, depending on the conditionals present in the rule.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

> ---
>  parser/tst/equality.sh | 28 ++++++++++++++++++----------
>  1 file changed, 18 insertions(+), 10 deletions(-)
> 
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index e329a87..418043a 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -104,13 +104,21 @@ verify_binary_equality "dbus send + receive" \
>  	"/t { dbus rw, }" \
>  
>  verify_binary_equality "dbus all accesses" \
> -	"/t { dbus (send, receive, bind), }" \
> -	"/t { dbus (read, write, bind), }" \
> -	"/t { dbus (r, w, bind), }" \
> -	"/t { dbus (rw, bind), }" \
> +	"/t { dbus (send, receive, bind, eavesdrop), }" \
> +	"/t { dbus (read, write, bind, eavesdrop), }" \
> +	"/t { dbus (r, w, bind, eavesdrop), }" \
> +	"/t { dbus (rw, bind, eavesdrop), }" \
>  	"/t { dbus (), }" \
>  	"/t { dbus, }" \
>  
> +verify_binary_equality "dbus implied accesses with a bus conditional" \
> +	"/t { dbus (send, receive, bind, eavesdrop) bus=session, }" \
> +	"/t { dbus (read, write, bind, eavesdrop) bus=session, }" \
> +	"/t { dbus (r, w, bind, eavesdrop) bus=session, }" \
> +	"/t { dbus (rw, bind, eavesdrop) bus=session, }" \
> +	"/t { dbus () bus=session, }" \
> +	"/t { dbus bus=session, }" \
> +
>  verify_binary_equality "dbus implied accesses for services" \
>  	"/t { dbus bind name=com.foo, }" \
>  	"/t { dbus name=com.foo, }"
> @@ -141,12 +149,12 @@ verify_binary_equality "dbus element parsing" \
>  verify_binary_equality "dbus access parsing" \
>  	"/t { dbus, }" \
>  	"/t { dbus (), }" \
> -	"/t { dbus (send, receive, bind), }" \
> -	"/t { dbus (send receive bind), }" \
> -	"/t { dbus (send,	receive                  bind), }" \
> -	"/t { dbus (send,receive,bind), }" \
> -	"/t { dbus (send,receive,,,,,,,,,,,,,,,,bind), }" \
> -	"/t { dbus (send,send,send,send send receive,bind), }" \
> +	"/t { dbus (send, receive, bind, eavesdrop), }" \
> +	"/t { dbus (send receive bind eavesdrop), }" \
> +	"/t { dbus (send,	receive                  bind,  eavesdrop), }" \
> +	"/t { dbus (send,receive,bind,eavesdrop), }" \
> +	"/t { dbus (send,receive,,,,,,,,,,,,,,,,bind,eavesdrop), }" \
> +	"/t { dbus (send,send,send,send send receive,bind	eavesdrop), }" \
>  
>  verify_binary_equality "dbus variable expansion" \
>  	"/t { dbus (send, receive) path=/com/foo member=spork interface=org.foo peer=(name=com.foo label=/com/foo), }" \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131205/17065e9b/attachment-0001.pgp>

More information about the AppArmor mailing list