[apparmor] [PATCH 4/5] parser: Update equality tests for the new eavesdrop permission
Seth Arnold
seth.arnold at canonical.com
Fri Dec 6 02:17:10 UTC 2013
On Tue, Nov 19, 2013 at 06:16:24PM -0800, Tyler Hicks wrote:
> Rules using implied permissions may pick up the eavesdropping
> permission, depending on the conditionals present in the rule.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> parser/tst/equality.sh | 28 ++++++++++++++++++----------
> 1 file changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index e329a87..418043a 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -104,13 +104,21 @@ verify_binary_equality "dbus send + receive" \
> "/t { dbus rw, }" \
>
> verify_binary_equality "dbus all accesses" \
> - "/t { dbus (send, receive, bind), }" \
> - "/t { dbus (read, write, bind), }" \
> - "/t { dbus (r, w, bind), }" \
> - "/t { dbus (rw, bind), }" \
> + "/t { dbus (send, receive, bind, eavesdrop), }" \
> + "/t { dbus (read, write, bind, eavesdrop), }" \
> + "/t { dbus (r, w, bind, eavesdrop), }" \
> + "/t { dbus (rw, bind, eavesdrop), }" \
> "/t { dbus (), }" \
> "/t { dbus, }" \
>
> +verify_binary_equality "dbus implied accesses with a bus conditional" \
> + "/t { dbus (send, receive, bind, eavesdrop) bus=session, }" \
> + "/t { dbus (read, write, bind, eavesdrop) bus=session, }" \
> + "/t { dbus (r, w, bind, eavesdrop) bus=session, }" \
> + "/t { dbus (rw, bind, eavesdrop) bus=session, }" \
> + "/t { dbus () bus=session, }" \
> + "/t { dbus bus=session, }" \
> +
> verify_binary_equality "dbus implied accesses for services" \
> "/t { dbus bind name=com.foo, }" \
> "/t { dbus name=com.foo, }"
> @@ -141,12 +149,12 @@ verify_binary_equality "dbus element parsing" \
> verify_binary_equality "dbus access parsing" \
> "/t { dbus, }" \
> "/t { dbus (), }" \
> - "/t { dbus (send, receive, bind), }" \
> - "/t { dbus (send receive bind), }" \
> - "/t { dbus (send, receive bind), }" \
> - "/t { dbus (send,receive,bind), }" \
> - "/t { dbus (send,receive,,,,,,,,,,,,,,,,bind), }" \
> - "/t { dbus (send,send,send,send send receive,bind), }" \
> + "/t { dbus (send, receive, bind, eavesdrop), }" \
> + "/t { dbus (send receive bind eavesdrop), }" \
> + "/t { dbus (send, receive bind, eavesdrop), }" \
> + "/t { dbus (send,receive,bind,eavesdrop), }" \
> + "/t { dbus (send,receive,,,,,,,,,,,,,,,,bind,eavesdrop), }" \
> + "/t { dbus (send,send,send,send send receive,bind eavesdrop), }" \
>
> verify_binary_equality "dbus variable expansion" \
> "/t { dbus (send, receive) path=/com/foo member=spork interface=org.foo peer=(name=com.foo label=/com/foo), }" \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131205/17065e9b/attachment-0001.pgp>
More information about the AppArmor
mailing list