[apparmor] [PATCH] parser: Add DFA minimization equality tests for D-Bus rules
Tyler Hicks
tyhicks at canonical.com
Tue Dec 24 17:47:47 UTC 2013
Tests should be added for other rule types but this is a good start at
testing DFA minimization.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
parser/tst/equality.sh | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index 7370c61..c022927 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -192,6 +192,29 @@ verify_binary_equality "dbus variable expansion, ensure rule de-duping occurs" \
"@{FOO}=bar foo bar foo
/t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/@{FOO}, }"
+verify_binary_equality "dbus minimization with all perms" \
+ "/t { dbus, }" \
+ "/t { dbus bus=session, dbus, }" \
+ "/t { dbus (send, receive, bind, eavesdrop), dbus, }"
+
+verify_binary_equality "dbus minimization with bind" \
+ "/t { dbus bind, }" \
+ "/t { dbus bind bus=session, dbus bind, }" \
+ "/t { dbus bind bus=system name=com.foo, dbus bind, }"
+
+verify_binary_equality "dbus minimization with send and a bus conditional" \
+ "/t { dbus send bus=system, }" \
+ "/t { dbus send bus=system path=/com/foo interface=com.foo member=bar, dbus send bus=system, }" \
+ "/t { dbus send bus=system peer=(label=/usr/bin/foo), dbus send bus=system, }"
+
+verify_binary_equality "dbus minimization with an audit modifier" \
+ "/t { audit dbus eavesdrop, }" \
+ "/t { audit dbus eavesdrop bus=session, audit dbus eavesdrop, }"
+
+verify_binary_equality "dbus minimization with a deny modifier" \
+ "/t { deny dbus send bus=system peer=(name=com.foo), }" \
+ "/t { deny dbus send bus=system peer=(name=com.foo label=/usr/bin/foo), deny dbus send bus=system peer=(name=com.foo), }" \
+
if [ $fails -ne 0 -o $errors -ne 0 ]
then
printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
--
1.8.3.2
More information about the AppArmor
mailing list