[apparmor] [PATCH 5/5] tests: Add regression tests for dbus eavesdrop rules
Tyler Hicks
tyhicks at canonical.com
Wed Nov 20 02:16:25 UTC 2013
Simple regression test that calls AddMatch using a match string that
sets up eavesdropping on all method call messages.
The shell script file runs the test unconfined and under a variety of
confinement profiles to make sure that eavesdropping confinement is
working as intended.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
tests/regression/apparmor/Makefile | 5 +
tests/regression/apparmor/dbus_eavesdrop.c | 148 ++++++++++++++++++++++++++++
tests/regression/apparmor/dbus_eavesdrop.sh | 77 +++++++++++++++
3 files changed, 230 insertions(+)
create mode 100644 tests/regression/apparmor/dbus_eavesdrop.c
create mode 100755 tests/regression/apparmor/dbus_eavesdrop.sh
diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
index 623d1ac..0337b5d 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -23,6 +23,7 @@ SRC=access.c \
chown.c \
clone.c \
coredump.c \
+ dbus_eavesdrop.c \
dbus_message.c \
dbus_service.c \
deleted.c \
@@ -101,6 +102,7 @@ TESTS=access \
chdir \
clone \
coredump \
+ dbus_eavesdrop \
dbus_message \
dbus_service \
deleted \
@@ -152,6 +154,9 @@ changehat_pthread: changehat_pthread.c changehat.h
dbus_common.o: dbus_common.c dbus_common.h
${CC} ${CFLAGS} ${LDFLAGS} $^ -c ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
+dbus_eavesdrop: dbus_eavesdrop.c dbus_common.o
+ ${CC} ${CFLAGS} ${LDFLAGS} $^ -o dbus_eavesdrop ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
+
dbus_message: dbus_message.c dbus_common.o
${CC} ${CFLAGS} ${LDFLAGS} $^ -o dbus_message ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
diff --git a/tests/regression/apparmor/dbus_eavesdrop.c b/tests/regression/apparmor/dbus_eavesdrop.c
new file mode 100644
index 0000000..9ef8e2e
--- /dev/null
+++ b/tests/regression/apparmor/dbus_eavesdrop.c
@@ -0,0 +1,148 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/* dbus_service.c Utility program to attempt to eavesdrop on a bus
+ *
+ * Copyright (C) 2003 Philip Blundell <philb at gnu.org>
+ * Copyright (C) 2013 Canonical, Ltd.
+ *
+ * Originally dbus-send.c from the dbus package. It has been heavily modified
+ * to work within the regression test framework.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/file.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "dbus_common.h"
+
+DBusConnection *connection = NULL;
+DBusError error;
+DBusBusType type = DBUS_BUS_SESSION;
+const char *address = NULL;
+int session_or_system = FALSE;
+
+static void usage(void)
+{
+ fprintf(stderr, "Usage: dbus_eavesdrop [ADDRESS]\n\n"
+ " ADDRESS\t\t--system, --session (default), or --address=ADDR\n");
+}
+
+static int do_eavesdrop(void)
+{
+ dbus_bus_add_match(connection, "eavesdrop=true,type='method_call'",
+ &error);
+ if (dbus_error_is_set(&error)) {
+ fprintf(stderr, "FAIL: %s: %s\n", error.name, error.message);
+ dbus_error_free(&error);
+ return 1;
+ }
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int i, rc;
+
+ if (argc < 2) {
+ usage();
+ rc = 1;
+ goto out;
+ }
+
+ for (i = 1; i < argc; i++) {
+ char *arg = argv[i];
+
+ if (strcmp(arg, "--system") == 0) {
+ type = DBUS_BUS_SYSTEM;
+ session_or_system = TRUE;
+ } else if (strcmp(arg, "--session") == 0) {
+ type = DBUS_BUS_SESSION;
+ session_or_system = TRUE;
+ } else if (strstr(arg, "--address") == arg) {
+ address = strchr(arg, '=');
+
+ if (address == NULL) {
+ fprintf(stderr,
+ "FAIL: \"--address=\" requires an ADDRESS\n");
+ usage();
+ rc = 1;
+ goto out;
+ } else {
+ address = address + 1;
+ }
+ } else if (!strcmp(arg, "--help")) {
+ usage();
+ rc = 0;
+ goto out;
+ } else {
+ usage();
+ rc = 1;
+ goto out;
+ }
+ }
+
+ if ((session_or_system == FALSE && address == NULL) || i < argc) {
+ usage();
+ rc = 1;
+ goto out;
+ }
+
+ if (session_or_system && (address != NULL)) {
+ fprintf(stderr,
+ "FAIL: \"--address\" may not be used with \"--system\" or \"--session\"\n");
+ usage();
+ rc = 1;
+ goto out;
+ }
+
+ dbus_error_init(&error);
+
+ if (address != NULL)
+ connection = dbus_connection_open(address, &error);
+ else
+ connection = dbus_bus_get(type, &error);
+
+ if (connection == NULL) {
+ fprintf(stderr,
+ "FAIL: Failed to open connection to \"%s\" message bus: %s\n",
+ address ? address :
+ ((type == DBUS_BUS_SYSTEM) ? "system" : "session"),
+ error.message);
+ dbus_error_free(&error);
+ rc = 1;
+ goto out;
+ } else if (address != NULL)
+ dbus_bus_register(connection, &error);
+
+ rc = do_eavesdrop();
+
+out:
+ if (connection)
+ dbus_connection_unref(connection);
+
+ if (rc == 0)
+ printf("PASS\n");
+
+ exit(rc);
+}
diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
new file mode 100755
index 0000000..39e0796
--- /dev/null
+++ b/tests/regression/apparmor/dbus_eavesdrop.sh
@@ -0,0 +1,77 @@
+#! /bin/bash
+# Copyright (C) 2013 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME dbus_eavesdrop
+#=DESCRIPTION
+# This test verifies that dbus eavesdropping is restricted for confined
+# processes.
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+required_features dbus
+. $bin/dbus.inc
+
+args="--session"
+
+start_bus
+
+# Make sure we can eavesdrop unconfined
+
+settest dbus_eavesdrop
+
+runchecktest "eavesdrop (unconfined)" pass $args
+
+# Make sure we get denials when confined but not allowed
+
+genprofile
+runchecktest "eavesdrop (confined w/o dbus perms)" fail $args
+
+gendbusprofile "dbus send,"
+runchecktest "eavesdrop (confined w/ only send allowed)" fail $args
+
+gendbusprofile "dbus eavesdrop,"
+runchecktest "eavesdrop (confined w/ only eavesdrop allowed)" fail $args
+
+# Make sure we're okay when confined with appropriate permissions
+
+gendbusprofile "dbus,"
+runchecktest "eavesdrop (dbus allowed)" pass $args
+
+gendbusprofile "dbus (send eavesdrop),"
+runchecktest "eavesdrop (send, receive bind allowed)" pass $args
+
+gendbusprofile "dbus (send eavesdrop) bus=session,"
+runchecktest "eavesdrop (send, eavesdrop allowed w/ bus conditional)" pass $args
+
+gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus \
+ interface=org.freedesktop.DBus \
+ member=Hello, \
+ dbus send bus=session path=/org/freedesktop/DBus \
+ interface=org.freedesktop.DBus \
+ member=AddMatch, \
+ dbus eavesdrop bus=session,"
+runchecktest "eavesdrop (send, eavesdrop allowed w/ bus and send member conditionals)" pass $args
+
+gendbusprofile "dbus send, \
+ audit dbus eavesdrop,"
+runchecktest "eavesdrop (send allowed, eavesdrop audited)" pass $args
+
+# Make sure we're denied when confined without appropriate conditionals
+
+gendbusprofile "dbus send bus=session, \
+ dbus eavesdrop bus=system,"
+runchecktest "eavesdrop (wrong bus)" fail $args
+
+gendbusprofile "dbus send, \
+ deny dbus eavesdrop,"
+runchecktest "eavesdrop (send allowed, eavesdrop denied)" fail $args
--
1.8.3.2
More information about the AppArmor
mailing list