[apparmor] [patch 30/26] add ptrace praser language tests
Steve Beattie
steve at nxnw.org
Thu Apr 3 18:17:44 UTC 2014
This patch adds a bunch of language parsing tests for ptrace.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/tst/simple_tests/ptrace/bad_01.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_02.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_03.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_04.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_05.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_06.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_07.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_08.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_09.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/bad_10.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_01.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_02.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_03.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_04.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_05.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_06.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_07.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_08.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_09.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_10.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_11.sd | 12 ++++++++++++
parser/tst/simple_tests/ptrace/ok_12.sd | 11 +++++++++++
parser/tst/simple_tests/ptrace/ok_13.sd | 13 +++++++++++++
parser/tst/simple_tests/ptrace/ok_14.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_15.sd | 8 ++++++++
parser/tst/simple_tests/ptrace/ok_16.sd | 14 ++++++++++++++
parser/tst/simple_tests/ptrace/ok_17.sd | 10 ++++++++++
parser/tst/simple_tests/ptrace/ok_18.sd | 11 +++++++++++
parser/tst/simple_tests/ptrace/ok_19.sd | 15 +++++++++++++++
parser/tst/simple_tests/ptrace/ok_20.sd | 9 +++++++++
parser/tst/simple_tests/ptrace/ok_21.sd | 9 +++++++++
parser/tst/simple_tests/ptrace/ok_22.sd | 15 +++++++++++++++
32 files changed, 295 insertions(+)
Index: b/parser/tst/simple_tests/ptrace/ok_01.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_02.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic deny ptrace all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny ptrace,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_03.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_03.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic allow ptrace all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow ptrace,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_04.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_04.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic audit ptrace all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit ptrace,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_05.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_05.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace read rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace read,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_06.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_06.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace trace rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace trace,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_07.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_07.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace readby rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace readby,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_08.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_08.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace tracedby all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace tracedby,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_09.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_09.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace read and trace all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (read, trace) ,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_10.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_10.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace readby and tracedby all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (readby, tracedby) ,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_11.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_11.sd
@@ -0,0 +1,12 @@
+#
+#=Description basic ptrace all perms rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (read, readby, trace, tracedby) ,
+ ptrace read,
+ ptrace readby,
+ ptrace trace,
+ ptrace tracedby,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_01.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace all perms rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace read readby trace tracedby ,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_12.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_12.sd
@@ -0,0 +1,11 @@
+#
+#=Description basic ptrace all perms rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (read readby trace tracedby) ,
+ ptrace (read, readby) ,
+ ptrace trace,
+ ptrace tracedby,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_13.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_13.sd
@@ -0,0 +1,13 @@
+#
+#=Description basic ptrace all perms rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (read readby trace write tracedby r w rw) ,
+ ptrace (w read, r rw, write) ,
+ ptrace r,
+ ptrace rw,
+ ptrace w,
+ ptrace write,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_14.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_14.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace list perms rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace (w read, r rw,,,, tracedby ) ,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_02.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace bad peer rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace /bin/true ,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_15.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_15.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace peer perms rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ ptrace peer=/bin/true,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_03.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_03.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace bad peer rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace read peer=/sbin/init /bin/bash,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_04.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_04.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace bad multi-peer perms rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace peer=/bin/true peer=/sbin/init peer=MY_PROFILE,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_16.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_16.sd
@@ -0,0 +1,14 @@
+#
+#=Description basic ptrace peer perms rule
+#=EXRESULT PASS
+#
+
+@{SHELL}=/bin/bash
+
+/usr/bin/foo {
+ ptrace peer=/bin/true,
+ ptrace peer=/sbin/init,
+ ptrace peer=@{SHELL},
+ ptrace peer=SOME_OTHER_PROFILE,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_17.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_17.sd
@@ -0,0 +1,10 @@
+#
+#=Description ptrace peer w/implicit profile name rule
+#=EXRESULT PASS
+#
+
+
+/usr/bin/foo {
+ ptrace peer=@{profile_name},
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_18.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_18.sd
@@ -0,0 +1,11 @@
+#
+#=Description ptrace peer w/multiple var names rule
+#=EXRESULT PASS
+#
+
+@{SHELLS}=/bin/bash /bin/dash /bin/tcsh
+
+/usr/bin/foo {
+ ptrace peer=@{SHELLS},
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_19.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_19.sd
@@ -0,0 +1,15 @@
+#
+#=Description ptrace peer w/perms rule
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ ptrace read peer=/bin/sh,
+ ptrace write peer=/bin/true,
+ ptrace trace peer=/bin/false,
+ ptrace readby peer=/sbin/init,
+ ptrace tracedby peer=/usr/bin/gdb,
+ ptrace rw peer=/usr/bin/top,
+ ptrace (readby, tracedby) peer=/usr/bin/valgrind,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_20.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_20.sd
@@ -0,0 +1,9 @@
+#
+#=Description ptrace regex peer rule
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ ptrace read peer=/{**/,}bin/{sh,true},
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_05.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_05.sd
@@ -0,0 +1,8 @@
+#
+#=Description capability + ptrace merged rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ capability ptrace trace,
+
+}
Index: b/parser/tst/simple_tests/ptrace/bad_06.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_06.sd
@@ -0,0 +1,8 @@
+#
+#=Description capability + ptrace merged rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ capability sys_ptrace peer=/dev/null,
+
+}
Index: b/parser/tst/simple_tests/ptrace/bad_07.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_07.sd
@@ -0,0 +1,8 @@
+#
+#=Description peer not allowed perms list
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace (read readby peer=/dev/null),
+
+}
Index: b/parser/tst/simple_tests/ptrace/bad_08.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_08.sd
@@ -0,0 +1,8 @@
+#
+#=Description ptrace w/non ptrace modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace bus=session,
+
+}
Index: b/parser/tst/simple_tests/ptrace/ok_21.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_21.sd
@@ -0,0 +1,9 @@
+#
+#=Description ptrace regex peer rule
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ deny ptrace read peer=/{**/,}bin/{sh,true},
+
+ }
Index: b/parser/tst/simple_tests/ptrace/ok_22.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/ok_22.sd
@@ -0,0 +1,15 @@
+#
+#=Description ptrace peer w/perms and misc modifiers rule
+#=EXRESULT PASS
+#
+
+/usr/bin/foo {
+ deny ptrace read peer=/bin/sh,
+ allow ptrace write peer=/bin/true,
+ audit ptrace trace peer=/bin/false,
+ audit deny ptrace readby peer=/sbin/init,
+ audit allow ptrace tracedby peer=/usr/bin/gdb,
+ ptrace rw peer=/usr/bin/top,
+ deny ptrace (readby, tracedby) peer=/usr/bin/valgrind,
+
+ }
Index: b/parser/tst/simple_tests/ptrace/bad_09.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_09.sd
@@ -0,0 +1,8 @@
+#
+#=Description ptrace w/owner
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner ptrace r,
+
+}
Index: b/parser/tst/simple_tests/ptrace/bad_10.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/ptrace/bad_10.sd
@@ -0,0 +1,8 @@
+#
+#=Description ptrace w/bad regex expansion
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ ptrace peer={/bin/true,
+
+}
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140403/3ef6dec1/attachment-0001.pgp>
More information about the AppArmor
mailing list