[apparmor] [patch 30/26] add ptrace praser language tests

John Johansen john.johansen at canonical.com
Thu Apr 3 19:45:49 UTC 2014 

On 04/03/2014 11:17 AM, Steve Beattie wrote:
> This patch adds a bunch of language parsing tests for ptrace.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  parser/tst/simple_tests/ptrace/bad_01.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_02.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_03.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_04.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_05.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_06.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_07.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_08.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_09.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/bad_10.sd |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_01.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_02.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_03.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_04.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_05.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_06.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_07.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_08.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_09.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_10.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_11.sd  |   12 ++++++++++++
>  parser/tst/simple_tests/ptrace/ok_12.sd  |   11 +++++++++++
>  parser/tst/simple_tests/ptrace/ok_13.sd  |   13 +++++++++++++
>  parser/tst/simple_tests/ptrace/ok_14.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_15.sd  |    8 ++++++++
>  parser/tst/simple_tests/ptrace/ok_16.sd  |   14 ++++++++++++++
>  parser/tst/simple_tests/ptrace/ok_17.sd  |   10 ++++++++++
>  parser/tst/simple_tests/ptrace/ok_18.sd  |   11 +++++++++++
>  parser/tst/simple_tests/ptrace/ok_19.sd  |   15 +++++++++++++++
>  parser/tst/simple_tests/ptrace/ok_20.sd  |    9 +++++++++
>  parser/tst/simple_tests/ptrace/ok_21.sd  |    9 +++++++++
>  parser/tst/simple_tests/ptrace/ok_22.sd  |   15 +++++++++++++++
>  32 files changed, 295 insertions(+)
> 
> Index: b/parser/tst/simple_tests/ptrace/ok_01.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_01.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_02.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_02.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic deny ptrace all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  deny ptrace,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_03.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_03.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic allow ptrace all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  allow ptrace,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_04.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_04.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic audit ptrace all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  audit ptrace,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_05.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_05.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace read rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace read,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_06.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_06.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace trace rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace trace,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_07.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_07.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace readby rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace readby,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_08.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_08.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace tracedby all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace tracedby,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_09.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_09.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace read and trace all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (read, trace) ,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_10.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_10.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace readby and tracedby all rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (readby, tracedby) ,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_11.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_11.sd
> @@ -0,0 +1,12 @@
> +#
> +#=Description basic ptrace all perms rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (read, readby, trace, tracedby) ,
> +  ptrace read,
> +  ptrace readby,
> +  ptrace trace,
> +  ptrace tracedby,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_01.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_01.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace all perms rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace read readby trace tracedby ,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_12.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_12.sd
> @@ -0,0 +1,11 @@
> +#
> +#=Description basic ptrace all perms rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (read readby trace tracedby) ,
> +  ptrace (read, readby) ,
> +  ptrace trace,
> +  ptrace tracedby,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_13.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_13.sd
> @@ -0,0 +1,13 @@
> +#
> +#=Description basic ptrace all perms rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (read readby trace write tracedby r w rw) ,
> +  ptrace (w read, r rw, write) ,
> +  ptrace r,
> +  ptrace rw,
> +  ptrace w,
> +  ptrace write,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_14.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_14.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace list perms rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace (w read, r rw,,,, tracedby ) ,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_02.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_02.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace bad peer rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace /bin/true ,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_15.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_15.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace peer perms rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  ptrace peer=/bin/true,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_03.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_03.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace bad peer rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace read peer=/sbin/init /bin/bash,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_04.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_04.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description basic ptrace bad multi-peer perms rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace peer=/bin/true peer=/sbin/init peer=MY_PROFILE,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_16.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_16.sd
> @@ -0,0 +1,14 @@
> +#
> +#=Description basic ptrace peer perms rule
> +#=EXRESULT PASS
> +#
> +
> +@{SHELL}=/bin/bash
> +
> +/usr/bin/foo {
> +  ptrace peer=/bin/true,
> +  ptrace peer=/sbin/init,
> +  ptrace peer=@{SHELL},
> +  ptrace peer=SOME_OTHER_PROFILE,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_17.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_17.sd
> @@ -0,0 +1,10 @@
> +#
> +#=Description ptrace peer w/implicit profile name rule
> +#=EXRESULT PASS
> +#
> +
> +
> +/usr/bin/foo {
> +  ptrace peer=@{profile_name},
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_18.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_18.sd
> @@ -0,0 +1,11 @@
> +#
> +#=Description ptrace peer w/multiple var names rule
> +#=EXRESULT PASS
> +#
> +
> +@{SHELLS}=/bin/bash /bin/dash /bin/tcsh
> +
> +/usr/bin/foo {
> +  ptrace peer=@{SHELLS},
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_19.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_19.sd
> @@ -0,0 +1,15 @@
> +#
> +#=Description ptrace peer w/perms rule
> +#=EXRESULT PASS
> +#
> +
> +/usr/bin/foo {
> +  ptrace read peer=/bin/sh,
> +  ptrace write peer=/bin/true,
> +  ptrace trace peer=/bin/false,
> +  ptrace readby peer=/sbin/init,
> +  ptrace tracedby peer=/usr/bin/gdb,
> +  ptrace rw peer=/usr/bin/top,
> +  ptrace (readby, tracedby) peer=/usr/bin/valgrind,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_20.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_20.sd
> @@ -0,0 +1,9 @@
> +#
> +#=Description ptrace regex peer rule
> +#=EXRESULT PASS
> +#
> +
> +/usr/bin/foo {
> +  ptrace read peer=/{**/,}bin/{sh,true},
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_05.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_05.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description capability + ptrace merged rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  capability ptrace trace,
> +
> +}
> Index: b/parser/tst/simple_tests/ptrace/bad_06.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_06.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description capability + ptrace merged rule
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  capability sys_ptrace peer=/dev/null,
> +
> +}
> Index: b/parser/tst/simple_tests/ptrace/bad_07.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_07.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description peer not allowed perms list
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace (read readby peer=/dev/null),
> +
> +}
> Index: b/parser/tst/simple_tests/ptrace/bad_08.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_08.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description ptrace w/non ptrace modifier
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace bus=session,
> +
> +}
> Index: b/parser/tst/simple_tests/ptrace/ok_21.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_21.sd
> @@ -0,0 +1,9 @@
> +#
> +#=Description ptrace regex peer rule
> +#=EXRESULT PASS
> +#
> +
> +/usr/bin/foo {
> +  deny ptrace read peer=/{**/,}bin/{sh,true},
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/ok_22.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/ok_22.sd
> @@ -0,0 +1,15 @@
> +#
> +#=Description ptrace peer w/perms and misc modifiers rule
> +#=EXRESULT PASS
> +#
> +
> +/usr/bin/foo {
> +  deny ptrace read peer=/bin/sh,
> +  allow ptrace write peer=/bin/true,
> +  audit ptrace trace peer=/bin/false,
> +  audit deny ptrace readby peer=/sbin/init,
> +  audit allow ptrace tracedby peer=/usr/bin/gdb,
> +  ptrace rw peer=/usr/bin/top,
> +  deny ptrace (readby, tracedby) peer=/usr/bin/valgrind,
> +
> +  }
> Index: b/parser/tst/simple_tests/ptrace/bad_09.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_09.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description ptrace w/owner
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  owner ptrace r,
> +
> +}
> Index: b/parser/tst/simple_tests/ptrace/bad_10.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/ptrace/bad_10.sd
> @@ -0,0 +1,8 @@
> +#
> +#=Description ptrace w/bad regex expansion
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +  ptrace peer={/bin/true,
> +
> +}
> 
> 
>

More information about the AppArmor mailing list