[apparmor] [patch 22/26] Update test scripts for signal rules

Wed Apr 23 00:09:32 UTC 2014

On Tue, Apr 15, 2014 at 10:22:29AM -0700, john.johansen at canonical.com wrote:
> Update mkprofile.pl to generate signal rules and update test scripts to
> grant signal permissions when needed.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks


> ---
>  tests/regression/apparmor/exec.sh      |  6 +++---
>  tests/regression/apparmor/mkprofile.pl | 18 ++++++++++++++++++
>  tests/regression/apparmor/regex.sh     | 12 ++++++------
>  3 files changed, 27 insertions(+), 9 deletions(-)
> 
> diff --git a/tests/regression/apparmor/exec.sh b/tests/regression/apparmor/exec.sh
> index a1f7c91..07a8009 100755
> --- a/tests/regression/apparmor/exec.sh
> +++ b/tests/regression/apparmor/exec.sh
> @@ -43,19 +43,19 @@ runchecktest "EXEC with px" pass $file
>  
>  # FAIL TEST - px/no profile
>  
> -genprofile $file:$ok_px_perm
> +genprofile $file:$ok_px_perm signal:ALL
>  
>  runchecktest "EXEC with px - no profile" fail $file
>  
>  # NOLINK PERMTEST
>  
> -genprofile $file:$badperm
> +genprofile $file:$badperm signal:ALL
>  
>  runchecktest "EXEC no x" fail $file
>  
>  # MMAP exec
>  
> -genprofile $file:$bad_mx_perm
> +genprofile $file:$bad_mx_perm signal:ALL
>  
>  runchecktest "EXEC mmap x" fail $file
>  
> diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
> index e3f1598..fb9ae1b 100755
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -174,6 +174,22 @@ sub gen_cap($) {
>    }
>  }
>  
> +sub gen_signal($) {
> +    my $rule = shift;
> +    my @rules = split (/:/, $rule);
> +    if (@rules == 2) {
> +	if ($rules[1] =~ /^ALL$/) {
> +	    push (@{$output_rules{$hat}}, "  signal,\n");
> +	} else {
> +	    push (@{$output_rules{$hat}}, "  signal $rules[1],\n");
> +	}
> +    } elsif (@rules == 3) {
> +	push (@{$output_rules{$hat}}, "  signal $rules[1] $rules[2],\n");
> +    } else {
> +	(!$nowarn) && print STDERR "Warning: invalid signal description '$rule', ignored\n";
> +    }
> +}
> +
>  sub gen_mount($) {
>      my $rule = shift;
>      my @rules = split (/:/, $rule);
> @@ -332,6 +348,8 @@ sub gen_from_args() {
>        gen_network($rule);
>      } elsif ($rule =~ /^cap:/) {
>        gen_cap($rule);
> +    } elsif ($rule =~ /^signal:/) {
> +      gen_signal($rule);
>      } elsif ($rule =~ /^mount:/) {
>        gen_mount($rule);
>      } elsif ($rule =~ /^remount:/) {
> diff --git a/tests/regression/apparmor/regex.sh b/tests/regression/apparmor/regex.sh
> index 845a273..2bd764a 100755
> --- a/tests/regression/apparmor/regex.sh
> +++ b/tests/regression/apparmor/regex.sh
> @@ -148,25 +148,25 @@ genprofile /bin/t\?ue:$okperm
>  runchecktest "QUESTION MARK (exec)" pass $file
>  
>  # FAIL TEST - looking for *
> -genprofile /sbin/\*:$okperm
> +genprofile /sbin/\*:$okperm signal:ALL
>  runchecktest "SINGLE TAILGLOB (exec, fail)" fail $file
>  
>  # FAIL TEST - looking for **
> -genprofile /sbi\*\*:$okperm
> +genprofile /sbi\*\*:$okperm signal:ALL
>  runchecktest "DOUBLE TAILGLOB (exec, fail)" fail $file
>  
>  # FAIL TEST - looking for { , }
> -genprofile /bin/\{flase,false\}:$okperm
> +genprofile /bin/\{flase,false\}:$okperm signal:ALL
>  runchecktest "CURLY BRACES (exec, fail)" fail $file
>  
>  # FAIL TEST - looking for []
> -genprofile /bin/\[aef\]rue:$okperm
> +genprofile /bin/\[aef\]rue:$okperm signal:ALL
>  runchecktest "SQUARE BRACES 1 (exec, fail)" fail $file
>  
>  # FAIL TEST - looking for []
> -genprofile /bin/\[u-x\]rue:$okperm
> +genprofile /bin/\[u-x\]rue:$okperm signal:ALL
>  runchecktest "SQUARE BRACES 2 (exec, fail)" fail $file
>  
>  # FAIL TEST - looking for ?
> -genprofile /bin/b\?ue:$okperm
> +genprofile /bin/b\?ue:$okperm signal:ALL
>  runchecktest "QUESTION MARK (exec, fail)" fail $file
> -- 1.9.1
> 
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140422/e03be47f/attachment.pgp>