[apparmor] [patch] parser: add signal language tests
Steve Beattie
steve at nxnw.org
Fri Apr 25 22:59:31 UTC 2014
This patch adds basic signal tests to the parser's simple language
test suite.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/tst/simple_tests/signal/bad_01.sd | 9 +
parser/tst/simple_tests/signal/bad_02.sd | 9 +
parser/tst/simple_tests/signal/bad_03.sd | 9 +
parser/tst/simple_tests/signal/bad_04.sd | 9 +
parser/tst/simple_tests/signal/bad_05.sd | 9 +
parser/tst/simple_tests/signal/bad_06.sd | 9 +
parser/tst/simple_tests/signal/bad_07.sd | 9 +
parser/tst/simple_tests/signal/bad_08.sd | 9 +
parser/tst/simple_tests/signal/bad_09.sd | 9 +
parser/tst/simple_tests/signal/bad_10.sd | 9 +
parser/tst/simple_tests/signal/bad_11.sd | 9 +
parser/tst/simple_tests/signal/bad_12.sd | 9 +
parser/tst/simple_tests/signal/bad_13.sd | 8 +
parser/tst/simple_tests/signal/bad_14.sd | 8 +
parser/tst/simple_tests/signal/bad_15.sd | 8 +
parser/tst/simple_tests/signal/bad_16.sd | 8 +
parser/tst/simple_tests/signal/bad_17.sd | 8 +
parser/tst/simple_tests/signal/bad_18.sd | 8 +
parser/tst/simple_tests/signal/bad_19.sd | 8 +
parser/tst/simple_tests/signal/bad_20.sd | 8 +
parser/tst/simple_tests/signal/bad_21.sd | 8 +
parser/tst/simple_tests/signal/ok_01.sd | 9 +
parser/tst/simple_tests/signal/ok_02.sd | 9 +
parser/tst/simple_tests/signal/ok_03.sd | 9 +
parser/tst/simple_tests/signal/ok_04.sd | 9 +
parser/tst/simple_tests/signal/ok_05.sd | 18 +++
parser/tst/simple_tests/signal/ok_06.sd | 18 +++
parser/tst/simple_tests/signal/ok_07.sd | 21 ++++
parser/tst/simple_tests/signal/ok_08.sd | 31 ++++++
parser/tst/simple_tests/signal/ok_09.sd | 31 ++++++
parser/tst/simple_tests/signal/ok_10.sd | 135 +++++++++++++++++++++++++++++
parser/tst/simple_tests/signal/ok_11.sd | 39 ++++++++
parser/tst/simple_tests/signal/ok_12.sd | 24 +++++
parser/tst/simple_tests/signal/ok_13.sd | 24 +++++
parser/tst/simple_tests/signal/ok_14.sd | 9 +
parser/tst/simple_tests/signal/ok_15.sd | 9 +
parser/tst/simple_tests/signal/ok_16.sd | 21 ++++
parser/tst/simple_tests/signal/ok_17.sd | 19 ++++
parser/tst/simple_tests/signal/ok_18.sd | 135 +++++++++++++++++++++++++++++
parser/tst/simple_tests/signal/ok_19.sd | 11 ++
parser/tst/simple_tests/signal/ok_20.sd | 11 ++
parser/tst/simple_tests/signal/ok_21.sd | 12 ++
parser/tst/simple_tests/signal/rtsig_01.sd | 8 +
parser/tst/simple_tests/signal/rtsig_02.sd | 8 +
44 files changed, 800 insertions(+)
Index: b/parser/tst/simple_tests/signal/ok_01.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_01.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal all rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal,
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_02.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_02.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic deny signal all rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ deny signal,
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_03.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_03.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic allow signal all rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ allow signal,
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_04.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_04.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic audit signal all rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ audit signal,
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_05.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_05.sd
@@ -0,0 +1,18 @@
+#
+#=Description basic signal read rules
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal r,
+
+}
+
+/usr/bin/signal-test2 {
+ signal read,
+
+}
+
+/usr/bin/signal-test3 {
+ signal receive,
+
+}
Index: b/parser/tst/simple_tests/signal/ok_06.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_06.sd
@@ -0,0 +1,18 @@
+#
+#=Description basic signal write/send rules
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal w,
+
+}
+
+/usr/bin/signal-test2 {
+ signal write,
+
+}
+
+/usr/bin/signal-test3 {
+ signal send,
+
+}
Index: b/parser/tst/simple_tests/signal/ok_07.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_07.sd
@@ -0,0 +1,21 @@
+#
+#=Description basic signal mixed send/receive rules
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal r,
+ signal rw,
+
+}
+
+/usr/bin/signal-test2 {
+ signal read,
+ signal write,
+
+}
+
+/usr/bin/signal-test3 {
+ signal send,
+ signal receive,
+
+}
Index: b/parser/tst/simple_tests/signal/ok_08.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_08.sd
@@ -0,0 +1,31 @@
+#
+#=Description basic signal mixed send/receive rules
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal (r),
+ signal (rw),
+
+}
+
+/usr/bin/signal-test2 {
+ signal (r, w),
+ signal (read, write),
+
+}
+
+/usr/bin/signal-test3 {
+ signal (send, receive),
+
+}
+
+/usr/bin/signal-test4 {
+ signal (r send, receive, write, rw, send),
+ signal r,
+
+}
+
+/usr/bin/signal-test5 {
+ signal (r send,,,, receive,write,rw, send),
+}
+
Index: b/parser/tst/simple_tests/signal/ok_09.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_09.sd
@@ -0,0 +1,31 @@
+#
+#=Description basic signal mixed send/receive w/modifiers rules
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ deny signal (r),
+ audit signal (rw),
+
+}
+
+/usr/bin/signal-test2 {
+ allow signal (r, w),
+ audit signal (read, write),
+
+}
+
+/usr/bin/signal-test3 {
+ audit deny signal (send, receive),
+
+}
+
+/usr/bin/signal-test4 {
+ audit allow signal (r send, receive, write, rw, send),
+ deny signal r,
+
+}
+
+/usr/bin/signal-test5 {
+ deny signal (r send,,,, receive,write,rw, send),
+}
+
Index: b/parser/tst/simple_tests/signal/ok_10.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_10.sd
@@ -0,0 +1,135 @@
+#
+#=Description basic signal w/specific signals rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ signal set=(hup),
+}
+
+/usr/bin/signal-test2 {
+ signal set=(int),
+}
+
+/usr/bin/signal-test3 {
+ signal set=(quit),
+}
+
+/usr/bin/signal-test4 {
+ signal set=(ill),
+}
+
+/usr/bin/signal-test5 {
+ signal set=(trap),
+}
+
+/usr/bin/signal-test6 {
+ signal set=(abrt),
+}
+
+/usr/bin/signal-test7 {
+ signal set=(bus),
+}
+
+/usr/bin/signal-test8 {
+ signal set=(fpe),
+}
+
+/usr/bin/signal-test9 {
+ signal set=(kill),
+}
+
+/usr/bin/signal-test10 {
+ signal set=(usr1),
+}
+
+/usr/bin/signal-test11 {
+ signal set=(segv),
+}
+
+/usr/bin/signal-test12 {
+ signal set=(usr2),
+}
+
+/usr/bin/signal-test13 {
+ signal set=(pipe),
+}
+
+/usr/bin/signal-test14 {
+ signal set=(alrm),
+}
+
+/usr/bin/signal-test15 {
+ signal set=(term),
+}
+
+/usr/bin/signal-test16 {
+ signal set=(stkflt),
+}
+
+/usr/bin/signal-test17 {
+ signal set=(chld),
+}
+
+/usr/bin/signal-test18 {
+ signal set=(cont),
+}
+
+/usr/bin/signal-test19 {
+ signal set=(stop),
+}
+
+/usr/bin/signal-test20 {
+ signal set=(stp),
+}
+
+/usr/bin/signal-test21 {
+ signal set=(ttin),
+}
+
+/usr/bin/signal-test22 {
+ signal set=(ttou),
+}
+
+/usr/bin/signal-test23 {
+ signal set=(urg),
+}
+
+/usr/bin/signal-test24 {
+ signal set=(xcpu),
+}
+
+/usr/bin/signal-test25 {
+ signal set=(xfsz),
+}
+
+/usr/bin/signal-test26 {
+ signal set=(vtalrm),
+}
+
+/usr/bin/signal-test27 {
+ signal set=(prof),
+}
+
+/usr/bin/signal-test28 {
+ signal set=(winch),
+}
+
+/usr/bin/signal-test29 {
+ signal set=(io),
+}
+
+/usr/bin/signal-test30 {
+ signal set=(pwr),
+}
+
+/usr/bin/signal-test31 {
+ signal set=(sys),
+}
+
+/usr/bin/signal-test32 {
+ signal set=(emt),
+}
+
+/usr/bin/signal-test33 {
+ signal set=(exists),
+}
Index: b/parser/tst/simple_tests/signal/ok_11.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_11.sd
@@ -0,0 +1,39 @@
+#
+#=Description basic signal w/specific signals rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ signal r set=(hup),
+ signal rw set=(int),
+ signal receive set=(quit),
+ signal read set=(ill),
+ signal write set=(trap),
+ signal send set=(abrt),
+ allow signal set=(bus),
+ audit allow signal set=(fpe),
+ deny signal set=(kill),
+ audit deny signal set=(usr1),
+ allow signal (send, receive) set=(segv),
+ audit allow signal (r, write) set=(usr2),
+ deny signal (send) set=(pipe),
+ signal w set=(alrm),
+ audit signal set=(term),
+ audit signal (receive) set=(stkflt),
+ audit deny signal (send, receive) set=(chld),
+ signal read set=(cont),
+ signal write set=(stop),
+ signal rw set=(stp),
+ signal send set=(ttin),
+ signal receive set=(ttou),
+ signal (send receive) set=(urg),
+ signal (read write) set=(xcpu),
+ deny signal (send) set=(xfsz),
+ deny signal (send receive) set=(vtalrm),
+ audit signal (send) set=(prof),
+ audit signal (receive) set=(winch),
+ audit signal (send receive) set=(io),
+ allow signal set=(pwr),
+ allow signal (r) set=(sys),
+ allow signal (w, write send) set=(emt),
+ allow signal (r w) set=(exists),
+}
Index: b/parser/tst/simple_tests/signal/ok_12.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_12.sd
@@ -0,0 +1,24 @@
+#
+#=Description basic signal w/multiple signal set rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ signal set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test2 {
+ signal set=(hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt exists),
+}
+
+/usr/bin/signal-test3 {
+ signal send set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test4 {
+ signal (send, receive) set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test5 {
+ signal (send receive) set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
Index: b/parser/tst/simple_tests/signal/ok_13.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_13.sd
@@ -0,0 +1,24 @@
+#
+#=Description basic signal w/multiple signal set rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ audit signal set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test2 {
+ deny signal set=(hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt exists),
+}
+
+/usr/bin/signal-test3 {
+ allow signal send set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test4 {
+ audit allow signal (send, receive) set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
+/usr/bin/signal-test5 {
+ audit deny signal (send receive) set=(hup, int, quit, ill, trap, abrt, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, chld, cont, stop, stp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, io, pwr, sys, emt, exists),
+}
+
Index: b/parser/tst/simple_tests/signal/ok_14.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_14.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal w/peer rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal peer=/bin/init,
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_15.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_15.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal w/implicit profile name rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test {
+ signal peer=@{profile_name},
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_16.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_16.sd
@@ -0,0 +1,21 @@
+#
+#=Description basic signal w/multiple var names rule
+#=EXRESULT PASS
+#
+
+@{SHELLS}=/bin/bash /bin/dash /bin/tcsh
+
+/usr/bin/signal-test1 {
+ signal peer=@{SHELLS},
+
+}
+
+/usr/bin/signal-test2 {
+ signal (send) peer=@{SHELLS},
+
+}
+
+/usr/bin/signal-test3 {
+ signal (receive) peer=@{SHELLS},
+
+}
Index: b/parser/tst/simple_tests/signal/ok_17.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_17.sd
@@ -0,0 +1,19 @@
+#
+#=Description basic signal w/regex peer
+#=EXRESULT PASS
+#
+
+/usr/bin/signal-test1 {
+ signal (send) peer=/{**/,}bin/{sh,true},
+
+}
+
+/usr/bin/signal-test2 {
+ signal (receive) set=(fpe stop) peer=/sbin/{init,systend,upstart},
+
+}
+
+/usr/bin/signal-test3 {
+ audit deny signal receive set=(stop, int, usr1, usr2) peer=/**.{py,pl,rb},
+ signal receive set=(segv),
+}
Index: b/parser/tst/simple_tests/signal/bad_01.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_01.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal no parens permissions rule
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal read write send receive,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_02.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_02.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal no parens for signals
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal (read write send receive) set=stop stp,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_03.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_03.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal no parens for signals
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal (read write send receive) set=hup, int,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_04.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_04.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad peer
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal (read write send receive) set=(hup, int) peer=/bin/bash /bin/dash,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_05.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_05.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal set= inside parens
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send set=(hup segv set=int),
+
+}
+
Index: b/parser/tst/simple_tests/signal/ok_18.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_18.sd
@@ -0,0 +1,135 @@
+#
+#=Description basic signal w/specific signals rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ signal set=hup,
+}
+
+/usr/bin/signal-test2 {
+ signal set=int,
+}
+
+/usr/bin/signal-test3 {
+ signal set=quit,
+}
+
+/usr/bin/signal-test4 {
+ signal set=ill,
+}
+
+/usr/bin/signal-test5 {
+ signal set=trap,
+}
+
+/usr/bin/signal-test6 {
+ signal set=abrt,
+}
+
+/usr/bin/signal-test7 {
+ signal set=bus,
+}
+
+/usr/bin/signal-test8 {
+ signal set=fpe,
+}
+
+/usr/bin/signal-test9 {
+ signal set=kill,
+}
+
+/usr/bin/signal-test10 {
+ signal set=usr1,
+}
+
+/usr/bin/signal-test11 {
+ signal set=segv,
+}
+
+/usr/bin/signal-test12 {
+ signal set=usr2,
+}
+
+/usr/bin/signal-test13 {
+ signal set=pipe,
+}
+
+/usr/bin/signal-test14 {
+ signal set=alrm,
+}
+
+/usr/bin/signal-test15 {
+ signal set=term,
+}
+
+/usr/bin/signal-test16 {
+ signal set=stkflt,
+}
+
+/usr/bin/signal-test17 {
+ signal set=chld,
+}
+
+/usr/bin/signal-test18 {
+ signal set=cont,
+}
+
+/usr/bin/signal-test19 {
+ signal set=stop,
+}
+
+/usr/bin/signal-test20 {
+ signal set=stp,
+}
+
+/usr/bin/signal-test21 {
+ signal set=ttin,
+}
+
+/usr/bin/signal-test22 {
+ signal set=ttou,
+}
+
+/usr/bin/signal-test23 {
+ signal set=urg,
+}
+
+/usr/bin/signal-test24 {
+ signal set=xcpu,
+}
+
+/usr/bin/signal-test25 {
+ signal set=xfsz,
+}
+
+/usr/bin/signal-test26 {
+ signal set=vtalrm,
+}
+
+/usr/bin/signal-test27 {
+ signal set=prof,
+}
+
+/usr/bin/signal-test28 {
+ signal set=winch,
+}
+
+/usr/bin/signal-test29 {
+ signal set=io,
+}
+
+/usr/bin/signal-test30 {
+ signal set=pwr,
+}
+
+/usr/bin/signal-test31 {
+ signal set=sys,
+}
+
+/usr/bin/signal-test32 {
+ signal set=emt,
+}
+
+/usr/bin/signal-test33 {
+ signal set=exists,
+}
Index: b/parser/tst/simple_tests/signal/ok_19.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_19.sd
@@ -0,0 +1,11 @@
+#
+#=Description basic signal w/multiple signal set rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ signal set=hup set=int set=quit set=ill set=trap set=abrt set=bus
+ set=fpe set=kill set=usr1 set=segv set=usr2 set=pipe set=alrm
+ set=term set=stkflt set=chld set=cont set=stop set=stp
+ set=ttin set=ttou set=urg set=xcpu set=xfsz set=vtalrm
+ set=prof set=winch set=io set=pwr set=sys set=emt set=exists,
+}
Index: b/parser/tst/simple_tests/signal/ok_20.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_20.sd
@@ -0,0 +1,11 @@
+#
+#=Description basic signal w/multiple signal set rule
+#=EXRESULT PASS
+#
+
+/usr/bin/signal-test {
+ signal set=(hup int quit ill trap abrt)
+ set=(bus,fpe,,,kill,usr1)
+ set=segv set=usr2 set=pipe set=alrm set=term set=stkflt set=chld,
+}
+
Index: b/parser/tst/simple_tests/signal/ok_21.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/ok_21.sd
@@ -0,0 +1,12 @@
+#
+#=Description basic signal w/multiple signal set rule
+#=EXRESULT PASS
+#
+/usr/bin/signal-test1 {
+ audit signal send set=hup set=int set=quit set=ill set=trap,
+ deny signal receive set=abrt set=bus set=fpe set=kill set=usr1 set=segv,
+ allow signal receive set=usr2 set=pipe set=alrm set=term set=stkflt,
+ audit allow signal set=chld set=cont set=stop set=stp set=ttin,
+ audit deny signal set=(ttou, urg) set=(xcpu xfsz vtalrm , prof) set=winch set=io set=pwr set=sys set=emt set=exists,
+}
+
Index: b/parser/tst/simple_tests/signal/bad_06.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_06.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad perm
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal (read write send receive trace),
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_07.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_07.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad perm
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal tracedby,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_08.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_08.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal multiple peer entries
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send peer=foo peer=bar,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_09.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_09.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad signal
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send set=nohup,
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_10.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_10.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad signal
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send set=(nohup),
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_11.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_11.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic signal bad signal
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send set=(hup nohup),
+
+}
+
Index: b/parser/tst/simple_tests/signal/bad_12.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_12.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic bad signal 'lost'
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal send set=lost,
+
+}
+
Index: b/parser/tst/simple_tests/signal/rtsig_01.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/rtsig_01.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple rtsig test
+#=EXRESULT=PASS
+#
+
+/usr/bin/signal-test {
+ signal set=(rtmin+30 rtmin+0 rtmin+1),
+}
Index: b/parser/tst/simple_tests/signal/rtsig_02.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/rtsig_02.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple rtsig test
+#=EXRESULT=PASS
+#
+
+/usr/bin/signal-test {
+ signal set=(rtmin+20) set=rtmin+5 set=(rtmin+001, rtmin+8),
+}
Index: b/parser/tst/simple_tests/signal/bad_13.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_13.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bad rtmin value test
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal set=rtmin+33,
+}
Index: b/parser/tst/simple_tests/signal/bad_14.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_14.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bad rtmin value test
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal set=rtmin+-99,
+}
Index: b/parser/tst/simple_tests/signal/bad_15.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_15.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bad rtmin value test
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal set=hup set=stop set=bad set=ttin,
+}
Index: b/parser/tst/simple_tests/signal/bad_16.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_16.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bad 'in' keyword
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal set in (hup stop),
+}
Index: b/parser/tst/simple_tests/signal/bad_17.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_17.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bare set keyword
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal set,
+}
Index: b/parser/tst/simple_tests/signal/bad_18.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_18.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple bare peer keyword
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal peer,
+}
Index: b/parser/tst/simple_tests/signal/bad_19.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_19.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple signal w/bad option
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal options=(ro),
+}
Index: b/parser/tst/simple_tests/signal/bad_20.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_20.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple signal w/bad perm
+#=EXRESULT FAIL
+#
+
+/usr/bin/signal-test {
+ signal mr,
+}
Index: b/parser/tst/simple_tests/signal/bad_21.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/signal/bad_21.sd
@@ -0,0 +1,8 @@
+#
+#=Description signal w/bad regex expansion
+#=EXRESULT FAIL
+#
+/usr/bin/signal-test {
+ signal peer={/bin/true,
+
+}
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140425/e0a17028/attachment-0001.pgp>
More information about the AppArmor
mailing list