[apparmor] [PATCH 2/4] tests: Rename the unix_socket_file test to unix_socket
Seth Arnold
seth.arnold at canonical.com
Tue Aug 12 00:30:27 UTC 2014
On Mon, Aug 11, 2014 at 03:08:10PM -0500, Tyler Hicks wrote:
> Rename the test in preparation for expanding its capabilities to cover
> all UNIX domain socket address format types.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> tests/regression/apparmor/Makefile | 6 +-
> tests/regression/apparmor/unix_socket.c | 177 +++++++++++++++++++++
> tests/regression/apparmor/unix_socket.sh | 106 ++++++++++++
> tests/regression/apparmor/unix_socket_client.c | 126 +++++++++++++++
> tests/regression/apparmor/unix_socket_file.c | 177 ---------------------
> tests/regression/apparmor/unix_socket_file.sh | 106 ------------
> .../regression/apparmor/unix_socket_file_client.c | 126 ---------------
> 7 files changed, 412 insertions(+), 412 deletions(-)
> create mode 100644 tests/regression/apparmor/unix_socket.c
> create mode 100755 tests/regression/apparmor/unix_socket.sh
> create mode 100644 tests/regression/apparmor/unix_socket_client.c
> delete mode 100644 tests/regression/apparmor/unix_socket_file.c
> delete mode 100755 tests/regression/apparmor/unix_socket_file.sh
> delete mode 100644 tests/regression/apparmor/unix_socket_file_client.c
>
> diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
> index 2a420b8..13bc5d3 100644
> --- a/tests/regression/apparmor/Makefile
> +++ b/tests/regression/apparmor/Makefile
> @@ -114,8 +114,8 @@ SRC=access.c \
> tcp.c \
> unix_fd_client.c \
> unix_fd_server.c \
> - unix_socket_file.c \
> - unix_socket_file_client.c \
> + unix_socket.c \
> + unix_socket_client.c \
> unlink.c \
> xattrs.c
>
> @@ -183,7 +183,7 @@ TESTS=access \
> syscall \
> tcp \
> unix_fd_server \
> - unix_socket_file \
> + unix_socket \
> unlink\
> xattrs\
> longpath
> diff --git a/tests/regression/apparmor/unix_socket.c b/tests/regression/apparmor/unix_socket.c
> new file mode 100644
> index 0000000..76a4eb8
> --- /dev/null
> +++ b/tests/regression/apparmor/unix_socket.c
> @@ -0,0 +1,177 @@
> +/*
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, contact Canonical Ltd.
> + */
> +
> +#include <poll.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/socket.h>
> +#include <sys/types.h>
> +#include <sys/un.h>
> +#include <unistd.h>
> +
> +#define MSG_BUF_MAX 1024
> +
> +static int connection_based_messaging(int sock, char *msg_buf,
> + size_t msg_buf_len)
> +{
> + int peer_sock, rc;
> +
> + peer_sock = accept(sock, NULL, NULL);
> + if (peer_sock < 0) {
> + perror("FAIL - accept");
> + return 1;
> + }
> +
> + rc = write(peer_sock, msg_buf, msg_buf_len);
> + if (rc < 0) {
> + perror("FAIL - write");
> + return 1;
> + }
> +
> + rc = read(peer_sock, msg_buf, msg_buf_len);
> + if (rc < 0) {
> + perror("FAIL - read");
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +static int connectionless_messaging(int sock, char *msg_buf, size_t msg_buf_len)
> +{
> + struct sockaddr_un peer_addr;
> + socklen_t peer_addr_len = sizeof(peer_addr);
> + int rc;
> +
> + peer_addr.sun_family = AF_UNIX;
> + rc = recvfrom(sock, NULL, 0, 0, (struct sockaddr *)&peer_addr,
> + &peer_addr_len);
> + if (rc < 0) {
> + perror("FAIL - recvfrom");
> + return 1;
> + }
> +
> + rc = sendto(sock, msg_buf, msg_buf_len, 0,
> + (struct sockaddr *)&peer_addr, peer_addr_len);
> + if (rc < 0) {
> + perror("FAIL - sendto");
> + return 1;
> + }
> +
> + rc = recv(sock, msg_buf, msg_buf_len, 0);
> + if (rc < 0) {
> + perror("FAIL - recv");
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +int main (int argc, char *argv[])
> +{
> + struct sockaddr_un addr;
> + struct pollfd pfd;
> + char msg_buf[MSG_BUF_MAX];
> + size_t msg_buf_len;
> + pid_t pid;
> + int sock, type, rc;
> +
> + if (argc != 5) {
> + fprintf(stderr,
> + "Usage: %s <socket> <type> <message> <client>\n\n"
> + " type\t\tstream, dgram, or seqpacket\n",
> + argv[0]);
> + exit(1);
> + }
> +
> + if (!strcmp(argv[2], "stream")) {
> + type = SOCK_STREAM;
> + } else if (!strcmp(argv[2], "dgram")) {
> + type = SOCK_DGRAM;
> + } else if (!strcmp(argv[2], "seqpacket")) {
> + type = SOCK_SEQPACKET;
> + } else {
> + fprintf(stderr, "FAIL - bad socket type: %s\n", argv[2]);
> + exit(1);
> + }
> +
> + msg_buf_len = strlen(argv[3]) + 1;
> + if (msg_buf_len > MSG_BUF_MAX) {
> + fprintf(stderr, "FAIL - message too big\n");
> + exit(1);
> + }
> + memcpy(msg_buf, argv[3], msg_buf_len);
> +
> + sock = socket(AF_UNIX, type | SOCK_CLOEXEC, 0);
> + if (sock == -1) {
> + perror("FAIL - socket");
> + exit(1);
> + }
> +
> + addr.sun_family = AF_UNIX;
> + strcpy(addr.sun_path, argv[1]);
> + rc = bind(sock, (struct sockaddr *)&addr,
> + strlen(addr.sun_path) + sizeof(addr.sun_family));
> + if (rc < 0) {
> + perror("FAIL - bind");
> + exit(1);
> + }
> +
> + if (type & SOCK_STREAM || type & SOCK_SEQPACKET) {
> + rc = listen(sock, 2);
> + if (rc < 0) {
> + perror("FAIL - listen");
> + exit(1);
> + }
> + }
> +
> + pid = fork();
> + if (pid < 0) {
> + perror("FAIL - fork");
> + exit(1);
> + } else if (!pid) {
> + execl(argv[4], argv[4], argv[1], argv[2], NULL);
> + exit(0);
> + }
> +
> + pfd.fd = sock;
> + pfd.events = POLLIN;
> + rc = poll(&pfd, 1, 500);
> + if (rc < 0) {
> + perror("FAIL - poll");
> + exit(1);
> + } else if (!rc) {
> + fprintf(stderr, "FAIL - poll timed out\n");
> + exit(1);
> + }
> +
> + rc = (type & SOCK_STREAM || type & SOCK_SEQPACKET) ?
> + connection_based_messaging(sock, msg_buf, msg_buf_len) :
> + connectionless_messaging(sock, msg_buf, msg_buf_len);
> + if (rc)
> + exit(1);
> +
> + if (memcmp(argv[3], msg_buf, msg_buf_len)) {
> + msg_buf[msg_buf_len] = '\0';
> + fprintf(stderr, "FAIL - buffer comparison. Got \"%s\", expected \"%s\"\n",
> + msg_buf, argv[3]);
> + exit(1);
> + }
> +
> + printf("PASS\n");
> + exit(0);
> +}
> diff --git a/tests/regression/apparmor/unix_socket.sh b/tests/regression/apparmor/unix_socket.sh
> new file mode 100755
> index 0000000..470ea29
> --- /dev/null
> +++ b/tests/regression/apparmor/unix_socket.sh
> @@ -0,0 +1,106 @@
> +#! /bin/bash
> +#
> +# Copyright (C) 2013 Canonical, Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of version 2 of the GNU General Public
> +# License published by the Free Software Foundation.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program; if not, contact Canonical Ltd.
> +
> +#=NAME unix_socket
> +#=DESCRIPTION
> +# This tests file access to path-based unix domain sockets. The server
> +# opens a socket, forks a client with it's own profile, sends a message
> +# to the client over the socket, and sees what happens.
> +#=END
> +
> +pwd=`dirname $0`
> +pwd=`cd $pwd ; /bin/pwd`
> +
> +bin=$pwd
> +
> +. $bin/prologue.inc
> +requires_features policy/versions/v6
> +
> +client=$bin/unix_socket_client
> +socket=${tmpdir}/unix_socket.sock
> +message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\
> +8a738e1435a3b77aa6482a70fb51c44f20007221b85541b0184de66344d46a4c
> +okserver=w
> +badserver=r
> +
> +okclient=rw
> +badclient1=r
> +badclient2=w
> +
> +removesocket()
> +{
> + rm -f ${socket}
> +}
> +
> +testsocktype()
> +{
> + local socktype=$1 # socket type - stream, dgram, or seqpacket
> + local args="$socket $socktype $message $client"
> +
> + # PASS - unconfined
> +
> + runchecktest "socket file ($socktype); unconfined" pass $args
> + removesocket
> +
> + # PASS - server w/ access to the file
> +
> + genprofile $socket:$okserver $client:Ux
> + runchecktest "socket file ($socktype); confined server w/ access ($okserver)" pass $args
> + removesocket
> +
> + # FAIL - server w/o access to the file
> +
> + genprofile $client:Ux
> + runchecktest "socket file ($socktype); confined server w/o access" fail $args
> + removesocket
> +
> + # FAIL - server w/ bad access to the file
> +
> + genprofile $socket:$badserver $client:Ux
> + runchecktest "socket file ($socktype); confined server w/ bad access ($badserver)" fail $args
> + removesocket
> +
> + # PASS - client w/ access to the file
> +
> + genprofile $socket:$okserver $client:px -- image=$client $socket:$okclient
> + runchecktest "socket file ($socktype); confined client w/ access ($okclient)" pass $args
> + removesocket
> +
> + # FAIL - client w/o access to the file
> +
> + genprofile $socket:$okserver $client:px -- image=$client
> + runchecktest "socket file ($socktype); confined client w/o access" fail $args
> + removesocket
> +
> + # FAIL - client w/ bad access to the file
> +
> + genprofile $socket:$okserver $client:px -- image=$client $socket:$badclient1
> + runchecktest "socket file ($socktype); confined client w/ bad access ($badclient1)" fail $args
> + removesocket
> +
> + # FAIL - client w/ bad access to the file
> +
> + genprofile $socket:$okserver $client:px -- image=$client $socket:$badclient2
> + runchecktest "socket file ($socktype); confined client w/ bad access ($badclient2)" fail $args
> + removesocket
> +
> + removeprofile
> +}
> +
> +removesocket
> +testsocktype stream
> +testsocktype dgram
> +testsocktype seqpacket
> diff --git a/tests/regression/apparmor/unix_socket_client.c b/tests/regression/apparmor/unix_socket_client.c
> new file mode 100644
> index 0000000..73aa8ba
> --- /dev/null
> +++ b/tests/regression/apparmor/unix_socket_client.c
> @@ -0,0 +1,126 @@
> +/*
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, contact Canonical Ltd.
> + */
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/socket.h>
> +#include <sys/types.h>
> +#include <sys/un.h>
> +#include <unistd.h>
> +
> +#define MSG_BUF_MAX 1024
> +
> +static int connection_based_messaging(int sock)
> +{
> + char msg_buf[MSG_BUF_MAX];
> + int rc;
> +
> + rc = read(sock, msg_buf, MSG_BUF_MAX);
> + if (rc < 0) {
> + perror("FAIL CLIENT - read");
> + return 1;
> + }
> +
> + rc = write(sock, msg_buf, rc);
> + if (rc < 0) {
> + perror("FAIL CLIENT - write");
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +static int connectionless_messaging(int sock)
> +{
> + struct sockaddr_un addr;
> + char msg_buf[MSG_BUF_MAX];
> + int rc;
> +
> + addr.sun_family = AF_UNIX;
> + rc = bind(sock, (struct sockaddr *)&addr, sizeof(sa_family_t));
> + if (rc < 0) {
> + perror("FAIL CLIENT - bind");
> + return 1;
> + }
> +
> + rc = write(sock, NULL, 0);
> + if (rc < 0) {
> + perror("FAIL CLIENT - write");
> + return 1;
> + }
> +
> + rc = read(sock, msg_buf, MSG_BUF_MAX);
> + if (rc < 0) {
> + perror("FAIL CLIENT - read");
> + return 1;
> + }
> +
> + rc = write(sock, msg_buf, rc);
> + if (rc < 0) {
> + perror("FAIL CLIENT - write");
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +int main(int argc, char *argv[])
> +{
> + struct sockaddr_un peer_addr;
> + int sock, type, rc;
> +
> + if (argc != 3) {
> + fprintf(stderr, "Usage: %s <socket> <type>\n\n"
> + " type\t\tstream, dgram, or seqpacket\n",
> + argv[0]);
> + exit(1);
> + }
> +
> + if (!strcmp(argv[2], "stream")) {
> + type = SOCK_STREAM;
> + } else if (!strcmp(argv[2], "dgram")) {
> + type = SOCK_DGRAM;
> + } else if (!strcmp(argv[2], "seqpacket")) {
> + type = SOCK_SEQPACKET;
> + } else {
> + fprintf(stderr, "FAIL CLIENT - bad socket type: %s\n", argv[2]);
> + exit(1);
> + }
> +
> + sock = socket(AF_UNIX, type, 0);
> + if (sock < 0) {
> + perror("FAIL CLIENT - socket");
> + exit(1);
> + }
> +
> + peer_addr.sun_family = AF_UNIX;
> + strcpy(peer_addr.sun_path, argv[1]);
> + rc = connect(sock, (struct sockaddr *)&peer_addr,
> + strlen(peer_addr.sun_path) + sizeof(peer_addr.sun_family));
> + if (rc < 0) {
> + perror("FAIL CLIENT - connect");
> + exit(1);
> + }
> +
> + rc = (type == SOCK_STREAM || type == SOCK_SEQPACKET) ?
> + connection_based_messaging(sock) :
> + connectionless_messaging(sock);
> + if (rc)
> + exit(1);
> +
> + exit(0);
> +}
> diff --git a/tests/regression/apparmor/unix_socket_file.c b/tests/regression/apparmor/unix_socket_file.c
> deleted file mode 100644
> index 76a4eb8..0000000
> --- a/tests/regression/apparmor/unix_socket_file.c
> +++ /dev/null
> @@ -1,177 +0,0 @@
> -/*
> - * Copyright (C) 2013 Canonical, Ltd.
> - *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of version 2 of the GNU General Public
> - * License published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, contact Canonical Ltd.
> - */
> -
> -#include <poll.h>
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <string.h>
> -#include <sys/socket.h>
> -#include <sys/types.h>
> -#include <sys/un.h>
> -#include <unistd.h>
> -
> -#define MSG_BUF_MAX 1024
> -
> -static int connection_based_messaging(int sock, char *msg_buf,
> - size_t msg_buf_len)
> -{
> - int peer_sock, rc;
> -
> - peer_sock = accept(sock, NULL, NULL);
> - if (peer_sock < 0) {
> - perror("FAIL - accept");
> - return 1;
> - }
> -
> - rc = write(peer_sock, msg_buf, msg_buf_len);
> - if (rc < 0) {
> - perror("FAIL - write");
> - return 1;
> - }
> -
> - rc = read(peer_sock, msg_buf, msg_buf_len);
> - if (rc < 0) {
> - perror("FAIL - read");
> - return 1;
> - }
> -
> - return 0;
> -}
> -
> -static int connectionless_messaging(int sock, char *msg_buf, size_t msg_buf_len)
> -{
> - struct sockaddr_un peer_addr;
> - socklen_t peer_addr_len = sizeof(peer_addr);
> - int rc;
> -
> - peer_addr.sun_family = AF_UNIX;
> - rc = recvfrom(sock, NULL, 0, 0, (struct sockaddr *)&peer_addr,
> - &peer_addr_len);
> - if (rc < 0) {
> - perror("FAIL - recvfrom");
> - return 1;
> - }
> -
> - rc = sendto(sock, msg_buf, msg_buf_len, 0,
> - (struct sockaddr *)&peer_addr, peer_addr_len);
> - if (rc < 0) {
> - perror("FAIL - sendto");
> - return 1;
> - }
> -
> - rc = recv(sock, msg_buf, msg_buf_len, 0);
> - if (rc < 0) {
> - perror("FAIL - recv");
> - return 1;
> - }
> -
> - return 0;
> -}
> -
> -int main (int argc, char *argv[])
> -{
> - struct sockaddr_un addr;
> - struct pollfd pfd;
> - char msg_buf[MSG_BUF_MAX];
> - size_t msg_buf_len;
> - pid_t pid;
> - int sock, type, rc;
> -
> - if (argc != 5) {
> - fprintf(stderr,
> - "Usage: %s <socket> <type> <message> <client>\n\n"
> - " type\t\tstream, dgram, or seqpacket\n",
> - argv[0]);
> - exit(1);
> - }
> -
> - if (!strcmp(argv[2], "stream")) {
> - type = SOCK_STREAM;
> - } else if (!strcmp(argv[2], "dgram")) {
> - type = SOCK_DGRAM;
> - } else if (!strcmp(argv[2], "seqpacket")) {
> - type = SOCK_SEQPACKET;
> - } else {
> - fprintf(stderr, "FAIL - bad socket type: %s\n", argv[2]);
> - exit(1);
> - }
> -
> - msg_buf_len = strlen(argv[3]) + 1;
> - if (msg_buf_len > MSG_BUF_MAX) {
> - fprintf(stderr, "FAIL - message too big\n");
> - exit(1);
> - }
> - memcpy(msg_buf, argv[3], msg_buf_len);
> -
> - sock = socket(AF_UNIX, type | SOCK_CLOEXEC, 0);
> - if (sock == -1) {
> - perror("FAIL - socket");
> - exit(1);
> - }
> -
> - addr.sun_family = AF_UNIX;
> - strcpy(addr.sun_path, argv[1]);
> - rc = bind(sock, (struct sockaddr *)&addr,
> - strlen(addr.sun_path) + sizeof(addr.sun_family));
> - if (rc < 0) {
> - perror("FAIL - bind");
> - exit(1);
> - }
> -
> - if (type & SOCK_STREAM || type & SOCK_SEQPACKET) {
> - rc = listen(sock, 2);
> - if (rc < 0) {
> - perror("FAIL - listen");
> - exit(1);
> - }
> - }
> -
> - pid = fork();
> - if (pid < 0) {
> - perror("FAIL - fork");
> - exit(1);
> - } else if (!pid) {
> - execl(argv[4], argv[4], argv[1], argv[2], NULL);
> - exit(0);
> - }
> -
> - pfd.fd = sock;
> - pfd.events = POLLIN;
> - rc = poll(&pfd, 1, 500);
> - if (rc < 0) {
> - perror("FAIL - poll");
> - exit(1);
> - } else if (!rc) {
> - fprintf(stderr, "FAIL - poll timed out\n");
> - exit(1);
> - }
> -
> - rc = (type & SOCK_STREAM || type & SOCK_SEQPACKET) ?
> - connection_based_messaging(sock, msg_buf, msg_buf_len) :
> - connectionless_messaging(sock, msg_buf, msg_buf_len);
> - if (rc)
> - exit(1);
> -
> - if (memcmp(argv[3], msg_buf, msg_buf_len)) {
> - msg_buf[msg_buf_len] = '\0';
> - fprintf(stderr, "FAIL - buffer comparison. Got \"%s\", expected \"%s\"\n",
> - msg_buf, argv[3]);
> - exit(1);
> - }
> -
> - printf("PASS\n");
> - exit(0);
> -}
> diff --git a/tests/regression/apparmor/unix_socket_file.sh b/tests/regression/apparmor/unix_socket_file.sh
> deleted file mode 100755
> index dbb923c..0000000
> --- a/tests/regression/apparmor/unix_socket_file.sh
> +++ /dev/null
> @@ -1,106 +0,0 @@
> -#! /bin/bash
> -#
> -# Copyright (C) 2013 Canonical, Ltd.
> -#
> -# This program is free software; you can redistribute it and/or
> -# modify it under the terms of version 2 of the GNU General Public
> -# License published by the Free Software Foundation.
> -#
> -# This program is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -# GNU General Public License for more details.
> -#
> -# You should have received a copy of the GNU General Public License
> -# along with this program; if not, contact Canonical Ltd.
> -
> -#=NAME unix_socket_file
> -#=DESCRIPTION
> -# This tests file access to path-based unix domain sockets. The server
> -# opens a socket, forks a client with it's own profile, sends a message
> -# to the client over the socket, and sees what happens.
> -#=END
> -
> -pwd=`dirname $0`
> -pwd=`cd $pwd ; /bin/pwd`
> -
> -bin=$pwd
> -
> -. $bin/prologue.inc
> -requires_features policy/versions/v6
> -
> -client=$bin/unix_socket_file_client
> -socket=${tmpdir}/unix_socket_file.sock
> -message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\
> -8a738e1435a3b77aa6482a70fb51c44f20007221b85541b0184de66344d46a4c
> -okserver=w
> -badserver=r
> -
> -okclient=rw
> -badclient1=r
> -badclient2=w
> -
> -removesocket()
> -{
> - rm -f ${socket}
> -}
> -
> -testsocktype()
> -{
> - local socktype=$1 # socket type - stream, dgram, or seqpacket
> - local args="$socket $socktype $message $client"
> -
> - # PASS - unconfined
> -
> - runchecktest "socket file ($socktype); unconfined" pass $args
> - removesocket
> -
> - # PASS - server w/ access to the file
> -
> - genprofile $socket:$okserver $client:Ux
> - runchecktest "socket file ($socktype); confined server w/ access ($okserver)" pass $args
> - removesocket
> -
> - # FAIL - server w/o access to the file
> -
> - genprofile $client:Ux
> - runchecktest "socket file ($socktype); confined server w/o access" fail $args
> - removesocket
> -
> - # FAIL - server w/ bad access to the file
> -
> - genprofile $socket:$badserver $client:Ux
> - runchecktest "socket file ($socktype); confined server w/ bad access ($badserver)" fail $args
> - removesocket
> -
> - # PASS - client w/ access to the file
> -
> - genprofile $socket:$okserver $client:px -- image=$client $socket:$okclient
> - runchecktest "socket file ($socktype); confined client w/ access ($okclient)" pass $args
> - removesocket
> -
> - # FAIL - client w/o access to the file
> -
> - genprofile $socket:$okserver $client:px -- image=$client
> - runchecktest "socket file ($socktype); confined client w/o access" fail $args
> - removesocket
> -
> - # FAIL - client w/ bad access to the file
> -
> - genprofile $socket:$okserver $client:px -- image=$client $socket:$badclient1
> - runchecktest "socket file ($socktype); confined client w/ bad access ($badclient1)" fail $args
> - removesocket
> -
> - # FAIL - client w/ bad access to the file
> -
> - genprofile $socket:$okserver $client:px -- image=$client $socket:$badclient2
> - runchecktest "socket file ($socktype); confined client w/ bad access ($badclient2)" fail $args
> - removesocket
> -
> - removeprofile
> -}
> -
> -removesocket
> -testsocktype stream
> -testsocktype dgram
> -testsocktype seqpacket
> diff --git a/tests/regression/apparmor/unix_socket_file_client.c b/tests/regression/apparmor/unix_socket_file_client.c
> deleted file mode 100644
> index 73aa8ba..0000000
> --- a/tests/regression/apparmor/unix_socket_file_client.c
> +++ /dev/null
> @@ -1,126 +0,0 @@
> -/*
> - * Copyright (C) 2013 Canonical, Ltd.
> - *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of version 2 of the GNU General Public
> - * License published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, contact Canonical Ltd.
> - */
> -
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <string.h>
> -#include <sys/socket.h>
> -#include <sys/types.h>
> -#include <sys/un.h>
> -#include <unistd.h>
> -
> -#define MSG_BUF_MAX 1024
> -
> -static int connection_based_messaging(int sock)
> -{
> - char msg_buf[MSG_BUF_MAX];
> - int rc;
> -
> - rc = read(sock, msg_buf, MSG_BUF_MAX);
> - if (rc < 0) {
> - perror("FAIL CLIENT - read");
> - return 1;
> - }
> -
> - rc = write(sock, msg_buf, rc);
> - if (rc < 0) {
> - perror("FAIL CLIENT - write");
> - return 1;
> - }
> -
> - return 0;
> -}
> -
> -static int connectionless_messaging(int sock)
> -{
> - struct sockaddr_un addr;
> - char msg_buf[MSG_BUF_MAX];
> - int rc;
> -
> - addr.sun_family = AF_UNIX;
> - rc = bind(sock, (struct sockaddr *)&addr, sizeof(sa_family_t));
> - if (rc < 0) {
> - perror("FAIL CLIENT - bind");
> - return 1;
> - }
> -
> - rc = write(sock, NULL, 0);
> - if (rc < 0) {
> - perror("FAIL CLIENT - write");
> - return 1;
> - }
> -
> - rc = read(sock, msg_buf, MSG_BUF_MAX);
> - if (rc < 0) {
> - perror("FAIL CLIENT - read");
> - return 1;
> - }
> -
> - rc = write(sock, msg_buf, rc);
> - if (rc < 0) {
> - perror("FAIL CLIENT - write");
> - return 1;
> - }
> -
> - return 0;
> -}
> -
> -int main(int argc, char *argv[])
> -{
> - struct sockaddr_un peer_addr;
> - int sock, type, rc;
> -
> - if (argc != 3) {
> - fprintf(stderr, "Usage: %s <socket> <type>\n\n"
> - " type\t\tstream, dgram, or seqpacket\n",
> - argv[0]);
> - exit(1);
> - }
> -
> - if (!strcmp(argv[2], "stream")) {
> - type = SOCK_STREAM;
> - } else if (!strcmp(argv[2], "dgram")) {
> - type = SOCK_DGRAM;
> - } else if (!strcmp(argv[2], "seqpacket")) {
> - type = SOCK_SEQPACKET;
> - } else {
> - fprintf(stderr, "FAIL CLIENT - bad socket type: %s\n", argv[2]);
> - exit(1);
> - }
> -
> - sock = socket(AF_UNIX, type, 0);
> - if (sock < 0) {
> - perror("FAIL CLIENT - socket");
> - exit(1);
> - }
> -
> - peer_addr.sun_family = AF_UNIX;
> - strcpy(peer_addr.sun_path, argv[1]);
> - rc = connect(sock, (struct sockaddr *)&peer_addr,
> - strlen(peer_addr.sun_path) + sizeof(peer_addr.sun_family));
> - if (rc < 0) {
> - perror("FAIL CLIENT - connect");
> - exit(1);
> - }
> -
> - rc = (type == SOCK_STREAM || type == SOCK_SEQPACKET) ?
> - connection_based_messaging(sock) :
> - connectionless_messaging(sock);
> - if (rc)
> - exit(1);
> -
> - exit(0);
> -}
> --
> 2.1.0.rc1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140811/8a34e2c3/attachment-0001.pgp>
More information about the AppArmor
mailing list