[apparmor] [PATCH] tests: Add more named pipe tests

Steve Beattie steve at nxnw.org
Tue Jun 10 05:15:08 UTC 2014 

On Thu, Jun 05, 2014 at 06:21:31PM -0500, Tyler Hicks wrote:
> Allow for the parent and child processes to change into separate hats to
> verify named pipe communications between hats with varying permissions.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>

Some additional test dimensions to consider:
 1) parent or child in a hat, but not the other
 2) wrong access to the named pipe in one hat (e.g. requires read, given
    write access)

Thanks!

> ---
>  tests/regression/apparmor/named_pipe.c  | 69 +++++++++++++++++++++++----------
>  tests/regression/apparmor/named_pipe.sh | 37 +++++++++++++++---
>  2 files changed, 79 insertions(+), 27 deletions(-)
> 
> diff --git a/tests/regression/apparmor/named_pipe.c b/tests/regression/apparmor/named_pipe.c
> index 382f779..8e1d1ad 100644
> --- a/tests/regression/apparmor/named_pipe.c
> +++ b/tests/regression/apparmor/named_pipe.c
> @@ -66,14 +66,6 @@ int do_parent (char * hat, char * file)
>  {
>  	int fd;
>  
> -	fd=open(file, O_RDONLY, 0);
> -	if (fd == -1){
> -		fprintf(stderr, "FAIL: open read %s failed - %s\n",
> -			file,
> -			strerror(errno));
> -		return 1;
> -	}
> -
>  	/* change hat if hatname != nochange */
>  	if (strcmp(hat, "nochange") != 0){
>  		if (change_hat(hat, SD_ID_MAGIC+1) == -1){
> @@ -83,21 +75,28 @@ int do_parent (char * hat, char * file)
>  		}
>  	}
>  
> -	return(do_read(fd));
> -}
> -
> -int do_child (char * hat, char * file)
> -{
> -	int fd;
> +	if (alarm(5) != 0) {
> +		fprintf(stderr, "FAIL: alarm already set\n");
> +		exit(1);
> +	}
>  
> -	fd=open(file, O_WRONLY, 0);
> +	fd=open(file, O_RDONLY, 0);
>  	if (fd == -1){
> -		fprintf(stderr, "FAIL: open write %s failed - %s\n",
> +		fprintf(stderr, "FAIL: open read %s failed - %s\n",
>  			file,
>  			strerror(errno));
>  		return 1;
>  	}
>  
> +	alarm(0);
> +
> +	return(do_read(fd));
> +}
> +
> +int do_child (char * hat, char * file)
> +{
> +	int fd;
> +
>  	/* change hat if hatname != nochange */
>  	if (strcmp(hat, "nochange") != 0){
>  		if (change_hat(hat, SD_ID_MAGIC+1) == -1){
> @@ -107,22 +106,49 @@ int do_child (char * hat, char * file)
>  		}
>  	}
>  
> +	fd=open(file, O_WRONLY, 0);
> +	if (fd == -1){
> +		fprintf(stderr, "FAIL: open write %s failed - %s\n",
> +			file,
> +			strerror(errno));
> +		return 1;
> +	}
> +
>  	return (do_write(fd));
>  }
>  
> +pid_t pid = -1;
> +
> +void kill_child(void)
> +{
> +	if (pid > 0)
> +		kill(pid, SIGKILL);
> +}
> +
> +void sigalrm_handler(int sig)
> +{
> +	fprintf(stderr, "FAIL: parent timed out waiting for child\n");
> +	exit(1);
> +}
> +
>  int main(int argc, char *argv[])
>  {
>  	int rc;
> -	pid_t pid;
>  	int waitstatus;
>  	int read_error = 0;
>  
> -	if (argc != 3){
> -		fprintf(stderr, "usage: %s hatname filename\n",
> +	if (argc != 4){
> +		fprintf(stderr, "usage: %s parent_hatname child_hatname filename\n",
>  			argv[0]);
>  		return 1;
>  	}
>  
> +	if (signal(SIGALRM, sigalrm_handler) == SIG_ERR) {
> +		fprintf(stderr, "FAIL: signal failed - %s\n",
> +			strerror(errno));
> +		exit(1);
> +	}
> +
>  	pid = fork();
>  	if (pid == -1) {
>  		fprintf(stderr, "FAIL: fork failed - %s\n",
> @@ -130,7 +156,8 @@ int main(int argc, char *argv[])
>  		exit(1);
>  	} else if (pid != 0) {
>  		/* parent */
> -		read_error = do_parent(argv[1], argv[2]);
> +		atexit(kill_child);
> +		read_error = do_parent(argv[1], argv[3]);
>  		rc = wait(&waitstatus);
>  		if (rc == -1){
>  			fprintf(stderr, "FAIL: wait failed - %s\n",
> @@ -139,7 +166,7 @@ int main(int argc, char *argv[])
>  		}
>  	} else {
>  		/* child */
> -		exit(do_child(argv[1], argv[2]));
> +		exit(do_child(argv[2], argv[3]));
>  	}
>  
>  	if ((WIFEXITED(waitstatus) != 0) && (WEXITSTATUS(waitstatus) == 0) 
> diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
> index 9253bd4..0b09daf 100755
> --- a/tests/regression/apparmor/named_pipe.sh
> +++ b/tests/regression/apparmor/named_pipe.sh
> @@ -22,38 +22,63 @@ bin=$pwd
>  
>  . $bin/prologue.inc
>  
> -subtest=sub
>  fifo=${tmpdir}/pipe
> +
> +subtest=sub
>  okperm=rw
>  
> +subparent=parent
> +okparent=r
> +
> +subchild=child
> +okchild=w
> +
>  mknod ${fifo} p
>  
>  # NAMED PIPE - no confinement 
>  
> -runchecktest "NAMED PIPE (no confinement)" pass nochange ${fifo}
> +runchecktest "NAMED PIPE (no confinement)" pass nochange nochange ${fifo}
>  
>  # PIPE - confined.
>  
>  #rm -f ${fifo} && mknod ${fifo} p
>  genprofile $fifo:${okperm}
> -runchecktest "NAMED PIPE RW (confinement)" pass nochange ${fifo}
> +runchecktest "NAMED PIPE RW (confinement)" pass nochange nochange ${fifo}
>  
>  # PIPE - confined - no access.
>  
>  #rm -f ${fifo} && mknod ${fifo} p
>  genprofile 
> -runchecktest "NAMED PIPE (confinement)" fail nochange ${fifo}
> +runchecktest "NAMED PIPE (confinement)" fail nochange nochange ${fifo}
>  
>  # PIPE - in a subprofile.
>  
>  #rm -f ${fifo} && mknod ${fifo} p
>  genprofile ${fifo}:${okperm} hat:$subtest ${fifo}:${okperm}
>  
> -runchecktest "NAMED PIPE RW (subprofile)" pass ${subtest} ${fifo}
> +runchecktest "NAMED PIPE RW (subprofile)" pass ${subtest} ${subtest} ${fifo}
>  
>  # PIPE - in a subprofile - no access
>  
>  #rm -f ${fifo} && mknod ${fifo} p
>  genprofile ${fifo}:${okperm} hat:$subtest
>  
> -runchecktest "NAMED PIPE (subprofile)" fail ${subtest} ${fifo}
> +runchecktest "NAMED PIPE (subprofile)" fail ${subtest} ${subtest} ${fifo}
> +
> +# PIPE - in separate subprofiles
> +
> +genprofile hat:$subparent ${fifo}:${okparent} hat:$subchild ${fifo}:${okchild}
> +
> +runchecktest "NAMED PIPE RW (parent & child subprofiles)" pass ${subparent} ${subchild} ${fifo}
> +
> +# PIPE - in separate subprofiles - no access for child
> +
> +genprofile hat:$subparent ${fifo}:${okparent} hat:$subchild
> +
> +runchecktest "NAMED PIPE R (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
> +
> +# PIPE - in separate subprofiles - no access for parent
> +
> +genprofile hat:$subparent hat:$subchild ${fifo}:${okchild}
> +
> +runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140609/4d9db544/attachment.pgp>

More information about the AppArmor mailing list