[apparmor] [PATCH 2/2] tests: Add named_pipe tests containing bad parent and child perms

[Tyler Hicks]

Add two tests that verify AppArmor denials when one end of the pipe has
bad access permissions to the pipe.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 tests/regression/apparmor/named_pipe.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
index bc8c0e7..24c36a7 100755
--- a/tests/regression/apparmor/named_pipe.sh
+++ b/tests/regression/apparmor/named_pipe.sh
@@ -29,9 +29,11 @@ okperm=rw
 
 subparent=parent
 okparent=r
+badparent=w
 
 subchild=child
 okchild=w
+badchild=r
 
 # Add genprofile params that are common to all hats here
 common=""
@@ -93,3 +95,17 @@ genprofile hat:$subparent $common \
 	   hat:$subchild $common ${fifo}:${okchild}
 
 runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
+
+# PIPE - in separate subprofiles - bad access for child
+
+genprofile hat:$subparent $common ${fifo}:${okparent} \
+	   hat:$subchild $common ${fifo}:${badchild}
+
+runchecktest "NAMED PIPE bad child (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
+
+# PIPE - in separate subprofiles - bad access for parent
+
+genprofile hat:$subparent $common ${fifo}:${badparent} \
+	   hat:$subchild $common ${fifo}:${okchild}
+
+runchecktest "NAMED PIPE bad parent (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
-- 
1.9.1