[apparmor] [PATCH 1/4] tests: Update the regression tests for v6 policy

Tyler Hicks tyhicks at canonical.com
Wed Mar 26 17:00:45 UTC 2014 

From: John Johansen <john.johansen at canonical.com>

This updates the regression tests for v6 policy. It refactors the
required_features test into a have_features fn, and a new
requires_features fn (renamed to catch all instances make sure they
where right)

The have_features fn is then applied to several test to make them
conditionally apply based off of availability of the feature
and policy version.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 tests/regression/apparmor/dbus_eavesdrop.sh   |  2 +-
 tests/regression/apparmor/dbus_message.sh     |  2 +-
 tests/regression/apparmor/dbus_service.sh     |  2 +-
 tests/regression/apparmor/prologue.inc        | 23 ++++++++++++++++++-----
 tests/regression/apparmor/tcp.sh              |  1 +
 tests/regression/apparmor/unix_fd_server.sh   | 12 +++++++-----
 tests/regression/apparmor/unix_socket_file.sh |  1 +
 7 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
index 8006003..fe26b91 100755
--- a/tests/regression/apparmor/dbus_eavesdrop.sh
+++ b/tests/regression/apparmor/dbus_eavesdrop.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 args="--session"
diff --git a/tests/regression/apparmor/dbus_message.sh b/tests/regression/apparmor/dbus_message.sh
index aeefe2a..30b1592 100755
--- a/tests/regression/apparmor/dbus_message.sh
+++ b/tests/regression/apparmor/dbus_message.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 listnames="--type=method_call --session --name=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames"
diff --git a/tests/regression/apparmor/dbus_service.sh b/tests/regression/apparmor/dbus_service.sh
index 8a44a2c..451a661 100755
--- a/tests/regression/apparmor/dbus_service.sh
+++ b/tests/regression/apparmor/dbus_service.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 service="--$bus --name=$dest $path $iface"
diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
index b50d3d5..396d203 100755
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -21,19 +21,32 @@
 #
 # For this file, functions are first, entry point code is at end, see "MAIN"
 
-required_features()
+#use $() to retreive the failure message or "true" if success
+have_features()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
-		echo "Kernel feature masks not supported. Skipping tests ..."
-		exit 0
+		echo "Kernel feature masks not supported."
+		return 1;
 	fi
 
 	for f in $@ ; do
 		if [ ! -e "/sys/kernel/security/apparmor/features/$f" ] ; then
-			echo "Required feature $f not available. Skipping tests ..."
-			exit 0
+			echo "Required feature '$f' not available."
+			return 2;
 		fi
 	done
+
+	echo "true"
+	return 0;
+}
+
+requires_features()
+{
+	local res=$(have_features $@)
+	if [ "$res" != "true" ] ; then
+		echo "$res. Skipping tests ..."
+		exit 0
+	fi
 }
 
 requires_query_interface()
diff --git a/tests/regression/apparmor/tcp.sh b/tests/regression/apparmor/tcp.sh
index f1c884d..73eff1b 100755
--- a/tests/regression/apparmor/tcp.sh
+++ b/tests/regression/apparmor/tcp.sh
@@ -15,6 +15,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
+requires_features network
 
 port=34567
 ip="127.0.0.1"
diff --git a/tests/regression/apparmor/unix_fd_server.sh b/tests/regression/apparmor/unix_fd_server.sh
index 4de3b26..6bc5158 100755
--- a/tests/regression/apparmor/unix_fd_server.sh
+++ b/tests/regression/apparmor/unix_fd_server.sh
@@ -132,10 +132,12 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
 sleep 1
 rm -f ${socket}
 
-# FAIL - confined client, no access to the socket file
+if [ "$(have_features policy/versions/v6)" == "true" ] ; then
+    # FAIL - confined client, no access to the socket file
 
-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
-runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client
+    genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
+    runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client
 
-sleep 1
-rm -f ${socket}
+    sleep 1
+    rm -f ${socket}
+fi
diff --git a/tests/regression/apparmor/unix_socket_file.sh b/tests/regression/apparmor/unix_socket_file.sh
index 6f38acb..dbb923c 100755
--- a/tests/regression/apparmor/unix_socket_file.sh
+++ b/tests/regression/apparmor/unix_socket_file.sh
@@ -27,6 +27,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
+requires_features policy/versions/v6
 
 client=$bin/unix_socket_file_client
 socket=${tmpdir}/unix_socket_file.sock
-- 
1.9.1

More information about the AppArmor mailing list