[apparmor] [PATCH 3/4] tests: Update test scripts for signal mediation

Wed Mar 26 17:00:47 UTC 2014

From: John Johansen <john.johansen at canonical.com>

Update mkprofile.pl to generate signal rules and update test scripts to
grant signal permissions when needed.

Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Tyler Hicks <tyhicks at canonical.com>
---
 tests/regression/apparmor/exec.sh      |  6 +++---
 tests/regression/apparmor/mkprofile.pl | 18 ++++++++++++++++++
 tests/regression/apparmor/regex.sh     | 12 ++++++------
 3 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/tests/regression/apparmor/exec.sh b/tests/regression/apparmor/exec.sh
index a1f7c91..07a8009 100755
--- a/tests/regression/apparmor/exec.sh
+++ b/tests/regression/apparmor/exec.sh
@@ -43,19 +43,19 @@ runchecktest "EXEC with px" pass $file
 
 # FAIL TEST - px/no profile
 
-genprofile $file:$ok_px_perm
+genprofile $file:$ok_px_perm signal:ALL
 
 runchecktest "EXEC with px - no profile" fail $file
 
 # NOLINK PERMTEST
 
-genprofile $file:$badperm
+genprofile $file:$badperm signal:ALL
 
 runchecktest "EXEC no x" fail $file
 
 # MMAP exec
 
-genprofile $file:$bad_mx_perm
+genprofile $file:$bad_mx_perm signal:ALL
 
 runchecktest "EXEC mmap x" fail $file
 
diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
index e3f1598..fb9ae1b 100755
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -174,6 +174,22 @@ sub gen_cap($) {
   }
 }
 
+sub gen_signal($) {
+    my $rule = shift;
+    my @rules = split (/:/, $rule);
+    if (@rules == 2) {
+	if ($rules[1] =~ /^ALL$/) {
+	    push (@{$output_rules{$hat}}, "  signal,\n");
+	} else {
+	    push (@{$output_rules{$hat}}, "  signal $rules[1],\n");
+	}
+    } elsif (@rules == 3) {
+	push (@{$output_rules{$hat}}, "  signal $rules[1] $rules[2],\n");
+    } else {
+	(!$nowarn) && print STDERR "Warning: invalid signal description '$rule', ignored\n";
+    }
+}
+
 sub gen_mount($) {
     my $rule = shift;
     my @rules = split (/:/, $rule);
@@ -332,6 +348,8 @@ sub gen_from_args() {
       gen_network($rule);
     } elsif ($rule =~ /^cap:/) {
       gen_cap($rule);
+    } elsif ($rule =~ /^signal:/) {
+      gen_signal($rule);
     } elsif ($rule =~ /^mount:/) {
       gen_mount($rule);
     } elsif ($rule =~ /^remount:/) {
diff --git a/tests/regression/apparmor/regex.sh b/tests/regression/apparmor/regex.sh
index 845a273..2bd764a 100755
--- a/tests/regression/apparmor/regex.sh
+++ b/tests/regression/apparmor/regex.sh
@@ -148,25 +148,25 @@ genprofile /bin/t\?ue:$okperm
 runchecktest "QUESTION MARK (exec)" pass $file
 
 # FAIL TEST - looking for *
-genprofile /sbin/\*:$okperm
+genprofile /sbin/\*:$okperm signal:ALL
 runchecktest "SINGLE TAILGLOB (exec, fail)" fail $file
 
 # FAIL TEST - looking for **
-genprofile /sbi\*\*:$okperm
+genprofile /sbi\*\*:$okperm signal:ALL
 runchecktest "DOUBLE TAILGLOB (exec, fail)" fail $file
 
 # FAIL TEST - looking for { , }
-genprofile /bin/\{flase,false\}:$okperm
+genprofile /bin/\{flase,false\}:$okperm signal:ALL
 runchecktest "CURLY BRACES (exec, fail)" fail $file
 
 # FAIL TEST - looking for []
-genprofile /bin/\[aef\]rue:$okperm
+genprofile /bin/\[aef\]rue:$okperm signal:ALL
 runchecktest "SQUARE BRACES 1 (exec, fail)" fail $file
 
 # FAIL TEST - looking for []
-genprofile /bin/\[u-x\]rue:$okperm
+genprofile /bin/\[u-x\]rue:$okperm signal:ALL
 runchecktest "SQUARE BRACES 2 (exec, fail)" fail $file
 
 # FAIL TEST - looking for ?
-genprofile /bin/b\?ue:$okperm
+genprofile /bin/b\?ue:$okperm signal:ALL
 runchecktest "QUESTION MARK (exec, fail)" fail $file
-- 
1.9.1


