[apparmor] [patch 26/26] Update test scripts for new signal and ptrace semantics

John Johansen john.johansen at canonical.com
Sat Mar 29 16:11:55 UTC 2014 

The previous test patches where done with the hardcoded bypass for
unconfined.

This semantic was changed so that a confined app can now block unconfined
processes from tracing or sending signals to it.

---

diff -u ../tests.bak/dbus.inc ./dbus.inc
--- ../tests.bak/dbus.inc	2014-03-28 06:47:51.758735000 -0700
+++ ./dbus.inc	2014-03-29 08:54:48.204770932 -0700
@@ -14,6 +14,7 @@
 $test {
   @{gen $test}
   $@
+  signal receive peer=unconfined,
 }
 EOF
 	unset __dbus_var_decl
diff -u ../tests.bak/exec_qual.sh ./exec_qual.sh
--- ../tests.bak/exec_qual.sh	2014-03-28 06:47:51.782735000 -0700
+++ ./exec_qual.sh	2014-03-28 16:12:27.281324000 -0700
@@ -72,28 +72,28 @@
 #	  child profile grants access
 #	  expected behaviour: child should be able to access resource
 
-genprofile $test2:px $file:$fileperm -- image=$test2 $file:$fileperm
+genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
 local_runchecktest "enforce px case1" pass $test2 $test2 $file
 
 # case 2: parent profile grants access (should be irrelevant)
 #	  child profile disallows access
 #	  expected behaviour: child should be unable to access resource
 
-genprofile $test2:px $file:$fileperm -- image=$test2 
+genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined -- image=$test2 signal:receive
 local_runchecktest "enforce px case2" fail $test2 $test2 $file
 
 # case 3: parent profile disallows access (should be irrelevant)
 #	  child profile allows access
 #	  expected behaviour: child should be able to access resource
 
-genprofile $test2:px -- image=$test2 $file:$fileperm
+genprofile $test2:px signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
 local_runchecktest "enforce px case3" pass $test2 $test2 $file
 
 # case 4: parent profile grants access (should be irrelevant)
 #	  missing child profile
 #	  expected behaviour: exec of child fails
 
-genprofile $test2:px $file:$fileperm
+genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined
 local_runchecktest "enforce px case4" fail "n/a" $test2 $file
 
 # confined parent, exec child with 'ix'
@@ -101,41 +101,41 @@
 #	  child profile grants access (should be irrelevant)
 #	  expected behaviour: child should be able to access resource
 
-genprofile $test2:rix $file:$fileperm -- image=$test2 $file:$fileperm
+genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
 local_runchecktest "enforce ix case1" pass $test1 $test2 $file
 
 # case 2: parent profile grants access
 #	  child profile disallows access (should be irrelevant)
 #	  expected behaviour: child should be able to access resource
 
-genprofile $test2:rix $file:$fileperm -- image=$test2
+genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined -- image=$test2 signal:receive
 local_runchecktest "enforce ix case2" pass $test1 $test2 $file
 
 # case 3: parent profile disallows access
 #	  child profile allows access (should be irrelevant)
 #	  expected behaviour: child should be unable to access resource
 
-genprofile $test2:rix -- image=$test2 $file:$fileperm
+genprofile $test2:rix signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
 local_runchecktest "enforce ix case3" fail $test1 $test2 $file
 
 # case 4: parent profile grants access
 #	  missing child profile (irrelvant)
 #	  expected behaviour: child should be able to access resource
 
-genprofile $test2:rix $file:$fileperm
+genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined
 local_runchecktest "enforce ix case4" pass $test1 $test2 $file
 
 # confined parent, exec child with 'ux'
 # case 1: parent profile grants access (should be irrelevant)
 #	  expected behaviour, child should be able to access resource
 
-genprofile $test2:ux $file:$fileperm
+genprofile $test2:ux $file:$fileperm signal:receive:peer=unconfined
 local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
 
 # case 2: parent profile denies access (should be irrelevant)
 #	  expected behaviour, child should be able to access resource
 
-genprofile $test2:ux
+genprofile $test2:ux signal:receive:peer=unconfined
 local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
 
 # confined parent, exec child with conflicting exec qualifiers
@@ -144,20 +144,20 @@
 # case 1: 
 #	  expected behaviour: exec of child passes
 
-genprofile $test2:px $test2_rex1:ix -- image=$test2 $file:$fileperm
+genprofile $test2:px $test2_rex1:ix signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
 local_runchecktest "enforce conflicting exec qual" pass $test2 $test2 $file
 
 # unconfined parent
 # case 1: child profile exists, child profile grants access
 #	  expected behaviour: child should be able to access resource
 
-genprofile image=$test2 $file:$fileperm
+genprofile image=$test2 $file:$fileperm signal:receive:peer=unconfined
 local_runchecktest "enforce unconfined case1" pass $test2 $test2 $file
 
 # case 2: child profile exists, child profile denies access
 #	  expected behaviour: child should be unable to access resource
 
-genprofile image=$test2
+genprofile image=$test2 signal:receive:peer=unconfined
 local_runchecktest "enforce unconfined case2" fail $test2 $test2 $file
 
 # case 3: no child profile exists, unconfined
diff -u ../tests.bak/mmap.sh ./mmap.sh
--- ../tests.bak/mmap.sh	2014-03-28 06:47:51.758735000 -0700
+++ ./mmap.sh	2014-03-28 06:52:27.254735000 -0700
@@ -29,7 +29,7 @@
 
 # PASS TEST (pt 1)
 
-genprofile $file:$okperm 
+genprofile $file:$okperm signal:receive:peer=unconfined
 
 runtestbg "READ/WRITE pass1" pass $file
 
@@ -47,13 +47,13 @@
 
 # FAILURE TEST (pt 1)
 
-genprofile $file:$okperm 
+genprofile $file:$okperm signal:receive:peer=unconfined
 
 runtestbg "READ/WRITE pass2" pass $file
 
 sleep 2
 
-genprofile $file:$badperm 
+genprofile $file:$badperm signal:receive:peer=unconfined 
 
 # FAILURE TEST (pt 2)
 
Common subdirectories: ../tests.bak/netdomain and ./netdomain
diff -u ../tests.bak/ptrace_v6.inc ./ptrace_v6.inc
--- ../tests.bak/ptrace_v6.inc	2014-03-28 06:47:51.758735000 -0700
+++ ./ptrace_v6.inc	2014-03-29 02:45:07.946846000 -0700
@@ -13,7 +13,7 @@
 
 #unconfined tracing confined helper
 #confined helper asking unconfined process to ptrace it
-genprofile image=$helper signal:ALL
+genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
 
 runchecktest "test 3 -h" pass -h -n 100 $helper
 runchecktest "test 3 -hc " pass -h -c -n 100 $helper
@@ -212,14 +212,14 @@
 runchecktest "test 12p -hc" pass -h -c -n 100 $helper
 runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:$test
+genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test
 runchecktest "test 12p1" pass -n 100 /bin/true
 runchecktest "test 12p1 -c" pass -c -n 100 /bin/true
 runchecktest "test 12p1 -h" pass -h -n 100 $helper
 runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
 runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:notaprofile
+genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile
 runchecktest "test 12p2" fail -n 100 /bin/true
 runchecktest "test 12p2 -c" fail -c -n 100 /bin/true
 runchecktest "test 12p2 -h" fail -h -n 100 $helper
@@ -229,137 +229,137 @@
 
 
 #ptraced confined app traced by profile can px
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix
 runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true
 
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix
 runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true
 
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix
 runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix
 runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix
 runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:tracedby:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix
 runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
 runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
 runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
 runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
 
diff -u ../tests.bak/ptrace_v6.inc~ ./ptrace_v6.inc~
--- ../tests.bak/ptrace_v6.inc~	2014-03-28 06:47:51.782735000 -0700
+++ ./ptrace_v6.inc~	2014-03-28 17:13:34.493576000 -0700
@@ -13,7 +13,7 @@
 
 #unconfined tracing confined helper
 #confined helper asking unconfined process to ptrace it
-genprofile image=$helper signal:ALL
+genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
 
 runchecktest "test 3 -h" pass -h -n 100 $helper
 runchecktest "test 3 -hc " pass -h -c -n 100 $helper
@@ -212,14 +212,14 @@
 runchecktest "test 12p -hc" pass -h -c -n 100 $helper
 runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:$test
+genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test
 runchecktest "test 12p1" pass -n 100 /bin/true
 runchecktest "test 12p1 -c" pass -c -n 100 /bin/true
 runchecktest "test 12p1 -h" pass -h -n 100 $helper
 runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
 runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:notaprofile
+genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile
 runchecktest "test 12p2" fail -n 100 /bin/true
 runchecktest "test 12p2 -c" fail -c -n 100 /bin/true
 runchecktest "test 12p2 -h" fail -h -n 100 $helper
@@ -229,50 +229,143 @@
 
 
 #ptraced confined app traced by profile can px
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix
 runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix
+
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix
 runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=trace:/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true
+
 
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix
 runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
 runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:$test
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
 runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true
 runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:notaprofile
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
 runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true
 runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true
+
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix
+runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
+runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true
+
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix
+runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true
+
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix
+runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true
+genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true
+runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
+
+
+### todo Variations of below tests
 
-### todo bad perm combo read or tracedby instead of trace
-  # bad profle
-  # bad profile and bad perm
-  # bad tracedby / readby
-  # bad tracedby profile
 
 #ptraced confined app can ux - if the tracer is unconfined
 #
diff -u ../tests.bak/pwrite.sh ./pwrite.sh
--- ../tests.bak/pwrite.sh	2014-03-28 06:47:51.758735000 -0700
+++ ./pwrite.sh	2014-03-28 06:53:20.586735000 -0700
@@ -23,7 +23,7 @@
 
 # PASS TEST (pass 1)
 
-genprofile $file:$okperm
+genprofile $file:$okperm signal:receive:peer=unconfined
 
 runtestbg "PREAD/PWRITE with rw" pass $file
 
diff -u ../tests.bak/rw.sh ./rw.sh
--- ../tests.bak/rw.sh	2014-03-28 06:47:51.754735000 -0700
+++ ./rw.sh	2014-03-28 06:49:24.822735000 -0700
@@ -29,7 +29,7 @@
 
 # PASS TEST (pt 1)
 
-genprofile $file:$okperm 
+genprofile $file:$okperm signal:receive:peer=unconfined
 
 runtestbg "READ/WRITE pass" pass $file
 
Common subdirectories: ../tests.bak/scripts and ./scripts
Common subdirectories: ../tests.bak/TODO and ./TODO

More information about the AppArmor mailing list