[apparmor] [PATCH 1/2] tests: Allow profile names that don't match an exec

Tyler Hicks tyhicks at canonical.com
Wed May 7 00:20:31 UTC 2014 

Allow for the regression tests to specify arbitrary profile names
without hitting fatal errors or getting warnings from mkprofile.pl.

This allows for a test to have a line like this:

  genprofile change_profile->':arbitrary_name -- \
	     image=arbitrary_name addimage:$test

In the example above, $test can call aa_change_onexec("arbitrary_name")
and then re-exec itself to test behavior across exec transitions.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 tests/regression/apparmor/mkprofile.pl | 8 +++++++-
 tests/regression/apparmor/prologue.inc | 4 ----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
index 2ba52bd..59b4a79 100755
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -362,7 +362,7 @@ sub emit_flags($) {
 # generate profiles based on cmd line arguments
 sub gen_from_args() {
   my $bin = shift @ARGV;
-  !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
+  my $noaddimage = 0;
 
   unless ($nodefault) {
     gen_default_rules();
@@ -396,12 +396,18 @@ sub gen_from_args() {
       gen_hat($rule);
     } elsif ($rule =~ /^addimage:/) {
       gen_addimage($rule);
+      $noaddimage = 1;
     } else {
       gen_file($rule);
     }
   }
 
+  !(-e $bin || $noaddimage || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
+
   print STDOUT "# Profile autogenerated by $__VERSION__\n";
+  if (not substr($bin, 0, 1) eq "/") {
+	  print STDOUT "profile "
+  }
   print STDOUT "$bin ";
   emit_flags('__no_hat');
   print STDOUT "{\n";
diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
index 716ea7a..9d74ac9 100755
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -350,10 +350,6 @@ fi
 		# mandatory after --
 		case "$1" in
 			image=*) imagename=`echo $1 | sed 's/^image=\([^:]*\).*$/\1/'`
-				 if [ ! -x "$imagename" ]
-				 then
-					fatalerror "invalid imagename specified in input '$1'"
-				 fi
 				 num_emitted=0
 				 shift
 				 ;;
-- 
1.9.1

More information about the AppArmor mailing list