[apparmor] [PATCH 2/6] tests: Update mkprofile.pl to accept unix rules

Steve Beattie steve at nxnw.org
Thu Sep 4 17:22:57 UTC 2014 

On Thu, Sep 04, 2014 at 06:55:42AM -0500, Tyler Hicks wrote:
> Example gen_unix() inputs and outputs:
> 
>   "unix:ALL" -> "  unix,\n"
> 
>   "unix:(create,bind,listen,accept):addr=@foo:peer=(label=bar)" ->
>     "  unix (create,bind,listen accept) addr=@foo peer=(label=bar),\n"
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>

> ---
>  tests/regression/apparmor/mkprofile.pl   | 12 ++++++++++++
>  tests/regression/apparmor/unix_socket.sh |  1 -
>  2 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
> index e1e67f5..adae98f 100755
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -154,6 +154,16 @@ sub gen_network($) {
>    push (@{$output_rules{$hat}}, "  @rules,\n");
>  }
>  
> +sub gen_unix($) {
> +  my $rule = shift;
> +  if ($rule =~ /^unix:ALL$/) {
> +    push (@{$output_rules{$hat}}, "  unix,\n");
> +  } else {
> +    $rule =~ s/:/ /g;
> +    push(@{$output_rules{$hat}}, "  " . $rule . ",\n");
> +  }
> +}
> +
>  sub gen_cap($) {
>    my $rule = shift;
>    my @rules = split (/:/, $rule);
> @@ -376,6 +386,8 @@ sub gen_from_args() {
>        gen_netdomain($rule);
>      } elsif ($rule =~ /^network:/) {
>        gen_network($rule);
> +    } elsif ($rule =~ /^unix:/) {
> +      gen_unix($rule);
>      } elsif ($rule =~ /^cap:/) {
>        gen_cap($rule);
>      } elsif ($rule =~ /^ptrace:/) {
> diff --git a/tests/regression/apparmor/unix_socket.sh b/tests/regression/apparmor/unix_socket.sh
> index b4fd59d..10fa59d 100755
> --- a/tests/regression/apparmor/unix_socket.sh
> +++ b/tests/regression/apparmor/unix_socket.sh
> @@ -76,7 +76,6 @@ testsocktype()
>  
>  	# TODO: Make additional changes to test abstract sockets w/ confinement
>  	#
> -	#  * Adjust genprofile to generate af_unix abstract socket rules
>  	#  * Create variables to hold genprofile arguments for socket accesses
>  	#    and initialize them according to socket address type
>  	#  * Remove the following conditional

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140904/c33ebfdb/attachment.pgp>

More information about the AppArmor mailing list