[apparmor] [PATCH 1/6] tests: Verify aa_getpeercon() return value

[Tyler Hicks]

This patch modifies the socketpair.c test to verify the return value of
aa_getpeercon() based upon the expected label and expected mode lengths.

The test had to be changed slightly so that the returned mode, from
aa_getpeercon(), was preserved. It was being overwritten with the
special NO_MODE value.

This change helps to make sure that future changes to the code behind
aa_getpeercon() does not unintentionally change the function's return
value.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 tests/regression/apparmor/socketpair.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/tests/regression/apparmor/socketpair.c b/tests/regression/apparmor/socketpair.c
index 2959ed3..491907f 100644
--- a/tests/regression/apparmor/socketpair.c
+++ b/tests/regression/apparmor/socketpair.c
@@ -55,7 +55,7 @@ static int verify_confinement_context(int fd, const char *fd_name,
 				      const char *expected_mode)
 {
 	char *label, *mode;
-	int rc;
+	int expected_rc, rc;
 
 	rc = aa_getpeercon(fd, &label, &mode);
 	if (rc < 0) {
@@ -64,9 +64,6 @@ static int verify_confinement_context(int fd, const char *fd_name,
 		return 1;
 	}
 
-	if (!mode)
-		mode = NO_MODE;
-
 	if (strcmp(label, expected_label)) {
 		fprintf(stderr,
 			"FAIL - %s: label \"%s\" != expected_label \"%s\"\n",
@@ -75,7 +72,8 @@ static int verify_confinement_context(int fd, const char *fd_name,
 		goto out;
 	}
 
-	if (strcmp(mode, expected_mode)) {
+	if ((!expected_mode && mode) || (expected_mode && !mode) ||
+	    (expected_mode && mode && strcmp(mode, expected_mode))) {
 		fprintf(stderr,
 			"FAIL - %s: mode \"%s\" != expected_mode \"%s\"\n",
 			fd_name, mode, expected_mode);
@@ -83,6 +81,20 @@ static int verify_confinement_context(int fd, const char *fd_name,
 		goto out;
 	}
 
+	expected_rc = strlen(expected_label);
+	if (expected_mode) {
+		/* ' ' + '(' + expected_mode + ')' */
+		expected_rc += 1 + 1 + strlen(expected_mode) + 1;
+	}
+	expected_rc++; /* Trailing NUL terminator */
+
+	if (rc != expected_rc) {
+		fprintf(stderr, "FAIL - %s: rc (%d) != expected_rc (%d)\n",
+			fd_name, rc, expected_rc);
+		rc = 4;
+		goto out;
+	}
+
 	rc = 0;
 out:
 	free(label);
@@ -163,7 +175,7 @@ int main(int argc, char **argv)
 		exit(2);
 
 	expected_label = argv[1];
-	expected_mode = argv[2];
+	expected_mode = !strcmp(argv[2], NO_MODE) ? NULL : argv[2];
 
 	if (verify_confinement_context(pair[0], "pair[0]",
 				       expected_label, expected_mode)) {
-- 
2.1.4