[apparmor] [PATCH 1/6] tests: Verify aa_getpeercon() return value
Tyler Hicks
tyhicks at canonical.com
Mon Apr 13 21:56:27 UTC 2015
This patch modifies the socketpair.c test to verify the return value of
aa_getpeercon() based upon the expected label and expected mode lengths.
The test had to be changed slightly so that the returned mode, from
aa_getpeercon(), was preserved. It was being overwritten with the
special NO_MODE value.
This change helps to make sure that future changes to the code behind
aa_getpeercon() does not unintentionally change the function's return
value.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
tests/regression/apparmor/socketpair.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/tests/regression/apparmor/socketpair.c b/tests/regression/apparmor/socketpair.c
index 2959ed3..491907f 100644
--- a/tests/regression/apparmor/socketpair.c
+++ b/tests/regression/apparmor/socketpair.c
@@ -55,7 +55,7 @@ static int verify_confinement_context(int fd, const char *fd_name,
const char *expected_mode)
{
char *label, *mode;
- int rc;
+ int expected_rc, rc;
rc = aa_getpeercon(fd, &label, &mode);
if (rc < 0) {
@@ -64,9 +64,6 @@ static int verify_confinement_context(int fd, const char *fd_name,
return 1;
}
- if (!mode)
- mode = NO_MODE;
-
if (strcmp(label, expected_label)) {
fprintf(stderr,
"FAIL - %s: label \"%s\" != expected_label \"%s\"\n",
@@ -75,7 +72,8 @@ static int verify_confinement_context(int fd, const char *fd_name,
goto out;
}
- if (strcmp(mode, expected_mode)) {
+ if ((!expected_mode && mode) || (expected_mode && !mode) ||
+ (expected_mode && mode && strcmp(mode, expected_mode))) {
fprintf(stderr,
"FAIL - %s: mode \"%s\" != expected_mode \"%s\"\n",
fd_name, mode, expected_mode);
@@ -83,6 +81,20 @@ static int verify_confinement_context(int fd, const char *fd_name,
goto out;
}
+ expected_rc = strlen(expected_label);
+ if (expected_mode) {
+ /* ' ' + '(' + expected_mode + ')' */
+ expected_rc += 1 + 1 + strlen(expected_mode) + 1;
+ }
+ expected_rc++; /* Trailing NUL terminator */
+
+ if (rc != expected_rc) {
+ fprintf(stderr, "FAIL - %s: rc (%d) != expected_rc (%d)\n",
+ fd_name, rc, expected_rc);
+ rc = 4;
+ goto out;
+ }
+
rc = 0;
out:
free(label);
@@ -163,7 +175,7 @@ int main(int argc, char **argv)
exit(2);
expected_label = argv[1];
- expected_mode = argv[2];
+ expected_mode = !strcmp(argv[2], NO_MODE) ? NULL : argv[2];
if (verify_confinement_context(pair[0], "pair[0]",
expected_label, expected_mode)) {
--
2.1.4
More information about the AppArmor
mailing list