[apparmor] [PATCH 1/2] parser: Add ability to test the inequality of binary policies

Tyler Hicks tyhicks at canonical.com
Fri Mar 13 20:48:00 UTC 2015


Previously, we only had the ability to test that binary policy files
were equal. This patch allows for the testing of binary policy files
that are not equal.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 parser/tst/equality.sh | 45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index 6e1f8c2..1a5d9e5 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -32,24 +32,34 @@ hash_binary_policy()
 	return $?
 }
 
-# verify_binary_equality - compares the binary policy of multiple profiles
-# $1: A short description of the test
-# $2: The known-good profile
-# $3..$n: The profiles to compare against $2
+# verify_binary - compares the binary policy of multiple profiles
+# $1: Test type (equality or inequality)
+# $2: A short description of the test
+# $3: The known-good profile
+# $4..$n: The profiles to compare against $3
 #
 # Upon failure/error, prints out the test description and profiles that failed
 # and increments $fails or $errors for each failure and error, respectively
-verify_binary_equality()
+verify_binary()
 {
-	local desc=$1
-	local good_profile=$2
+	local t=$1
+	local desc=$2
+	local good_profile=$3
 	local good_hash
 	local ret=0
 
 	shift
 	shift
+	shift
 
-	printf "Binary equality %s" "$desc"
+	if [ "$t" != "equality" ] && [ "$t" != "inequality" ]
+	then
+		printf "\nERROR: Unknown test mode:\n%s\n\n" "$t" 1>&2
+		((errors++))
+		return $((ret + 1))
+	fi
+
+	printf "Binary %s %s" "$t" "$desc"
 	good_hash=$(hash_binary_policy "$good_profile")
 	if [ $? -ne 0 ]
 	then
@@ -68,13 +78,20 @@ verify_binary_equality()
 			       "$profile" 1>&2
 			((errors++))
 			((ret++))
-		elif [ "$hash" != "$good_hash" ]
+		elif [ "$t" == "equality" ] && [ "$hash" != "$good_hash" ]
 		then
 			printf "\nFAIL: Hash values do not match\n" 2>&1
 			printf "known-good (%s) != profile-under-test (%s) for the following profile:\n%s\n\n" \
 				"$good_hash" "$hash" "$profile" 1>&2
 			((fails++))
 			((ret++))
+		elif [ "$t" == "inequality" ] && [ "$hash" == "$good_hash" ]
+		then
+			printf "\nFAIL: Hash values match\n" 2>&1
+			printf "known-good (%s) == profile-under-test (%s) for the following profile:\n%s\n\n" \
+				"$good_hash" "$hash" "$profile" 1>&2
+			((fails++))
+			((ret++))
 		fi
 	done
 
@@ -86,6 +103,16 @@ verify_binary_equality()
 	return $ret
 }
 
+verify_binary_equality()
+{
+	verify_binary "equality" "$@"
+}
+
+verify_binary_inequality()
+{
+	verify_binary "inequality" "$@"
+}
+
 verify_binary_equality "dbus send" \
 	"/t { dbus send, }" \
 	"/t { dbus write, }" \
-- 
2.1.4




More information about the AppArmor mailing list