[apparmor] [PATCH 1/2] parser: Add ability to test the inequality of binary policies

John Johansen john.johansen at canonical.com
Fri Mar 13 21:28:48 UTC 2015 

On 03/13/2015 01:48 PM, Tyler Hicks wrote:
> Previously, we only had the ability to test that binary policy files
> were equal. This patch allows for the testing of binary policy files
> that are not equal.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  parser/tst/equality.sh | 45 ++++++++++++++++++++++++++++++++++++---------
>  1 file changed, 36 insertions(+), 9 deletions(-)
> 
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index 6e1f8c2..1a5d9e5 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -32,24 +32,34 @@ hash_binary_policy()
>  	return $?
>  }
>  
> -# verify_binary_equality - compares the binary policy of multiple profiles
> -# $1: A short description of the test
> -# $2: The known-good profile
> -# $3..$n: The profiles to compare against $2
> +# verify_binary - compares the binary policy of multiple profiles
> +# $1: Test type (equality or inequality)
> +# $2: A short description of the test
> +# $3: The known-good profile
> +# $4..$n: The profiles to compare against $3
>  #
>  # Upon failure/error, prints out the test description and profiles that failed
>  # and increments $fails or $errors for each failure and error, respectively
> -verify_binary_equality()
> +verify_binary()
>  {
> -	local desc=$1
> -	local good_profile=$2
> +	local t=$1
> +	local desc=$2
> +	local good_profile=$3
>  	local good_hash
>  	local ret=0
>  
>  	shift
>  	shift
> +	shift
>  
> -	printf "Binary equality %s" "$desc"
> +	if [ "$t" != "equality" ] && [ "$t" != "inequality" ]
> +	then
> +		printf "\nERROR: Unknown test mode:\n%s\n\n" "$t" 1>&2
> +		((errors++))
> +		return $((ret + 1))
> +	fi
> +
> +	printf "Binary %s %s" "$t" "$desc"
>  	good_hash=$(hash_binary_policy "$good_profile")
>  	if [ $? -ne 0 ]
>  	then
> @@ -68,13 +78,20 @@ verify_binary_equality()
>  			       "$profile" 1>&2
>  			((errors++))
>  			((ret++))
> -		elif [ "$hash" != "$good_hash" ]
> +		elif [ "$t" == "equality" ] && [ "$hash" != "$good_hash" ]
>  		then
>  			printf "\nFAIL: Hash values do not match\n" 2>&1
>  			printf "known-good (%s) != profile-under-test (%s) for the following profile:\n%s\n\n" \
>  				"$good_hash" "$hash" "$profile" 1>&2
>  			((fails++))
>  			((ret++))
> +		elif [ "$t" == "inequality" ] && [ "$hash" == "$good_hash" ]
> +		then
> +			printf "\nFAIL: Hash values match\n" 2>&1
> +			printf "known-good (%s) == profile-under-test (%s) for the following profile:\n%s\n\n" \
> +				"$good_hash" "$hash" "$profile" 1>&2
> +			((fails++))
> +			((ret++))
>  		fi
>  	done
>  
> @@ -86,6 +103,16 @@ verify_binary_equality()
>  	return $ret
>  }
>  
> +verify_binary_equality()
> +{
> +	verify_binary "equality" "$@"
> +}
> +
> +verify_binary_inequality()
> +{
> +	verify_binary "inequality" "$@"
> +}
> +
>  verify_binary_equality "dbus send" \
>  	"/t { dbus send, }" \
>  	"/t { dbus write, }" \
>

More information about the AppArmor mailing list