[apparmor] [PATCH 4/2] parser: Test the 'allow' modifier
Steve Beattie
steve at nxnw.org
Fri Mar 13 22:52:06 UTC 2015
On Fri, Mar 13, 2015 at 04:34:08PM -0500, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>
Do audit deny and deny result in different DFAs or the same? Should we
have (in)equality tests for those as well?
> ---
> parser/tst/equality.sh | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index ea7259f..2258758 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -270,6 +270,10 @@ for rule in "capability" "capability mac_admin" \
> "/f r" "/f w" "/f rwmlk" "/** r" "/**/ w" \
> "file /f r" "file /f w" "file /f rwmlk"
> do
> + verify_binary_equality "allow modifier for \"${rule}\"" \
> + "/t { ${rule}, }" \
> + "/t { allow ${rule}, }"
> +
> verify_binary_inequality "audit, deny, and audit deny modifiers for \"${rule}\"" \
> "/t { ${rule}, }" \
> "/t { audit ${rule}, }" \
> @@ -282,6 +286,10 @@ done
> for rule in "/f ux" "/f Ux" "/f px" "/f Px" "/f ix" \
> "file /f ux" "file /f UX" "file /f px" "file /f Px" "file /f ix"
> do
> + verify_binary_equality "allow modifier for \"${rule}\"" \
> + "/t { ${rule}, }" \
> + "/t { allow ${rule}, }" \
> +
> verify_binary_inequality "deny, audit deny modifier for \"${rule}\"" \
> "/t { ${rule}, }" \
> "/t { audit ${rule}, }" \
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150313/e99dd9c2/attachment.pgp>
More information about the AppArmor
mailing list