[apparmor] [PATCH 4/2] parser: Test the 'allow' modifier

Steve Beattie steve at nxnw.org
Fri Mar 13 22:52:06 UTC 2015


On Fri, Mar 13, 2015 at 04:34:08PM -0500, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>

Do audit deny and deny result in different DFAs or the same? Should we
have (in)equality tests for those as well?

> ---
>  parser/tst/equality.sh | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index ea7259f..2258758 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -270,6 +270,10 @@ for rule in "capability" "capability mac_admin" \
>  	"/f r" "/f w" "/f rwmlk" "/** r" "/**/ w" \
>  	"file /f r" "file /f w" "file /f rwmlk"
>  do
> +	verify_binary_equality "allow modifier for \"${rule}\"" \
> +		"/t { ${rule}, }" \
> +		"/t { allow ${rule}, }"
> +
>  	verify_binary_inequality "audit, deny, and audit deny modifiers for \"${rule}\"" \
>  		"/t { ${rule}, }" \
>  		"/t { audit ${rule}, }" \
> @@ -282,6 +286,10 @@ done
>  for rule in "/f ux" "/f Ux" "/f px" "/f Px" "/f ix" \
>  	"file /f ux" "file /f UX" "file /f px" "file /f Px" "file /f ix"
>  do
> +	verify_binary_equality "allow modifier for \"${rule}\"" \
> +		"/t { ${rule}, }" \
> +		"/t { allow ${rule}, }" \
> +
>  	verify_binary_inequality "deny, audit deny modifier for \"${rule}\"" \
>  		"/t { ${rule}, }" \
>  		"/t { audit ${rule}, }" \

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150313/e99dd9c2/attachment.pgp>


More information about the AppArmor mailing list