[apparmor] [patch 5/5] tests: support more complex change_profile tests
steve at nxnw.org
steve at nxnw.org
Fri Mar 18 17:29:09 UTC 2016
This adds support to the profile generator script for change_profile
rules, giving the ability to write the 3 factor version of the rule
(e.g. "change_profile /t -> A_PROFILE") which was significantly more
difficult using straight raw rules, which is why we don't have any 3
factor rule tests.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/tst/equality.sh | 4 ++++
tests/regression/apparmor/mkprofile.pl | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
Index: b/tests/regression/apparmor/mkprofile.pl
===================================================================
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -334,6 +334,22 @@ sub gen_flag($) {
}
}
+sub gen_change_profile($) {
+ my $rule = shift;
+ my @rules = split (/:/, $rule);
+ if (@rules == 2) {
+ if ($rules[1] =~ /^ALL$/) {
+ push (@{$output_rules{$hat}}, " change_profile,\n",);
+ } else {
+ push (@{$output_rules{$hat}}, " change_profile -> $rules[1],\n",);
+ }
+ } elsif (@rules == 3) {
+ push (@{$output_rules{$hat}}, " change_profile $rules[1] -> $rules[2],\n",);
+ } else {
+ (!$nowarn) && print STDERR "Warning: invalid change_profile description '$rule', ignored\n";
+ }
+}
+
sub gen_hat($) {
my $rule = shift;
my @rules = split (/:/, $rule);
@@ -406,6 +422,8 @@ sub gen_from_args() {
gen_flag($rule);
} elsif ($rule =~ /^hat:/) {
gen_hat($rule);
+ } elsif ($rule =~ /^change_profile:/) {
+ gen_change_profile($rule);
} elsif ($rule =~ /^addimage:/) {
gen_addimage($rule);
$addimage = 1;
More information about the AppArmor
mailing list