[apparmor] [PATCH 06/11] parser: Add tests for rules with change_profile exec modes

Tyler Hicks tyhicks at canonical.com
Wed May 25 20:59:38 UTC 2016


Simple tests that validate the parser's ability to handle change_profile
rules containing an exec mode.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 parser/tst/simple_tests/change_profile/safe_bad_1.sd   | 7 +++++++
 parser/tst/simple_tests/change_profile/safe_bad_2.sd   | 7 +++++++
 parser/tst/simple_tests/change_profile/safe_ok_1.sd    | 7 +++++++
 parser/tst/simple_tests/change_profile/safe_ok_2.sd    | 7 +++++++
 parser/tst/simple_tests/change_profile/safe_ok_3.sd    | 7 +++++++
 parser/tst/simple_tests/change_profile/unsafe_bad_1.sd | 7 +++++++
 parser/tst/simple_tests/change_profile/unsafe_bad_2.sd | 7 +++++++
 parser/tst/simple_tests/change_profile/unsafe_ok_1.sd  | 7 +++++++
 parser/tst/simple_tests/change_profile/unsafe_ok_2.sd  | 7 +++++++
 parser/tst/simple_tests/change_profile/unsafe_ok_3.sd  | 7 +++++++
 10 files changed, 70 insertions(+)
 create mode 100644 parser/tst/simple_tests/change_profile/safe_bad_1.sd
 create mode 100644 parser/tst/simple_tests/change_profile/safe_bad_2.sd
 create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_1.sd
 create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_2.sd
 create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_3.sd
 create mode 100644 parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
 create mode 100644 parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
 create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
 create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
 create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_3.sd

diff --git a/parser/tst/simple_tests/change_profile/safe_bad_1.sd b/parser/tst/simple_tests/change_profile/safe_bad_1.sd
new file mode 100644
index 0000000..0526002
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/safe_bad_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ safe modifier but no exec condition
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   change_profile safe,
+}
diff --git a/parser/tst/simple_tests/change_profile/safe_bad_2.sd b/parser/tst/simple_tests/change_profile/safe_bad_2.sd
new file mode 100644
index 0000000..2c63d9a
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/safe_bad_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ safe modifier but no exec condition
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   change_profile safe -> baz,
+}
diff --git a/parser/tst/simple_tests/change_profile/safe_ok_1.sd b/parser/tst/simple_tests/change_profile/safe_ok_1.sd
new file mode 100644
index 0000000..0860d31
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/safe_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ safe modifier
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile safe /usr/bin/bar -> baz,
+}
diff --git a/parser/tst/simple_tests/change_profile/safe_ok_2.sd b/parser/tst/simple_tests/change_profile/safe_ok_2.sd
new file mode 100644
index 0000000..f6ae24d
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/safe_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ safe modifier
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile safe /usr/bin/bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/safe_ok_3.sd b/parser/tst/simple_tests/change_profile/safe_ok_3.sd
new file mode 100644
index 0000000..1c24b18
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/safe_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ safe modifier and "safe" target
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile safe /usr/bin/bar -> safe,
+}
diff --git a/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd b/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
new file mode 100644
index 0000000..74cd197
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ unsafe modifier but no exec condition
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   change_profile unsafe,
+}
diff --git a/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd b/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
new file mode 100644
index 0000000..0899cbb
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ unsafe modifier but no exec condition
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+   change_profile unsafe -> baz,
+}
diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
new file mode 100644
index 0000000..e60495f
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ unsafe modifier
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile unsafe /usr/bin/bar -> baz,
+}
diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
new file mode 100644
index 0000000..84595f4
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ unsafe modifier
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile unsafe /usr/bin/bar,
+}
diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd
new file mode 100644
index 0000000..f64e7ec
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile w/ unsafe modifier and "unsafe" target
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile unsafe /usr/bin/bar -> unsafe,
+}
-- 
2.7.4




More information about the AppArmor mailing list