[apparmor] [PATCH 06/11] parser: Add tests for rules with change_profile exec modes

Fri May 27 12:20:16 UTC 2016

On 05/25/2016 01:59 PM, Tyler Hicks wrote:
> Simple tests that validate the parser's ability to handle change_profile
> rules containing an exec mode.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  parser/tst/simple_tests/change_profile/safe_bad_1.sd   | 7 +++++++
>  parser/tst/simple_tests/change_profile/safe_bad_2.sd   | 7 +++++++
>  parser/tst/simple_tests/change_profile/safe_ok_1.sd    | 7 +++++++
>  parser/tst/simple_tests/change_profile/safe_ok_2.sd    | 7 +++++++
>  parser/tst/simple_tests/change_profile/safe_ok_3.sd    | 7 +++++++
>  parser/tst/simple_tests/change_profile/unsafe_bad_1.sd | 7 +++++++
>  parser/tst/simple_tests/change_profile/unsafe_bad_2.sd | 7 +++++++
>  parser/tst/simple_tests/change_profile/unsafe_ok_1.sd  | 7 +++++++
>  parser/tst/simple_tests/change_profile/unsafe_ok_2.sd  | 7 +++++++
>  parser/tst/simple_tests/change_profile/unsafe_ok_3.sd  | 7 +++++++
>  10 files changed, 70 insertions(+)
>  create mode 100644 parser/tst/simple_tests/change_profile/safe_bad_1.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/safe_bad_2.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_1.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_2.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/safe_ok_3.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
>  create mode 100644 parser/tst/simple_tests/change_profile/unsafe_ok_3.sd
> 
> diff --git a/parser/tst/simple_tests/change_profile/safe_bad_1.sd b/parser/tst/simple_tests/change_profile/safe_bad_1.sd
> new file mode 100644
> index 0000000..0526002
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/safe_bad_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ safe modifier but no exec condition
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +   change_profile safe,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/safe_bad_2.sd b/parser/tst/simple_tests/change_profile/safe_bad_2.sd
> new file mode 100644
> index 0000000..2c63d9a
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/safe_bad_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ safe modifier but no exec condition
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +   change_profile safe -> baz,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/safe_ok_1.sd b/parser/tst/simple_tests/change_profile/safe_ok_1.sd
> new file mode 100644
> index 0000000..0860d31
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/safe_ok_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ safe modifier
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile safe /usr/bin/bar -> baz,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/safe_ok_2.sd b/parser/tst/simple_tests/change_profile/safe_ok_2.sd
> new file mode 100644
> index 0000000..f6ae24d
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/safe_ok_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ safe modifier
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile safe /usr/bin/bar,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/safe_ok_3.sd b/parser/tst/simple_tests/change_profile/safe_ok_3.sd
> new file mode 100644
> index 0000000..1c24b18
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/safe_ok_3.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ safe modifier and "safe" target
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile safe /usr/bin/bar -> safe,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd b/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
> new file mode 100644
> index 0000000..74cd197
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/unsafe_bad_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ unsafe modifier but no exec condition
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +   change_profile unsafe,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd b/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
> new file mode 100644
> index 0000000..0899cbb
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/unsafe_bad_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ unsafe modifier but no exec condition
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> +   change_profile unsafe -> baz,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
> new file mode 100644
> index 0000000..e60495f
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/unsafe_ok_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ unsafe modifier
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile unsafe /usr/bin/bar -> baz,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
> new file mode 100644
> index 0000000..84595f4
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/unsafe_ok_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ unsafe modifier
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile unsafe /usr/bin/bar,
> +}
> diff --git a/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd b/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd
> new file mode 100644
> index 0000000..f64e7ec
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/unsafe_ok_3.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile w/ unsafe modifier and "unsafe" target
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile unsafe /usr/bin/bar -> unsafe,
> +}
>