[apparmor] [patch] test-parser-simple-tests.py: No longer skip testing generated_perms_leading profiles
Seth Arnold
seth.arnold at canonical.com
Fri Mar 3 01:04:37 UTC 2017
On Thu, Mar 02, 2017 at 10:35:27PM +0100, Christian Boltz wrote:
> Hello,
>
> FileRule understands leading permissions, so the reason to skip those
> (generated) test profiles in test-parser-simple-tests.py is gone.
>
> However, the gen-xtrans.pl script generates profiles with a not-so-valid
> mix of uppercase and lowercase, for example "Pux" and "Cux". The parser
> accepts this, but the tools complain about such rules. Therefore add the
> affected profiles to the exception list.
>
> In total, this means we now test 319 of the 380 generated_perms_leading
> test profiles.
>
> IMHO the parser should at least warn about mixed uppercase and lowercase
> in exec rules. We should also consider to change gen-xtrans.pl to
> generate PUx and CUx rules instead of Pux and Cux ;-)
>
> (The patch also moves some lines around to get the \-escaped profiles
> out of the mixed uppercase/lowercase exec rule section.)
>
>
> [ 01-test-parser-test-leading-perms.diff ]
Yay for more test cases.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
> === modified file 'utils/test/test-parser-simple-tests.py'
> --- utils/test/test-parser-simple-tests.py 2017-02-28 23:04:24 +0000
> +++ utils/test/test-parser-simple-tests.py 2017-03-02 20:46:44 +0000
> @@ -30,9 +30,6 @@
> 'generated_x/ambiguous-',
> 'generated_x/dominate-',
>
> - # permissions before path
> - 'generated_perms_leading/',
> -
> # 'safe' and 'unsafe' keywords
> 'generated_perms_safe/',
>
> @@ -259,11 +256,75 @@
> 'file/ok_5.sd', # Invalid mode UX
> 'file/ok_2.sd', # Invalid mode RWM
> 'file/ok_4.sd', # Invalid mode iX
> + 'xtrans/simple_ok_pix_1.sd', # Invalid mode pIx
> + 'xtrans/simple_ok_pux_1.sd', # Invalid mode rPux
> +
> + # unexpected uppercase vs. lowercase in *x rules - generated_perms_leading directory
> + 'generated_perms_leading/exact-re-Puxtarget.sd',
> + 'generated_perms_leading/dominate-ownerCuxtarget2.sd',
> + 'generated_perms_leading/ambiguous-Cux.sd',
> + 'generated_perms_leading/dominate-ownerPux.sd',
> + 'generated_perms_leading/exact-re-ownerPux.sd',
> + 'generated_perms_leading/overlap-ownerCuxtarget.sd',
> + 'generated_perms_leading/exact-re-ownerCuxtarget.sd',
> + 'generated_perms_leading/dominate-Puxtarget2.sd',
> + 'generated_perms_leading/dominate-ownerCuxtarget.sd',
> + 'generated_perms_leading/dominate-ownerPuxtarget.sd',
> + 'generated_perms_leading/ambiguous-Pux.sd',
> + 'generated_perms_leading/ambiguous-Cuxtarget2.sd',
> + 'generated_perms_leading/exact-Puxtarget2.sd',
> + 'generated_perms_leading/ambiguous-ownerCux.sd',
> + 'generated_perms_leading/exact-ownerPux.sd',
> + 'generated_perms_leading/ambiguous-ownerPuxtarget.sd',
> + 'generated_perms_leading/exact-re-ownerPuxtarget.sd',
> + 'generated_perms_leading/exact-re-Cuxtarget.sd',
> + 'generated_perms_leading/exact-re-Puxtarget2.sd',
> + 'generated_perms_leading/dominate-Cux.sd',
> + 'generated_perms_leading/exact-re-ownerCuxtarget2.sd',
> + 'generated_perms_leading/ambiguous-ownerCuxtarget.sd',
> + 'generated_perms_leading/exact-re-Cuxtarget2.sd',
> + 'generated_perms_leading/ambiguous-Puxtarget.sd',
> + 'generated_perms_leading/overlap-Puxtarget.sd',
> + 'generated_perms_leading/ambiguous-Puxtarget2.sd',
> + 'generated_perms_leading/overlap-Puxtarget2.sd',
> + 'generated_perms_leading/exact-Puxtarget.sd',
> + 'generated_perms_leading/overlap-ownerPuxtarget.sd',
> + 'generated_perms_leading/exact-ownerCuxtarget.sd',
> + 'generated_perms_leading/exact-re-ownerCux.sd',
> + 'generated_perms_leading/exact-ownerPuxtarget2.sd',
> + 'generated_perms_leading/exact-ownerCux.sd',
> + 'generated_perms_leading/overlap-Cuxtarget2.sd',
> + 'generated_perms_leading/ambiguous-Cuxtarget.sd',
> + 'generated_perms_leading/ambiguous-ownerPuxtarget2.sd',
> + 'generated_perms_leading/dominate-ownerCux.sd',
> + 'generated_perms_leading/exact-Pux.sd',
> + 'generated_perms_leading/exact-Cuxtarget.sd',
> + 'generated_perms_leading/overlap-ownerCuxtarget2.sd',
> + 'generated_perms_leading/overlap-Pux.sd',
> + 'generated_perms_leading/overlap-ownerPux.sd',
> + 'generated_perms_leading/ambiguous-ownerCuxtarget2.sd',
> + 'generated_perms_leading/exact-re-Cux.sd',
> + 'generated_perms_leading/exact-re-Pux.sd',
> + 'generated_perms_leading/overlap-Cuxtarget.sd',
> + 'generated_perms_leading/exact-re-ownerPuxtarget2.sd',
> + 'generated_perms_leading/exact-Cuxtarget2.sd',
> + 'generated_perms_leading/exact-Cux.sd',
> + 'generated_perms_leading/overlap-Cux.sd',
> + 'generated_perms_leading/overlap-ownerCux.sd',
> + 'generated_perms_leading/exact-ownerPuxtarget.sd',
> + 'generated_perms_leading/dominate-Pux.sd',
> + 'generated_perms_leading/exact-ownerCuxtarget2.sd',
> + 'generated_perms_leading/dominate-Puxtarget.sd',
> + 'generated_perms_leading/ambiguous-ownerPux.sd',
> + 'generated_perms_leading/overlap-ownerPuxtarget2.sd',
> + 'generated_perms_leading/dominate-Cuxtarget2.sd',
> + 'generated_perms_leading/dominate-Cuxtarget.sd',
> + 'generated_perms_leading/dominate-ownerPuxtarget2.sd',
> +
> + # escaping with \
> 'file/ok_embedded_spaces_4.sd', # \-escaped space
> 'file/file/ok_embedded_spaces_4.sd', # \-escaped space
> 'file/ok_quoted_4.sd', # quoted string including \"
> - 'xtrans/simple_ok_pix_1.sd', # Invalid mode pIx
> - 'xtrans/simple_ok_pux_1.sd', # Invalid mode rPux
>
> # misc
> 'vars/vars_dbus_8.sd', # Path doesn't start with / or variable: {/@{TLDS}/foo,/com/@{DOMAINS}}
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170302/b6b857ae/attachment-0001.pgp>
More information about the AppArmor
mailing list