regression tests: fix regression tests to pass on 4.14 upstream kernel

Some of the regression tests are missing conditionals or have the
wrong conditionals so that they fail on current upstream kernels.

Fix this by adding and changing conditionals and requires where
appropriate. With the patches the tests report passing on 4.14 and
4.15 kernels.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Time out
(cherry picked from commit 6f1d054468)

tests/regression/apparmor/query_label.sh

@@ -93,6 +93,7 @@ querytest()
 	runchecktest "$desc" "$pf" "$expect" "$label" "$perms" $*
 }
 
+if [ "$(kernel_features dbus)" == "true" ]; then
     # Check querying of a label that the kernel doesn't know about
     # aa_query_label() should return an error
     expect anything
@@ -209,6 +210,9 @@ perms dbus send
     querytest "QUERY dbus (svc send)" fail $dbus_svc_query
     perms dbus receive
     querytest "QUERY dbus (svc receive)" fail $dbus_svc_query
+else
+    echo "	required feature dbus missing, skipping dbus queries ..."
+fi
 
 genqueryprofile "file,"
 expect allow

tests/regression/apparmor/unix_fd_server.sh

@@ -137,7 +137,7 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
 sleep 1
 rm -f ${socket}
 
-if [ "$(kernel_features policy/versions/v6)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
+if [ "$(kernel_features policy/network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
     # FAIL - confined client, no access to the socket file
 
     genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix 

tests/regression/apparmor/unix_socket_pathname.sh

@@ -28,6 +28,8 @@ bin=$pwd
 
 . $bin/prologue.inc
 requires_kernel_features policy/versions/v6
+#af_mask for downgrade test af_unix for full test
+requires_kernel_features network/af_mask
 
 settest unix_socket