From dc7ae28de05a5cd5d8e935c15d174689860d4f37 Mon Sep 17 00:00:00 2001 From: Vincas Dargis Date: Sat, 13 Oct 2018 15:41:15 +0300 Subject: [PATCH] profiles/Makefile: test abstractions against apparmor_parser Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues. --- profiles/Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/profiles/Makefile b/profiles/Makefile index ae09b1cfa..1dfb88659 100644 --- a/profiles/Makefile +++ b/profiles/Makefile @@ -29,6 +29,7 @@ DESTDIR=/ PROFILES_DEST=${DESTDIR}/etc/apparmor.d EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles/ PROFILES_SOURCE=./apparmor.d +ABSTRACTIONS_SOURCE=./apparmor.d/abstractions EXTRAS_SOURCE=./apparmor/profiles/extras/ SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print) @@ -84,6 +85,8 @@ docs: IGNORE_FILES=${EXTRAS_SOURCE}/README CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*)) +# use find because Make wildcard is not recursive: +CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print) .PHONY: check check: check-parser check-logprof @@ -96,6 +99,14 @@ check-parser: local ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \ done + @echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser" + $(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \ + [ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \ + echo "#include profile test { #include <$${abstraction}> }" \ + | ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \ + || exit 1; \ + done + .PHONY: check-logprof check-logprof: local @echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"