tests: Test the getattr permission in unix_socket_client

The client will now do a getsockname() on its socket in order to test the AppArmor 'getattr' unix rule permission. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2025-08-29 05:17:59 +00:00 · 2014-09-29 18:47:53 -05:00 · 2014-09-29 18:47:53 -05:00 · 3368c9bc40
commit 3368c9bc40
parent 48a755d471
2 changed files with 21 additions and 1 deletions
--- a/tests/regression/apparmor/unix_socket_client.c
+++ b/tests/regression/apparmor/unix_socket_client.c
@ -139,6 +139,21 @@ static int get_set_sock_io_timeo(int sock)
 	return 0;
 }

+static int test_getattr(int sock)
+{
+	struct sockaddr_un addr;
+	socklen_t addr_len = sizeof(addr);
+	int rc;
+
+	rc = getsockname(sock, (struct sockaddr *)&addr, &addr_len);
+	if (rc == -1) {
+		perror("FAIL - getsockname");
+		return 1;
+	}
+
+	return 0;
+}
+
 int main(int argc, char *argv[])
 {
 	struct sockaddr_un peer_addr, *pa;
@ -197,6 +212,10 @@ int main(int argc, char *argv[])
 	if (rc)
 		exit(1);

+	rc = test_getattr(sock);
+	if (rc)
+		exit(1);
+
 	pa = &peer_addr;
 	pa_len = sun_path_len + sizeof(peer_addr.sun_family);

--- a/tests/regression/apparmor/unix_socket_pathname.sh
+++ b/tests/regression/apparmor/unix_socket_pathname.sh
@ -49,9 +49,10 @@ fi
 # af_unix support requires 'unix create' to call socket()
 # af_unix support requires 'unix getopt' to call getsockopt()
 # af_unix support requires 'unix setopt' to call setsockopt()
+# af_unix support requires 'unix getattr' to call getsockname()
 af_unix=
 if [ "$(have_features network/af_unix)" == "true" ] ; then
-	af_unix="unix:(create,getopt,setopt)"
+	af_unix="unix:(create,getopt,setopt,getattr)"
 fi

 okclient=rw