tests: Update the regression tests for v6 policy

This updates the regression tests for v6 policy. It refactors the
required_features test into a have_features fn, and a new
requires_features fn (renamed to catch all instances make sure they
where right)

The have_features fn is then applied to several test to make them
conditionally apply based off of availability of the feature
and policy version.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>

tests/regression/apparmor/dbus_eavesdrop.sh

@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 args="--session"

tests/regression/apparmor/dbus_message.sh

@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 listnames="--type=method_call --session --name=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames"

tests/regression/apparmor/dbus_service.sh

@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc
 
 service="--$bus --name=$dest $path $iface"

tests/regression/apparmor/prologue.inc

@@ -21,19 +21,32 @@
 #
 # For this file, functions are first, entry point code is at end, see "MAIN"
 
-required_features()
+#use $() to retreive the failure message or "true" if success
+have_features()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
-		echo "Kernel feature masks not supported. Skipping tests ..."
+		echo "Kernel feature masks not supported."
-		exit 0
+		return 1;
 	fi
 
 	for f in $@ ; do
 		if [ ! -e "/sys/kernel/security/apparmor/features/$f" ] ; then
-			echo "Required feature $f not available. Skipping tests ..."
+			echo "Required feature '$f' not available."
-			exit 0
+			return 2;
 		fi
 	done
+
+	echo "true"
+	return 0;
+}
+
+requires_features()
+{
+	local res=$(have_features $@)
+	if [ "$res" != "true" ] ; then
+		echo "$res. Skipping tests ..."
+		exit 0
+	fi
 }
 
 requires_query_interface()

tests/regression/apparmor/tcp.sh

@@ -15,6 +15,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
+requires_features network
 
 port=34567
 ip="127.0.0.1"

tests/regression/apparmor/unix_fd_server.sh

@@ -132,10 +132,12 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
 sleep 1
 rm -f ${socket}
 
-# FAIL - confined client, no access to the socket file
+if [ "$(have_features policy/versions/v6)" == "true" ] ; then
+    # FAIL - confined client, no access to the socket file
 
-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
+    genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
-runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client
+    runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client
 
-sleep 1
+    sleep 1
-rm -f ${socket}
+    rm -f ${socket}
+fi

tests/regression/apparmor/unix_socket_file.sh

@@ -27,6 +27,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 
 . $bin/prologue.inc
+requires_features policy/versions/v6
 
 client=$bin/unix_socket_file_client
 socket=${tmpdir}/unix_socket_file.sock