2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00

Use AATest and tmpdir for minitools test

Change minitools tests to use AATest and work inside a tmpdir.

This results in lots of changes ('./profiles' -> self.profile_dir,
local_profilename -> self.local_profilename etc.) and also moves some
code from the global area to AASetup().

Also drop the no longer needed clean_profile_dir() and add linebreaks
in assert* calls with a long error message specified.


Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Christian Boltz 2015-06-27 01:29:46 +02:00
parent ada85bf219
commit 5ec6eabcdf

View File

@ -11,93 +11,118 @@
# GNU General Public License for more details.
#
# ----------------------------------------------------------------------
import atexit
import os
import shutil
import subprocess
import sys
import unittest
from common_test import AATest, setup_all_loops
import apparmor.aa as apparmor
from common_test import read_file
# Path for the program
test_path = '/usr/sbin/winbindd'
# Path for the target file containing profile
local_profilename = './profiles/usr.sbin.winbindd'
python_interpreter = 'python'
if sys.version_info >= (3, 0):
python_interpreter = 'python3'
class Test(unittest.TestCase):
class MinitoolsTest(AATest):
def AASetup(self):
self.createTmpdir()
#copy the local profiles to the test directory
#Should be the set of cleanprofile
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
apparmor.profile_dir = self.profile_dir
# Path for the program
self.test_path = '/usr/sbin/winbindd'
# Path for the target file containing profile
self.local_profilename = '%s/usr.sbin.winbindd' % self.profile_dir
def test_audit(self):
# Set test profile to audit mode and check if it was correctly set
str(subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True))
str(subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True))
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Audit flag could not be set in profile %s'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Audit flag could not be set in profile %s' % self.local_profilename)
# Remove audit mode from test profile and check if it was correctly removed
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Audit flag could not be removed in profile %s'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Audit flag could not be removed in profile %s' % self.local_profilename)
def test_complain(self):
# Set test profile to complain mode and check if it was correctly set
subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
if not os.path.isdir('./profiles/force-complain'):
os.mkdir('./profiles/force-complain')
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
force_complain_dir = '%s/force-complain' % self.profile_dir
if not os.path.isdir(force_complain_dir):
os.mkdir(force_complain_dir)
os.symlink(self.local_profilename, '%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain' % self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Complain flag could not be removed in profile %s'%local_profilename)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
# Set audit flag and then complain flag in a profile
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
os.symlink(self.local_profilename, '%s/%s'% (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit,complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
#Remove complain flag first i.e. set to enforce mode
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Complain flag could not be removed in profile %s'%local_profilename)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Complain flag could not be removed in profile %s'%self.local_profilename)
#Remove audit flag
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
def test_enforce(self):
# Set test profile to complain mode and check if it was correctly set
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Complain flag could not be removed in profile %s'%local_profilename)
self.assertEqual(os.path.islink('%s/force-complain/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
def test_disable(self):
# Disable the test profile and check if it was correctly disabled
subprocess.check_output('%s ./../aa-disable --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-disable --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in disable' % self.local_profilename)
def test_autodep(self):
pass
@ -116,37 +141,21 @@ class Test(unittest.TestCase):
input_file = 'cleanprof_test.in'
output_file = 'cleanprof_test.out'
#We position the local testfile
shutil.copy('./%s'%input_file, './profiles')
shutil.copy('./%s'%input_file, self.profile_dir)
#Our silly test program whose profile we wish to clean
cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile'
subprocess.check_output('%s ./../aa-cleanprof --no-reload -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)
subprocess.check_output('%s ./../aa-cleanprof --no-reload -d %s -s %s' % (python_interpreter, self.profile_dir, cleanprof_test), shell=True)
#Strip off the first line (#modified line)
subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file), shell=True)
subprocess.check_output('sed -i 1d %s/%s' % (self.profile_dir, input_file), shell=True)
exp_content = read_file('./%s' % output_file)
real_content = read_file('./profiles/%s' % input_file)
real_content = read_file('%s/%s' % (self.profile_dir, input_file))
self.maxDiff = None
self.assertEqual(exp_content, real_content, 'Failed to cleanup profile properly')
def clean_profile_dir():
#Wipe the local profiles from the test directory
shutil.rmtree('./profiles')
if __name__ == "__main__":
#import sys;sys.argv = ['', 'Test.testName']
if os.path.exists('./profiles'):
shutil.rmtree('./profiles')
#copy the local profiles to the test directory
#Should be the set of cleanprofile
shutil.copytree('../../profiles/apparmor.d/', './profiles', symlinks=True)
apparmor.profile_dir = './profiles'
atexit.register(clean_profile_dir)
unittest.main()
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=2)