mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 06:16:03 +00:00
utils: add limited support for af_unix rules
This patch adds limited support for af_unix rules in the python utilities, of the "don't touch them, but don't throw a python backtrace when coming across them, either" variety. Testcases are added as well. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
@@ -58,6 +58,12 @@ regex_has_comma_testcases = [
|
||||
('pivot_root /old new%s', 'pivot_root with new'),
|
||||
('pivot_root /old /new -> child%s', 'pivot_root with child'),
|
||||
|
||||
('unix%s', 'bare unix'),
|
||||
('unix create%s', 'simple unix'),
|
||||
('peer=(addr=@abad1dea,label=a_profile) %s ', 'peer parens and comma'),
|
||||
('type=stream%s', 'unix type'),
|
||||
('unix (connect, receive, send)%s', 'unix perms'),
|
||||
|
||||
# the following fail due to inadequacies in the regex
|
||||
# ('dbus (r, w, %s', 'incomplete dbus action'),
|
||||
# ('member="{Hello,AddMatch,RemoveMatch, %s', 'incomplete {} regex'), # also invalid policy
|
||||
@@ -334,6 +340,31 @@ class AARegexPivotRoot(unittest.TestCase):
|
||||
('pivot_rootbeer /new, # comment', False),
|
||||
]
|
||||
|
||||
class AARegexUnix(unittest.TestCase):
|
||||
'''Tests for RE_PROFILE_UNIX'''
|
||||
|
||||
def setUp(self):
|
||||
self.regex = aa.RE_PROFILE_UNIX
|
||||
|
||||
tests = [
|
||||
(' unix,', (None, None, 'unix,', None)),
|
||||
(' audit unix,', ('audit', None, 'unix,', None)),
|
||||
(' unix accept,', (None, None, 'unix accept,', None)),
|
||||
(' allow unix connect,', (None, 'allow', 'unix connect,', None)),
|
||||
(' audit allow unix bind,', ('audit', 'allow', 'unix bind,', None)),
|
||||
(' deny unix bind,', (None, 'deny', 'unix bind,', None)),
|
||||
('unix peer=(label=@{profile_name}),',
|
||||
(None, None, 'unix peer=(label=@{profile_name}),', None)),
|
||||
('unix (receive) peer=(label=unconfined),',
|
||||
(None, None, 'unix (receive) peer=(label=unconfined),', None)),
|
||||
(' unix (getattr, shutdown) peer=(addr=none),',
|
||||
(None, None, 'unix (getattr, shutdown) peer=(addr=none),', None)),
|
||||
('unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),',
|
||||
(None, None, 'unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),', None)),
|
||||
('unixlike', False),
|
||||
('deny unixlike,', False),
|
||||
]
|
||||
|
||||
if __name__ == '__main__':
|
||||
verbosity = 2
|
||||
|
||||
@@ -345,7 +376,7 @@ if __name__ == '__main__':
|
||||
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AARegexSplitComment))
|
||||
|
||||
for tests in (AARegexCapability, AARegexPath, AARegexBareFile,
|
||||
AARegexDbus, AARegexMount,
|
||||
AARegexDbus, AARegexMount, AARegexUnix,
|
||||
AARegexSignal, AARegexPtrace, AARegexPivotRoot):
|
||||
setup_regex_tests(tests)
|
||||
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(tests))
|
||||
|
Reference in New Issue
Block a user