mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 07:15:18 +00:00
Code Issues Releases Wiki Activity

Merge branch 'cboltz-utils-keywords' into 'master'

Browse Source 
update network keyword list in utils and add test

See merge request apparmor/apparmor!350

Acked-by: Eric Chiang <ericchiang@google.com> for 2.12..master

(cherry picked from commit dc010bc034)

49849ed7 update network keyword list in utils and add test
This commit is contained in:
Christian Boltz
2019-03-18 16:02:20 +00:00
parent e6a25f6971
commit 75236d62e2
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
utils/apparmor/rule/network.py
View File

@@ -26,8 +26,8 @@ _ = init_translation()
network_domain_keywords = [ 'unspec', 'unix', 'inet', 'ax25', 'ipx', 'appletalk', 'netrom', 'bridge', 'atmpvc', 'x25', 'inet6', network_domain_keywords = [ 'unspec', 'unix', 'inet', 'ax25', 'ipx', 'appletalk', 'netrom', 'bridge', 'atmpvc', 'x25', 'inet6',
'rose', 'netbeui', 'security', 'key', 'netlink', 'packet', 'ash', 'econet', 'atmsvc', 'rds', 'sna', 'rose', 'netbeui', 'security', 'key', 'netlink', 'packet', 'ash', 'econet', 'atmsvc', 'rds', 'sna',
'irda', 'pppox', 'wanpipe', 'llc', 'can', 'tipc', 'bluetooth', 'iucv', 'rxrpc', 'isdn', 'phonet', 'irda', 'pppox', 'wanpipe', 'llc', 'ib', 'mpls', 'can', 'tipc', 'bluetooth', 'iucv', 'rxrpc', 'isdn',
'ieee802154', 'caif', 'alg', 'nfc', 'vsock', 'mpls', 'ib', 'kcm', 'smc' ] 'phonet', 'ieee802154', 'caif', 'alg', 'nfc', 'vsock', 'kcm', 'qipcrtr', 'smc', 'xdp' ]
network_type_keywords = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw', 'packet'] network_type_keywords = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw', 'packet']
network_protocol_keywords = ['tcp', 'udp', 'icmp'] network_protocol_keywords = ['tcp', 'udp', 'icmp']

28
utils/test/test-network.py
View File

@@ -17,9 +17,9 @@ import unittest
from collections import namedtuple from collections import namedtuple
from common_test import AATest, setup_all_loops from common_test import AATest, setup_all_loops
from apparmor.rule.network import NetworkRule, NetworkRuleset from apparmor.rule.network import NetworkRule, NetworkRuleset, network_domain_keywords
from apparmor.rule import BaseRule from apparmor.rule import BaseRule
from apparmor.common import AppArmorException, AppArmorBug from apparmor.common import AppArmorException, AppArmorBug, cmd
from apparmor.logparser import ReadLog from apparmor.logparser import ReadLog
from apparmor.translations import init_translation from apparmor.translations import init_translation
_ = init_translation() _ = init_translation()
@@ -27,6 +27,30 @@ _ = init_translation()
exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment', exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
'domain', 'all_domains', 'type_or_protocol', 'all_type_or_protocols']) 'domain', 'all_domains', 'type_or_protocol', 'all_type_or_protocols'])
# --- check if the keyword list is up to date --- #
class NetworkKeywordsTest(AATest):
def test_network_keyword_list(self):
rc, output = cmd('../../common/list_af_names.sh')
self.assertEqual(rc, 0)
af_names = []
af_pairs = output.replace('AF_', '').strip().lower().split(",")
for af_pair in af_pairs:
af_name = af_pair.lstrip().split(" ")[0]
# skip max af name definition
if len(af_name) > 0 and af_name != "max":
af_names.append(af_name)
missing_af_names = []
for keyword in af_names:
if keyword not in network_domain_keywords:
# keywords missing in the system are ok (= older kernel), but network_domain_keywords needs to have the full list
missing_af_names.append(keyword)
self.assertEqual(missing_af_names, [], 'Missing af_names in NetworkRule network_domain_keywords. This test is likely running '
'on an newer kernel and will require updating the list of network domain keywords in utils/apparmor/rule/network.py')
# --- tests for single NetworkRule --- # # --- tests for single NetworkRule --- #
class NetworkTest(AATest): class NetworkTest(AATest):