mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

Update test scripts for signal rules

Browse Source 
Update mkprofile.pl to generate signal rules and update test scripts to
grant signal permissions when needed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen
2014-04-23 11:40:56 -07:00
parent 0cc659cdb4
commit 844b5cbd42
3 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/regression/apparmor/exec.sh
View File

@@ -43,19 +43,19 @@ runchecktest "EXEC with px" pass $file
# FAIL TEST - px/no profile # FAIL TEST - px/no profile
genprofile $file:$ok_px_perm genprofile $file:$ok_px_perm signal:ALL
runchecktest "EXEC with px - no profile" fail $file runchecktest "EXEC with px - no profile" fail $file
# NOLINK PERMTEST # NOLINK PERMTEST
genprofile $file:$badperm genprofile $file:$badperm signal:ALL
runchecktest "EXEC no x" fail $file runchecktest "EXEC no x" fail $file
# MMAP exec # MMAP exec
genprofile $file:$bad_mx_perm genprofile $file:$bad_mx_perm signal:ALL
runchecktest "EXEC mmap x" fail $file runchecktest "EXEC mmap x" fail $file

18
tests/regression/apparmor/mkprofile.pl
View File

@@ -174,6 +174,22 @@ sub gen_cap($) {
} }
} }
sub gen_signal($) {
my $rule = shift;
my @rules = split (/:/, $rule);
if (@rules == 2) {
if ($rules[1] =~ /^ALL$/) {
push (@{$output_rules{$hat}}, " signal,\n");
} else {
push (@{$output_rules{$hat}}, " signal $rules[1],\n");
}
} elsif (@rules == 3) {
push (@{$output_rules{$hat}}, " signal $rules[1] $rules[2],\n");
} else {
(!$nowarn) && print STDERR "Warning: invalid signal description '$rule', ignored\n";
}
}
sub gen_mount($) { sub gen_mount($) {
my $rule = shift; my $rule = shift;
my @rules = split (/:/, $rule); my @rules = split (/:/, $rule);
@@ -346,6 +362,8 @@ sub gen_from_args() {
gen_network($rule); gen_network($rule);
} elsif ($rule =~ /^cap:/) { } elsif ($rule =~ /^cap:/) {
gen_cap($rule); gen_cap($rule);
} elsif ($rule =~ /^signal:/) {
gen_signal($rule);
} elsif ($rule =~ /^mount:/) { } elsif ($rule =~ /^mount:/) {
gen_mount($rule); gen_mount($rule);
} elsif ($rule =~ /^remount:/) { } elsif ($rule =~ /^remount:/) {

12
tests/regression/apparmor/regex.sh
View File

@@ -148,25 +148,25 @@ genprofile /bin/t\?ue:$okperm
runchecktest "QUESTION MARK (exec)" pass $file runchecktest "QUESTION MARK (exec)" pass $file
# FAIL TEST - looking for * # FAIL TEST - looking for *
genprofile /sbin/\*:$okperm genprofile /sbin/\*:$okperm signal:ALL
runchecktest "SINGLE TAILGLOB (exec, fail)" fail $file runchecktest "SINGLE TAILGLOB (exec, fail)" fail $file
# FAIL TEST - looking for ** # FAIL TEST - looking for **
genprofile /sbi\*\*:$okperm genprofile /sbi\*\*:$okperm signal:ALL
runchecktest "DOUBLE TAILGLOB (exec, fail)" fail $file runchecktest "DOUBLE TAILGLOB (exec, fail)" fail $file
# FAIL TEST - looking for { , } # FAIL TEST - looking for { , }
genprofile /bin/\{flase,false\}:$okperm genprofile /bin/\{flase,false\}:$okperm signal:ALL
runchecktest "CURLY BRACES (exec, fail)" fail $file runchecktest "CURLY BRACES (exec, fail)" fail $file
# FAIL TEST - looking for [] # FAIL TEST - looking for []
genprofile /bin/\[aef\]rue:$okperm genprofile /bin/\[aef\]rue:$okperm signal:ALL
runchecktest "SQUARE BRACES 1 (exec, fail)" fail $file runchecktest "SQUARE BRACES 1 (exec, fail)" fail $file
# FAIL TEST - looking for [] # FAIL TEST - looking for []
genprofile /bin/\[u-x\]rue:$okperm genprofile /bin/\[u-x\]rue:$okperm signal:ALL
runchecktest "SQUARE BRACES 2 (exec, fail)" fail $file runchecktest "SQUARE BRACES 2 (exec, fail)" fail $file
# FAIL TEST - looking for ? # FAIL TEST - looking for ?
genprofile /bin/b\?ue:$okperm genprofile /bin/b\?ue:$okperm signal:ALL
runchecktest "QUESTION MARK (exec, fail)" fail $file runchecktest "QUESTION MARK (exec, fail)" fail $file