mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

tests: Add negative tests for missing individual AF_UNIX pathname perms

Browse Source 
Iterate through the individual client and server AF_UNIX pathname
permissions and remove them, one-by-one, to verify that the test fails.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Tyler Hicks
2014-09-30 11:34:42 -05:00
parent 84b6f98007
commit 85db44b586
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/regression/apparmor/unix_socket_pathname.sh
View File

@@ -78,6 +78,7 @@ testsocktype()
local testdesc="AF_UNIX pathname socket ($socktype)" local testdesc="AF_UNIX pathname socket ($socktype)"
local args="$sockpath $socktype $message $client" local args="$sockpath $socktype $message $client"
local af_unix local af_unix
local af_unix_access
removesockets $sockpath $client_sockpath removesockets $sockpath $client_sockpath
@@ -125,6 +126,17 @@ testsocktype()
genprofile $sockpath:$okserver $client:Ux genprofile $sockpath:$okserver $client:Ux
runchecktest "$testdesc; confined server w/o af_unix" fail $args runchecktest "$testdesc; confined server w/o af_unix" fail $args
removesockets $sockpath $client_sockpath removesockets $sockpath $client_sockpath
# Split the list of AF_UNIX accesses up at the ',' characters
# so that they can be iterated through. Remove each access,
# one-by-one, and verify that the test fails.
for access in ${af_unix_okserver//,/ }; do
# FAIL - server w/ a missing af_unix access
genprofile $sockpath:$okserver "unix:(${af_unix_okserver//$access/})" $client:Ux
runchecktest "$testdesc; confined server w/ a missing af_unix access ($access)" fail $args
removesockets $sockpath $client_sockpath
done
fi fi
server="$sockpath:$okserver $client_sockpath:$okserver $af_unix $client:px" server="$sockpath:$okserver $client_sockpath:$okserver $af_unix $client:px"
@@ -167,6 +179,17 @@ testsocktype()
genprofile $server -- image=$client $sockpath:$okclient genprofile $server -- image=$client $sockpath:$okclient
runchecktest "$testdesc; confined client w/o af_unix" fail $args runchecktest "$testdesc; confined client w/o af_unix" fail $args
removesockets $sockpath $client_sockpath removesockets $sockpath $client_sockpath
# Split the list of AF_UNIX accesses up at the ',' characters
# so that they can be iterated through. Remove each access,
# one-by-one, and verify that the test fails.
for access in ${af_unix_okclient//,/ }; do
# FAIL - client w/ a missing af_unix access
genprofile $server -- image=$client $sockpath:$okclient "unix:(${af_unix_okclient//$access/})"
runchecktest "$testdesc; confined client w/ a missing af_unix access ($access)" fail $args
removesockets $sockpath $client_sockpath
done
fi fi
removeprofile removeprofile