MountRule: check for unknown fstype and options

... now that the previous commits fixed issues that ended up as unknown keywords. Also add mount/ok_12.sd as known-failing test. It uses fstype=AARE which MountRule doesn't support (yet?).
2025-09-02 23:35:37 +00:00 · 2024-03-03 16:01:40 +01:00
parent 8d21f01924
commit 8f4073ecd9
3 changed files with 15 additions and 0 deletions
--- a/utils/apparmor/rule/mount.py
+++ b/utils/apparmor/rule/mount.py
@@ -94,9 +94,13 @@ class MountRule(BaseRule):
        self.operation = operation

        self.fstype, self.all_fstype, unknown_items = check_and_split_list(fstype[1] if fstype != self.ALL else fstype, valid_fs, self.ALL, type(self).__name__, 'fstype')
+        if unknown_items:
+            raise AppArmorException(_('Passed unknown fstype keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
        self.is_fstype_equal = fstype[0] if not self.all_fstype else None

        self.options, self.all_options, unknown_items = check_and_split_list(options[1] if options != self.ALL else options, flags_keywords, self.ALL, type(self).__name__, 'options')
+        if unknown_items:
+            raise AppArmorException(_('Passed unknown options keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
        self.is_options_equal = options[0] if not self.all_options else None

        if source != self.ALL and source[0].isalpha():
--- a/utils/test/test-mount.py
+++ b/utils/test/test-mount.py
@@ -96,10 +96,18 @@ class MountTestParseInvalid(AATest):
        with self.assertRaises(AppArmorBug):
            MountRule('mount', ('ext3', 'ext4'), MountRule.ALL, MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'

+    def test_diff_invalid_fstype_keyword(self):
+        with self.assertRaises(AppArmorException):
+            MountRule('mount', ('=', 'invalidfs'), MountRule.ALL, MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+
    def test_diff_invalid_options_equals_or_in(self):
        with self.assertRaises(AppArmorBug):
            MountRule('mount', MountRule.ALL, ('rbind', 'rw'),  MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'

+    def test_diff_invalid_options_keyword(self):
+        with self.assertRaises(AppArmorException):
+            MountRule('mount', MountRule.ALL, ('=', 'invalid'),  MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+
    def test_diff_fstype(self):
        obj1 = MountRule('mount',("=", 'ext4'), MountRule.ALL,  MountRule.ALL, MountRule.ALL)
        obj2 = MountRule('mount',MountRule.ALL, MountRule.ALL,  MountRule.ALL, MountRule.ALL)
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -324,6 +324,9 @@ unknown_line = (
    'bare_include_tests/ok_85.sd',
    'bare_include_tests/ok_86.sd',

+    # mount with fstype using AARE
+    'mount/ok_12.sd',
+
    # Mount with flags in {remount, [r]unbindable, [r]shared, [r]private, [r]slave} does not support a source
    'mount/ok_opt_68.sd',
    'mount/ok_opt_69.sd',