diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am index 505d1f70b..deca53ed6 100644 --- a/libraries/libapparmor/src/Makefile.am +++ b/libraries/libapparmor/src/Makefile.am @@ -67,7 +67,11 @@ tst_aalogmisc_LDADD = .libs/libapparmor.a tst_features_SOURCES = tst_features.c tst_features_LDADD = .libs/libapparmor.a -check_PROGRAMS = tst_aalogmisc tst_features +tst_kernel_SOURCES = tst_kernel.c +tst_kernel_LDADD = .libs/libapparmor.a +tst_kernel_LDFLAGS = -pthread + +check_PROGRAMS = tst_aalogmisc tst_features tst_kernel TESTS = $(check_PROGRAMS) EXTRA_DIST = grammar.y scanner.l libapparmor.map libapparmor.pc diff --git a/libraries/libapparmor/src/tst_kernel.c b/libraries/libapparmor/src/tst_kernel.c new file mode 100644 index 000000000..8a8e70ea5 --- /dev/null +++ b/libraries/libapparmor/src/tst_kernel.c @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2015 + * Canonical, Ltd. (All rights reserved) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, contact Novell, Inc. or Canonical + * Ltd. + */ + +#include +#include + +#include "features.c" + +static int nullcmp_and_strcmp(const void *s1, const void *s2) +{ + /* Return 0 if both pointers are NULL & non-zero if only one is NULL */ + if (!s1 || !s2) + return s1 != s2; + + return strcmp(s1, s2); +} + +static int do_test_aa_splitcon(char *con, char **mode, + const char *expected_label, + const char *expected_mode, const char *error) +{ + char *label; + int rc = 0; + + label = aa_splitcon(con, mode); + + if (nullcmp_and_strcmp(label, expected_label)) { + fprintf(stderr, "FAIL: %s: label \"%s\" != \"%s\"\n", + error, label, expected_label); + rc = 1; + } + + if (mode && nullcmp_and_strcmp(*mode, expected_mode)) { + fprintf(stderr, "FAIL: %s: mode \"%s\" != \"%s\"\n", + error, *mode, expected_mode); + rc = 1; + } + + return rc; +} + +#define TEST_SPLITCON(con, expected_label, expected_mode, error) \ + do { \ + char c1[] = con; \ + char c2[] = con; \ + char *mode; \ + \ + if (do_test_aa_splitcon(c1, &mode, expected_label, \ + expected_mode, error)) { \ + rc = 1; \ + } else if (do_test_aa_splitcon(c2, NULL, expected_label,\ + NULL, \ + error " (NULL mode)")) { \ + rc = 1; \ + } \ + } while (0) + + +static int test_aa_splitcon(void) +{ + int rc = 0; + + TEST_SPLITCON("label (mode)", "label", "mode", "basic split"); + + TEST_SPLITCON("/a/b/c (enforce)", "/a/b/c", "enforce", + "path enforce split"); + + TEST_SPLITCON("/a/b/c (complain)", "/a/b/c", "complain", + "path complain split"); + + TEST_SPLITCON("profile_name (enforce)", "profile_name", "enforce", + "name enforce split"); + + TEST_SPLITCON("profile_name (complain)", "profile_name", "complain", + "name complain split"); + + TEST_SPLITCON("unconfined", "unconfined", NULL, "unconfined"); + + TEST_SPLITCON("(odd) (enforce)", "(odd)", "enforce", + "parenthesized label #1"); + + TEST_SPLITCON("(odd) (enforce) (enforce)", "(odd) (enforce)", "enforce", + "parenthesized label #2"); + + TEST_SPLITCON("/usr/bin/😺 (enforce)", "/usr/bin/😺", "enforce", + "non-ASCII path"); + + TEST_SPLITCON("👍 (enforce)", "👍", "enforce", "non-ASCII profile name"); + + /* Negative tests */ + + TEST_SPLITCON("", NULL, NULL, "empty string test"); + + TEST_SPLITCON("/a/b/c (complain)\n", NULL, NULL, + "path split w/ invalid trailing newline"); + + TEST_SPLITCON("unconfined\n", NULL, NULL, + "unconfined w/ invalid trailing newline"); + + TEST_SPLITCON("profile\t(enforce)", NULL, NULL, + "invalid tab separator"); + + TEST_SPLITCON("profile(enforce)", NULL, NULL, + "invalid missing separator"); + + return rc; +} + +int main(void) +{ + int retval, rc = 0; + + retval = test_aa_splitcon(); + if (retval) + rc = retval; + + return rc; +}