profiles/Makefile: test abstractions against apparmor_parser

Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues. This is backport of dc7ae28de0 for 2.10..2.12 series (without --config-file option).
2025-08-31 06:16:03 +00:00 · 2018-10-18 20:00:03 +03:00
parent 4633658232
commit 93ccf15ce6
1 changed files with 11 additions and 0 deletions
--- a/profiles/Makefile
+++ b/profiles/Makefile
@@ -29,6 +29,7 @@ DESTDIR=/
 PROFILES_DEST=${DESTDIR}/etc/apparmor.d
 EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles/
 PROFILES_SOURCE=./apparmor.d
+ABSTRACTIONS_SOURCE=./apparmor.d/abstractions
 EXTRAS_SOURCE=./apparmor/profiles/extras/

 SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print)
@@ -84,6 +85,8 @@ docs:

 IGNORE_FILES=${EXTRAS_SOURCE}/README
 CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*))
+# use find because Make wildcard is not recursive:
+CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print)

 .PHONY: check
 check: check-parser check-logprof
@@ -96,6 +99,14 @@ check-parser: local
 		${PARSER} -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \
 	done

+	@echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser"
+	$(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \
+	        [ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \
+		echo "#include <tunables/global> profile test { #include <$${abstraction}> }" \
+		| ${PARSER} -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \
+		|| exit 1; \
+	done
+
 .PHONY: check-logprof
 check-logprof: local
 	@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"