From 93ccf15ce61d4c609c02176db57ae9de1bad0f6c Mon Sep 17 00:00:00 2001 From: Vincas Dargis Date: Thu, 18 Oct 2018 20:00:03 +0300 Subject: [PATCH] profiles/Makefile: test abstractions against apparmor_parser Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues. This is backport of dc7ae28de05a5cd5d8e935c15d174689860d4f37 for 2.10..2.12 series (without --config-file option). --- profiles/Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/profiles/Makefile b/profiles/Makefile index a0eba8ec0..da14cbcf2 100644 --- a/profiles/Makefile +++ b/profiles/Makefile @@ -29,6 +29,7 @@ DESTDIR=/ PROFILES_DEST=${DESTDIR}/etc/apparmor.d EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles/ PROFILES_SOURCE=./apparmor.d +ABSTRACTIONS_SOURCE=./apparmor.d/abstractions EXTRAS_SOURCE=./apparmor/profiles/extras/ SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print) @@ -84,6 +85,8 @@ docs: IGNORE_FILES=${EXTRAS_SOURCE}/README CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*)) +# use find because Make wildcard is not recursive: +CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print) .PHONY: check check: check-parser check-logprof @@ -96,6 +99,14 @@ check-parser: local ${PARSER} -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \ done + @echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser" + $(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \ + [ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \ + echo "#include profile test { #include <$${abstraction}> }" \ + | ${PARSER} -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \ + || exit 1; \ + done + .PHONY: check-logprof check-logprof: local @echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"