CapabilityRule: Validate given caps against cap list

... and error out if an unknown capability is given. This also means recognizing bad capabilities in the parser simple_tests now works (so remove these from the exception_not_raised list), and that we can no longer hand over an unknown capability in test-capability.py to test their severity.
2025-09-01 14:55:10 +00:00 · 2023-10-29 21:31:43 +01:00
parent 5c34655f4a
commit 942202da17
3 changed files with 10 additions and 10 deletions
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -44,12 +44,6 @@ exception_not_raised = (
    'abi/bad_11.sd',
    'abi/bad_12.sd',

-    # invalid capabilities (like "foobar"), but syntactically correct
-    'capability/bad_1.sd',
-    'capability/bad_2.sd',
-    'capability/bad_3.sd',
-    'capability/bad_4.sd',
-
    # interesting[tm] profile name
    'change_hat/bad_parsing.sd',

@@ -176,8 +170,6 @@ exception_not_raised = (
    'profile/flags/flags_bad_disconnected_path4.sd',
    'profile/flags/flags_bad_disconnected_path5.sd',
    'profile/profile_ns_bad8.sd',  # 'profile :ns/t' without terminating ':'
-    'ptrace/bad_05.sd',  # actually contains a capability rule with invalid (ptrace-related) keyword
-    'ptrace/bad_06.sd',  # actually contains a capability rule with invalid (ptrace-related) keyword
    'ptrace/bad_10.sd',  # peer with invalid regex
    'signal/bad_21.sd',  # invalid regex
    'unix/bad_attr_1.sd',