mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

NetworkRule: allow TYPE without DOMAIN

Browse Source 
Thanks to a bug in the apparmor.d manpage, NetworkRule rejected rules
that contained only TYPE (for example "network stream,"). A bugreport on
IRC and some testing with the parser showed that this is actually
allowed, so NetworkRule should of course allow it.

Note: not strip()ing rule_details is the easiest way to ensure we have
whitespace in front of the TYPE in TYPE-only rules, which is needed by
the RE_NETWORK_DETAILS regex.

Also adjust the tests to the correct behaviour.


Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Christian Boltz
2015-07-07 14:10:17 +02:00
parent 4918107a6f
commit 9d5c0e1b1f
2 changed files with 7 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
utils/test/test-network.py
View File

@@ -48,6 +48,7 @@ class NetworkTestParse(NetworkTest):
('network inet stream,' , exp(False, False, False, '' , 'inet', False, 'stream' , False)),
('deny network inet stream, # comment' , exp(False, False, True , ' # comment' , 'inet', False, 'stream' , False)),
('audit allow network tcp,' , exp(True , True , False, '' , None , True , 'tcp' , False)),
('network stream,' , exp(False, False, False, '' , None , True , 'stream' , False)),
]
def _run_test(self, rawrule, expected):
@@ -58,7 +59,6 @@ class NetworkTestParse(NetworkTest):
class NetworkTestParseInvalid(NetworkTest):
tests = [
('network stream,' , AppArmorException), # domain missing
('network foo,' , AppArmorException),
('network foo bar,' , AppArmorException),
('network foo tcp,' , AppArmorException),
@@ -118,6 +118,7 @@ class NetworkFromInit(NetworkTest):
(NetworkRule('inet', NetworkRule.ALL) , exp(False, False, False, '' , 'inet', False, None , True )),
(NetworkRule(NetworkRule.ALL, NetworkRule.ALL) , exp(False, False, False, '' , None , True , None , True )),
(NetworkRule(NetworkRule.ALL, 'tcp') , exp(False, False, False, '' , None , True , 'tcp' , False)),
(NetworkRule(NetworkRule.ALL, 'stream') , exp(False, False, False, '' , None , True , 'stream' , False)),
]
def _run_test(self, obj, expected):
@@ -137,7 +138,6 @@ class InvalidNetworkInit(AATest):
([None , 'tcp' ] , AppArmorBug), # wrong type for domain
(['inet', dict() ] , AppArmorBug), # wrong type for type_or_protocol
(['inet', None ] , AppArmorBug), # wrong type for type_or_protocol
([NetworkRule.ALL, 'stream'] , AppArmorException), # stream requires a domain
]
def _run_test(self, params, expected):