mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

ProfileList: allow storing actual profile data

Browse Source 
Add a prof_storage parameter to add_profile() to hand over the actual
profile data/rules as ProfileStorage.

Also adjust several tests to hand over a (dummy) ProfileStorage object.

Note: For now, the parameter is optional because it needs some more changes
in aa.py to be really useable. This will change in a later commit.
This commit is contained in:
Christian Boltz
2021-04-05 13:21:36 +02:00
parent ba53ff3045
commit b1a1b5dc1b
3 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
utils/test/test-profile-list.py
View File

@@ -18,6 +18,7 @@ import shutil
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.profile_list import ProfileList
from apparmor.profile_storage import ProfileStorage
from apparmor.rule.abi import AbiRule
from apparmor.rule.alias import AliasRule
from apparmor.rule.boolean import BooleanRule
@@ -27,6 +28,7 @@ from apparmor.rule.variable import VariableRule
class TestAdd_profile(AATest):
def AASetup(self):
self.pl = ProfileList()
self.dummy_profile = ProfileStorage('TEST DUMMY', 'AATest_no_file', 'TEST')
def testEmpty(self):
self.assertEqual(self.pl.profile_names, {})
@@ -34,21 +36,21 @@ class TestAdd_profile(AATest):
self.assertEqual('%s' % self.pl, "\n".join(['', '<ProfileList>', '', '</ProfileList>', '']))
def testAdd_profile_1(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.attachments, {'/bin/foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
def testAdd_profile_2(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo', self.dummy_profile)
self.assertEqual(self.pl.profile_names, {})
self.assertEqual(self.pl.attachments, {'/bin/foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['/bin/foo'])
self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
def testAdd_profile_3(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None, self.dummy_profile)
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.attachments, {})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
@@ -56,41 +58,45 @@ class TestAdd_profile(AATest):
def testAdd_profileError_1(self):
with self.assertRaises(AppArmorBug):
self.pl.add_profile('', 'foo', '/bin/foo') # no filename
self.pl.add_profile('', 'foo', '/bin/foo', self.dummy_profile) # no filename
def testAdd_profileError_2(self):
with self.assertRaises(AppArmorBug):
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, None) # neither attachment or profile name
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, None, self.dummy_profile) # neither attachment or profile name
def testAdd_profileError_list_nonexisting_file(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None, self.dummy_profile)
with self.assertRaises(AppArmorBug):
self.pl.profiles_in_file('/etc/apparmor.d/not.found') # different filename
def testAdd_profileError_twice_1(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
with self.assertRaises(AppArmorException):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
def testAdd_profileError_twice_2(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
with self.assertRaises(AppArmorException):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None, self.dummy_profile)
def testAdd_profileError_twice_3(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo', self.dummy_profile)
with self.assertRaises(AppArmorException):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
def testAdd_profileError_twice_4(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo', self.dummy_profile)
with self.assertRaises(AppArmorException):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
def testAdd_profileError_twice_5(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None, self.dummy_profile)
with self.assertRaises(AppArmorException):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
def testAdd_profileError_wrong_prof_type(self):
with self.assertRaises(AppArmorBug):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', 'wrong_type')
class TestFilename_from_profile_name(AATest):
tests = [
@@ -103,8 +109,9 @@ class TestFilename_from_profile_name(AATest):
def AASetup(self):
self.pl = ProfileList()
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}')
self.dummy_profile = ProfileStorage('TEST DUMMY', 'AATest_no_file', 'TEST')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', self.dummy_profile)
def _run_test(self, params, expected):
self.assertEqual(self.pl.filename_from_profile_name(params), expected)
@@ -122,10 +129,11 @@ class TestFilename_from_attachment(AATest):
def AASetup(self):
self.pl = ProfileList()
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.pl.add_profile('/etc/apparmor.d/bin.baz', 'baz', '/bin/ba*')
self.pl.add_profile('/etc/apparmor.d/bin.foobar', 'foobar', '/bin/foo{bar,baz}')
self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}')
self.dummy_profile = ProfileStorage('TEST DUMMY', 'AATest_no_file', 'TEST')
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
self.pl.add_profile('/etc/apparmor.d/bin.baz', 'baz', '/bin/ba*', self.dummy_profile)
self.pl.add_profile('/etc/apparmor.d/bin.foobar', 'foobar', '/bin/foo{bar,baz}', self.dummy_profile)
self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', self.dummy_profile)
def _run_test(self, params, expected):
self.assertEqual(self.pl.filename_from_attachment(params), expected)