mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Write basic file complain-mode regression tests

Browse Source 
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
This commit is contained in:
Ryan Lee 2024-11-07 12:00:14 -08:00
parent 5b98577a4d
commit cb110eaf98
4 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -230,6 +230,7 @@ tests/regression/apparmor/chgrp
tests/regression/apparmor/chmod tests/regression/apparmor/chmod
tests/regression/apparmor/chown tests/regression/apparmor/chown
tests/regression/apparmor/clone tests/regression/apparmor/clone
tests/regression/apparmor/complain
tests/regression/apparmor/dbus_eavesdrop tests/regression/apparmor/dbus_eavesdrop
tests/regression/apparmor/dbus_message tests/regression/apparmor/dbus_message
tests/regression/apparmor/dbus_service tests/regression/apparmor/dbus_service

2
tests/regression/apparmor/Makefile
View File

@ -90,6 +90,7 @@ SRC=access.c \
chmod.c \ chmod.c \
chown.c \ chown.c \
clone.c \ clone.c \
complain.c \
coredump.c \ coredump.c \
deleted.c \ deleted.c \
environ.c \ environ.c \
@ -242,6 +243,7 @@ TESTS=aa_exec \
changehat_misc \ changehat_misc \
chdir \ chdir \
clone \ clone \
complain \
coredump \ coredump \
deleted \ deleted \
e2e \ e2e \

38
tests/regression/apparmor/complain.c Normal file
View File

@ -0,0 +1,38 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
void print_usage() {
fprintf(stderr, "Usage: ./complain (read|exec) [args]\n");
}
int main(int argc, char **argv) {
if (argc < 3) {
print_usage();
return 1;
}
if (strcmp(argv[1], "read") == 0) {
FILE *file = fopen(argv[2], "r");
if (file == NULL) {
perror("FAIL: Could not open file");
return 2;
}
long file_len = ftell(file);
if (file_len == -1) {
perror("FAIL: Could not get file len");
fclose(file);
return 1;
}
// Don't need to do anything else for now
fprintf(stderr, "PASS\n");
return 0;
} else if (strcmp(argv[1], "exec") == 0) {
execvp(argv[2], &argv[2]);
// execvp failed
fprintf(stderr, "FAIL: execvp of %s failed\n", argv[1]);
return 1;
} else {
print_usage();
return 1;
}
}

33
tests/regression/apparmor/complain.sh Normal file
View File

@ -0,0 +1,33 @@
#! /bin/bash
# Copyright (C) 2024 Canonical, Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2 of the
# License.
#=NAME complain
#=DESCRIPTION
# Verifies that complain-mode profiles work as expected and do not block
# operations disallowed by policy
#=END
pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. "$bin/prologue.inc"
tmpfile=$tmpdir/file
touch $tmpfile
genprofile -C
runchecktest "Complain mode profile (file read)" pass read $tmpfile
runchecktest "Complain mode profile (file exec no permission entry)" pass exec echo PASS
# This test will fail on a kernel that doesn't have
# https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied
genprofile -C $(which echo):cx
runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS