mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

Fixes "deleted" test case to match the documentation for the expected

Browse Source 
outcome. Adds additional positive test, fixes spelling.
This commit is contained in:
Kees Cook
2010-08-04 12:22:48 -07:00
parent 5c8581a345
commit cc434a1c7f
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/regression/apparmor/deleted.c
View File

@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
} }
/* test that we can create the file. Not necessarily a (deleted) /* test that we can create the file. Not necessarily a (deleted)
* case but lets use flush out other combinations * case but lets us flush out other combinations.
*/ */
fd2=creat(argv[2], S_IRUSR | S_IWUSR); fd2=creat(argv[2], S_IRUSR | S_IWUSR);
if (fd2 == -1){ if (fd2 == -1){

12
tests/regression/apparmor/deleted.sh
View File

@@ -1,7 +1,7 @@
#! /bin/bash #! /bin/bash
# $Id$ #
# Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2010 Canonical, Ltd
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as # modify it under the terms of the GNU General Public License as
@@ -10,7 +10,7 @@
#=NAME deleted #=NAME deleted
#=DESCRIPTION #=DESCRIPTION
# Test subdomain is properly working around a kernel in which the kernel # Test AppArmor is properly working around a kernel in which the kernel
# appends (deleted) to deleted files verifies that the d_path appending # appends (deleted) to deleted files verifies that the d_path appending
# (deleted) fix is working # (deleted) fix is working
#=END #=END
@@ -24,6 +24,7 @@ bin=$pwd
file=$tmpdir/file file=$tmpdir/file
file2="$tmpdir/file (deleted)" file2="$tmpdir/file (deleted)"
file3="$tmpdir/unavailable"
okperm=rwl okperm=rwl
subtest=sub subtest=sub
@@ -40,8 +41,8 @@ runchecktest "NO PROFILE (access file (deleted))" pass nochange "$file2"
# NO CHANGEHAT TEST - doesn't force revalidation # NO CHANGEHAT TEST - doesn't force revalidation
genprofile $file:$okperm genprofile $file:$okperm
runchecktest "NO CHANGEHAT (access file)" pass nochange $file runchecktest "NO CHANGEHAT (access file)" pass nochange $file
runchecktest "NO CHANGEHAT (cannot access unavailable)" fail nochange $file3
genprofile "$file2":$okperm genprofile "$file2":$okperm
runchecktest "NO CHANGEHAT (access file (delete))" pass nochange "$file2" runchecktest "NO CHANGEHAT (access file (delete))" pass nochange "$file2"
@@ -49,6 +50,7 @@ runchecktest "NO CHANGEHAT (access file (delete))" pass nochange "$file2"
# CHANGEHAT TEST - force revalidation using changehat # CHANGEHAT TEST - force revalidation using changehat
genprofile $file:$okperm hat:$subtest $file:$okperm genprofile $file:$okperm hat:$subtest $file:$okperm
runchecktest "CHANGEHAT (access file)" pass $subtest $file runchecktest "CHANGEHAT (access file)" pass $subtest $file
runchecktest "CHANGEHAT (cannot access unavailable)" fail $subtest $file3
genprofile "$file2":$okperm hat:$subtest "$file2":$okperm genprofile "$file2":$okperm hat:$subtest "$file2":$okperm
runchecktest "CHANGEHAT (access file (deleted))" pass $subtest "$file2" runchecktest "CHANGEHAT (access file (deleted))" pass $subtest "$file2"
@@ -115,7 +117,7 @@ rm -f ${socket}
# FAIL - confined client, w access to the file # FAIL - confined client, w access to the file
genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw
runchecktest "fd passing; confined client w/ w only" pass $file $socket $fd_client "delete_file" runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client "delete_file"
sleep 1 sleep 1
rm -f ${socket} rm -f ${socket}