Add missing introspection regression test that should have been checked in

with the introspection patches.

Signed-off-by: John Johansen <john.johansen@canonical.com>

tests/regression/apparmor/introspect.c

@@ -0,0 +1,74 @@
+/*
+ *	Copyright (C) 2002-2005 Novell/SUSE
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2 of the
+ *	License.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <linux/unistd.h>
+
+#include <sys/apparmor.h>
+
+int main(int argc, char *argv[])
+{
+	int rc; 
+	char *profile, *mode;
+
+        if (argc < 3 || argc > 4) {
+                fprintf(stderr, "usage: %s <task> <expected profile> [<expect mode>]\n",
+                        argv[0]);
+                return 1;
+        }
+
+        if (strcmp(argv[1], "self") == 0){
+		if (aa_getcon(&profile, &mode) == -1) {
+			int serrno = errno;
+                        fprintf(stderr,
+				"FAIL: introspect_confinement %s failed - %s\n",
+                                argv[1], strerror(errno));
+                        exit(serrno);
+		}
+	} else {
+		char *end;
+		pid_t pid = strtol(argv[1], &end, 10);
+		if (end == argv[1] || *end != 0) {
+			int serrno = errno;
+			fprintf(stderr,
+				"FAIL: query_confinement - invalid pid: %s\n",
+				argv[1]);
+			exit(serrno);
+		} else if (aa_gettaskcon(pid, &profile, &mode) == -1) {
+			int serrno = errno;
+                        fprintf(stderr,
+				"FAIL: query_confinement %s failed - %s\n",
+                                argv[1], strerror(errno));
+                        exit(serrno);
+		}
+	}
+	if (strcmp(profile, argv[2]) != 0) {
+		fprintf(stderr,
+			"FAIL: expected confinement \"%s\" != \"%s\"\n", argv[2],
+			profile);
+		exit(1);
+	}
+	if (argv[3] && (!mode || strcmp(mode, argv[3]) != 0)) {
+		fprintf(stderr,
+			"FAIL: expected mode \"%s\" != \"%s\"\n", argv[3],
+			mode ? mode : "(null)");
+		exit(1);
+	}
+	free(profile);
+
+        printf("PASS\n");
+	return 0;
+}

tests/regression/apparmor/introspect.sh

@@ -0,0 +1,67 @@
+#! /bin/bash
+#	Copyright (C) 20011 Canonical
+#
+#	This program is free software; you can redistribute it and/or
+#	modify it under the terms of the GNU General Public License as
+#	published by the Free Software Foundation, version 2 of the
+#	License.
+
+#=NAME introspect
+#=DESCRIPTION Test process confinement introspection
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+ok_ix_perm=rix
+badperm=r
+ok_ux_perm=ux
+ok_px_perm=px
+bad_mx_perm=rm
+
+#self unconfined
+runchecktest "introspect self unconfined" pass self unconfined
+
+#self unconfined (mode)
+runchecktest "introspect self unconfined (mode)" fail self unconfined enforce
+
+#self confined - no access to introspection
+genprofile
+runchecktest "introspect self confined" fail self "$testexec"
+
+#self confined
+genprofile "/proc/*/attr/current":r
+runchecktest "introspect self confined" pass self "$testexec"
+
+#self confined (enforce)
+runchecktest "introspect self confined" pass self "$testexec" enforce
+
+#### TODO
+
+# query unconfined of unconfined
+
+# query unconfined of confined
+
+# query unconfined of confined (enfore)
+
+# query confined of unconfined - no access permission
+
+# query confined of unconfined - access permission
+
+# query confined of unconfined (mode) - access permission
+
+# query confined of confined same profile - no access permission
+
+# query confined of confined same profile
+
+# query confined of confined same profile (enforce)
+
+# query confined of confined diff profile - no access permission
+
+# query confined of confined diff profile
+
+# query confined of confined diff profile (enforce)
+