diff --git a/Makefile b/Makefile index 3aea44a7..8817b4f6 100644 --- a/Makefile +++ b/Makefile @@ -108,6 +108,10 @@ lint: check: @bash tests/check.sh +.PHONY: bats +bats: + @bats --print-output-on-failure tests/bats/ + manual: @pandoc -t man -s -o root/usr/share/man/man8/aa-log.8 root/usr/share/man/man8/aa-log.md diff --git a/tests/bats/aa-status.bats b/tests/bats/aa-status.bats new file mode 100644 index 00000000..8adcd158 --- /dev/null +++ b/tests/bats/aa-status.bats @@ -0,0 +1,40 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=aa-status +@test "aa-status: Check status" { + sudo aa-status + aa_check +} + +# bats test_tags=aa-status +@test "aa-status: Display the number of loaded policies" { + sudo aa-status --profiled + aa_check +} + +# bats test_tags=aa-status +@test "aa-status: Display the number of loaded enforicing policies" { + sudo aa-status --enforced + aa_check +} + +# bats test_tags=aa-status +@test "aa-status: Display the number of loaded non-enforcing policies" { + sudo aa-status --complaining + aa_check +} + +# bats test_tags=aa-status +@test "aa-status: Display the number of loaded enforcing policies that kill tasks" { + sudo aa-status --kill + aa_check +} diff --git a/tests/bats/blkid.bats b/tests/bats/blkid.bats new file mode 100644 index 00000000..65160f18 --- /dev/null +++ b/tests/bats/blkid.bats @@ -0,0 +1,22 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=blkid +@test "blkid: List all partitions" { + sudo blkid + aa_check +} + +# bats test_tags=blkid +@test "blkid: List all partitions in a table, including current mountpoints" { + sudo blkid -o list + aa_check +} diff --git a/tests/bats/common.bash b/tests/bats/common.bash new file mode 100644 index 00000000..c08d1375 --- /dev/null +++ b/tests/bats/common.bash @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +export BATS_LIB_PATH=${BATS_LIB_PATH:-/usr/lib/bats} +load "$BATS_LIB_PATH/bats-support/load" + +export XDG_CACHE_DIR=".cache" +export XDG_CONFIG_DIR=".config" +export XDG_DATA_DIR=".local/share" +export XDG_STATE_DIR=".local/state" +export XDG_BIN_DIR=".local/bin" +export XDG_LIB_DIR=".local/lib" + +# Define extended user directories not defined in the XDG standard but commonly +# used in profiles +export XDG_SCREENSHOTS_DIR="Pictures/Screenshots" +export XDG_WALLPAPERS_DIR="Pictures/Wallpapers" +export XDG_BOOKS_DIR="Books" +export XDG_GAMES_DIR="Games" +export XDG_PROJECTS_DIR="Projects" +export XDG_WORK_DIR="Work" +export XDG_MAIL_DIR="Mail" +export XDG_SYNC_DIR="Sync" +export XDG_TORRENTS_DIR="Torrents" +export XDG_GAMESSTUDIO_DIR="unity3d" + +# Define user directories for virtual machines, shared folders and disk images +export XDG_VM_DIR=".vm" +export XDG_VMSHARE_DIR=".vmshare" +export XDG_IMG_DIR=".img" + +# Define user build directories and artifacts output +export XDG_BUILD_DIR=".build" +export XDG_PKG_DIR=".pkg" + +# Define user personal keyrings +export XDG_GPG_DIR=".gnupg" +export XDG_SSH_DIR=".ssh" +export XDG_PASSWORDSTORE_DIR=".password-store" + +# Define user personal private directories +export XDG_PRIVATE_DIR=".private" + +# Full path of the XDG Base Directory +export user_cache_dirs=$HOME/$XDG_CACHE_DIR +export user_config_dirs=$HOME/$XDG_CONFIG_DIR +export user_state_dirs=$HOME/$XDG_STATE_DIR +export user_bin_dirs=$HOME/$XDG_BIN_DIR +export user_lib_dirs=$HOME/$XDG_LIB_DIR + +# Other user directories +export user_desktop_dirs=$HOME/$XDG_DESKTOP_DIR +export user_download_dirs=$HOME/$XDG_DOWNLOAD_DIR +export user_templates_dirs=$HOME/$XDG_TEMPLATES_DIR +export user_publicshare_dirs=$HOME/$XDG_PUBLICSHARE_DIR +export user_documents_dirs=$HOME/$XDG_DOCUMENTS_DIR +export user_music_dirs=$HOME/$XDG_MUSIC_DIR +export user_pictures_dirs=$HOME/$XDG_PICTURES_DIR +export user_videos_dirs=$HOME/$XDG_VIDEOS_DIR +export user_books_dirs=$HOME/$XDG_BOOKS_DIR +export user_games_dirs=$HOME/$XDG_GAMES_DIR +export user_projects_dirs=$HOME/$XDG_PROJECTS_DIR +export user_work_dirs=$HOME/$XDG_WORK_DIR +export user_mail_dirs=$HOME/$XDG_MAIL_DIR +export user_sync_dirs=$HOME/$XDG_SYNC_DIR +export user_torrents_dirs=$HOME/$XDG_TORRENTS_DIR +export user_vm_dirs=$HOME/$XDG_VM_DIR +export user_vmshare_dirs=$HOME/$XDG_VMSHARE_DIR +export user_img_dirs=$HOME/$XDG_IMG_DIR +export user_build_dirs=$HOME/$XDG_BUILD_DIR +export user_pkg_dirs=$HOME/$XDG_PKG_DIR +export user_gpg_dirs=$HOME/$XDG_GPG_DIR +export user_ssh_dirs=$HOME/$XDG_SSH_DIR +export user_passwordstore_dirs=$HOME/$XDG_PASSWORDSTORE_DIR +export user_private_dirs=$HOME/$XDG_PRIVATE_DIR + +_START="$(date +%s)" +PROGRAM="$(basename "$BATS_TEST_FILENAME")" +PROGRAM="${PROGRAM%.*}" +export _START PROGRAM + +skip_if_not_installed() { + if ! which "$PROGRAM" &>/dev/null; then + skip "$PROGRAM is not installed" + fi +} + +aa_setup() { + aa_start + skip_if_not_installed +} + +aa_start() { + _START=$(date +%s) +} + +aa_check() { + local now duration logs + + now=$(date +%s) + duration=$((now - _START + 2)) + logs=$(aa-log --raw --systemd --since "-${duration}s") + if [[ -n "$logs" ]]; then + fail "profile $PROGRAM raised logs: $logs" + fi + aa_start +} diff --git a/tests/bats/df.bats b/tests/bats/df.bats new file mode 100644 index 00000000..be284321 --- /dev/null +++ b/tests/bats/df.bats @@ -0,0 +1,34 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=df +@test "df: Display all filesystems and their disk usage" { + df + aa_check +} + +# bats test_tags=df +@test "df: Display all filesystems and their disk usage in human-readable form" { + df -h + aa_check +} + +# bats test_tags=df +@test "df: Include statistics on the number of free inodes" { + df --inodes + aa_check +} + +# bats test_tags=df +@test "df: Display filesystem types" { + df --print-type + aa_check +} diff --git a/tests/bats/lsblk.bats b/tests/bats/lsblk.bats new file mode 100644 index 00000000..4fecf42a --- /dev/null +++ b/tests/bats/lsblk.bats @@ -0,0 +1,58 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=lsblk +@test "lsblk: List all storage devices in a tree-like format" { + lsblk + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Also list empty devices" { + lsblk -a + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Print the SIZE column in bytes rather than in a human-readable format" { + lsblk -b + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Output info about filesystems" { + lsblk -f + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Use ASCII characters for tree formatting" { + lsblk -i + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Output info about block-device topology" { + lsblk -t + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Exclude the devices specified by the comma-separated list of major device numbers" { + lsblk -e 1 + aa_check +} + +# bats test_tags=lsblk +@test "lsblk: Display a customized summary using a comma-separated list of columns" { + lsblk --output NAME,SERIAL,MODEL,TRAN,TYPE,SIZE,FSTYPE,MOUNTPOINT + aa_check +} diff --git a/tests/bats/lscpu.bats b/tests/bats/lscpu.bats new file mode 100644 index 00000000..ef09cfbb --- /dev/null +++ b/tests/bats/lscpu.bats @@ -0,0 +1,28 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=lscpu +@test "lscpu: Display information about all CPUs" { + lscpu + aa_check +} + +# bats test_tags=lscpu +@test "lscpu: Display information in a table" { + lscpu --extended + aa_check +} + +# bats test_tags=lscpu +@test "lscpu: Display only information about offline CPUs in a table" { + lscpu --extended --offline + aa_check +} diff --git a/tests/bats/lspci.bats b/tests/bats/lspci.bats new file mode 100644 index 00000000..bc6ea201 --- /dev/null +++ b/tests/bats/lspci.bats @@ -0,0 +1,40 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=lspci +@test "lspci: Show a brief list of devices" { + lspci + aa_check +} + +# bats test_tags=lspci +@test "lspci: Display additional info" { + lspci -v + aa_check +} + +# bats test_tags=lspci +@test "lspci: Display drivers and modules handling each device" { + lspci -k + aa_check +} + +# bats test_tags=lspci +@test "lspci: Show a specific device" { + lspci -s 00:00.0 + aa_check +} + +# bats test_tags=lspci +@test "lspci: Dump info in a readable form" { + lspci -vm + aa_check +} diff --git a/tests/bats/ps.bats b/tests/bats/ps.bats new file mode 100644 index 00000000..4be301f7 --- /dev/null +++ b/tests/bats/ps.bats @@ -0,0 +1,46 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load common + +setup_file() { + aa_setup +} + +# bats test_tags=ps +@test "ps: List all running processes" { + ps aux + aa_check +} + +# bats test_tags=ps +@test "ps: List all running processes including the full command string" { + ps auxww + aa_check +} + +# bats test_tags=ps +@test "ps: List all processes of the current user in extra full format" { + ps --user "$(id -u)" -F + aa_check +} + +# bats test_tags=ps +@test "ps: List all processes of the current user as a tree" { + ps --user "$(id -u)" -f + aa_check +} + +# bats test_tags=ps +@test "ps: Get the parent PID of a process" { + ps -o ppid= -p 1 + aa_check +} + +# bats test_tags=ps +@test "ps: Sort processes by memory consumption" { + ps auxww --sort size + aa_check +}