chore(aa-log): cleanup test data.

pkg/aa/data_test.go

@@ -6,11 +6,15 @@ package aa
 
 var (
 	// Include
-	includeLocal1 = &Include{
+	include1      = &Include{IsMagic: true, Path: "abstraction/base"}
-		IfExists: true,
+	include2      = &Include{IsMagic: false, Path: "abstraction/base"}
-		IsMagic:  true,
+	include3      = &Include{IfExists: true, IsMagic: true, Path: "abstraction/base"}
-		Path:     "local/foo",
+	includeLocal1 = &Include{IfExists: true, IsMagic: true, Path: "local/foo"}
-	}
+
+	// Rlimit
+	rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"}
+	rlimit2 = &Rlimit{Key: "cpu", Op: "<=", Value: "2"}
+	rlimit3 = &Rlimit{Key: "nproc", Op: "<", Value: "2"}
 
 	// Capability
 	capability1Log = map[string]string{
@@ -38,15 +42,8 @@ var (
 		"denied_mask":    "create",
 		"comm":           "sddm-greeter",
 	}
-	network1 = &Network{
+	network1 = &Network{Domain: "netlink", Type: "raw", Protocol: "15"}
-		Domain:   "netlink",
+	network2 = &Network{Domain: "inet", Type: "dgram"}
-		Type:     "raw",
-		Protocol: "15",
-	}
-	network2 = &Network{
-		Domain: "inet",
-		Type:   "dgram",
-	}
 
 	// Mount
 	mount1Log = map[string]string{
@@ -84,6 +81,11 @@ var (
 		MountPoint:      "/var/lib/docker/overlay2/metacopy-check906831159/merged/",
 	}
 
+	// Change Profile
+	changeprofile1 = &ChangeProfile{ExecMode: "Px", Exec: "/bin/bash", ProfileName: "brwap//default"}
+	changeprofile2 = &ChangeProfile{ExecMode: "Px", Exec: "/bin/bash", ProfileName: "brwap"}
+	changeprofile3 = &ChangeProfile{ExecMode: "safe", Exec: "/bin/foo", ProfileName: "brwap//default"}
+
 	// Signal
 	signal1Log = map[string]string{
 		"apparmor":       "ALLOWED",
@@ -127,16 +129,8 @@ var (
 		"denied_mask":    "readby",
 		"peer":           "systemd-journald",
 	}
-	ptrace1 = &Ptrace{
+	ptrace1 = &Ptrace{Access: "read", Peer: "nautilus"}
-		Qualifier: Qualifier{},
+	ptrace2 = &Ptrace{Access: "readby", Peer: "systemd-journald"}
-		Access:    "read",
-		Peer:      "nautilus",
-	}
-	ptrace2 = &Ptrace{
-		Qualifier: Qualifier{},
-		Access:    "readby",
-		Peer:      "systemd-journald",
-	}
 
 	// Unix
 	unix1Log = map[string]string{
@@ -205,6 +199,11 @@ var (
 		Bus:    "session",
 		Name:   "org.gnome.evolution.dataserver.Sources5",
 	}
+	dbus3 = &Dbus{
+		Access: "bind",
+		Bus:    "session",
+		Name:   "org.gnome.evolution.dataserver",
+	}
 
 	// File
 	file1Log = map[string]string{
@@ -236,15 +235,10 @@ var (
 		"OUID":           "user",
 		"error":          "-1",
 	}
-	file1 = &File{
+	file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: "r"}
-		Path:   "/usr/share/poppler/cMap/Identity-H",
-		Access: "r",
-		Target: "",
-	}
 	file2 = &File{
 		Qualifier: Qualifier{Owner: true, NoNewPrivs: true},
 		Path:      "@{PROC}/4163/cgroup",
 		Access:    "r",
-		Target:    "",
 	}
 )

pkg/aa/profile_test.go

@@ -45,30 +45,13 @@ func TestAppArmorProfile_String(t *testing.T) {
 			name: "foo",
 			p: &AppArmorProfile{
 				Preamble: Preamble{
-					Abi: []Abi{
+					Abi:      []Abi{{IsMagic: true, Path: "abi/4.0"}},
-						{
+					Includes: []Include{{IsMagic: true, Path: "tunables/global"}},
-							IsMagic: true,
+					Aliases:  []Alias{{Path: "/mnt/usr", RewrittenPath: "/usr"}},
-							Path:    "abi/4.0",
+					Variables: []Variable{{
-						},
-					},
-					Includes: []Include{
-						{
-							IsMagic: true,
-							Path:    "tunables/global",
-						},
-					},
-					Aliases: []Alias{
-						{
-							Path:          "/mnt/usr",
-							RewrittenPath: "/usr",
-						},
-					},
-					Variables: []Variable{
-						{
 						Name:   "exec_path",
 						Values: []string{"@{bin}/foo", "@{lib}/foo"},
-						},
+					}},
-					},
 				},
 				Profile: Profile{
 					Name:        "foo",
@@ -76,29 +59,13 @@ func TestAppArmorProfile_String(t *testing.T) {
 					Attributes:  map[string]string{"security.tagged": "allowed"},
 					Flags:       []string{"complain", "attach_disconnected"},
 					Rules: []ApparmorRule{
-						&Include{
+						&Include{IsMagic: true, Path: "abstractions/base"},
-							IsMagic: true,
+						&Include{IsMagic: true, Path: "abstractions/nameservice-strict"},
-							Path:    "abstractions/base",
+						rlimit1,
-						},
-						&Include{
-							IsMagic: true,
-							Path:    "abstractions/nameservice-strict",
-						},
-						&Rlimit{
-							Key:   "nproc",
-							Op:    "<=",
-							Value: "200",
-						},
 						&Capability{Name: "dac_read_search"},
 						&Capability{Name: "dac_override"},
-						&Network{
+						&Network{Domain: "inet", Type: "stream"},
-							Domain: "inet",
+						&Network{Domain: "inet6", Type: "stream"},
-							Type:   "stream",
-						},
-						&Network{
-							Domain: "inet6",
-							Type:   "stream",
-						},
 						&Mount{
 							MountConditions: MountConditions{
 								FsType:  "fuse.portal",
@@ -116,11 +83,7 @@ func TestAppArmorProfile_String(t *testing.T) {
 							Set:    "term",
 							Peer:   "at-spi-bus-launcher",
 						},
-
+						&Ptrace{Access: "read", Peer: "nautilus"},
-						&Ptrace{
-							Access: "read",
-							Peer:   "nautilus",
-						},
 						&Unix{
 							Access:   "send receive",
 							Type:     "stream",
@@ -142,19 +105,9 @@ func TestAppArmorProfile_String(t *testing.T) {
 							Member:    "AddMatch",
 							Label:     "power-profiles-daemon",
 						},
-						&File{
+						&File{Path: "/opt/intel/oneapi/compiler/*/linux/lib/*.so./*", Access: "rm"},
-							Path:   "/opt/intel/oneapi/compiler/*/linux/lib/*.so./*",
+						&File{Path: "@{PROC}/@{pid}/task/@{tid}/comm", Access: "rw"},
-							Access: "rm",
+						&File{Path: "@{sys}/devices/pci[0-9]*/**/class", Access: "r"},
-						},
-
-						&File{
-							Path:   "@{PROC}/@{pid}/task/@{tid}/comm",
-							Access: "rw",
-						},
-						&File{
-							Path:   "@{sys}/devices/pci[0-9]*/**/class",
-							Access: "r",
-						},
 						includeLocal1,
 					},
 				},