mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-13 07:47:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tests: ensure vim syntax and abi are set on all profile/abs.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-09 22:26:11 +01:00
parent 5585773802
commit 75f2c0c7b8
Failed to generate hash of commit
1 changed files with 34 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
tests/check.sh
View file

@ -10,12 +10,38 @@ set -eu -o pipefail
readonly APPARMORD="apparmor.d" readonly APPARMORD="apparmor.d"
_ensure_include() {
local file="$1"
local include="$2"
if ! grep -q "^ *${include}$" "$file"; then
echo "$file does not contain '$include'"
exit 1
fi
}
_ensure_abi() {
local file="$1"
if ! grep -q "^ *abi <abi/4.0>," "$file"; then
echo "$file does not contain 'abi <abi/4.0>,'"
exit 1
fi
}
_ensure_vim() {
local file="$1"
if ! grep -q "^# vim:syntax=apparmor" "$file"; then
echo "$file does not contain '# vim:syntax=apparmor'"
exit 1
fi
}
check_profiles() { check_profiles() {
echo "⋅ Checking if all profiles contain:" echo "⋅ Checking if all profiles contain:"
echo " - 'abi <abi/4.0>,'" echo " - 'abi <abi/4.0>,'"
echo " - 'profile *profile_name* {'" echo " - 'profile <profile_name>'"
echo " - 'include if exists <local/*>'" echo " - 'include if exists <local/*>'"
echo " - include if exists local for subprofiles" echo " - include if exists local for subprofiles"
echo " - vim:syntax=apparmor"
directories=("$APPARMORD/groups/*" "$APPARMORD/profiles-*-*") directories=("$APPARMORD/groups/*" "$APPARMORD/profiles-*-*")
# shellcheck disable=SC2068 # shellcheck disable=SC2068
for dir in ${directories[@]}; do for dir in ${directories[@]}; do
@ -24,14 +50,9 @@ check_profiles() {
name="$(basename "$file")" name="$(basename "$file")"
name="${name/.apparmor.d/}" name="${name/.apparmor.d/}"
include="include if exists <local/$name>" include="include if exists <local/$name>"
if ! grep -q "^ *${include}$" "$file"; then _ensure_include "$file" "$include"
echo "$name does not contain '$include'" _ensure_abi "$file"
exit 1 _ensure_vim "$file"
fi
if ! grep -q "^ *abi <abi/4.0>," "$file"; then
echo "$name does not contain 'abi <abi/4.0>,'"
exit 1
fi
if ! grep -q "^profile $name" "$file"; then if ! grep -q "^profile $name" "$file"; then
echo "$name does not contain 'profile $name'" echo "$name does not contain 'profile $name'"
exit 1 exit 1
@ -52,6 +73,7 @@ check_abstractions() {
echo "⋅ Checking if all abstractions contain:" echo "⋅ Checking if all abstractions contain:"
echo " - 'abi <abi/4.0>,'" echo " - 'abi <abi/4.0>,'"
echo " - 'include if exists <abstractions/*.d>'" echo " - 'include if exists <abstractions/*.d>'"
echo " - vim:syntax=apparmor"
directories=( directories=(
"$APPARMORD/abstractions/" "$APPARMORD/abstractions/app/" "$APPARMORD/abstractions/" "$APPARMORD/abstractions/app/"
"$APPARMORD/abstractions/bus/" "$APPARMORD/abstractions/common/" "$APPARMORD/abstractions/bus/" "$APPARMORD/abstractions/common/"
@ -61,14 +83,9 @@ check_abstractions() {
name="$(basename "$file")" name="$(basename "$file")"
root="${dir/${APPARMORD}\/abstractions\//}" root="${dir/${APPARMORD}\/abstractions\//}"
include="include if exists <abstractions/${root}${name}.d>" include="include if exists <abstractions/${root}${name}.d>"
if ! grep -q "^ *${include}$" "$file"; then _ensure_include "$file" "$include"
echo "$file does not contain '$include'" _ensure_abi "$file"
exit 1 _ensure_vim "$file"
fi
# if ! grep -q "^ *abi <abi/4.0>," "$file"; then
# echo "$file does not contain 'abi <abi/4.0>,'"
# exit 1
# fi
done done
done done