test(aa): add unit tests for the link rule.

2025-01-18 08:58:15 +01:00 · 2024-05-25 22:22:57 +01:00 · 2024-05-25 22:22:57 +01:00 · 9812c38b83
commit 9812c38b83
parent 019b6f8197
2 changed files with 43 additions and 1 deletions
--- a/pkg/aa/data_test.go
+++ b/pkg/aa/data_test.go
@ -292,6 +292,7 @@ var (
 	}

 	// Link
+	link3LogStr = `apparmor="ALLOWED" operation="link" class="file" profile="dolphin" name="@{user_config_dirs}/kiorc"  comm="dolphin" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="@{user_config_dirs}/#3954"`
 	link1Log    = map[string]string{
 		"apparmor":       "ALLOWED",
 		"operation":      "link",
@ -307,13 +308,31 @@ var (
 		"FSUID":          "root",
 		"OUID":           "root",
 	}
+	link3Log = map[string]string{
+		"apparmor":       "ALLOWED",
+		"operation":      "link",
+		"class":          "file",
+		"profile":        "dolphin",
+		"name":           "@{user_config_dirs}/kiorc",
+		"comm":           "dolphin",
+		"requested_mask": "l",
+		"denied_mask":    "l",
+		"fsuid":          "1000",
+		"ouid":           "1000",
+		"target":         "@{user_config_dirs}/#3954",
+	}
 	link1 = &Link{
 		Path:   "/tmp/mkinitcpio.QDWtza/early@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
 		Target: "/tmp/mkinitcpio.QDWtza/root@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
 	}
-	link2 = &File{
+	link2 = &Link{
 		Owner:  true,
 		Path:   "@{user_config_dirs}/powerdevilrc{,.@{rand6}}",
 		Target: "@{user_config_dirs}/#@{int}",
 	}
+	link3 = &Link{
+		Owner:  true,
+		Path:   "@{user_config_dirs}/kiorc",
+		Target: "@{user_config_dirs}/#3954",
+	}
 )
--- a/pkg/aa/rules_test.go
+++ b/pkg/aa/rules_test.go
@ -94,6 +94,12 @@ func TestRules_FromLog(t *testing.T) {
 			log:     link1Log,
 			want:    link1,
 		},
+		{
+			name:    "link",
+			fromLog: newFileFromLog,
+			log:     link3Log,
+			want:    link3,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -267,6 +273,12 @@ func TestRules_Less(t *testing.T) {
 			other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
 			want:  true,
 		},
+		{
+			name:  "link",
+			rule:  link1,
+			other: link2,
+			want:  true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -363,6 +375,12 @@ func TestRules_Equals(t *testing.T) {
 			other: file2,
 			want:  true,
 		},
+		{
+			name:  "link",
+			rule:  link1,
+			other: link3,
+			want:  false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -473,6 +491,11 @@ func TestRules_String(t *testing.T) {
 			rule: file1,
 			want: "/usr/share/poppler/cMap/Identity-H r,",
 		},
+		{
+			name: "link",
+			rule: link3,
+			want: "owner link @{user_config_dirs}/kiorc -> @{user_config_dirs}/#3954,",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {