mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
test(aa): improve some internal unit test.
Thanks to the last changes...
This commit is contained in:
parent
a0b5362589
commit
de73c9b706
3 changed files with 25 additions and 28 deletions
|
@ -6,27 +6,16 @@ package aa
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/arduino/go-paths-helper"
|
"github.com/arduino/go-paths-helper"
|
||||||
|
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
func readprofile(path string) string {
|
var (
|
||||||
file := paths.New("../../").Join(path)
|
testData = paths.New("../../").Join("tests")
|
||||||
lines, err := file.ReadFileAsLines()
|
intData = paths.New("../../").Join("apparmor.d")
|
||||||
if err != nil {
|
)
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
res := ""
|
|
||||||
for _, line := range lines {
|
|
||||||
if strings.HasPrefix(line, "#") {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
res += line + "\n"
|
|
||||||
}
|
|
||||||
return res[:len(res)-1]
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestAppArmorProfileFile_String(t *testing.T) {
|
func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
|
@ -50,6 +39,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
Name: "exec_path", Define: true,
|
Name: "exec_path", Define: true,
|
||||||
Values: []string{"@{bin}/foo", "@{lib}/foo"},
|
Values: []string{"@{bin}/foo", "@{lib}/foo"},
|
||||||
}},
|
}},
|
||||||
|
Comments: []*RuleBase{{Comment: "Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||||
},
|
},
|
||||||
Profiles: []*Profile{{
|
Profiles: []*Profile{{
|
||||||
Header: Header{
|
Header: Header{
|
||||||
|
@ -67,11 +57,12 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
&Network{Domain: "inet", Type: "stream"},
|
&Network{Domain: "inet", Type: "stream"},
|
||||||
&Network{Domain: "inet6", Type: "stream"},
|
&Network{Domain: "inet6", Type: "stream"},
|
||||||
&Mount{
|
&Mount{
|
||||||
|
RuleBase: RuleBase{Comment: "failed perms check"},
|
||||||
MountConditions: MountConditions{
|
MountConditions: MountConditions{
|
||||||
FsType: "fuse.portal",
|
FsType: "fuse.portal",
|
||||||
Options: []string{"rw", "rbind"},
|
Options: []string{"rw", "rbind"},
|
||||||
},
|
},
|
||||||
Source: "@{run}/user/@{uid}/ ",
|
Source: "@{run}/user/@{uid}/",
|
||||||
MountPoint: "/",
|
MountPoint: "/",
|
||||||
},
|
},
|
||||||
&Umount{
|
&Umount{
|
||||||
|
@ -112,7 +103,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
},
|
},
|
||||||
want: readprofile("tests/string.aa"),
|
want: util.MustReadFile(testData.Join("string.aa")),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
@ -205,9 +196,14 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
||||||
Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}},
|
Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}},
|
||||||
Includes: []*Include{{IsMagic: true, Path: "tunables/global"}},
|
Includes: []*Include{{IsMagic: true, Path: "tunables/global"}},
|
||||||
Variables: []*Variable{{
|
Variables: []*Variable{{
|
||||||
Name: "exec_path",
|
Name: "exec_path", Define: true,
|
||||||
Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
|
Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
|
||||||
}},
|
}},
|
||||||
|
Comments: []*RuleBase{
|
||||||
|
{Comment: "apparmor.d - Full set of apparmor profiles", IsLineRule: true},
|
||||||
|
{Comment: "Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true},
|
||||||
|
{Comment: "SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Profiles: []*Profile{{
|
Profiles: []*Profile{{
|
||||||
Header: Header{
|
Header: Header{
|
||||||
|
@ -232,7 +228,7 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
},
|
},
|
||||||
want: readprofile("apparmor.d/profiles-a-f/aa-status"),
|
want: util.MustReadFile(intData.Join("profiles-a-f/aa-status")),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
@ -240,8 +236,8 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
||||||
tt.f.Sort()
|
tt.f.Sort()
|
||||||
tt.f.MergeRules()
|
tt.f.MergeRules()
|
||||||
tt.f.Format()
|
tt.f.Format()
|
||||||
if got := tt.f.String(); "\n"+got != tt.want {
|
if got := tt.f.String(); got != tt.want {
|
||||||
t.Errorf("AppArmorProfile = |%v|, want |%v|", "\n"+got, tt.want)
|
t.Errorf("AppArmorProfile = |%v|, want |%v|", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -193,13 +193,13 @@ func TestRule_Less(t *testing.T) {
|
||||||
name: "signal",
|
name: "signal",
|
||||||
rule: signal1,
|
rule: signal1,
|
||||||
other: signal2,
|
other: signal2,
|
||||||
want: true,
|
want: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "ptrace/less",
|
name: "ptrace/less",
|
||||||
rule: ptrace1,
|
rule: ptrace1,
|
||||||
other: ptrace2,
|
other: ptrace2,
|
||||||
want: true,
|
want: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "ptrace/more",
|
name: "ptrace/more",
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# Simple test profile for the AppArmorProfile.String() method
|
# Simple test profile for the AppArmorProfileFile.String() method
|
||||||
|
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
|
|
||||||
alias /mnt/usr -> /usr,
|
alias /mnt/usr -> /usr,
|
||||||
|
@ -18,13 +19,13 @@ profile foo @{exec_path} xattrs=(security.tagged=allowed) flags=(complain attach
|
||||||
network inet stream,
|
network inet stream,
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
|
|
||||||
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /,
|
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, # failed perms check
|
||||||
|
|
||||||
umount @{run}/user/@{uid}/,
|
umount @{run}/user/@{uid}/,
|
||||||
|
|
||||||
signal (receive) set=(term) peer=at-spi-bus-launcher,
|
signal receive set=term peer=at-spi-bus-launcher,
|
||||||
|
|
||||||
ptrace (read) peer=nautilus,
|
ptrace read peer=nautilus,
|
||||||
|
|
||||||
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),
|
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue