apparmor/utils/test/test-aa.py

#! /usr/bin/env python
# ------------------------------------------------------------------
#
#    Copyright (C) 2014 Christian Boltz
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import unittest
import os
import shutil
import tempfile
from common_test import write_file

from apparmor.aa import check_for_apparmor

class AaTest_check_for_apparmor(unittest.TestCase):
    FILESYSTEMS_WITH_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsecurityfs\nnodev\tsockfs\n\text3\n\text2\n\text4'
    FILESYSTEMS_WITHOUT_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsockfs\n\text3\n\text2\n\text4'

    MOUNTS_WITH_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'
        'securityfs %s/security securityfs rw,nosuid,nodev,noexec,relatime 0 0\n'
        '/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )

    MOUNTS_WITHOUT_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'
        '/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )

    def setUp(self):
        self.tmpdir = tempfile.mkdtemp(prefix='aa-py-')

    def tearDown(self):
        if os.path.exists(self.tmpdir):
            shutil.rmtree(self.tmpdir)

    def test_check_for_apparmor_None_1(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS)
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_None_2(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_None_3(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_securityfs_invalid_filesystems(self):
        filesystems = ''
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_securityfs_invalid_mounts(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
        mounts = ''
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_invalid_securityfs_path(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % 'xxx')
        self.assertEqual(None, check_for_apparmor(filesystems, mounts))

    def test_check_for_apparmor_securityfs_mounted(self):
        filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
        mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
        self.assertEqual('%s/security/apparmor' % self.tmpdir, check_for_apparmor(filesystems, mounts))


if __name__ == '__main__':
    unittest.main(verbosity=2)
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org> 2014-11-27 23:20:26 +01:00			`#! /usr/bin/env python`
			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2014 Christian Boltz`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`

			`import unittest`
			`import os`
			`import shutil`
			`import tempfile`
			`from common_test import write_file`

			`from apparmor.aa import check_for_apparmor`

			`class AaTest_check_for_apparmor(unittest.TestCase):`
			`FILESYSTEMS_WITH_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsecurityfs\nnodev\tsockfs\n\text3\n\text2\n\text4'`
			`FILESYSTEMS_WITHOUT_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsockfs\n\text3\n\text2\n\text4'`

			`MOUNTS_WITH_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'`
			`'securityfs %s/security securityfs rw,nosuid,nodev,noexec,relatime 0 0\n'`
			`'/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )`

			`MOUNTS_WITHOUT_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'`
			`'/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )`

			`def setUp(self):`
			`self.tmpdir = tempfile.mkdtemp(prefix='aa-py-')`

			`def tearDown(self):`
			`if os.path.exists(self.tmpdir):`
			`shutil.rmtree(self.tmpdir)`

			`def test_check_for_apparmor_None_1(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS)`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_None_2(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_None_3(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_securityfs_invalid_filesystems(self):`
			`filesystems = ''`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_securityfs_invalid_mounts(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)`
			`mounts = ''`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_invalid_securityfs_path(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % 'xxx')`
			`self.assertEqual(None, check_for_apparmor(filesystems, mounts))`

			`def test_check_for_apparmor_securityfs_mounted(self):`
			`filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)`
			`mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)`
			`self.assertEqual('%s/security/apparmor' % self.tmpdir, check_for_apparmor(filesystems, mounts))`


			`if __name__ == '__main__':`
			`unittest.main(verbosity=2)`