mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test/test-aa.py

845 lines
48 KiB
Python
Raw Normal View History

Switch utils to python3 As discussed a while ago, switch the utils (including their tests) to use python3 by default. While on it, drop usage of "env" to always get the system python3 instead of a random one that happens to live somewhere in $PATH. In practise, this patch doesn't change much - AFAIK openSUSE, Debian and Ubuntu already patch aa-* to use python3. Also add a note to README to officially deprecate Python 2.x. (I won't break Python 2.x support intentionally - unless some future change gives me a very good reason to finally drop Python 2.x support.) Acked-by: Seth Arnold <seth.arnold@canonical.com> (since 2016-08-23, but the commit had to wait for the FileRule series because it touches test-file.py)
2016-10-01 20:57:09 +02:00
#! /usr/bin/python3
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
# ------------------------------------------------------------------
#
[patch] make set_profile_flags more strict this patch makes set_profile_flags more strict: - raise AppArmorBug if newflags contains only whitespace - raise AppArmorBug if the file doesn't contain the specified profile or no profile at all The tests are adjusted to expect AppArmorBug instead of a silent failure. Also, some tests are added for profile=None, which means to change the flags for all profiles in a file. - test_set_flags_08 is now test_set_flags_invalid_04 - test_set_flags_invalid_03 is changed to only contain one reason for a failure, not two ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:25:18 +02:00
# Copyright (C) 2014-2015 Christian Boltz
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import unittest
utils: Require apparmor.aa users to call init_aa() Introduce an apparmor.aa.init_aa() method and move the initialization code of the apparmor.aa module into it. Note that this change will break any external users of apparmor.aa because global variables that were previously initialized when importing apparmor.aa will not be initialized unless a call to the new apparmor.aa.init_aa() method is made. The main purpose of this change is to allow the utils tests to be able to set a non-default location for configuration files. Instead of hard-coding the location of logprof.conf and other utils related configuration files to /etc/apparmor/, this patch allows it to be configured by calling apparmor.aa.init_aa(confdir=PATH). This allows for the make check target to use the in-tree config file, profiles, and parser by default. A helper method, setup_aa(), is added to common_test.py that checks for an environment variable containing a non-default configuration directory path prior to calling apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated to call setup_aa(). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Suggested-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2017-03-02 21:21:53 +00:00
from common_test import AATest, setup_all_loops, setup_aa
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
from common_test import read_file, write_file
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
import os
[15/38] Change handle_children() and ask_the_questions() to FileRule This patch changes handle_children() (which asks about exec events) and ask_the_questions() (which asks everything else) to FileRule. This solves the "brain split" introduced by the previous patch. This means aa-logprof and aa-genprof ask useful questions again, and store the answers at the right place. In detail, this means (with '-' line number from the diff) - (391) handle_binfmt(): use FileRule. Also avoid breakage if glob_common() returns an empty result. - (484) profile_storage(): drop profile['allow']['path'] and profile['deny']['path'] - (510) create_new_profile(): switch to FileRule - (1190..1432) lots of changes in handle_children(): - drop escaping (done in FileRule) - don't add events with 'x' perms to prelog - use is_known_rule() instead of profile_known_exec() - replace several regexes for the selected CMD_* with more readable 'in' clauses. While on it, drop unused parts of the regex. - use plain 'ix', 'px' (as str) instead of str_to_mode() format - call handle_binfmt() for the interpreter in ix, Pix and Cix rules - (1652) ask_the_questions(): disable the old file-specific code (not dropped because some features aren't ported to FileRule yet) - (2336) collapse_log(): - convert file log events to FileRule (and add some workarounds and TODOs for logparser.py behaviour that needs to change) - disable the old file-specific code (not dropped because merging of existing permissions isn't ported to FileRule yet) - (2403) drop now unused validate_profile_mode() and the regexes it used - (3374) drop now unused profile_known_exec() Test changes: - adjust fake_ldd to handle /bin/bash - change test-aa.py AaTest_create_new_profile to expect FileRule instead of a path hasher. Also copy the profiles to the tempdir and load the abstractions that are needed by the test. (These tests get skipped on py2 because changing apparmor.aa.cfg['settings']['ldd'] doesn't work for some unknown reason) Important: Some nice-to-have features are not yet implemented for FileRule: - globbing - (N)ew (allowing the user to enter a custom path) - displaying and merging of permissions already existing in the profile This means: aa-logprof works, but it's not as user-friendly as before. The next patches will fix that ;-) Also note that pyflakes will fail for ask_the_questions_OLD_FILE_CODE() because of undefined symbols (aamode, profile, hat). This will be fixed when the old code gets dropped in one of the later patches. Acked-by: Steve Beattie <steve@nxnw.org> Bug: https://launchpad.net/bugs/1569316
2016-10-01 19:55:58 +02:00
import shutil
utils/test/test-aa.py: skip tests that break with python2.7 For reasons that aren't entirely clear, the action to set apparmor.aa.cfg['settings']['ldd'] to './fake_ldd' does not actually work on python2.7, get_reqs() tries to use /usr/bin/ldd anyway (printing out the contents of apparmor.aa.cfg['settings']['ldd'] after the set operation shows it to still contain '/usr/bin/ldd' o.O). Therefore, skip these two tests when running under python2.7. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian Boltz <apparmor@cboltz.de> Bug: https://launchpad.net/bugs/1522938
2016-09-21 11:52:42 -07:00
import sys
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
import apparmor.aa # needed to set global vars in some tests
from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file, is_skippable_dir,
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
parse_profile_start, parse_profile_data, separate_vars, store_list_var, write_header,
delete now unused serialize_parse_profile_start() (another function that was only used by serialize_profile_from_old_profile()) Also delete the tests we had for that function.
2018-06-09 15:26:35 +02:00
get_file_perms, propose_file_rules)
[24/38] Add propose_file_rules() to propose globbed etc. file rules in aa-logprof aa.py: - add propose_file_rules() - will propose matching paths from existing rules in the profile or one of the includes - save user_globs if user selects '(N)ew' (will be re-used when proposing rules) - change user_globs to a dict so that it can carry the human-readable path and an AARE object for it - change order_globs() to ensure the original path (given as parameter) is always the last item in the resulting list - add a ruletype switch to ask_the_questions() so that it uses propose_file_rules() for file events (I don't like this ruletype-specific solution too much, but everything else would make things even more complicated) Also keep aa-mergeprof ask_the_questions() in sync with aa.py. In FileRule, add original_perms (might be set by propose_file_rules()) Finally, add some tests to ensure propose_file_rules() does what it promises. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:04:42 +02:00
from apparmor.aare import AARE
update test-aa.py to match parse_profile_start() and get_profile_flags() changes The previous patch slightly changed the behaviour of parse_profile_start() and get_profile_flags() - they raise AppArmorBug instead of AppArmorException when specifying a line that is not the start of a profile and therefore doesn't match RE_PROFILE_START_2. This patch updates test-aa.py to expect the correct exceptions, and adds another test with quoted profile name to ensure that stripping the quotes works as expected. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-31 22:45:45 +02:00
from apparmor.common import AppArmorException, AppArmorBug
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
from apparmor.rule.file import FileRule
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
class AaTestWithTempdir(AATest):
Add tempdir and tempfile handling to AATest Add writeTmpfile() to AATest to write a file into the tmpdir. If no tmpdir exists yet, automatically create one. createTmpdir() is a separate function so that it's possible to manually create the tmpdir (for example, if a test needs an empty tmpdir). Also add a tearDown() function to delete the tmpdir again. This function calls self.AATeardown() to avoid the need for super() in child classes. Finally, simplify AaTestWithTempdir in test-aa.py to use createTmpdir() and add an example for AATeardown() to test-example.py. Acked-by: Steve Beattie <steve@nxnw.org>
2015-05-29 12:55:38 +02:00
def AASetup(self):
self.createTmpdir()
Add some tests for aa.py get_profile_flags(). Also adds a check to get_profile_flags() to catch an invalid syntax: /foo ( ) { was accepted by get_profile_flags, while /foo () { failed. When testing with the parser, both result in a syntax error, therefore the patch makes sure it also fails in get_profile_flags(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 19:36:20 +01:00
class AaTest_check_for_apparmor(AaTestWithTempdir):
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
FILESYSTEMS_WITH_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsecurityfs\nnodev\tsockfs\n\text3\n\text2\n\text4'
FILESYSTEMS_WITHOUT_SECURITYFS = 'nodev\tdevtmpfs\nnodev\tsockfs\n\text3\n\text2\n\text4'
MOUNTS_WITH_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'
'securityfs %s/security securityfs rw,nosuid,nodev,noexec,relatime 0 0\n'
'/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )
MOUNTS_WITHOUT_SECURITYFS = ( 'proc /proc proc rw,relatime 0 0\n'
'/dev/sda1 / ext3 rw,noatime,data=ordered 0 0' )
def test_check_for_apparmor_None_1(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS)
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_None_2(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITHOUT_SECURITYFS)
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_None_3(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITHOUT_SECURITYFS)
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_securityfs_invalid_filesystems(self):
filesystems = ''
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_securityfs_invalid_mounts(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
mounts = ''
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_invalid_securityfs_path(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % 'xxx')
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_securityfs_mounted(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
self.assertEqual('%s/security/apparmor' % self.tmpdir, check_for_apparmor(filesystems, mounts))
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
class AATest_get_output(AATest):
tests = [
(['./fake_ldd', '/AATest/lib64/libc-2.22.so'], (0, [' /AATest/lib64/ld-linux-x86-64.so.2 (0x0000556858473000)', ' linux-vdso.so.1 (0x00007ffe98912000)'] )),
(['./fake_ldd', '/tmp/aa-test-foo'], (0, [' not a dynamic executable'] )),
aa.py get_output(): raise exception on non-executable or non-existing programs If the program specified as get_output param isn't executable or doesn't exist at all, get_output() returns with ret = -1. Raising an exception looks like a better option, especially because other possible exec failures already raise an exception ("Unable to fork"). Note: get_output is only used by get_reqs() which also does the os.access() check for x permissions (and raises an exception), so in practise raising an exception in get_output() doesn't change anything. This change also allows to rewrite and simplify get_output() quite a bit. Another minor change (and fix) is in the removal of the last line. The old code removed the last line if output contained at least two items. This had two not-so-nice effects: - an empty output resulted in [''] instead of [] - if a command didn't add a \n on the last line, this line was deleted nevertheless The patch changes that to always remove the last line if it is empty, which fixes both issues mentioned above. Also add a test to ensure the exception is really raised, and adjust the test that expects an empty stdout. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:57 +01:00
(['./fake_ldd', 'invalid'], (1, [] )), # stderr is not part of output
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
]
def _run_test(self, params, expected):
self.assertEqual(get_output(params), expected)
aa.py get_output(): raise exception on non-executable or non-existing programs If the program specified as get_output param isn't executable or doesn't exist at all, get_output() returns with ret = -1. Raising an exception looks like a better option, especially because other possible exec failures already raise an exception ("Unable to fork"). Note: get_output is only used by get_reqs() which also does the os.access() check for x permissions (and raises an exception), so in practise raising an exception in get_output() doesn't change anything. This change also allows to rewrite and simplify get_output() quite a bit. Another minor change (and fix) is in the removal of the last line. The old code removed the last line if output contained at least two items. This had two not-so-nice effects: - an empty output resulted in [''] instead of [] - if a command didn't add a \n on the last line, this line was deleted nevertheless The patch changes that to always remove the last line if it is empty, which fixes both issues mentioned above. Also add a test to ensure the exception is really raised, and adjust the test that expects an empty stdout. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:57 +01:00
def test_get_output_nonexisting(self):
with self.assertRaises(AppArmorException):
ret, output = get_output(['./_file_/_not_/_found_'])
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
class AATest_get_reqs(AATest):
tests = [
('/AATest/bin/bash', ['/AATest/lib64/libreadline.so.6', '/AATest/lib64/libtinfo.so.6', '/AATest/lib64/libdl.so.2', '/AATest/lib64/libc.so.6', '/AATest/lib64/ld-linux-x86-64.so.2']),
('/tmp/aa-test-foo', []),
Handle ldd $? == 1 in get_reqs() ldd exits with $? == 1 if a file is 'not a dynamic executable'. This is correct behaviour of ldd, so we should handle it instead of raising an exception ;-) Also extend fake_ldd and add a test to test-aa.py to cover this. Note that 2.10 and 2.9 don't have tests for get_reqs() nor fake_ldd, so those branches will only get the aa.py changes. Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
2016-12-31 00:48:41 +01:00
('/AATest/sbin/ldconfig', []), # comes with $? == 1
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
]
def _run_test(self, params, expected):
utils/test/test-aa.py: skip tests that break with python2.7 For reasons that aren't entirely clear, the action to set apparmor.aa.cfg['settings']['ldd'] to './fake_ldd' does not actually work on python2.7, get_reqs() tries to use /usr/bin/ldd anyway (printing out the contents of apparmor.aa.cfg['settings']['ldd'] after the set operation shows it to still contain '/usr/bin/ldd' o.O). Therefore, skip these two tests when running under python2.7. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian Boltz <apparmor@cboltz.de> Bug: https://launchpad.net/bugs/1522938
2016-09-21 11:52:42 -07:00
# for some reason, setting the ldd config option does not get
# honored in python2.7
# XXX KILL when python 2.7 is dropped XXX
if sys.version_info[0] < 3:
print("Skipping on python < 3.x")
return
Add tests for aa.py get_output() and get_reqs() To make these tests independent from the underlaying system, add a fake_ldd script that provides hardcoded ldd output for the "known" executables and libraries. To avoid interferences with the real system (especially symlinks), all paths in fake_ldd have '/AATest' prepended. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2016-02-21 21:48:09 +01:00
apparmor.aa.cfg['settings']['ldd'] = './fake_ldd'
self.assertEqual(get_reqs(params), expected)
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
class AaTest_create_new_profile(AATest):
tests = [
# file content expected interpreter expected abstraction (besides 'base')
Adjust test-aa.py for python2 This means: - expect unicode (instead of str) when reading from a file in py2 - convert keys() result to a set to avoid test failures because of dict_keys type After this change, all tests work for both py2 and py3. Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10.
2015-12-17 23:44:18 +01:00
('#!/bin/bash\ntrue', (u'/bin/bash', 'abstractions/bash')),
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
('foo bar', (None, None)),
]
def _run_test(self, params, expected):
[15/38] Change handle_children() and ask_the_questions() to FileRule This patch changes handle_children() (which asks about exec events) and ask_the_questions() (which asks everything else) to FileRule. This solves the "brain split" introduced by the previous patch. This means aa-logprof and aa-genprof ask useful questions again, and store the answers at the right place. In detail, this means (with '-' line number from the diff) - (391) handle_binfmt(): use FileRule. Also avoid breakage if glob_common() returns an empty result. - (484) profile_storage(): drop profile['allow']['path'] and profile['deny']['path'] - (510) create_new_profile(): switch to FileRule - (1190..1432) lots of changes in handle_children(): - drop escaping (done in FileRule) - don't add events with 'x' perms to prelog - use is_known_rule() instead of profile_known_exec() - replace several regexes for the selected CMD_* with more readable 'in' clauses. While on it, drop unused parts of the regex. - use plain 'ix', 'px' (as str) instead of str_to_mode() format - call handle_binfmt() for the interpreter in ix, Pix and Cix rules - (1652) ask_the_questions(): disable the old file-specific code (not dropped because some features aren't ported to FileRule yet) - (2336) collapse_log(): - convert file log events to FileRule (and add some workarounds and TODOs for logparser.py behaviour that needs to change) - disable the old file-specific code (not dropped because merging of existing permissions isn't ported to FileRule yet) - (2403) drop now unused validate_profile_mode() and the regexes it used - (3374) drop now unused profile_known_exec() Test changes: - adjust fake_ldd to handle /bin/bash - change test-aa.py AaTest_create_new_profile to expect FileRule instead of a path hasher. Also copy the profiles to the tempdir and load the abstractions that are needed by the test. (These tests get skipped on py2 because changing apparmor.aa.cfg['settings']['ldd'] doesn't work for some unknown reason) Important: Some nice-to-have features are not yet implemented for FileRule: - globbing - (N)ew (allowing the user to enter a custom path) - displaying and merging of permissions already existing in the profile This means: aa-logprof works, but it's not as user-friendly as before. The next patches will fix that ;-) Also note that pyflakes will fail for ask_the_questions_OLD_FILE_CODE() because of undefined symbols (aamode, profile, hat). This will be fixed when the old code gets dropped in one of the later patches. Acked-by: Steve Beattie <steve@nxnw.org> Bug: https://launchpad.net/bugs/1569316
2016-10-01 19:55:58 +02:00
apparmor.aa.cfg['settings']['ldd'] = './fake_ldd'
# for some reason, setting the ldd config option does not get
# honored in python2.7
# XXX KILL when python 2.7 is dropped XXX
if sys.version_info[0] < 3:
print("Skipping on python < 3.x")
return
self.createTmpdir()
#copy the local profiles to the test directory
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
apparmor.aa.profiledir = self.profile_dir
apparmor.aa.load_include('abstractions/base')
apparmor.aa.load_include('abstractions/bash')
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
exp_interpreter_path, exp_abstraction = expected
program = self.writeTmpfile('script', params)
profile = create_new_profile(program)
if exp_interpreter_path:
[15/38] Change handle_children() and ask_the_questions() to FileRule This patch changes handle_children() (which asks about exec events) and ask_the_questions() (which asks everything else) to FileRule. This solves the "brain split" introduced by the previous patch. This means aa-logprof and aa-genprof ask useful questions again, and store the answers at the right place. In detail, this means (with '-' line number from the diff) - (391) handle_binfmt(): use FileRule. Also avoid breakage if glob_common() returns an empty result. - (484) profile_storage(): drop profile['allow']['path'] and profile['deny']['path'] - (510) create_new_profile(): switch to FileRule - (1190..1432) lots of changes in handle_children(): - drop escaping (done in FileRule) - don't add events with 'x' perms to prelog - use is_known_rule() instead of profile_known_exec() - replace several regexes for the selected CMD_* with more readable 'in' clauses. While on it, drop unused parts of the regex. - use plain 'ix', 'px' (as str) instead of str_to_mode() format - call handle_binfmt() for the interpreter in ix, Pix and Cix rules - (1652) ask_the_questions(): disable the old file-specific code (not dropped because some features aren't ported to FileRule yet) - (2336) collapse_log(): - convert file log events to FileRule (and add some workarounds and TODOs for logparser.py behaviour that needs to change) - disable the old file-specific code (not dropped because merging of existing permissions isn't ported to FileRule yet) - (2403) drop now unused validate_profile_mode() and the regexes it used - (3374) drop now unused profile_known_exec() Test changes: - adjust fake_ldd to handle /bin/bash - change test-aa.py AaTest_create_new_profile to expect FileRule instead of a path hasher. Also copy the profiles to the tempdir and load the abstractions that are needed by the test. (These tests get skipped on py2 because changing apparmor.aa.cfg['settings']['ldd'] doesn't work for some unknown reason) Important: Some nice-to-have features are not yet implemented for FileRule: - globbing - (N)ew (allowing the user to enter a custom path) - displaying and merging of permissions already existing in the profile This means: aa-logprof works, but it's not as user-friendly as before. The next patches will fix that ;-) Also note that pyflakes will fail for ask_the_questions_OLD_FILE_CODE() because of undefined symbols (aamode, profile, hat). This will be fixed when the old code gets dropped in one of the later patches. Acked-by: Steve Beattie <steve@nxnw.org> Bug: https://launchpad.net/bugs/1569316
2016-10-01 19:55:58 +02:00
self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
'/AATest/lib64/libtinfo.so.* mr,', '/AATest/lib64/libc.so.* mr,', '/AATest/lib64/libdl.so.* mr,', '/AATest/lib64/libreadline.so.* mr,', '/AATest/lib64/ld-linux-x86-64.so.* mr,' })
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
else:
[15/38] Change handle_children() and ask_the_questions() to FileRule This patch changes handle_children() (which asks about exec events) and ask_the_questions() (which asks everything else) to FileRule. This solves the "brain split" introduced by the previous patch. This means aa-logprof and aa-genprof ask useful questions again, and store the answers at the right place. In detail, this means (with '-' line number from the diff) - (391) handle_binfmt(): use FileRule. Also avoid breakage if glob_common() returns an empty result. - (484) profile_storage(): drop profile['allow']['path'] and profile['deny']['path'] - (510) create_new_profile(): switch to FileRule - (1190..1432) lots of changes in handle_children(): - drop escaping (done in FileRule) - don't add events with 'x' perms to prelog - use is_known_rule() instead of profile_known_exec() - replace several regexes for the selected CMD_* with more readable 'in' clauses. While on it, drop unused parts of the regex. - use plain 'ix', 'px' (as str) instead of str_to_mode() format - call handle_binfmt() for the interpreter in ix, Pix and Cix rules - (1652) ask_the_questions(): disable the old file-specific code (not dropped because some features aren't ported to FileRule yet) - (2336) collapse_log(): - convert file log events to FileRule (and add some workarounds and TODOs for logparser.py behaviour that needs to change) - disable the old file-specific code (not dropped because merging of existing permissions isn't ported to FileRule yet) - (2403) drop now unused validate_profile_mode() and the regexes it used - (3374) drop now unused profile_known_exec() Test changes: - adjust fake_ldd to handle /bin/bash - change test-aa.py AaTest_create_new_profile to expect FileRule instead of a path hasher. Also copy the profiles to the tempdir and load the abstractions that are needed by the test. (These tests get skipped on py2 because changing apparmor.aa.cfg['settings']['ldd'] doesn't work for some unknown reason) Important: Some nice-to-have features are not yet implemented for FileRule: - globbing - (N)ew (allowing the user to enter a custom path) - displaying and merging of permissions already existing in the profile This means: aa-logprof works, but it's not as user-friendly as before. The next patches will fix that ;-) Also note that pyflakes will fail for ask_the_questions_OLD_FILE_CODE() because of undefined symbols (aamode, profile, hat). This will be fixed when the old code gets dropped in one of the later patches. Acked-by: Steve Beattie <steve@nxnw.org> Bug: https://launchpad.net/bugs/1569316
2016-10-01 19:55:58 +02:00
self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s mr,' % program, ''})
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
if exp_abstraction:
Adjust test-aa.py for python2 This means: - expect unicode (instead of str) when reading from a file in py2 - convert keys() result to a set to avoid test failures because of dict_keys type After this change, all tests work for both py2 and py3. Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10.
2015-12-17 23:44:18 +01:00
self.assertEqual(set(profile[program][program]['include'].keys()), {exp_abstraction, 'abstractions/base'})
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
else:
Adjust test-aa.py for python2 This means: - expect unicode (instead of str) when reading from a file in py2 - convert keys() result to a set to avoid test failures because of dict_keys type After this change, all tests work for both py2 and py3. Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10.
2015-12-17 23:44:18 +01:00
self.assertEqual(set(profile[program][program]['include'].keys()), {'abstractions/base'})
Add tests for create_new_profile() These tests ensure that create_new_profile() sets the expected basic permissions for scripts and non-script files. Acked-by: John Johansen <john.johansen@canonical.com>
2015-10-20 23:14:42 +02:00
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
class AaTest_get_interpreter_and_abstraction(AATest):
tests = [
('#!/bin/bash', ('/bin/bash', 'abstractions/bash')),
('#!/bin/dash', ('/bin/dash', 'abstractions/bash')),
('#!/bin/sh', ('/bin/sh', 'abstractions/bash')),
('#! /bin/sh ', ('/bin/sh', 'abstractions/bash')),
Fix handling of interpreters with parameters If a script contains a hashbang like #! /usr/bin/perl -w aa-autodep created a profile entry like "/usr/bin/perl -w" ix, which is obviously incorrect. This patch fixes this (by using only the first part of the hashbang line) and also adds some tests for it. References: https://bugs.launchpad.net/apparmor/+bug/1505775 Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1393979
2015-10-20 23:18:43 +02:00
('#! /bin/sh -x ', ('/bin/sh', 'abstractions/bash')), # '-x' is not part of the interpreter path
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
('#!/usr/bin/perl', ('/usr/bin/perl', 'abstractions/perl')),
Fix handling of interpreters with parameters If a script contains a hashbang like #! /usr/bin/perl -w aa-autodep created a profile entry like "/usr/bin/perl -w" ix, which is obviously incorrect. This patch fixes this (by using only the first part of the hashbang line) and also adds some tests for it. References: https://bugs.launchpad.net/apparmor/+bug/1505775 Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1393979
2015-10-20 23:18:43 +02:00
('#!/usr/bin/perl -w', ('/usr/bin/perl', 'abstractions/perl')), # '-w' is not part of the interpreter path
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
('#!/usr/bin/python', ('/usr/bin/python', 'abstractions/python')),
('#!/usr/bin/python2', ('/usr/bin/python2', 'abstractions/python')),
('#!/usr/bin/python2.7', ('/usr/bin/python2.7', 'abstractions/python')),
('#!/usr/bin/python3', ('/usr/bin/python3', 'abstractions/python')),
('#!/usr/bin/python4', ('/usr/bin/python4', None)), # python abstraction is only applied to py2 and py3
('#!/usr/bin/ruby', ('/usr/bin/ruby', 'abstractions/ruby')),
utils: handle versioned ruby interpreters On Debian and Ubuntu it's possible to have multiple ruby interpreters installed, and the default to use is handled by the ruby-defaults package, which includes a symlink from /usr/bin/ruby to the versioned ruby interpreter. This patch makes aa.py:get_interpreter_and_abstraction() take that into account by using a regex to match possible versions of ruby. Testcases are included. (I noticed this lack of support because on Ubuntu the ruby test was failing because get_interpreter_and_abstraction() would get the complete path, which on my 16.04 laptop would get /usr/bin/ruby2.2.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-01-25 22:54:53 -08:00
('#!/usr/bin/ruby2.2', ('/usr/bin/ruby2.2', 'abstractions/ruby')),
('#!/usr/bin/ruby1.9.1', ('/usr/bin/ruby1.9.1', 'abstractions/ruby')),
merge script handling into get_interpreter_and_abstraction() Both create_new_profile() and handle_children() check if the given exec target is a script and add permissions for the interpreter and a matching abstraction. This patch merges that into the get_interpreter_and_abstraction() function and changes create_new_profile() and handle_children() to use this function. A nice side effect is that handle_children() now knows more abstractions (its original list was incomplete). The behaviour of create_new_profile() doesn't change. Also add tests for get_interpreter_and_abstraction() to make sure it does what we expect. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> Bug: https://launchpad.net/bugs/1505775
2015-10-20 23:16:41 +02:00
('#!/usr/bin/foobarbaz', ('/usr/bin/foobarbaz', None)), # we don't have an abstraction for "foobarbaz"
('foo', (None, None)), # no hashbang - not a script
]
def _run_test(self, params, expected):
exp_interpreter_path, exp_abstraction = expected
program = self.writeTmpfile('program', "%s\nfoo\nbar" % params)
interpreter_path, abstraction = get_interpreter_and_abstraction(program)
# damn symlinks!
if exp_interpreter_path and os.path.islink(exp_interpreter_path):
dirname = os.path.dirname(exp_interpreter_path)
exp_interpreter_path = os.readlink(exp_interpreter_path)
if not exp_interpreter_path.startswith('/'):
exp_interpreter_path = os.path.join(dirname, exp_interpreter_path)
self.assertEqual(interpreter_path, exp_interpreter_path)
self.assertEqual(abstraction, exp_abstraction)
def test_special_file(self):
self.assertEqual((None, None), get_interpreter_and_abstraction('/dev/null'))
def test_file_not_found(self):
self.createTmpdir()
self.assertEqual((None, None), get_interpreter_and_abstraction('%s/file-not-found' % self.tmpdir))
Add some tests for aa.py get_profile_flags(). Also adds a check to get_profile_flags() to catch an invalid syntax: /foo ( ) { was accepted by get_profile_flags, while /foo () { failed. When testing with the parser, both result in a syntax error, therefore the patch makes sure it also fails in get_profile_flags(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 19:36:20 +01:00
class AaTest_get_profile_flags(AaTestWithTempdir):
def _test_get_flags(self, profile_header, expected_flags):
file = write_file(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
flags = get_profile_flags(file, '/foo')
self.assertEqual(flags, expected_flags)
def test_get_flags_01(self):
self._test_get_flags('/foo', None)
def test_get_flags_02(self):
self._test_get_flags('/foo ( complain )', ' complain ')
def test_get_flags_04(self):
self._test_get_flags('/foo (complain)', 'complain')
def test_get_flags_05(self):
self._test_get_flags('/foo flags=(complain)', 'complain')
def test_get_flags_06(self):
self._test_get_flags('/foo flags=(complain, audit)', 'complain, audit')
def test_get_flags_invalid_01(self):
replace RE_PROFILE_START Replace RE_PROFILE_START with RE_PROFILE_START_2 and adjust all code sections that used RE_PROFILE_START_2. The only real change is that test_get_flags_invalid_01 and test_get_flags_invalid_02 now expect AppArmorException instead of AppArmorBug. Acked-by: Steve Beattie <steve@nxnw.org> for trunk
2015-04-03 17:28:03 +02:00
with self.assertRaises(AppArmorException):
Add some tests for aa.py get_profile_flags(). Also adds a check to get_profile_flags() to catch an invalid syntax: /foo ( ) { was accepted by get_profile_flags, while /foo () { failed. When testing with the parser, both result in a syntax error, therefore the patch makes sure it also fails in get_profile_flags(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 19:36:20 +01:00
self._test_get_flags('/foo ()', None)
def test_get_flags_invalid_02(self):
replace RE_PROFILE_START Replace RE_PROFILE_START with RE_PROFILE_START_2 and adjust all code sections that used RE_PROFILE_START_2. The only real change is that test_get_flags_invalid_01 and test_get_flags_invalid_02 now expect AppArmorException instead of AppArmorBug. Acked-by: Steve Beattie <steve@nxnw.org> for trunk
2015-04-03 17:28:03 +02:00
with self.assertRaises(AppArmorException):
Add some tests for aa.py get_profile_flags(). Also adds a check to get_profile_flags() to catch an invalid syntax: /foo ( ) { was accepted by get_profile_flags, while /foo () { failed. When testing with the parser, both result in a syntax error, therefore the patch makes sure it also fails in get_profile_flags(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 19:36:20 +01:00
self._test_get_flags('/foo flags=()', None)
def test_get_flags_invalid_03(self):
with self.assertRaises(AppArmorException):
self._test_get_flags('/foo ( )', ' ')
def test_get_flags_other_profile(self):
with self.assertRaises(AppArmorException):
self._test_get_flags('/no-such-profile flags=(complain)', 'complain')
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
class AaTest_change_profile_flags(AaTestWithTempdir):
def _test_change_profile_flags(self, profile, old_flags, flags_to_change, set_flag, expected_flags, whitespace='', comment='',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
more_rules='', expected_more_rules='@-@-@',
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
check_new_flags=True, profile_name='/foo'):
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
if old_flags:
old_flags = ' %s' % old_flags
if expected_flags:
expected_flags = ' flags=(%s)' % (expected_flags)
else:
expected_flags = ''
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
if expected_more_rules == '@-@-@':
expected_more_rules = more_rules
rewrite set_profile_flags() to use write_header() Changes in set_profile_flags(): - rewrite set_profile_flags to use parse_profile_start_line() and write_header(). - replace the silent failure for non-existing files with a proper exception (using lazy programming - the check is done by removing the "if os.path.isfile()" check, open_file_read then raises the exception ;-) - comment out regex_hat_flag and the code that was supposed to handle hat flags, which were totally broken. We'll need another patch to fix it, and we also need to decide if we want to do that because it introduces a behaviour change (currently, aa-complain etc. don't change hat flags). The tests for set_profile_flags() are also updated: - prepend a space to comments because write_header always adds a space between '{' and the comment - remove a test with superfluous quotes that are no longer kept (that's just a profile cleanup, so dropping that test is the easiest way) - update test_set_flags_10 and test_set_flags_12 to use the correct profile name - enable the tests for invalid (empty) flags - update the test for a non-existing file Note: test_set_flags_10, test_set_flags_12 and test_set_flags_nochange_09 will fail with this patch applied. The next patch will fix that. Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:20:14 +02:00
if comment:
comment = ' %s' % comment
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
dummy_profile_content = ' #include <abstractions/base>\n capability chown,\n /bar r,'
prof_template = '%s%s%s {%s\n%s\n%s\n}\n'
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
old_prof = prof_template % (whitespace, profile, old_flags, comment, more_rules, dummy_profile_content)
new_prof = prof_template % (whitespace, profile, expected_flags, comment, expected_more_rules, dummy_profile_content)
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
self.file = write_file(self.tmpdir, 'profile', old_prof)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
change_profile_flags(self.file, profile_name, flags_to_change, set_flag)
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
if check_new_flags:
real_new_prof = read_file(self.file)
self.assertEqual(new_prof, real_new_prof)
# tests that actually don't change the flags
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_nochange_02(self):
self._test_change_profile_flags('/foo', '( complain )', 'complain', True, 'complain', whitespace=' ')
def test_change_profile_flags_nochange_03(self):
self._test_change_profile_flags('/foo', '(complain)', 'complain', True, 'complain')
def test_change_profile_flags_nochange_04(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'complain', True, 'complain')
def test_change_profile_flags_nochange_05(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', True, 'audit, complain', whitespace=' ')
def test_change_profile_flags_nochange_06(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', True, 'audit, complain', whitespace=' ', comment='# a comment')
def test_change_profile_flags_nochange_07(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'audit', True, 'audit, complain', whitespace=' ', more_rules=' # a comment\n#another comment')
def test_change_profile_flags_nochange_08(self):
self._test_change_profile_flags('profile /foo', 'flags=(complain)', 'complain', True, 'complain')
def test_change_profile_flags_nochange_09(self):
self._test_change_profile_flags('profile xy /foo', 'flags=(complain)', 'complain', True, 'complain', profile_name='xy')
def test_change_profile_flags_nochange_10(self):
self._test_change_profile_flags('profile "/foo bar"', 'flags=(complain)', 'complain', True, 'complain', profile_name='/foo bar')
def test_change_profile_flags_nochange_11(self):
self._test_change_profile_flags('/foo', '(complain)', 'complain', True, 'complain', profile_name=None)
def test_change_profile_flags_nochange_12(self):
# XXX changes the flags for the child profile (which happens to have the same profile name) to 'complain'
self._test_change_profile_flags('/foo', 'flags=(complain)', 'complain', True, 'complain', more_rules=' profile /foo {\n}', expected_more_rules=' profile /foo flags=(complain) {\n}')
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
# tests that change the flags
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_01(self):
self._test_change_profile_flags('/foo', '', 'audit', True, 'audit')
def test_change_profile_flags_02(self):
self._test_change_profile_flags('/foo', '( complain )', 'audit', True, 'audit, complain', whitespace=' ')
def test_change_profile_flags_04(self):
self._test_change_profile_flags('/foo', '(complain)', 'audit', True, 'audit, complain')
def test_change_profile_flags_05(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain')
def test_change_profile_flags_06(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', False, 'audit', whitespace=' ')
def test_change_profile_flags_07(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'audit', False, 'complain')
def test_change_profile_flags_08(self):
self._test_change_profile_flags('/foo', '( complain )', 'audit', True, 'audit, complain', whitespace=' ', profile_name=None)
def test_change_profile_flags_09(self):
self._test_change_profile_flags('profile /foo', 'flags=(complain)', 'audit', True, 'audit, complain')
def test_change_profile_flags_10(self):
self._test_change_profile_flags('profile xy /foo', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='xy')
def test_change_profile_flags_11(self):
self._test_change_profile_flags('profile "/foo bar"', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='/foo bar')
def test_change_profile_flags_12(self):
self._test_change_profile_flags('profile xy "/foo bar"', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='xy')
def test_change_profile_flags_13(self):
self._test_change_profile_flags('/foo', '(audit)', 'audit', False, '')
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
# test handling of hat flags
def test_set_flags_with_hat_01(self):
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
more_rules='\n ^foobar {\n}\n',
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
expected_more_rules='\n ^foobar flags=(audit, complain) {\n}\n' # XXX complain should not be added to the child profile
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_hat_02(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', False, 'complain',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
profile_name=None,
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
more_rules='\n ^foobar flags=(audit) {\n}\n',
expected_more_rules='\n ^foobar flags=(complain) {\n}\n' # XXX complain should NOT be added to child profile
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_hat_03(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
more_rules='\n^foobar (attach_disconnected) { # comment\n}\n', # XXX attach_disconnected will be lost!
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
expected_more_rules='\n^foobar flags=(audit, complain) { # comment\n}\n' # XXX complain should not be added
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_hat_04(self):
self._test_change_profile_flags('/foo', '', 'audit', True, 'audit',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
more_rules='\n hat foobar (attach_disconnected) { # comment\n}\n', # XXX attach_disconnected will be lost!
expected_more_rules='\n hat foobar flags=(audit) { # comment\n}\n'
)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_hat_05(self):
self._test_change_profile_flags('/foo', '(audit)', 'audit', False, '',
more_rules='\n hat foobar (attach_disconnected) { # comment\n}\n', # XXX attach_disconnected will be lost
Add more set_profile_flags() tests The existing tests didn't test removing all flags. Acked-by: Steve Beattie <steve@nxnw.org>
2015-06-26 23:21:29 +02:00
expected_more_rules='\n hat foobar { # comment\n}\n'
)
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
# test handling of child profiles
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_child_01(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain',
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
profile_name=None,
more_rules='\n profile /bin/bar {\n}\n',
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
expected_more_rules='\n profile /bin/bar flags=(audit, complain) {\n}\n' # XXX complain should not be added
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_with_child_02(self):
Let set_profile_flags() change the flags for all hats It did this in the old 2.8 code, but didn't in 2.9.x (first there was a broken hat regex, then I commented out the hat handling to avoid breakage caused by the broken regex). This patch makes sure the hat flags get set when setting the flags for the main profile. Also change RE_PROFILE_HAT_DEF to use more named matches (leadingwhitespace and hat_keyword). Luckily all code that uses the regex uses named matches already, which means adding another (...) pair doesn't hurt. Finally adjust the tests: - change _test_set_flags to accept another optional parameter expected_more_rules (used to specify the expected hat definition) - add tests for hats (with '^foobar' and 'hat foobar' syntax) - add tests for child profiles, one of them commented out (see below) Remaining known issues (also added as TODO notes): - The hat and child profile flags are *overwritten* with the flags used for the main profile. (That's well-known behaviour from 2.8 :-/ but we have more flags now, which makes this more annoying.) The correct behaviour would be to add or remove the specified flag, while keeping other flags unchanged. - Child profiles are not handled/changed if you specify the 'program' parameter. This means: - 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd' _will not_ change the flags for the nscd child profile - 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change the flags for the nscd child profile (and any other profile and child profile in that file) Even with those remaining issues (which need bigger changes in set_profile_flags() and maybe also in the whole flags handling), the patch improves things and fixes the regression from the 2.8 code. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-05-28 22:14:37 +02:00
# XXX child profile flags aren't changed if profile parameter is not None
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain',
more_rules='\n profile /bin/bar {\n}\n',
expected_more_rules='\n profile /bin/bar {\n}\n' # flags(audit) should be added
)
def test_change_profile_flags_invalid_01(self):
with self.assertRaises(AppArmorException):
# XXX new flag 'None' should raise AppArmorBug
self._test_change_profile_flags('/foo', '()', None, False, '', check_new_flags=False)
def test_change_profile_flags_invalid_02(self):
with self.assertRaises(AppArmorException):
# XXX new flag 'None' should raise AppArmorBug
self._test_change_profile_flags('/foo', 'flags=()', None, True, '', check_new_flags=False)
def test_change_profile_flags_invalid_03(self):
rewrite set_profile_flags() to use write_header() Changes in set_profile_flags(): - rewrite set_profile_flags to use parse_profile_start_line() and write_header(). - replace the silent failure for non-existing files with a proper exception (using lazy programming - the check is done by removing the "if os.path.isfile()" check, open_file_read then raises the exception ;-) - comment out regex_hat_flag and the code that was supposed to handle hat flags, which were totally broken. We'll need another patch to fix it, and we also need to decide if we want to do that because it introduces a behaviour change (currently, aa-complain etc. don't change hat flags). The tests for set_profile_flags() are also updated: - prepend a space to comments because write_header always adds a space between '{' and the comment - remove a test with superfluous quotes that are no longer kept (that's just a profile cleanup, so dropping that test is the easiest way) - update test_set_flags_10 and test_set_flags_12 to use the correct profile name - enable the tests for invalid (empty) flags - update the test for a non-existing file Note: test_set_flags_10, test_set_flags_12 and test_set_flags_nochange_09 will fail with this patch applied. The next patch will fix that. Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:20:14 +02:00
with self.assertRaises(AppArmorException):
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
# XXX empty new flag should raise AppArmorBug
self._test_change_profile_flags('/foo', '( )', '', True, '', check_new_flags=False)
def test_change_profile_flags_invalid_04(self):
# with self.assertRaises(AppArmorBug): # XXX empty new flag should raise AppArmorBug
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', ' ', True, 'audit, complain', check_new_flags=False) # whitespace-only newflags
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_other_profile(self):
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
# test behaviour if the file doesn't contain the specified /foo profile
orig_prof = '/no-such-profile flags=(complain) {\n}'
self.file = write_file(self.tmpdir, 'profile', orig_prof)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
with self.assertRaises(AppArmorException):
change_profile_flags(self.file, '/foo', 'audit', True)
[patch] make set_profile_flags more strict this patch makes set_profile_flags more strict: - raise AppArmorBug if newflags contains only whitespace - raise AppArmorBug if the file doesn't contain the specified profile or no profile at all The tests are adjusted to expect AppArmorBug instead of a silent failure. Also, some tests are added for profile=None, which means to change the flags for all profiles in a file. - test_set_flags_08 is now test_set_flags_invalid_04 - test_set_flags_invalid_03 is changed to only contain one reason for a failure, not two ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:25:18 +02:00
# the file should not be changed
real_new_prof = read_file(self.file)
self.assertEqual(orig_prof, real_new_prof)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_no_profile_found(self):
[patch] make set_profile_flags more strict this patch makes set_profile_flags more strict: - raise AppArmorBug if newflags contains only whitespace - raise AppArmorBug if the file doesn't contain the specified profile or no profile at all The tests are adjusted to expect AppArmorBug instead of a silent failure. Also, some tests are added for profile=None, which means to change the flags for all profiles in a file. - test_set_flags_08 is now test_set_flags_invalid_04 - test_set_flags_invalid_03 is changed to only contain one reason for a failure, not two ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:25:18 +02:00
# test behaviour if the file doesn't contain any profile
orig_prof = '# /comment flags=(complain) {\n# }'
self.file = write_file(self.tmpdir, 'profile', orig_prof)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
with self.assertRaises(AppArmorException):
change_profile_flags(self.file, None, 'audit', True)
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
# the file should not be changed
real_new_prof = read_file(self.file)
self.assertEqual(orig_prof, real_new_prof)
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
def test_change_profile_flags_file_not_found(self):
rewrite set_profile_flags() to use write_header() Changes in set_profile_flags(): - rewrite set_profile_flags to use parse_profile_start_line() and write_header(). - replace the silent failure for non-existing files with a proper exception (using lazy programming - the check is done by removing the "if os.path.isfile()" check, open_file_read then raises the exception ;-) - comment out regex_hat_flag and the code that was supposed to handle hat flags, which were totally broken. We'll need another patch to fix it, and we also need to decide if we want to do that because it introduces a behaviour change (currently, aa-complain etc. don't change hat flags). The tests for set_profile_flags() are also updated: - prepend a space to comments because write_header always adds a space between '{' and the comment - remove a test with superfluous quotes that are no longer kept (that's just a profile cleanup, so dropping that test is the easiest way) - update test_set_flags_10 and test_set_flags_12 to use the correct profile name - enable the tests for invalid (empty) flags - update the test for a non-existing file Note: test_set_flags_10, test_set_flags_12 and test_set_flags_nochange_09 will fail with this patch applied. The next patch will fix that. Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:20:14 +02:00
with self.assertRaises(IOError):
rewrite set_profile_flags() tests to use change_profile_flags() All callers call change_profile_flags(), so it makes sense to test this function instead of set_profile_flags(). Besides that, set_profile_flags() will be merged into change_profile_flags() in the next commit ;-) Note that this commit adds some '# XXX' notes to the tests. These will be addressed in later commits.
2018-07-25 22:20:48 +02:00
change_profile_flags('%s/file-not-found' % self.tmpdir, '/foo', 'audit', True)
add tests for set_profile_flags() (and some fun) Add various tests for set_profile_flags, and document various interesting[tm] things I discovered while writing the tests (see the inline comments for details). Also adds a read_file() function to common_test.py. The most interesting[tm] thing I found is: regex_hat_flag = re.compile('^([a-z]*)\s+([A-Z]*)\s*(#.*)?$') which matches various unexpected things - but not a hat :-/ (see mailinglist for all funny details) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:43:29 +02:00
[25/38] Set audit mode for all options Add set_options_audit_mode() to switch the audit mode in all options offered by aa-logprof and aa-mergeprof, not only the "original" rule (in aa-logprof, this means the non-globbed rule_obj). As usual, add some tests to ensure the function works as expected. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:05:27 +02:00
class AaTest_set_options_audit_mode(AATest):
tests = [
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,'] ), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,'] ), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,'] ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,'] ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
]
def _run_test(self, params, expected):
rule_obj, options = params
new_options = set_options_audit_mode(rule_obj, options)
self.assertEqual(new_options, expected)
Add some tests for aa.py get_profile_flags(). Also adds a check to get_profile_flags() to catch an invalid syntax: /foo ( ) { was accepted by get_profile_flags, while /foo () { failed. When testing with the parser, both result in a syntax error, therefore the patch makes sure it also fails in get_profile_flags(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 19:36:20 +01:00
split set_options_audit_mode() and add set_options_owner_mode() - move the code of set_options_audit_mode() to a new function set_options_mode() and make set_options_audit_mode() a wrapper for it. - add set_options_owner_mode() as another wrapper for set_options_mode() and add code to switch the owner flag to set_options_mode() - add tests for set_options_owner_mode()
2017-12-17 16:42:12 +01:00
class AaTest_set_options_owner_mode(AATest):
tests = [
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,'] ), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,'] ), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,'] ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,'] ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('audit owner /foo/bar r,'),['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
]
def _run_test(self, params, expected):
rule_obj, options = params
new_options = set_options_owner_mode(rule_obj, options)
self.assertEqual(new_options, expected)
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
class AaTest_is_skippable_file(AATest):
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_not_skippable_01(self):
self.assertFalse(is_skippable_file('bin.ping'))
def test_not_skippable_02(self):
self.assertFalse(is_skippable_file('usr.lib.dovecot.anvil'))
def test_not_skippable_03(self):
self.assertFalse(is_skippable_file('bin.~ping'))
def test_not_skippable_04(self):
self.assertFalse(is_skippable_file('bin.rpmsave.ping'))
def test_not_skippable_05(self):
# normally is_skippable_file should be called without directory, but it shouldn't hurt too much
self.assertFalse(is_skippable_file('/etc/apparmor.d/bin.ping'))
def test_not_skippable_06(self):
self.assertFalse(is_skippable_file('bin.pingrej'))
def test_skippable_01(self):
self.assertTrue(is_skippable_file('bin.ping.dpkg-new'))
def test_skippable_02(self):
self.assertTrue(is_skippable_file('bin.ping.dpkg-old'))
def test_skippable_03(self):
self.assertTrue(is_skippable_file('bin.ping..dpkg-dist'))
def test_skippable_04(self):
self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
def test_skippable_05(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_skippable_06(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.pacsave'))
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_skippable_07(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.pacnew'))
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_skippable_08(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_skippable_09(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
def test_skippable_10(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping.orig'))
def test_skippable_11(self):
Add .pacsave/.pacnew to apparmor parser ignored list Currently there is a list of file extensions which apparmor parser should ignore which contains rpm and dpkg backup files. The list could be extended with extensions used by pacman package manager (Archlinux/Manjaro/Antergos): .pacsave .pacnew https://wiki.archlinux.org/index.php/Pacman/Pacnew_and_Pacsave References: https://gitlab.com/apparmor/apparmor/issues/3
2018-03-30 17:46:25 +02:00
self.assertTrue(is_skippable_file('bin.ping.rej'))
def test_skippable_12(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('bin.ping~'))
Add .pacsave/.pacnew to apparmor parser ignored list Currently there is a list of file extensions which apparmor parser should ignore which contains rpm and dpkg backup files. The list could be extended with extensions used by pacman package manager (Archlinux/Manjaro/Antergos): .pacsave .pacnew https://wiki.archlinux.org/index.php/Pacman/Pacnew_and_Pacsave References: https://gitlab.com/apparmor/apparmor/issues/3
2018-03-30 17:46:25 +02:00
def test_skippable_13(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('.bin.ping'))
Add .pacsave/.pacnew to apparmor parser ignored list Currently there is a list of file extensions which apparmor parser should ignore which contains rpm and dpkg backup files. The list could be extended with extensions used by pacman package manager (Archlinux/Manjaro/Antergos): .pacsave .pacnew https://wiki.archlinux.org/index.php/Pacman/Pacnew_and_Pacsave References: https://gitlab.com/apparmor/apparmor/issues/3
2018-03-30 17:46:25 +02:00
def test_skippable_14(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('')) # empty filename
Add .pacsave/.pacnew to apparmor parser ignored list Currently there is a list of file extensions which apparmor parser should ignore which contains rpm and dpkg backup files. The list could be extended with extensions used by pacman package manager (Archlinux/Manjaro/Antergos): .pacsave .pacnew https://wiki.archlinux.org/index.php/Pacman/Pacnew_and_Pacsave References: https://gitlab.com/apparmor/apparmor/issues/3
2018-03-30 17:46:25 +02:00
def test_skippable_15(self):
Add ".dpkg-remove" to apparmor parser ignored list References: https://bugs.debian.org/893974
2018-03-30 18:05:06 +02:00
self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
def test_skippable_16(self):
Update is_skippable_file() to match all extensions that are listed in libapparmor _aa_is_blacklisted() - some extensions were missing in the python code. Also make the code more readable and add some testcases. Notes: - the original code additionally ignored *.swp. I didn't include that - *.swp looks like vim swap files which are also dot files - the python code ignores README files, but the C code doesn't (do we need to add README in the C code?) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9 and trunk Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-04 13:16:29 +01:00
self.assertTrue(is_skippable_file('README'))
fix is_skippable_dir() and add tests Fix is_skippable_dir() - the regex also matched things like /etc/apparmor.d/dont_disable, while it should match on the full directory name. Also add some tests based on a real-world aa-logprof run (with "print (path)" in is_skippable_dir()) and some additional "funny"[tm] dirs. Needless to say that the tests ('dont_disable', False), ('/etc/apparmor.d/cache_foo', False), will fail with the old is_skippable_dir(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:29:44 +02:00
class AaTest_is_skippable_dir(AATest):
tests = [
('disable', True),
('cache', True),
('lxc', True),
('force-complain', True),
('/etc/apparmor.d/cache', True),
is_skippable_dir(): add 'cache.d' to exclude list This excludes the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing because parsing the binary cache, well, takes a while :-/ Reported on the opensuse-factory mailinglist by Frank Krüger and confirmed by others.
2018-04-30 00:54:58 +02:00
('/etc/apparmor.d/cache.d', True),
('/etc/apparmor.d/cache.d/', True),
fix is_skippable_dir() and add tests Fix is_skippable_dir() - the regex also matched things like /etc/apparmor.d/dont_disable, while it should match on the full directory name. Also add some tests based on a real-world aa-logprof run (with "print (path)" in is_skippable_dir()) and some additional "funny"[tm] dirs. Needless to say that the tests ('dont_disable', False), ('/etc/apparmor.d/cache_foo', False), will fail with the old is_skippable_dir(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:29:44 +02:00
('/etc/apparmor.d/lxc/', True),
ignore .git in is_skippable_dir() References: https://bugs.launchpad.net/apparmor/+bug/1440273
2018-03-08 20:31:39 +01:00
('/etc/apparmor.d/.git/', True),
fix is_skippable_dir() and add tests Fix is_skippable_dir() - the regex also matched things like /etc/apparmor.d/dont_disable, while it should match on the full directory name. Also add some tests based on a real-world aa-logprof run (with "print (path)" in is_skippable_dir()) and some additional "funny"[tm] dirs. Needless to say that the tests ('dont_disable', False), ('/etc/apparmor.d/cache_foo', False), will fail with the old is_skippable_dir(). Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:29:44 +02:00
('dont_disable', False),
('/etc/apparmor.d/cache_foo', False),
('abstractions', False),
('apache2.d', False),
('/etc/apparmor.d/apache2.d', False),
('local', False),
('/etc/apparmor.d/local/', False),
('tunables', False),
('/etc/apparmor.d/tunables', False),
('/etc/apparmor.d/tunables/multiarch.d', False),
('/etc/apparmor.d/tunables/xdg-user-dirs.d', False),
('/etc/apparmor.d/tunables/home.d', False),
('/etc/apparmor.d/abstractions', False),
('/etc/apparmor.d/abstractions/ubuntu-browsers.d', False),
('/etc/apparmor.d/abstractions/apparmor_api', False),
]
def _run_test(self, params, expected):
self.assertEqual(is_skippable_dir(params), expected)
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
class AaTest_parse_profile_start(AATest):
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
def _parse(self, line, profile, hat):
return parse_profile_start(line, 'somefile', 1, profile, hat)
# (profile, hat, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
def test_parse_profile_start_01(self):
result = self._parse('/foo {', None, None)
add attachment to parse_profile_start() return values Add the attachment to the parse_profile_start() and serialize_parse_profile_start() return values, and adjust the functions calling the *parse_profile_start() functions to save the attachment in the "attachment" variable (which isn't used yet). Also adjust the tests for the added return value. (Sorry for not getting the resultset right from the beginning!) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:58:29 +02:00
expected = ('/foo', '/foo', None, None, False, False, False)
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self.assertEqual(result, expected)
def test_parse_profile_start_02(self):
result = self._parse('/foo (complain) {', None, None)
add attachment to parse_profile_start() return values Add the attachment to the parse_profile_start() and serialize_parse_profile_start() return values, and adjust the functions calling the *parse_profile_start() functions to save the attachment in the "attachment" variable (which isn't used yet). Also adjust the tests for the added return value. (Sorry for not getting the resultset right from the beginning!) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:58:29 +02:00
expected = ('/foo', '/foo', None, 'complain', False, False, False)
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self.assertEqual(result, expected)
def test_parse_profile_start_03(self):
result = self._parse('profile foo /foo {', None, None) # named profile
Finally implement attachment handling This patch implements attachment handling - aa-logprof now works with profiles that have an attachment defined, instead of ignoring audit.log entries for those profiles. Changes: - parse_profile_start_line(): remove workaround that merged the attachment into the profile name - parse_profile_data(): store attachment when parsing a profile - update test_parse_profile_start_03, test_serialize_parse_profile_start_03, test_set_flags_nochange_09 and some parse_profile_start_line() tests - they now expect correct attachment handling Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-03 17:26:26 +02:00
expected = ('foo', 'foo', '/foo', None, False, False, False)
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self.assertEqual(result, expected)
def test_parse_profile_start_04(self):
result = self._parse('profile /foo {', '/bar', '/bar') # child profile
add attachment to parse_profile_start() return values Add the attachment to the parse_profile_start() and serialize_parse_profile_start() return values, and adjust the functions calling the *parse_profile_start() functions to save the attachment in the "attachment" variable (which isn't used yet). Also adjust the tests for the added return value. (Sorry for not getting the resultset right from the beginning!) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:58:29 +02:00
expected = ('/bar', '/foo', None, None, True, True, False)
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self.assertEqual(result, expected)
def test_parse_profile_start_05(self):
result = self._parse('/foo//bar {', None, None) # external hat
add attachment to parse_profile_start() return values Add the attachment to the parse_profile_start() and serialize_parse_profile_start() return values, and adjust the functions calling the *parse_profile_start() functions to save the attachment in the "attachment" variable (which isn't used yet). Also adjust the tests for the added return value. (Sorry for not getting the resultset right from the beginning!) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:58:29 +02:00
expected = ('/foo', 'bar', None, None, False, False, True)
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self.assertEqual(result, expected)
update test-aa.py to match parse_profile_start() and get_profile_flags() changes The previous patch slightly changed the behaviour of parse_profile_start() and get_profile_flags() - they raise AppArmorBug instead of AppArmorException when specifying a line that is not the start of a profile and therefore doesn't match RE_PROFILE_START_2. This patch updates test-aa.py to expect the correct exceptions, and adds another test with quoted profile name to ensure that stripping the quotes works as expected. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-31 22:45:45 +02:00
def test_parse_profile_start_06(self):
result = self._parse('profile "/foo" (complain) {', None, None)
add attachment to parse_profile_start() return values Add the attachment to the parse_profile_start() and serialize_parse_profile_start() return values, and adjust the functions calling the *parse_profile_start() functions to save the attachment in the "attachment" variable (which isn't used yet). Also adjust the tests for the added return value. (Sorry for not getting the resultset right from the beginning!) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:58:29 +02:00
expected = ('/foo', '/foo', None, 'complain', False, False, False)
update test-aa.py to match parse_profile_start() and get_profile_flags() changes The previous patch slightly changed the behaviour of parse_profile_start() and get_profile_flags() - they raise AppArmorBug instead of AppArmorException when specifying a line that is not the start of a profile and therefore doesn't match RE_PROFILE_START_2. This patch updates test-aa.py to expect the correct exceptions, and adds another test with quoted profile name to ensure that stripping the quotes works as expected. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-31 22:45:45 +02:00
self.assertEqual(result, expected)
parse_profile_start(): Error out on nested child profiles The tools can't handle nested child profiles yet. Instead of failing in funny[tm] ways (parse_profile_start() only returned the first two segments of the profile name) better error out with a clear message.
2018-06-20 14:36:28 +02:00
def test_parse_profile_start_unsupported_01(self):
with self.assertRaises(AppArmorException):
self._parse('/foo///bar///baz {', None, None) # XXX deeply nested external hat
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
def test_parse_profile_start_invalid_01(self):
with self.assertRaises(AppArmorException):
self._parse('/foo {', '/bar', '/bar') # child profile without profile keyword
def test_parse_profile_start_invalid_02(self):
update test-aa.py to match parse_profile_start() and get_profile_flags() changes The previous patch slightly changed the behaviour of parse_profile_start() and get_profile_flags() - they raise AppArmorBug instead of AppArmorException when specifying a line that is not the start of a profile and therefore doesn't match RE_PROFILE_START_2. This patch updates test-aa.py to expect the correct exceptions, and adds another test with quoted profile name to ensure that stripping the quotes works as expected. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-31 22:45:45 +02:00
with self.assertRaises(AppArmorBug):
aa.py: split off parse_profile_start() from parse_profile_data() and add tests Move the code for parsing the profile start ("/foo {") from aa.py parse_profile_data() to a separate function parse_profile_start(). Most of the changes are just moving around code, with some small exceptions: - instead of handing over profile_data to parse_profile_start() to modify it, it sets two variables (pps_set_profile and pps_set_hat_external) as part of its return value, which are then used in parse_profile_data() to set the flags in profile_data. - existing_profiles[profile] = file is executed later, which means it used the strip_quotes() version of profile now - whitespace / tab level changes The patch also adds some tests for the parse_profile_start() function. Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-02 21:12:12 +01:00
self._parse('xy', '/bar', '/bar') # not a profile start
let parse_profile_data() check for in-file duplicate profiles Add a check to parse_profile_data() to detect if a file contains two profiles with the same name. Note: Two profiles with the same name, but in different files, won't be detected by this check. Also add basic tests to ensure that a valid profile gets parsed, and two profiles with the same name inside the same file raise an exception. (Sidenote: these simple tests improve aa.py coverage from 9% to 12%, which also confirms the function is too long ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2015-05-29 13:00:32 +02:00
class AaTest_parse_profile_data(AATest):
def test_parse_empty_profile_01(self):
prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
def test_parse_empty_profile_02(self):
with self.assertRaises(AppArmorException):
# file contains two profiles with the same name
parse_profile_data('profile /foo {\n}\nprofile /foo {\n}\n'.split(), 'somefile', False)
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
class AaTest_separate_vars(AATest):
tests = [
('' , set() ),
(' ' , set() ),
(' foo bar' , {'foo', 'bar' }),
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
('foo " ' , AppArmorException ),
(' " foo ' , AppArmorException ), # half-quoted
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
(' foo bar ' , {'foo', 'bar' }),
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
(' foo bar # comment' , {'foo', 'bar', '#', 'comment'}), # XXX should comments be stripped?
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
('foo' , {'foo' }),
('"foo" "bar baz"' , {'foo', 'bar baz' }),
('foo "bar baz" xy' , {'foo', 'bar baz', 'xy' }),
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
('foo "bar baz ' , AppArmorException ), # half-quoted
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
(' " foo" bar' , {' foo', 'bar' }),
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
(' " foo" bar x' , {' foo', 'bar', 'x' }),
('""' , {'' }), # empty value
('"" foo' , {'', 'foo' }), # empty value + 'foo'
('"" foo "bar"' , {'', 'foo', 'bar' }), # empty value + 'foo' + 'bar' (bar has superfluous quotes)
('"bar"' , {'bar' }), # 'bar' with superfluous quotes
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
]
def _run_test(self, params, expected):
Several fixes for variable handling Parsing variables was broken in several ways: - empty quotes (representing an intentionally empty value) were lost, causing parser failures - items consisting of only one letter were lost due to a bug in RE_VARS - RE_VARS didn't start with ^, which means leading garbage (= syntax errors) was ignored - trailing garbage was also ignored This patch fixes those issues in separate_vars() and changes var_transform() to write out empty quotes (instead of nothing) for empty values. Also add some tests for separate_vars() with empty quotes and adjust several tests with invalid syntax to expect an AppArmorException. var_transform() gets some tests added. Finally, remove 3 testcases from the "fails to raise an exception" list in test-parser-simple-tests.py. Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9 (which also implies 2.10) Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't get that part of the patch.
2015-12-12 12:59:13 +01:00
if expected == AppArmorException:
with self.assertRaises(expected):
separate_vars(params)
else:
result = separate_vars(params)
self.assertEqual(result, expected)
fix handling of adding to variables the LibreOffice profile uncovered that handling of @{var} += is broken: File ".../utils/apparmor/aa.py", line 3272, in store_list_var var[list_var] = set(var[list_var] + vlist) TypeError: unsupported operand type(s) for +: 'set' and 'list' This patch fixes it: - change separate_vars() to use and return a set instead of a list (FYI: separate_vars() is only called by store_list_var()) - adoptstore_list_var() to expect a set - remove some old comments in these functions - explain the less-intuitive parameters of store_list_var() Also add some tests for separate_vars() and store_list_var(). The tests were developed based on the old code, but not all of them succeed with the old code. As usual, the tests uncovered some interesting[tm] behaviour in separate_vars() (see the XXX comments and tell me what the really expected behaviour is ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
2015-04-16 01:58:24 +02:00
class AaTest_store_list_var(AATest):
tests = [
# old var value operation expected (False for exception)
([ {} , 'foo' , '=' ], {'foo'} ), # set
([ {} , 'foo bar' , '=' ], {'foo', 'bar'} ), # set multi
([ {'@{var}': {'foo'}} , 'bar' , '=' ], False ), # redefine var
([ {} , 'bar' , '+=' ], False ), # add to undefined var
([ {'@{var}': {'foo'}} , 'bar' , '+=' ], {'foo', 'bar'} ), # add
([ {'@{var}': {'foo'}} , 'bar baz' , '+=' ], {'foo', 'bar', 'baz'} ), # add multi
([ {'@{var}': {'foo', 'xy'}} , 'bar baz' , '+=' ], {'foo', 'xy', 'bar', 'baz'} ), # add multi to multi
([ {} , 'foo' , '-=' ], False ), # unknown operation
]
def _run_test(self, params, expected):
var = params[0]
value = params[1]
operation = params[2]
if not expected:
with self.assertRaises(AppArmorException):
store_list_var(var, '@{var}', value, operation, 'somefile')
return
# dumy value that must not be changed
var['@{foo}'] = {'one', 'two'}
exp_var = {
'@{foo}': {'one', 'two'},
'@{var}': expected,
}
store_list_var(var, '@{var}', value, operation, 'somefile')
self.assertEqual(var.keys(), exp_var.keys())
for key in exp_var:
self.assertEqual(var[key], exp_var[key])
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
class AaTest_write_header(AATest):
tests = [
test new parameters of write_header() Change the write_header tests so that the 'profile_keyword' and 'header_comment' parameters can be (and are) tested: - add a None for both to the existing tests - add some tests that come with the profile keyword and/or a comment Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-02 01:31:22 +02:00
# name embedded_hat write_flags depth flags attachment prof.keyw. comment expected
(['/foo', False, True, 1, 'complain', None, None, None ], ' /foo flags=(complain) {'),
(['/foo', True, True, 1, 'complain', None, None, None ], ' profile /foo flags=(complain) {'),
(['/foo sp', False, False, 2, 'complain', None, None, None ], ' "/foo sp" {'),
(['/foo' ,False, False, 2, 'complain', None, None, None ], ' /foo {'),
(['/foo', True, False, 2, 'complain', None, None, None ], ' profile /foo {'),
(['/foo', False, True, 0, None, None, None, None ], '/foo {'),
(['/foo', True, True, 0, None, None, None, None ], 'profile /foo {'),
(['/foo', False, False, 0, None, None, None, None ], '/foo {'),
(['/foo', True, False, 0, None, None, None, None ], 'profile /foo {'),
(['bar', False, True, 1, 'complain', None, None, None ], ' profile bar flags=(complain) {'),
(['bar', False, True, 1, 'complain', '/foo', None, None ], ' profile bar /foo flags=(complain) {'),
(['bar', True, True, 1, 'complain', '/foo', None, None ], ' profile bar /foo flags=(complain) {'),
(['bar baz', False, True, 1, None, '/foo', None, None ], ' profile "bar baz" /foo {'),
(['bar', True, True, 1, None, '/foo', None, None ], ' profile bar /foo {'),
(['bar baz', False, True, 1, 'complain', '/foo sp', None, None ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
(['^foo', False, True, 1, 'complain', None, None, None ], ' profile ^foo flags=(complain) {'),
(['^foo', True, True, 1, 'complain', None, None, None ], ' ^foo flags=(complain) {'),
(['^foo', True, True, 1.5, 'complain', None, None, None ], ' ^foo flags=(complain) {'),
(['^foo', True, True, 1.3, 'complain', None, None, None ], ' ^foo flags=(complain) {'),
(['/foo', False, True, 1, 'complain', None, 'profile', None ], ' profile /foo flags=(complain) {'),
(['/foo', True, True, 1, 'complain', None, 'profile', None ], ' profile /foo flags=(complain) {'),
(['/foo', False, True, 1, 'complain', None, None, '# x' ], ' /foo flags=(complain) { # x'),
(['/foo', True, True, 1, None, None, None, '# x' ], ' profile /foo { # x'),
(['/foo', False, True, 1, None, None, 'profile', '# x' ], ' profile /foo { # x'),
(['/foo', True, True, 1, 'complain', None, 'profile', '# x' ], ' profile /foo flags=(complain) { # x'),
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
]
def _run_test(self, params, expected):
name = params[0]
embedded_hat = params[1]
write_flags = params[2]
depth = params[3]
test new parameters of write_header() Change the write_header tests so that the 'profile_keyword' and 'header_comment' parameters can be (and are) tested: - add a None for both to the existing tests - add some tests that come with the profile keyword and/or a comment Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-02 01:31:22 +02:00
prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': params[6], 'header_comment': params[7] }
add tests for write_header() Also add loop support to test-aa.py. BTW: In case you wonder - the need to replace unittest.TestCase with AATest is intentional. It might look annoying, but it makes sure that a test-*.py file doesn't contain a test class where tests = [...] is ignored because it's still unittest.TestCase. (Technically, setup_all_tests() will error out if a test class doesn't contain tests = [...] - either explicit or via its parent AATest.) Acked-by: Steve Beattie <steve@nxnw.org>
2015-04-01 23:48:50 +02:00
result = write_header(prof_data, depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
class AaTest_get_file_perms_1(AATest):
tests = [
('/usr/share/common-licenses/foo/bar', {'allow': {'all': set(), 'owner': {'w'} }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/usr/share/common-licenses/**'} }),
('/dev/null', {'allow': {'all': {'r', 'w', 'k'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/dev/null'} }),
('/foo/bar', {'allow': {'all': {'r', 'w'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/foo/bar'} }), # exec perms not included
('/no/thing', {'allow': {'all': set(), 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': set() }),
('/usr/lib/ispell/', {'allow': {'all': set(), 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': set() }),
('/usr/lib/aspell/*.so', {'allow': {'all': set(), 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': set() }),
]
def _run_test(self, params, expected):
self.createTmpdir()
#copy the local profiles to the test directory
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
[1/3] Rename profile_storage() to ProfileStorage() This is a preparation to make the next patch smaller and easier to read ;-) Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:30:29 +02:00
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
# simple profile without any includes
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
class AaTest_get_file_perms_2(AATest):
tests = [
('/usr/share/common-licenses/foo/bar', {'allow': {'all': {'r'}, 'owner': {'w'} }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/usr/share/common-licenses/**'} }),
Prevent 'wa' conflicts for file rules get_file_perms() and propose_file_rules() happily collect all file permissions. This could lead to proposing 'wa' permissions in aa-logprof, which then errored out because of conflicting permissions. This patch adds a check to both functions that removes 'a' if 'w' is present, and extends the tests to check this. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11. Note: Both functions (including this bug) were introduced together with FileRule, so older releases are not affected.
2017-08-04 22:26:41 +02:00
('/usr/share/common-licenses/what/ever', {'allow': {'all': {'r'}, 'owner': {'w'} }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/usr/share/common-licenses/**', '/usr/share/common-licenses/what/ever'} }),
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
('/dev/null', {'allow': {'all': {'r', 'w', 'k'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/dev/null'} }),
('/foo/bar', {'allow': {'all': {'r', 'w'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/foo/bar'} }), # exec perms not included
('/no/thing', {'allow': {'all': set(), 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': set() }),
utils: Fix failing tests in test-aa.py The merged /usr patches to the policy broke some utils tests due to a change in the expected output. Fixes: r3600 update lots of profiles for usrMerge Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-02-28 23:03:25 +00:00
('/usr/lib/ispell/', {'allow': {'all': {'r'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/usr/lib/ispell/', '/{usr/,}lib{,32,64}/**'} }), # from abstractions/enchant
('/usr/lib/aspell/*.so', {'allow': {'all': {'m', 'r'}, 'owner': set() }, 'deny': {'all':set(), 'owner': set()}, 'paths': {'/usr/lib/aspell/*', '/usr/lib/aspell/*.so', '/{usr/,}lib{,32,64}/**'} }), # from abstractions/aspell via abstractions/enchant
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
]
def _run_test(self, params, expected):
self.createTmpdir()
#copy the local profiles to the test directory
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
apparmor.aa.profiledir = self.profile_dir
apparmor.aa.load_include('abstractions/base')
apparmor.aa.load_include('abstractions/bash')
apparmor.aa.load_include('abstractions/enchant')
apparmor.aa.load_include('abstractions/aspell')
[1/3] Rename profile_storage() to ProfileStorage() This is a preparation to make the next patch smaller and easier to read ;-) Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:30:29 +02:00
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
profile['include']['abstractions/base'] = True
profile['include']['abstractions/bash'] = True
profile['include']['abstractions/enchant'] = True # includes abstractions/aspell
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
Prevent 'wa' conflicts for file rules get_file_perms() and propose_file_rules() happily collect all file permissions. This could lead to proposing 'wa' permissions in aa-logprof, which then errored out because of conflicting permissions. This patch adds a check to both functions that removes 'a' if 'w' is present, and extends the tests to check this. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11. Note: Both functions (including this bug) were introduced together with FileRule, so older releases are not affected.
2017-08-04 22:26:41 +02:00
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
[23/38] Add get_file_perms() to aa.py get_file_perms() collects the existing permissions for a file from various rules (exact matches, wildcards) in the main profile and the included abstractions. It will be used to get displaying the current permissions back, and also to propose rules with merged permissions (next patch). Also add some tests to make sure it does what it promises ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:03:44 +02:00
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
[24/38] Add propose_file_rules() to propose globbed etc. file rules in aa-logprof aa.py: - add propose_file_rules() - will propose matching paths from existing rules in the profile or one of the includes - save user_globs if user selects '(N)ew' (will be re-used when proposing rules) - change user_globs to a dict so that it can carry the human-readable path and an AARE object for it - change order_globs() to ensure the original path (given as parameter) is always the last item in the resulting list - add a ruletype switch to ask_the_questions() so that it uses propose_file_rules() for file events (I don't like this ruletype-specific solution too much, but everything else would make things even more complicated) Also keep aa-mergeprof ask_the_questions() in sync with aa.py. In FileRule, add original_perms (might be set by propose_file_rules()) Finally, add some tests to ensure propose_file_rules() does what it promises. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:04:42 +02:00
class AaTest_propose_file_rules(AATest):
tests = [
# log event path and perms expected proposals
(['/usr/share/common-licenses/foo/bar', 'w'], ['/usr/share/common*/foo/* rw,', '/usr/share/common-licenses/** rw,', '/usr/share/common-licenses/foo/bar rw,'] ),
(['/dev/null', 'wk'], ['/dev/null rwk,'] ),
(['/foo/bar', 'rw'], ['/foo/bar rw,'] ),
utils: Fix failing tests in test-aa.py The merged /usr patches to the policy broke some utils tests due to a change in the expected output. Fixes: r3600 update lots of profiles for usrMerge Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-02-28 23:03:25 +00:00
(['/usr/lib/ispell/', 'w'], ['/{usr/,}lib{,32,64}/** rw,', '/usr/lib/ispell/ rw,'] ),
(['/usr/lib/aspell/some.so', 'k'], ['/usr/lib/aspell/* mrk,', '/usr/lib/aspell/*.so mrk,', '/{usr/,}lib{,32,64}/** mrk,', '/usr/lib/aspell/some.so mrk,'] ),
Prevent 'wa' conflicts for file rules get_file_perms() and propose_file_rules() happily collect all file permissions. This could lead to proposing 'wa' permissions in aa-logprof, which then errored out because of conflicting permissions. This patch adds a check to both functions that removes 'a' if 'w' is present, and extends the tests to check this. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11. Note: Both functions (including this bug) were introduced together with FileRule, so older releases are not affected.
2017-08-04 22:26:41 +02:00
(['/foo/log', 'w'], ['/foo/log w,'] ),
[24/38] Add propose_file_rules() to propose globbed etc. file rules in aa-logprof aa.py: - add propose_file_rules() - will propose matching paths from existing rules in the profile or one of the includes - save user_globs if user selects '(N)ew' (will be re-used when proposing rules) - change user_globs to a dict so that it can carry the human-readable path and an AARE object for it - change order_globs() to ensure the original path (given as parameter) is always the last item in the resulting list - add a ruletype switch to ask_the_questions() so that it uses propose_file_rules() for file events (I don't like this ruletype-specific solution too much, but everything else would make things even more complicated) Also keep aa-mergeprof ask_the_questions() in sync with aa.py. In FileRule, add original_perms (might be set by propose_file_rules()) Finally, add some tests to ensure propose_file_rules() does what it promises. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:04:42 +02:00
]
def _run_test(self, params, expected):
self.createTmpdir()
#copy the local profiles to the test directory
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
apparmor.aa.profiledir = self.profile_dir
apparmor.aa.load_include('abstractions/base')
apparmor.aa.load_include('abstractions/bash')
apparmor.aa.load_include('abstractions/enchant')
apparmor.aa.load_include('abstractions/aspell')
# add some user_globs ('(N)ew') to simulate a professional aa-logprof user (and to make sure that part of the code also gets tested)
apparmor.aa.user_globs['/usr/share/common*/foo/*'] = AARE('/usr/share/common*/foo/*', True)
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
[1/3] Rename profile_storage() to ProfileStorage() This is a preparation to make the next patch smaller and easier to read ;-) Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:30:29 +02:00
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
[24/38] Add propose_file_rules() to propose globbed etc. file rules in aa-logprof aa.py: - add propose_file_rules() - will propose matching paths from existing rules in the profile or one of the includes - save user_globs if user selects '(N)ew' (will be re-used when proposing rules) - change user_globs to a dict so that it can carry the human-readable path and an AARE object for it - change order_globs() to ensure the original path (given as parameter) is always the last item in the resulting list - add a ruletype switch to ask_the_questions() so that it uses propose_file_rules() for file events (I don't like this ruletype-specific solution too much, but everything else would make things even more complicated) Also keep aa-mergeprof ask_the_questions() in sync with aa.py. In FileRule, add original_perms (might be set by propose_file_rules()) Finally, add some tests to ensure propose_file_rules() does what it promises. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:04:42 +02:00
profile['include']['abstractions/base'] = True
profile['include']['abstractions/bash'] = True
profile['include']['abstractions/enchant'] = True # includes abstractions/aspell
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
Prevent 'wa' conflicts for file rules get_file_perms() and propose_file_rules() happily collect all file permissions. This could lead to proposing 'wa' permissions in aa-logprof, which then errored out because of conflicting permissions. This patch adds a check to both functions that removes 'a' if 'w' is present, and extends the tests to check this. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11. Note: Both functions (including this bug) were introduced together with FileRule, so older releases are not affected.
2017-08-04 22:26:41 +02:00
profile['file'].add(FileRule.parse('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
[24/38] Add propose_file_rules() to propose globbed etc. file rules in aa-logprof aa.py: - add propose_file_rules() - will propose matching paths from existing rules in the profile or one of the includes - save user_globs if user selects '(N)ew' (will be re-used when proposing rules) - change user_globs to a dict so that it can carry the human-readable path and an AARE object for it - change order_globs() to ensure the original path (given as parameter) is always the last item in the resulting list - add a ruletype switch to ask_the_questions() so that it uses propose_file_rules() for file events (I don't like this ruletype-specific solution too much, but everything else would make things even more complicated) Also keep aa-mergeprof ask_the_questions() in sync with aa.py. In FileRule, add original_perms (might be set by propose_file_rules()) Finally, add some tests to ensure propose_file_rules() does what it promises. Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:04:42 +02:00
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
self.assertEqual(proposals, expected)
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
update python tools to support includes with absolute paths For now we only allow quoted absolute paths without spaces in the name due to: - 1738877: include rules don't handle files with spaces in the name - 1738879: include rules don't handle absolute paths without quotes in some versions of parser - 1738880: include rules don't handle relative paths in some versions of the parser
2017-12-18 19:37:35 +00:00
class AaTest_propose_file_rules_with_absolute_includes(AATest):
tests = [
# log event path and perms expected proposals
(['/not/found/anywhere', 'r'], ['/not/found/anywhere r,']),
(['/dev/null', 'w'], ['/dev/null rw,']),
(['/some/random/include', 'r'], ['/some/random/include rw,']),
(['/some/other/include', 'w'], ['/some/other/* rw,', '/some/other/inc* rw,', '/some/other/include rw,']),
]
def _run_test(self, params, expected):
self.createTmpdir()
#copy the local profiles to the test directory
self.profile_dir = '%s/profiles' % self.tmpdir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
apparmor.aa.profiledir = self.profile_dir
apparmor.aa.load_include('abstractions/base')
abs_include1 = write_file(self.tmpdir, 'test-abs1', "/some/random/include rw,")
apparmor.aa.load_include(abs_include1)
abs_include2 = write_file(self.tmpdir, 'test-abs2', "/some/other/* rw,")
apparmor.aa.load_include(abs_include2)
abs_include3 = write_file(self.tmpdir, 'test-abs3', "/some/other/inc* rw,")
apparmor.aa.load_include(abs_include3)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
profile['include']['abstractions/base'] = False
profile['include'][abs_include1] = False
profile['include'][abs_include2] = False
profile['include'][abs_include3] = False
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
self.assertEqual(proposals, expected)
class AaTest_nonexistent_includes(AATest):
def test_bad_includes(self):
tests = [
"/nonexistent/absolute/path",
"nonexistent/relative/path",
]
for i in tests:
with self.assertRaises(AppArmorException):
apparmor.aa.load_include(i)
utils: Require apparmor.aa users to call init_aa() Introduce an apparmor.aa.init_aa() method and move the initialization code of the apparmor.aa module into it. Note that this change will break any external users of apparmor.aa because global variables that were previously initialized when importing apparmor.aa will not be initialized unless a call to the new apparmor.aa.init_aa() method is made. The main purpose of this change is to allow the utils tests to be able to set a non-default location for configuration files. Instead of hard-coding the location of logprof.conf and other utils related configuration files to /etc/apparmor/, this patch allows it to be configured by calling apparmor.aa.init_aa(confdir=PATH). This allows for the make check target to use the in-tree config file, profiles, and parser by default. A helper method, setup_aa(), is added to common_test.py that checks for an environment variable containing a non-default configuration directory path prior to calling apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated to call setup_aa(). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Suggested-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2017-03-02 21:21:53 +00:00
setup_aa(apparmor.aa)
Enable testloops for nosetests Ensure nosetests sees all tests in the tests[] tuples. This requires some name changes because nosetests thinks all function names containing "test" are tests. (A "not a test" docorator would be an alternative, but that would require some try/except magic to avoid a dependency on nose.) To avoid nosetests thinks the functions are a test, - rename setup_all_tests() to setup_all_loops() - rename regex_test() to _regex_test() (in test-regex_matches.py) Also add the module_name as parameter to setup_all_loops and always run it (not only if __name__ == '__main__'). Known issue: nosetests errors out with ValueError: no such test method in <class ...>: stub_test when trying to run a single test generated out of tests[]. (debugging hint: stub_test is the name used in setup_test_loop().) But that's still an improvement over not seeing those tests at all ;-) Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9.
2015-04-22 22:01:34 +02:00
setup_all_loops(__name__)
Add some tests for aa.py check_for_apparmor() Also change check_for_apparmor() to allow easier testing by optionally specifying alternative locations for /proc/filesystems and /proc/mounts as parameter. Note that the code in check_for_apparmor() differs from what the comment says - valid_path() only does syntax checks, but doesn't check if the directory exists. I added a comment saying exactly that. Acked-by: Steve Beattie <steve@nxnw.org>
2014-11-27 23:20:26 +01:00
if __name__ == '__main__':
make utils tests less verbose Given the big number of tests, printing a dot for each test (instead of multiple lines) is enough ;-)
2018-04-08 20:18:30 +02:00
unittest.main(verbosity=1)
Reference in a new issue Copy permalink