From 75a6679be5d2987b359d884b367a30d688a4cfd6 Mon Sep 17 00:00:00 2001
From: Spyros Seimenis <spyros.seimenis@canonical.com>
Date: Tue, 4 Oct 2022 22:57:22 +0300
Subject: [PATCH] tests/regression: Add simple e2e test

This adds a single e2e test to check that raw_data of a loaded
policy matches the generated policy (cached).

Signed-off-by: Spyros Seimenis <spyros.seimenis@canonical.com>
---
 tests/regression/apparmor/Makefile |  1 +
 tests/regression/apparmor/e2e.sh   | 60 ++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100755 tests/regression/apparmor/e2e.sh

diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
index 5795989dd..1ab57079e 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -214,6 +214,7 @@ TESTS=aa_exec \
       clone \
       coredump \
       deleted \
+      e2e \
       environ \
       exec \
       exec_qual \
diff --git a/tests/regression/apparmor/e2e.sh b/tests/regression/apparmor/e2e.sh
new file mode 100755
index 000000000..1a89b5860
--- /dev/null
+++ b/tests/regression/apparmor/e2e.sh
@@ -0,0 +1,60 @@
+#! /bin/bash
+#	Copyright (C) 2022 Canonical, Ltd.
+#
+#	This program is free software; you can redistribute it and/or
+#	modify it under the terms of the GNU General Public License as
+#	published by the Free Software Foundation, version 2 of the
+#	License.
+
+#=NAME e2e
+#=DESCRIPTION
+# Verifies basic parser functionality.
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+# load_and_verify - Generate and load a profile, then verify that raw_data
+#                            matches the generated cached policy
+# $1: A description of this test
+load_and_verify() {
+    local desc=$1
+    local prof="dummy_test"
+    local cache_dir=$(${subdomain} --print-cache-dir)
+    local cache_md5
+    local kernel_md5
+
+    # Since we're not testing any binary, force test global var to our dummy profile
+    test="$prof"
+
+    # Write to cache
+    parser_args="${parser_config} -q -W"
+
+    echo "profile $prof {}" | genprofile --stdin
+
+    cache_md5=$(cat $cache_dir/profile | md5sum | awk '{ print $1 }')
+
+    local matching=0
+    for binary_policy in /sys/kernel/security/apparmor/policy/profiles/$prof*/raw_data; do
+        kernel_md5=$(cat $binary_policy | md5sum | awk '{ print $1 }')
+        if [ $kernel_md5 == $cache_md5 ]; then
+            matching=1
+            break
+        fi
+    done
+
+    if [ $matching -eq 0 ]; then
+        echo "Error: ${testname}, ${desc} failed. raw_data profile doesn't match the generated cached one"
+        testfailed
+    elif [ -n "$VERBOSE" ]; then
+        echo "ok: ${desc}"
+    fi
+
+    removeprofile
+}
+
+load_and_verify "E2E load profile and read from kernel"