Merge tests/regression: Add simple e2e test

This adds a single e2e test to check that raw_data of a loaded policy matches the generated policy (cached). Signed-off-by: Spyros Seimenis <spyros.seimenis@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/929 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-03-04 08:24:42 +01:00 · 2022-10-28 12:44:31 +00:00 · 2022-10-28 12:44:31 +00:00 · 299a7386f4
commit 299a7386f4
parent bed1471144 75a6679be5
2 changed files with 61 additions and 0 deletions
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@ -214,6 +214,7 @@ TESTS=aa_exec \
      clone \
      coredump \
      deleted \
      e2e \
      environ \
      exec \
      exec_qual \
--- a/tests/regression/apparmor/e2e.sh
+++ b/tests/regression/apparmor/e2e.sh
@ -0,0 +1,60 @@
 #! /bin/bash
 #	Copyright (C) 2022 Canonical, Ltd.
 #
 #	This program is free software; you can redistribute it and/or
 #	modify it under the terms of the GNU General Public License as
 #	published by the Free Software Foundation, version 2 of the
 #	License.
 #=NAME e2e
 #=DESCRIPTION
 # Verifies basic parser functionality.
 #=END
 pwd=`dirname $0`
 pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd
 . $bin/prologue.inc
 # load_and_verify - Generate and load a profile, then verify that raw_data
 #                            matches the generated cached policy
 # $1: A description of this test
 load_and_verify() {
    local desc=$1
    local prof="dummy_test"
    local cache_dir=$(${subdomain} --print-cache-dir)
    local cache_md5
    local kernel_md5
    # Since we're not testing any binary, force test global var to our dummy profile
    test="$prof"
    # Write to cache
    parser_args="${parser_config} -q -W"
    echo "profile $prof {}" | genprofile --stdin
    cache_md5=$(cat $cache_dir/profile | md5sum | awk '{ print $1 }')
    local matching=0
    for binary_policy in /sys/kernel/security/apparmor/policy/profiles/$prof*/raw_data; do
        kernel_md5=$(cat $binary_policy | md5sum | awk '{ print $1 }')
        if [ $kernel_md5 == $cache_md5 ]; then
            matching=1
            break
        fi
    done
    if [ $matching -eq 0 ]; then
        echo "Error: ${testname}, ${desc} failed. raw_data profile doesn't match the generated cached one"
        testfailed
    elif [ -n "$VERBOSE" ]; then
        echo "ok: ${desc}"
    fi
    removeprofile
 }
 load_and_verify "E2E load profile and read from kernel"