tests: Update the regression tests for v6 policy

This updates the regression tests for v6 policy. It refactors the required_features test into a have_features fn, and a new requires_features fn (renamed to catch all instances make sure they where right) The have_features fn is then applied to several test to make them conditionally apply based off of availability of the feature and policy version. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com>
2025-03-04 08:24:42 +01:00 · 2014-03-26 21:08:59 -05:00 · 2014-03-26 21:08:59 -05:00 · 40c2d811f9
commit 40c2d811f9
parent 74b523f248
7 changed files with 30 additions and 13 deletions
--- a/tests/regression/apparmor/dbus_eavesdrop.sh
+++ b/tests/regression/apparmor/dbus_eavesdrop.sh
@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd

 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc

 args="--session"
--- a/tests/regression/apparmor/dbus_message.sh
+++ b/tests/regression/apparmor/dbus_message.sh
@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd

 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc

 listnames="--type=method_call --session --name=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames"
--- a/tests/regression/apparmor/dbus_service.sh
+++ b/tests/regression/apparmor/dbus_service.sh
@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd

 . $bin/prologue.inc
-required_features dbus
+requires_features dbus
 . $bin/dbus.inc

 service="--$bus --name=$dest $path $iface"
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@ -21,19 +21,32 @@
 #
 # For this file, functions are first, entry point code is at end, see "MAIN"

-required_features()
+#use $() to retreive the failure message or "true" if success
+have_features()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
-		echo "Kernel feature masks not supported. Skipping tests ..."
-		exit 0
+		echo "Kernel feature masks not supported."
+		return 1;
 	fi

 	for f in $@ ; do
 		if [ ! -e "/sys/kernel/security/apparmor/features/$f" ] ; then
-			echo "Required feature $f not available. Skipping tests ..."
-			exit 0
+			echo "Required feature '$f' not available."
+			return 2;
 		fi
 	done
+
+	echo "true"
+	return 0;
+}
+
+requires_features()
+{
+	local res=$(have_features $@)
+	if [ "$res" != "true" ] ; then
+		echo "$res. Skipping tests ..."
+		exit 0
+	fi
 }

 requires_query_interface()
--- a/tests/regression/apparmor/tcp.sh
+++ b/tests/regression/apparmor/tcp.sh
@ -15,6 +15,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd

 . $bin/prologue.inc
+requires_features network

 port=34567
 ip="127.0.0.1"
--- a/tests/regression/apparmor/unix_fd_server.sh
+++ b/tests/regression/apparmor/unix_fd_server.sh
@ -132,10 +132,12 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
 sleep 1
 rm -f ${socket}

-# FAIL - confined client, no access to the socket file
+if [ "$(have_features policy/versions/v6)" == "true" ] ; then
+    # FAIL - confined client, no access to the socket file

-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
-runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client
+    genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm
+    runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client

-sleep 1
-rm -f ${socket}
+    sleep 1
+    rm -f ${socket}
+fi
--- a/tests/regression/apparmor/unix_socket_file.sh
+++ b/tests/regression/apparmor/unix_socket_file.sh
@ -27,6 +27,7 @@ pwd=`cd $pwd ; /bin/pwd`
 bin=$pwd

 . $bin/prologue.inc
+requires_features policy/versions/v6

 client=$bin/unix_socket_file_client
 socket=${tmpdir}/unix_socket_file.sock