Merge branch 'cboltz-test-profiles' into 'master'

Test if active and extra profiles can be parsed by the tools

See merge request apparmor/apparmor!677

Acked-by: John Johansen <john.johansen@canonical.com>

utils/apparmor/aa.py

@@ -1658,9 +1658,12 @@ def collapse_log(hashlog, ignore_null_profiles=True):
 
     return log_dict
 
-def read_profiles(ui_msg=False):
+def read_profiles(ui_msg=False, skip_profiles=[]):
     # we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
     # a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
+    #
+    # The skip_profiles parameter should only be specified by tests.
+
     global aa, original_aa
     aa = hasher()
     original_aa = hasher()
@@ -1678,10 +1681,15 @@ def read_profiles(ui_msg=False):
         if os.path.isfile(full_file):
             if is_skippable_file(file):
                 continue
+            elif file in skip_profiles:
+                aaui.UI_Info("skipping profile %s" % full_file)
+                continue
             else:
                 read_profile(full_file, True)
 
-def read_inactive_profiles():
+def read_inactive_profiles(skip_profiles=[]):
+    # The skip_profiles parameter should only be specified by tests.
+
     if hasattr(read_inactive_profiles, 'already_read'):
         # each autodep() run calls read_inactive_profiles, but that's a) superfluous and b) triggers a conflict because the inactive profiles are already loaded
         # therefore don't do anything if the inactive profiles were already loaded
@@ -1701,6 +1709,9 @@ def read_inactive_profiles():
         if os.path.isfile(full_file):
             if is_skippable_file(file):
                 continue
+            elif file in skip_profiles:
+                aaui.UI_Info("skipping profile %s" % full_file)
+                continue
             else:
                 read_profile(full_file, False)
 

utils/test/logprof.conf

@@ -11,7 +11,7 @@
 
 [settings]
   profiledir = ../../profiles/apparmor.d
-  inactive_profiledir = ../../profiles/apparmor/profiles/extra
+  inactive_profiledir = ../../profiles/apparmor/profiles/extras
   logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
 
   parser = ../../parser/apparmor_parser ../parser/apparmor_parser

utils/test/test-profiles.py

@@ -0,0 +1,45 @@
+#! /usr/bin/python3
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import unittest
+from common_test import AATest, setup_all_loops, setup_aa
+import apparmor.aa as aa
+
+# If a profile can't be parsed by the tools, add it to skip_active_profiles or skip_extra_profiles.
+# Add only the filename (without path), for example 'usr.bin.foo'.
+# These skip lists are meant as a temporary solution, and should be empty on release.
+skip_active_profiles = [
+]
+
+skip_extra_profiles = [
+]
+
+class TestFoo(AATest):
+    # Make sure the python code can parse all profiles shipped with AppArmor.
+    # If this fails, read_profiles() / read_inactive_profiles() will raise an exception.
+    #
+    # Checking for the number of read profiles is mostly done to ensure *something* is read
+    # (to make sure an empty or non-existing directory won't make this test useless).
+
+    def test_active_profiles(self):
+        aa.read_profiles(skip_profiles=skip_active_profiles)
+
+        self.assertGreaterEqual(len(aa.active_profiles.profile_names), 42)
+
+    def test_extra_profiles(self):
+        aa.read_inactive_profiles(skip_profiles=skip_extra_profiles)
+
+        self.assertGreaterEqual(len(aa.extra_profiles.profile_names), 100)
+
+setup_aa(aa)
+setup_all_loops(__name__)
+if __name__ == '__main__':
+    unittest.main(verbosity=1)