tests: Add query_label.sh tests for file queries

A number of simple query tests based on read and write perms of files and directories. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-03-04 16:35:02 +01:00 · 2015-05-28 14:48:53 -05:00 · 2015-05-28 14:48:53 -05:00 · 5349536ff8
commit 5349536ff8
parent afde1cc53a
1 changed files with 32 additions and 0 deletions
--- a/tests/regression/apparmor/query_label.sh
+++ b/tests/regression/apparmor/query_label.sh
@ -209,3 +209,35 @@ perms dbus send
 querytest "QUERY dbus (svc send)" fail $dbus_svc_query
 perms dbus receive
 querytest "QUERY dbus (svc receive)" fail $dbus_svc_query
+
+genqueryprofile "file,"
+expect allow
+perms file exec,write,read,append,link,lock
+querytest "QUERY file (all base perms #1)" pass /anything
+querytest "QUERY file (all base perms #2)" pass /everything
+
+genqueryprofile "/etc/passwd r,"
+expect allow
+perms file read
+querytest "QUERY file (passwd)" pass /etc/passwd
+querytest "QUERY file (passwd bad path #1)" fail /etc/pass
+querytest "QUERY file (passwd bad path #2)" fail /etc/passwdXXX
+querytest "QUERY file (passwd bad path #3)" fail /etc/passwd/XXX
+perms file write
+querytest "QUERY file (passwd bad perms #1)" fail /etc/passwd
+perms file read,write
+querytest "QUERY file (passwd bad perms #2)" fail /etc/passwd
+
+genqueryprofile "/tmp/ rw,"
+expect allow
+perms file read,write
+querytest "QUERY file (/tmp/)" pass /tmp/
+querytest "QUERY file (/tmp/ bad path)" fail /tmp
+querytest "QUERY file (/tmp/ bad path)" fail /tmp/tmp/
+perms file read
+querytest "QUERY file (/tmp/ read only)" pass /tmp/
+perms file write
+querytest "QUERY file (/tmp/ write only)" pass /tmp/
+expect audit
+perms file read,write
+querytest "QUERY file (/tmp/ wrong dir)" pass /etc/