mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
make the link subset test livable
This commit is contained in:
John Johansen
parent
7742386a84
commit
5d51c46fd6
2 changed files with 2 additions and 68 deletions
|
|
@ -33,6 +33,7 @@ SRC=access.c \
|
|||
fchown.c \
|
||||
fork.c \
|
||||
link.c \
|
||||
link_subset.c \
|
||||
mmap.c \
|
||||
mkdir.c \
|
||||
mount.c \
|
||||
|
|
@ -118,6 +119,7 @@ TESTS=access \
|
|||
fork \
|
||||
i18n \
|
||||
link \
|
||||
link_subset \
|
||||
mkdir \
|
||||
mmap \
|
||||
mount \
|
||||
|
|
|
|||
|
|
@ -31,40 +31,6 @@ badperm=rwl
|
|||
nolinkperm=rwix
|
||||
|
||||
|
||||
#test for $1 in $2
|
||||
function perm_is_subset () {
|
||||
# zero length substring always matches
|
||||
if [ -z $1 ] ; then
|
||||
echo $2;
|
||||
return 0;
|
||||
fi
|
||||
|
||||
case "$2" in
|
||||
*$1*) echo ${2##${2/$1*/}}; return 0;;
|
||||
esac
|
||||
|
||||
#handle the special cases
|
||||
#ix implies mix
|
||||
local target=${2/ix/mix}
|
||||
case "$target" in
|
||||
*$1*) echo ${target##${target/$1*/}}; return 0;;
|
||||
esac
|
||||
|
||||
# treat safe PUx as subset of unsafe pux
|
||||
local linkfile=${1/Px/px}
|
||||
linkfile=${linkfile/Ux/ux}
|
||||
case "$target" in
|
||||
*$linkfile*) echo ${target##${target/$linkfile*/}}; return 0;
|
||||
esac
|
||||
|
||||
# permute rw to do string match of rm rwm
|
||||
target=${target/rw/wr}
|
||||
case "$target" in
|
||||
*$1*) echo ${target##${target/$linkfile*/}}; return 0;;
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
PERMS="r w m ix px ux Px Ux l rw rm rix rpx rux rPx rUx rl wm wix wpx wux \
|
||||
wPx wUx wl mix mpx mux mPx mUx ml ixl pxl uxl Pxl Uxl rwm rwix rwpx \
|
||||
rwux rwPx rwUx rwl rmix rmpx rmux rmPx rmUx rml wmix wmpx wmux wmPx \
|
||||
|
|
@ -91,37 +57,3 @@ touch $target
|
|||
runchecktest "link (no perms) -> target (no perms)" fail $target $linkfile
|
||||
rm -rf $linkfile
|
||||
|
||||
# link no perms
|
||||
for TARGET_PERM in ${PERMS} ; do
|
||||
genprofile $target:$TARGET_PERM
|
||||
runchecktest "link (no perms) -> target ($TARGET_PERM)" fail $target $linkfile
|
||||
rm -rf $linkfile
|
||||
done
|
||||
|
||||
# target no perms
|
||||
for LINK_PERM in ${PERMS} ; do
|
||||
genprofile $linkfile:$LINK_PERM
|
||||
runchecktest "link ($LINK_PERM) -> target (no perms)" fail $target $linkfile
|
||||
rm -rf $linkfile
|
||||
done
|
||||
|
||||
# all other combination of perms
|
||||
for LINK_PERM in ${PERMS} ; do
|
||||
for TARGET_PERM in ${PERMS} ; do
|
||||
l_in_perms=${LINK_PERM/*l/l}
|
||||
perms_no_link=${LINK_PERM/l/}
|
||||
link_subset=`perm_is_subset ${perms_no_link} ${TARGET_PERM}`
|
||||
if [ "$l_in_perms" == "l" -a -n "$perms_no_link" -a -n "$link_subset" ]
|
||||
then
|
||||
expected_result=pass
|
||||
else
|
||||
expected_result=fail
|
||||
fi
|
||||
#echo "testing $LINK_PERM -> $TARGET_PERM = $l_in_perms, $perms_no_link, $link_subset $expected_result"
|
||||
genprofile $linkfile:$LINK_PERM $target:$TARGET_PERM
|
||||
runchecktest "link ($LINK_PERM) -> target ($TARGET_PERM)" ${expected_result} $target $linkfile
|
||||
rm -rf $linkfile
|
||||
|
||||
done
|
||||
done
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue