mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
parser: Add ability to test the inequality of binary policies
Previously, we only had the ability to test that binary policy files were equal. This patch allows for the testing of binary policy files that are not equal. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks
parent
d22a867723
commit
98ca025c5c
1 changed files with 36 additions and 9 deletions
|
|
@ -32,24 +32,34 @@ hash_binary_policy()
|
|||
return $?
|
||||
}
|
||||
|
||||
# verify_binary_equality - compares the binary policy of multiple profiles
|
||||
# $1: A short description of the test
|
||||
# $2: The known-good profile
|
||||
# $3..$n: The profiles to compare against $2
|
||||
# verify_binary - compares the binary policy of multiple profiles
|
||||
# $1: Test type (equality or inequality)
|
||||
# $2: A short description of the test
|
||||
# $3: The known-good profile
|
||||
# $4..$n: The profiles to compare against $3
|
||||
#
|
||||
# Upon failure/error, prints out the test description and profiles that failed
|
||||
# and increments $fails or $errors for each failure and error, respectively
|
||||
verify_binary_equality()
|
||||
verify_binary()
|
||||
{
|
||||
local desc=$1
|
||||
local good_profile=$2
|
||||
local t=$1
|
||||
local desc=$2
|
||||
local good_profile=$3
|
||||
local good_hash
|
||||
local ret=0
|
||||
|
||||
shift
|
||||
shift
|
||||
shift
|
||||
|
||||
printf "Binary equality %s" "$desc"
|
||||
if [ "$t" != "equality" ] && [ "$t" != "inequality" ]
|
||||
then
|
||||
printf "\nERROR: Unknown test mode:\n%s\n\n" "$t" 1>&2
|
||||
((errors++))
|
||||
return $((ret + 1))
|
||||
fi
|
||||
|
||||
printf "Binary %s %s" "$t" "$desc"
|
||||
good_hash=$(hash_binary_policy "$good_profile")
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
|
|
@ -68,13 +78,20 @@ verify_binary_equality()
|
|||
"$profile" 1>&2
|
||||
((errors++))
|
||||
((ret++))
|
||||
elif [ "$hash" != "$good_hash" ]
|
||||
elif [ "$t" == "equality" ] && [ "$hash" != "$good_hash" ]
|
||||
then
|
||||
printf "\nFAIL: Hash values do not match\n" 2>&1
|
||||
printf "known-good (%s) != profile-under-test (%s) for the following profile:\n%s\n\n" \
|
||||
"$good_hash" "$hash" "$profile" 1>&2
|
||||
((fails++))
|
||||
((ret++))
|
||||
elif [ "$t" == "inequality" ] && [ "$hash" == "$good_hash" ]
|
||||
then
|
||||
printf "\nFAIL: Hash values match\n" 2>&1
|
||||
printf "known-good (%s) == profile-under-test (%s) for the following profile:\n%s\n\n" \
|
||||
"$good_hash" "$hash" "$profile" 1>&2
|
||||
((fails++))
|
||||
((ret++))
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
@ -86,6 +103,16 @@ verify_binary_equality()
|
|||
return $ret
|
||||
}
|
||||
|
||||
verify_binary_equality()
|
||||
{
|
||||
verify_binary "equality" "$@"
|
||||
}
|
||||
|
||||
verify_binary_inequality()
|
||||
{
|
||||
verify_binary "inequality" "$@"
|
||||
}
|
||||
|
||||
verify_binary_equality "dbus send" \
|
||||
"/t { dbus send, }" \
|
||||
"/t { dbus write, }" \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue