Merge branch 'cboltz-link-owner' into 'master'

Add testcases for 'owner link' rules

See merge request apparmor/apparmor!369

Acked-by: Eric Chiang <ericchiang@google.com>

parser/tst/simple_tests/file/ok_link_audit_deny_owner_subset.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION link access test with audit deny and owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+  audit deny owner link subset /alpha/beta -> /tmp/**,
+  /tmp/** r,
+}
+

parser/tst/simple_tests/file/ok_link_owner.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test with owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+  owner link subset /alpha/beta -> /tmp/**,
+  /tmp/** r,
+}
+

utils/apparmor/regex.py

@@ -35,6 +35,7 @@ RE_FLAGS                = '(\s+(flags\s*=\s*)?\((?P<flags>[^)]+)\))?'
 
 RE_PROFILE_END          = re.compile('^\s*\}' + RE_EOL)
 RE_PROFILE_CAP          = re.compile(RE_AUDIT_DENY + 'capability(?P<capability>(\s+\S+)+)?' + RE_COMMA_EOL)
+# TODO: add support for 'owner' to RE_PROFILE_LINK
 RE_PROFILE_LINK         = re.compile(RE_AUDIT_DENY + 'link\s+(((subset)|(<=))\s+)?([\"\@\/].*?"??)\s+->\s*([\"\@\/].*?"??)' + RE_COMMA_EOL)
 RE_PROFILE_ALIAS        = re.compile('^\s*alias\s+("??.+?"??)\s+->\s*("??.+?"??)' + RE_COMMA_EOL)
 RE_PROFILE_RLIMIT       = re.compile('^\s*set\s+rlimit\s+(?P<rlimit>[a-z]+)\s*<=\s*(?P<value>[^ ]+(\s+[a-zA-Z]+)?)' + RE_COMMA_EOL)

utils/test/test-parser-simple-tests.py

@@ -224,6 +224,10 @@ unknown_line = [
     'file/owner/ok_1.sd',
     'profile/entry_mods_audit_ok1.sd',
 
+    # link rules with owner conditional
+    'file/ok_link_owner.sd',
+    'file/ok_link_audit_deny_owner_subset.sd',
+
     # namespace
     'profile/profile_ns_named_ok1.sd',  # profile keyword?
     'profile/profile_ns_named_ok2.sd',  # profile keyword?