use serialize_profile() for the new profile in (V)iew Changes
See merge request apparmor/apparmor!131
Acked-by: John Johansen <john.johansen@canonical.com>
These tests verify that
- _is_equal_aare() really raises an exception when it sees an invalid
combination of other_value and other_all
- BaseRuleset.__repr__() works as expected
As a side effect, this commit pushes the test coverage of
apparmor/rule/__init__.py to 100% ;-)
This is needed to get a reproducible output.
Also adjust the tests in test-profile-storage.py and add some example
variable to cleanprof.in and cleanprof.out
If a log line contains a denial for a child profile, log_dict will
(obviously) only contain the child profile. However, serialize_profile()
expects that the parent profile is also initialized as ProfileStorage.
This patch makes sure the parent profile gets initialized.
It also removes 26 of the 37 reasons in the TODO note in aa.py :-)
ProfileStorage() stores the content of a profile, so it makes sense to
also have the functions to write those rules (including helper functions
used by these functions) in the same file.
Note that I only moved the functions for rule types that are not handled
by *Ruleset classes.
The functions for writing rules stored in a *Ruleset class will
hopefully be superfluous sooner or later (probably later because
serialize_parse_profile_start() depends on them, and rewriting it won't
be easy)
Also move the test for var_transform() to test-profile-storage.py.
Merge remote-tracking branch 'cboltz/cboltz-fix-write-alias' from
Christian Boltz.
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
PR: https://gitlab.com/apparmor/apparmor/merge_requests/119
write_pair() ignored the 'tail' parameter, which resulted in writing
invalid alias rules (without the trailing comma).
Also add an alias to test/cleanprof.* to ensure it doesn't break again.
test-libapparmor-test_multi.py converts the libapparmor test_multi log
examples to profiles.
This patch allows to call test-libapparmor-test-multi.py with a logfile
(containing a single log line) as parameter. It will then print the
resulting profile.
Example:
# python3 test-libapparmor-test_multi.py /path/to/libraries/libapparmor/testsuite/test_multi/testcase_dbus_01.in
/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service {
dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(label=unconfined),
}
Writing a "link subset" rule missed a space, which resulted in something
like
link subset/foo -> /bar,
Also add a test rule to tests/cleanprof.* to ensure this doesn't break
again.
This excludes the /etc/apparmor.d/cache.d/ directory from aa-logprof
parsing because parsing the binary cache, well, takes a while :-/
Reported on the opensuse-factory mailinglist by Frank Krüger and
confirmed by others.
The tools don't support having multiple rules in one line (they expect
\n after each rule), therefore mark some of the bare_include_tests as
known failures.
For now we only allow quoted absolute paths without spaces in the name
due to:
- 1738877: include rules don't handle files with spaces in the name
- 1738879: include rules don't handle absolute paths without quotes in
some versions of parser
- 1738880: include rules don't handle relative paths in some versions of
the parser
- extend available_buttons() to display an "owner permissions on/off"
button if the rule supports it
- extend ask_the_questions() to handle these buttons
- add some tests to test-translations.py to avoid hotkey conflicts with
the newly added buttons
- move the code of set_options_audit_mode() to a new function
set_options_mode() and make set_options_audit_mode() a wrapper for it.
- add set_options_owner_mode() as another wrapper for set_options_mode()
and add code to switch the owner flag to set_options_mode()
- add tests for set_options_owner_mode()
logparser.py failed to notice if file events are owner-only in modern
audit.log (using fsuid=... and ouid=...).
This patch adds a comparison of fsuid and ouid and marks file events
as 'owner' if they match.
Note that log events without fsuid=... or ouid=... will have
18446744073709551615 as fsuid / ouid value (that's 2^64 - 1).
'None' would clearly be better ;-)
References: https://bugs.launchpad.net/apparmor/+bug/1538340
Exit rather than returning from shell snippets in Makefiles. It is
reported that returning causes the following error message with bash:
/bin/sh: line 4: return: can only `return' from a function or sourced script
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Christian Boltz <apparmor@cboltz.de>
The test-aa-easyprof.py script relies on the parser to be built so the
check target of the utils/test/Makefile should detect if the parser
exists before running any tests.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Christian Boltz <apparmor@cboltz.de>
This parameter is always [], so we can simplify the ReadLog __init__()
parameters.
Note that some tests handed over '' instead of []. This was a bug, but
didn't matter because those tests only use a small portion of ReadLog.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
get_file_perms() and propose_file_rules() happily collect all file
permissions. This could lead to proposing 'wa' permissions in
aa-logprof, which then errored out because of conflicting permissions.
This patch adds a check to both functions that removes 'a' if 'w' is
present, and extends the tests to check this.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11.
Note: Both functions (including this bug) were introduced together with
FileRule, so older releases are not affected.
Move ProfileStorage() from aa.py to the new profile_storage.py and make
it a class. The variable name in __init__() changes (profile -> self.data),
but the content stays the same.
The ProfileStorage class acts like a dict(), but has some additional
checks for unknown keys in place.
Also add some tests to make sure unknown keys really raise an exception.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(garbage) ptrace events like
... apparmor="DENIED" operation="ptrace" profile="/bin/netstat" pid=1962 comm="netstat" target=""
cause an empty name2 field, which leads to a crash in the tools.
This patch lets logparser.py ignore such garbage log events, which also
avoids the crash.
As usual, add some testcases.
test-libapparmor-test_multi.py needs some special handling to ignore the
empty name2 field in one of the testcases.
References: https://bugs.launchpad.net/apparmor/+bug/1689667
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11.
Older releases can't handle ptrace log events and therefore can't crash ;-)
Since r3634, the tools allow any order of dbus conditionals.
Quoting the r3634 patch description:
This patch eases the restriction on the ordering at the expense of the
utils no longer being able to detect and reject a single attribute that
is repeated multiple times. In that situation, only the last occurrence
of the attribute will be honored by the utils.
It seems nobody tested with all test profiles generated ;-) so we have to
add some exceptions to the "does not raise an exception" list now.
Acked-by <timeout> for trunk and 2.11
FileRule understands leading permissions, so the reason to skip those
(generated) test profiles in test-parser-simple-tests.py is gone.
However, the gen-xtrans.pl script generates profiles with a not-so-valid
mix of uppercase and lowercase, for example "Pux" and "Cux". The parser
accepts this, but the tools complain about such rules. Therefore add the
affected profiles to the exception list.
In total, this means we now test 319 of the 380 generated_perms_leading
test profiles.
The patch also moves some lines around to get the \-escaped profiles
out of the mixed uppercase/lowercase exec rule section.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The test-aa-easyprof.py script was attempting to do its own special
setup to import the in-tree easyprof module. However, this proved to be
very flaky and resulted in the test periodically failing due to an
AttributeError the first time easyprof.parse_args() was called.
This patch removes the flakiness by trusting that PYTHONPATH is set up
appropriately before the test script is ran. PYTHONPATH is already
initialized appropriately by utils/test/Makefile according to the
USE_SYSTEM make variable.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
if USE_SYSTEM is not set, the utils make check target will instruct
test-aa-easyprof.py to provide the path of the in-tree parser executable
to aa-easyprof.
If USE_SYSTEM is set, the default parser path (/sbin/apparmor_parser or
the result of `which apparmor_parser`) is used.
The test-aa-easyprof.py script receives the parser path by checking the
__AA_PARSER environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
If USE_SYSTEM is not set, the utils make check target will instruct
test-aa-easyprof.py to provide the path of the in-tree
profiles/apparmor.d directory to aa-easyprof as the parser base
directory.
If USE_SYSTEM is set, the default base directory (/etc/apparmor.d) is
used.
The test-aa-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Bug: https://launchpad.net/bugs/1538306
https://launchpad.net/bugs/1521031
aa-easyprof accepts a list of abstractions to include and, by default,
execs apparmor_parser to verify the generated profile including any
abstractions. However, aa-easyprof didn't provide the same flexibility
as apparmor_parser when it came to where in the filesystem the
abstraction files could exist.
The parser supports --base (defaulting to /etc/apparmor.d) and --Include
(defaulting to unset) options to specify the search paths for
abstraction files. This patch adds the same options to aa-easyprof to
aide in two different situations:
1) Some Ubuntu packages use aa-easyprof to generate AppArmor profiles
at build time. Something that has been previously needed is a way
for those packages to ship their own abstractions file(s) that are
#included in the easyprof-generated profile. That's not been
possible since the abstraction file(s) have not yet been installed
during the package build.
2) The test-aa-easyprof.py script contains some tests that specify
abstractions that should be #included. Without the ability to
specify a different --base or --Include directory, the abstractions
were required to be present in /etc/apparmor.d/abstractions/ or the
tests would fail. This prevents the Python utils from being able to
strictly test against in-tree code/profiles/etc.
I don't like the names of the command line options --base and --Include.
They're not particularly descriptive and the capital 'I' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Introduce an apparmor.aa.init_aa() method and move the initialization
code of the apparmor.aa module into it. Note that this change will break
any external users of apparmor.aa because global variables that were
previously initialized when importing apparmor.aa will not be
initialized unless a call to the new apparmor.aa.init_aa() method is
made.
The main purpose of this change is to allow the utils tests to be able
to set a non-default location for configuration files. Instead of
hard-coding the location of logprof.conf and other utils related
configuration files to /etc/apparmor/, this patch allows it to be
configured by calling apparmor.aa.init_aa(confdir=PATH).
This allows for the make check target to use the in-tree config file,
profiles, and parser by default. A helper method, setup_aa(), is added
to common_test.py that checks for an environment variable containing a
non-default configuration directory path prior to calling
apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The utils tests should make use of the logprof.conf that resides in
utils/test/ when testing against the in-tree parser and profiles. When
testing against the system, it the utils tests should continue to use
the system logprof.conf.
This patch updates the parser and profiles paths to point to the in-tree
paths. Another patch is needed to get aa.py to honor a non-hardcoded
search path for logprof.conf and other configuration files.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
https://launchpad.net/bugs/1628286
The utils were enforcing that the dbus rule attributes were strictly
ordered in the following fashion:
bus -> path -> interface -> member -> peer
However, the parser has always accepted the attributes in any order. If
the system contained a profile which did not use the strict ordering
enforced by the utils, the utils would refuse to operate at all.
This patch eases the restriction on the ordering at the expense of the
utils no longer being able to detect and reject a single attribute that
is repeated multiple times. In that situation, only the last occurrence
of the attribute will be honored by the utils.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The merged /usr patches to the policy broke some utils tests due to a
change in the expected output.
Fixes: r3600 update lots of profiles for usrMerge
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This allows to hand over any source instead of using the global variable.
Now that the function expects its input as parameter, get rid of the
global log_dict, which means
- change collapse_log() to initialize log_dict as local variable and
return it
- change do_logprof_pass() to catch collapse_log()'s return value and
hand it over to ask_the_questions()
- drop all references to the global log_dict variable
- update test-libapparmor-test_multi to follow the changes
Also fix an if condition that would fail if aa[profile][hat] does not
exist - get() defaults to None if the requested item doesn't exist, and
None.get('file') will raise an Exception.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
ldd exits with $? == 1 if a file is 'not a dynamic executable'.
This is correct behaviour of ldd, so we should handle it instead of
raising an exception ;-)
Also extend fake_ldd and add a test to test-aa.py to cover this.
Note that 2.10 and 2.9 don't have tests for get_reqs() nor fake_ldd,
so those branches will only get the aa.py changes.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
Storing these event details depending on the operation type only makes
things more difficult because it's hard to differenciate between file
and network events.
Note that this happens at the first log parsing stage (libapparmor log
event -> temporary python array) and therefore doesn't add a serious
memory footprint. The event tree will still only contain the elements
relevant for the actual event type.
This change means that lots of testcases now get 3 more fields (all
None) when testing parse_event(), so update all affected testcases.
(test-network doesn't need a change for probably obvious reasons.)
Also rename a misnamed test in test-change_profile.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
