Make the dbus rule generator knowledgeable of the eavesdrop permission.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Allows for the policy writer to grant permission to eavesdrop on the
specified bus. Some example rules for granting the eavesdrop permission
are:
# Grant send, receive, bind, and eavesdrop
dbus,
# Grant send, receive, bind, and eavesdrop on the session bus
dbus bus=session,
# Grant send and eavesdrop on the system bus
dbus (send eavesdrop) bus=system,
# Grant eavesdrop on any bus
dbus eavesdrop,
Eavesdropping rules can contain the bus conditional. Any other
conditionals are not compatible with eavesdropping rules and the parser
will return an error.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch adds a warning when quote characters '\' are added
unnecessarily, generates an error when a single quote is the last
character in a pattern, and uncomments and corrects the relevant unit
test cases.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch adds a parser make variable and a make target for building
the compiler with coverage compilation flags. With this, coverage
information can be generated by running tests/test suites against the
built parser and run through tools like gcovr.
Patch History:
v1: initial version
v2: refreshed/no change
v3: address feedback from sarnold:
- mark coverage target as phony
- correct missing '.' typo in clean target
- make coverage extensions consistent in clean targets
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
equivalents. (v2)
This patch verifies basic alternation usage.
Patch history:
v1: initial revision
v2: mark nested alternation tests as passing, as it was deemed a bug
that the parser didn't support them.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-By: Christian Boltz <apparmor@cboltz.de>
This patch adds a test that verifies the parser considers an emty
character class regex as a parse arror.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-By: Christian Boltz <apparmor@cboltz.de>
This patch annotates that a couple of values emitted on failure are
of type size_t, eliminating a couple of compiler warnings.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
This patch adds unit tests and macros for the convert_aaregex_to_pcre()
function.
Patch history:
v1: initial version
v2: - give more verbose output on failures
- free memory used in tests
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
useful for people without the tools installed, and is against Debian
packaging policy (symlink pointing outside the source tree).
Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This is patch tries to reduce the number of dynamic_cast<>s needed
during normalization by pushing the operations of normalize_tree()
into the expr-tree classes themselves rather than perform it as
an external function. This eliminates the need for dynamic_cast<>
checks on the current object under inspection and reduces the number
of checks needing to be performed on child Nodes as well.
In non-strict benchmarking, doing the dynamic_cast<> reduction
for just the tree normalization operation resulted in a ~10-15%
improvement in overall time on a couple of different hosts (amd64,
armel), as measured against apparmor_parser -Q. Valgrind's callgrind
tool indicated a reduction in the number of calls to dynamic_cast<>
on the tst/simple_tests/vars/dbus_vars_9.sd test profile from ~19
million calls to ~12 million.
In comparisons with dumped expr trees over both the entire
tst/simple_tests/ tree and from 1000 randomly generated profiles via
stress.rb, the generated trees were identical.
Patch history:
v1: initial version of patch
v2: update patch to take into account the infinite loop fix in
trunk rev 1975 and refresh against current code.
v3: no change
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Enabling the python caching test by default broke the build tests when
running in environments that do not contain the apparmor securityfs
mounted (think build chroots). This is because an initial check from the
shell script version of the tests was not reproduced within the python
version. This patch adds a check in the base class setUp function that
marks each testcase as skipped if apparmor's securityfs cannot be found.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch:
- incorporates the new python caching test into the make check/make
caching target, and removes the older shell based test script
- adjusts the python scripts to give verbose output when the VERBOSE
flag is set
- reorders the tests so that the tests that take a shorter amount of
time to run come first, leaving the language sanity test with its
69000+ testcases last
Patch history:
v1: initial revision
v2: add gen_xtrans/gen_dbus dependency to valgrind test
v3: drop gen_xtrans/gen_dbus as that was committed as a separate fix
Acked-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
With the C++-ization of the parser, some functions were renamed or
eliminated; this patch fixes the relevant valgrind false positive
suppression
pattern to match.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
update-ca-certificates (from ca-certificates-1_201310161709-1.1.noarch)
stores certs in this directory now.
References: https://bugzilla.novell.com/show_bug.cgi?id=852018
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch converts the problematic-with-g++ 4.6 state_names array
into a C++ unordered_map type. Using this depends on using the c++0x
(aka c++11) standard, and as we have gnuisms elsewhere (using the
typeof builtin), the patch also adds/converts to using -std=gnu++c0x
in the build rules (which conveniently eliminates some other warnings
we had due to other c++11-isms).
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
A bug existed in the parser that it would not detect the error case
where an unquoted ']' is given without a matching '[' (the quoted
cases are accepted properly). This patch fixes the issue.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Currently alternations are limited to a single level, make it so we can
nest alternations.
Note: this is a temporary solution to the problem. Long term this routine
to convert to pcre will go away when native parsing of aare is added to
the backend.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
patch is needed to fix the build.
patch from: Jan Rękorajski <baggins@pld-linux.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The previous patch for removing libimmunix support from the regression
tests wasn't complete. Also, the 2.2 and 2.4 kernel support code is
closely related and can be removed considering how old those kernels
are.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This typo allowed apparmor.h to be pulled in multiple times.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The libapparmor_wrap.c target generates libapparmor_wrap.c and
LibAppArmor.pm. The Perl module must exist before `perl Makefile.PL`
under the Makefile.perl target, otherwise the generated Makefile.perl
ends up with an empty $(TO_INST_PM) variable and the pm_to_blib target's
dependencies are incomplete. That results in the Perl module not getting
copied to the blib directory and a build that is missing LibAppArmor.pm.
A build missing LibAppArmor.pm only occurred while building with
multiple threads.
Thanks to Seth Arnold for the suggestion on how to best fix the
dependencies.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Only attempt to link against libapparmor since libimmunix has been
deprecated for 5+ years.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The multiarch filesystem layout for Ubuntu uses directories such as
/usr/lib/{i386-linux-gnu,x86_64-linux-gnu,arm-linux-gnueabihf} so
peeking into /usr/{lib,lib64} is no longer sufficient.
This patch uses ldconfig to print out the libraries that it knows about
and grep that output for libapparmor.so or libimmunix.so.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The parser sanity test make target does not directly depend on the make
targets that generate the tests consumed by the sanity test, leading to
runs that did not verify all the test cases when make check is invoked
with parallelism (e.g. make check -j4). This patch against trunk fixes
the issue.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/
(at least *.conf and *.addnhosts)
Since this directory contains only files that are intended for dnsmasq
(also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best
way is to just allow "/var/lib/libvirt/dnsmasq/* r,"
References: https://bugzilla.novell.com/show_bug.cgi?id=848215
+1'd for trunk and 2.8 by Jamie Strandboge <jamie@canonical.com>
The log parsing in the Immunix::AppArmor perl module has fallen behind
when it comes to audit events from some of the newer rule types
supported by apparmor_parser.
When an unsupported event is found, it causes aa-logprof to error out.
This patch creates a list of valid, but unsupported, event operations
that should be ignored by the perl module when parsing logs.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
When a parser that is aware of dbus rules is running under a kernel
that is unaware of dbus rules, the parser should ignore the dbus rules
instead of attempting to load them into the kernel. Otherwise, the
kernel will reject the entire profile, leaving the application
unconfined.
Similar to what is done for mount rules, the features listed in
apparmorfs should be checked to see if dbus is supported under the
current kernel.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
The purpose is to provide test coverage for accessing UNIX domain socket
files. AppArmor write permissions are needed to create the socket files
and both read and write permissions are needed to connect to the socket.
This patch adds a test to the UNIX file descriptor passing tests and
creates an entirely new set of tests for sending and receiving messages
using path-based SOCK_STREAM, SOCK_DGRAM, and SOCK_SEQPACKET UNIX domain
sockets.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Allow directories to be passed directly to the parser and handled instead
of needing an initscript to find the files in the directory.
eg. load all profiles in profiles dir
apparmor_parser -r /etc/apparmor.d/
eg. load all binary files in the cache dir
apparmor_parser -Br /etc/apparmor.d/cache/
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This patch adds a python metaclass to wrap the test methods in the
subclasses of the template class AATestTemplate with the keep_on_fail
function, which sets the do_cleanup attribute to False when a testcase
failure occurs (i.e. an Exception is raised), and removes the manually
applied decorators to the caching tests that made use of this.
The downside to this approach is that the way metaclasses are declared
changed between python 2 and python 3 in an incompatible way. Since
python 3 is The Future™, I chose that approach and made the caching
and valgrind tests which use testlib be python3 (until this change,
they would have worked under either python 2 or python 3).
(An output message when a failure occurs is tweaked, to make the
output a little cleaner when verbose test output is requested and
failures occur.)
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch modifies testlib.write_file() to take a directory and a file
name instead of a path and return the joined result for callers to use
if necessary.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch adds the command run to the reported message when a valgrind
failure is detected. This makes reproducing the failure outside of the
test suite easier, for easier diagnosis of what problem is occurring.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
When converting the valgrind tests from optparse to argparse, I managed
to not verify that the resulting code actually worked :( . This patch
fixes it by adding a positional argument to handle the optional passed
directory location.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
[previous commit forgot to bzr add caching.py; this commit fixes that]
This patch rewrites the caching test in python, using python's unittest
framework. It has been used with python 2.7 and python 3.3; python2.6
may have issues. It covers the tests in the existing caching.sh
test script (with the exception of the test that checks for when the
parser in $PATH is newer), as well as adding additional tests that
more extensively cover using a cache in an alternate location from
basedir. It also adds simple tests for the --create-cache-dir option
(along with that option's interaction with the alt-cache option).
(Some further work to be done is listed under TODO.)
Patch history:
v1: - initial version
v2: - create template base class
- add keep_on_fail() decorator to keep temporary test files
around after a test fails
- don't dump raw cache file to failure output in
test_cache_writing_updates_cache_file()
- push run_cmd into template class
- create run_cmd_check wrapper to run_cmd that adds an assertion
check based on whether return code matches the expected rc
(the valgrind tests only want to verify that the rc is not a
specific set of values, hence the separate wrapper function)
- similarly, add a check to run_cmd_check for verifying the output
contains a specific string, also simplifying many of the caching
tests.
- create testlib.write_file() to simplify writing file
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch rewrites the caching test in python, using python's unittest
framework. It has been used with python 2.7 and python 3.3; python2.6
may have issues. It covers the tests in the existing caching.sh
test script (with the exception of the test that checks for when the
parser in $PATH is newer), as well as adding additional tests that
more extensively cover using a cache in an alternate location from
basedir. It also adds simple tests for the --create-cache-dir option
(along with that option's interaction with the alt-cache option).
(Some further work to be done is listed under TODO.)
Patch history:
v1: - initial version
v2: - create template base class
- add keep_on_fail() decorator to keep temporary test files
around after a test fails
- don't dump raw cache file to failure output in
test_cache_writing_updates_cache_file()
- push run_cmd into template class
- create run_cmd_check wrapper to run_cmd that adds an assertion
check based on whether return code matches the expected rc
(the valgrind tests only want to verify that the rc is not a
specific set of values, hence the separate wrapper function)
- similarly, add a check to run_cmd_check for verifying the output
contains a specific string, also simplifying many of the caching
tests.
- create testlib.write_file() to simplify writing file
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
