mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/tests/regression/subdomain/access.sh
Steve Beattie 6d3e74907d Import the rest of the core functionality of the internal apparmor 
development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00

77 lines
2.1 KiB
Bash
Raw Blame History

#! /bin/bash
# $Id:$
# Copyright (C) 2002-2005 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2 of the
# License.
#=NAME access
#=DESCRIPTION
# Verify that the access syscall is correctly managed for confined profiles
#=END
pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
file=$tmpdir/file
dir=$tmpdir/dir
rperm=r
rwxperm=rwix
wxperm=wix
touch $file
chmod 777 $file # full perms so discretionary access checks succeed
# PASS TEST
genprofile $file:$rwxperm
runchecktest "ACCESS file r (rwx)" pass $file r
runchecktest "ACCESS file rx (rwx)" pass $file rx
runchecktest "ACCESS file rwx (rwx)" pass $file rwx
genprofile $file:$rperm
runchecktest "ACCESS file r (r)" pass $file r
runchecktest "ACCESS file rx (r)" fail $file rx
runchecktest "ACCESS file rwx (r)" fail $file rwx
genprofile $file:$wxperm
runchecktest "ACCESS file x (wx)" pass $file x
runchecktest "ACCESS file w (wx)" pass $file w
runchecktest "ACCESS file wx (wx)" pass $file wx
genprofile $file:$wxperm
runchecktest "ACCESS file r (wx)" fail $file r
runchecktest "ACCESS file rx (wx)" fail $file rx
runchecktest "ACCESS file rwx (wx)" fail $file rwx
# wx are not necessary for directory write or traverse
# only r is required
mkdir $dir
chmod 777 $dir # full perms so discretionary access checks succeed
genprofile $dir:$rwxperm
runchecktest "ACCESS dir r (rwx)" pass $dir r
runchecktest "ACCESS dir rx (rwx)" pass $dir rx
runchecktest "ACCESS dir rwx (rwx)" pass $dir rwx
genprofile $dir:$rperm
runchecktest "ACCESS dir r (r)" pass $dir r
runchecktest "ACCESS dir rx (r)" pass $dir rx
runchecktest "ACCESS dir rwx (r)" pass $dir rwx
genprofile $dir:$wxperm
runchecktest "ACCESS dir x (wx)" pass $dir x
runchecktest "ACCESS dir w (wx)" pass $dir w
runchecktest "ACCESS dir wx (wx)" pass $dir wx
genprofile $dir:$wxperm
runchecktest "ACCESS dir r (wx)" fail $dir r
runchecktest "ACCESS dir rx (wx)" fail $dir rx
runchecktest "ACCESS dir rwx (wx)" fail $dir rwx
Reference in a new issue View git blame Copy permalink