mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
5e361a4a05
Minimization was failing because it was too agressive. It was minimizing as if there was only 1 accept condition. This allowed it to remove more states but at the cost of loosing unique permission sets, they where being combined into single commulative perms. This means that audit, deny, xtrans, ... info on one path would be applied to all other paths that it was combined with during minimization. This means that we need to retain the unique accept states, not allowing them to be combined into a single state. To do this we put each unique permission set into its own partition at the start of minimization. The states within a partition have the same permissions and can be combined within the other states in the partition as the loss of unique path information is will not result in a conflict. This is similar to what perm hashing used to do but deny information is still being correctly applied and carried. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com>
51 lines
1.6 KiB
Makefile
51 lines
1.6 KiB
Makefile
#
|
|
PROVE=/usr/bin/prove
|
|
TESTS=simple.pl
|
|
PARSER_DIR=..
|
|
PARSER_BIN=apparmor_parser
|
|
PARSER=$(PARSER_DIR)/$(PARSER_BIN)
|
|
PROVE_ARG=-f
|
|
|
|
ifeq ($(VERBOSE),1)
|
|
PROVE_ARG+=-v
|
|
endif
|
|
|
|
all: tests
|
|
|
|
.PHONY: tests error_output gen_xtrans parser_sanity caching minimize
|
|
tests: error_output gen_xtrans parser_sanity caching minimize
|
|
|
|
GEN_TRANS_DIRS=simple_tests/generated_x/ simple_tests/generated_perms_leading/ simple_tests/generated_perms_safe/
|
|
|
|
gen_xtrans: $(GEN_TRANS_DIRS)
|
|
./gen-xtrans.pl
|
|
|
|
$(GEN_TRANS_DIRS):
|
|
mkdir $@
|
|
|
|
error_output: $(PARSER)
|
|
$(PARSER) -S -I errors >/dev/null errors/okay.sd
|
|
LANG=C $(PARSER) -S -I errors 2>&1 >/dev/null errors/single.sd | \
|
|
grep -q "AppArmor parser error for errors/single.sd in errors/single.sd at line 3: Could not open 'failure'"
|
|
LANG=C $(PARSER) -S -I errors 2>&1 >/dev/null errors/double.sd | \
|
|
grep -q "AppArmor parser error for errors/double.sd in errors/includes/busted at line 66: Could not open 'does-not-exist'"
|
|
LANG=C $(PARSER) -S -I errors 2>&1 >/dev/null errors/modefail.sd | \
|
|
grep -q "AppArmor parser error for errors/modefail.sd in errors/modefail.sd at line 6: syntax error"
|
|
LANG=C $(PARSER) -S -I errors 2>&1 >/dev/null errors/multi_include.sd | \
|
|
grep -q "AppArmor parser error for errors/multi_include.sd in errors/multi_include.sd at line 12: Could not open 'failure'"
|
|
@echo "Error Output: PASS"
|
|
|
|
parser_sanity: $(PARSER)
|
|
$(Q)${PROVE} ${PROVE_ARG} ${TESTS}
|
|
|
|
caching: $(PARSER)
|
|
LANG=C ./caching.sh
|
|
|
|
minimize: $(PARSER)
|
|
LANG=C ./minimize.sh
|
|
|
|
$(PARSER):
|
|
make -C $(PARSER_DIR) $(PARSER_BIN)
|
|
|
|
clean:
|
|
find $(GEN_TRANS_DIRS) -type f | xargs rm -f
|