Commit eae6f052 authored by John Johansen's avatar John Johansen

Add missing introspection regression test that should have been checked in

with the introspection patches.
Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
parent 341b7e61
/*
* Copyright (C) 2002-2005 Novell/SUSE
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*/
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <linux/unistd.h>
#include <sys/apparmor.h>
int main(int argc, char *argv[])
{
int rc;
char *profile, *mode;
if (argc < 3 || argc > 4) {
fprintf(stderr, "usage: %s <task> <expected profile> [<expect mode>]\n",
argv[0]);
return 1;
}
if (strcmp(argv[1], "self") == 0){
if (aa_getcon(&profile, &mode) == -1) {
int serrno = errno;
fprintf(stderr,
"FAIL: introspect_confinement %s failed - %s\n",
argv[1], strerror(errno));
exit(serrno);
}
} else {
char *end;
pid_t pid = strtol(argv[1], &end, 10);
if (end == argv[1] || *end != 0) {
int serrno = errno;
fprintf(stderr,
"FAIL: query_confinement - invalid pid: %s\n",
argv[1]);
exit(serrno);
} else if (aa_gettaskcon(pid, &profile, &mode) == -1) {
int serrno = errno;
fprintf(stderr,
"FAIL: query_confinement %s failed - %s\n",
argv[1], strerror(errno));
exit(serrno);
}
}
if (strcmp(profile, argv[2]) != 0) {
fprintf(stderr,
"FAIL: expected confinement \"%s\" != \"%s\"\n", argv[2],
profile);
exit(1);
}
if (argv[3] && (!mode || strcmp(mode, argv[3]) != 0)) {
fprintf(stderr,
"FAIL: expected mode \"%s\" != \"%s\"\n", argv[3],
mode ? mode : "(null)");
exit(1);
}
free(profile);
printf("PASS\n");
return 0;
}
#! /bin/bash
# Copyright (C) 20011 Canonical
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2 of the
# License.
#=NAME introspect
#=DESCRIPTION Test process confinement introspection
pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
ok_ix_perm=rix
badperm=r
ok_ux_perm=ux
ok_px_perm=px
bad_mx_perm=rm
#self unconfined
runchecktest "introspect self unconfined" pass self unconfined
#self unconfined (mode)
runchecktest "introspect self unconfined (mode)" fail self unconfined enforce
#self confined - no access to introspection
genprofile
runchecktest "introspect self confined" fail self "$testexec"
#self confined
genprofile "/proc/*/attr/current":r
runchecktest "introspect self confined" pass self "$testexec"
#self confined (enforce)
runchecktest "introspect self confined" pass self "$testexec" enforce
#### TODO
# query unconfined of unconfined
# query unconfined of confined
# query unconfined of confined (enfore)
# query confined of unconfined - no access permission
# query confined of unconfined - access permission
# query confined of unconfined (mode) - access permission
# query confined of confined same profile - no access permission
# query confined of confined same profile
# query confined of confined same profile (enforce)
# query confined of confined diff profile - no access permission
# query confined of confined diff profile
# query confined of confined diff profile (enforce)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment