Signed-off-by: Tyler Hicks <[email protected]>
---
tests/regression/apparmor/query_label.c | 93 +++++++++++++++++++++++++++++++++
1 file changed, 93 insertions(+)
diff --git a/tests/regression/apparmor/query_label.c
b/tests/regression/apparmor/query_label.c
index be945cb..bf8dfe9 100644
--- a/tests/regression/apparmor/query_label.c
+++ b/tests/regression/apparmor/query_label.c
@@ -12,6 +12,53 @@
#define OPT_TYPE_DBUS "--dbus="
#define OPT_TYPE_DBUS_LEN strlen(OPT_TYPE_DBUS)
+#define OPT_TYPE_FILE "--file="
+#define OPT_TYPE_FILE_LEN strlen(OPT_TYPE_FILE)
+
+#ifndef AA_CLASS_FILE
+#define AA_CLASS_FILE 2
+#endif
+
+#ifndef AA_MAY_EXEC
+#define AA_MAY_EXEC (1 << 0)
+#endif
+
+#ifndef AA_MAY_WRITE
+#define AA_MAY_WRITE (1 << 1)
+#endif
+
+#ifndef AA_MAY_READ
+#define AA_MAY_READ (1 << 2)
+#endif
+
+#ifndef AA_MAY_APPEND
+#define AA_MAY_APPEND (1 << 3)
+#endif
+
+#ifndef AA_MAY_LINK
+#define AA_MAY_LINK (1 << 4)
+#endif
+
+#ifndef AA_MAY_LOCK
+#define AA_MAY_LOCK (1 << 5)
+#endif
+
+#ifndef AA_EXEC_MMAP
+#define AA_EXEC_MMAP (1 << 6)
+#endif
+
+#ifndef AA_EXEC_PUX
+#define AA_EXEC_PUX (1 << 7)
+#endif
+
+#ifndef AA_EXEC_UNSAFE
+#define AA_EXEC_UNSAFE (1 << 8)
+#endif
+
+#ifndef AA_EXEC_INHERIT
+#define AA_EXEC_INHERIT (1 << 9)
+#endif
+
static char *progname = NULL;
void usage(void)
@@ -26,9 +73,11 @@ void usage(void)
fprintf(stderr, " LABEL\t\tThe AppArmor label to use in the query\n");
fprintf(stderr, " CLASS\t\tThe rule class and may consist of:\n");
fprintf(stderr, "\t\t dbus\n");
+ fprintf(stderr, "\t\t file\n");
fprintf(stderr, " PERMS\t\tA comma separated list of permissions.
Possibilities\n");
fprintf(stderr, "\t\tfor the supported rule classes are:\n");
fprintf(stderr, "\t\t dbus: send,receive,bind\n");
+ fprintf(stderr, "\t\t file:
exec,write,read,append,link,lock,exec_mmap,exec_pux,exec_unsafe,exec_inherit\n");
fprintf(stderr, "\t\tAdditionaly, PERMS can be empty to indicate an
empty mask\n");
exit(1);
}
@@ -83,6 +132,45 @@ static int parse_dbus_perms(uint32_t *mask, char *perms)
return 0;
}
+static int parse_file_perms(uint32_t *mask, char *perms)
+{
+ char *perm;
+
+ *mask = 0;
+
+ perm = strtok(perms, ",");
+ while (perm) {
+ if (!strcmp(perm, "exec"))
+ *mask |= AA_MAY_EXEC;
+ else if (!strcmp(perm, "write"))
+ *mask |= AA_MAY_WRITE;
+ else if (!strcmp(perm, "read"))
+ *mask |= AA_MAY_READ;
+ else if (!strcmp(perm, "append"))
+ *mask |= AA_MAY_APPEND;
+ else if (!strcmp(perm, "link"))
+ *mask |= AA_MAY_LINK;
+ else if (!strcmp(perm, "lock"))
+ *mask |= AA_MAY_LOCK;
+ else if (!strcmp(perm, "exec_mmap"))
+ *mask |= AA_EXEC_MMAP;
+ else if (!strcmp(perm, "exec_pux"))
+ *mask |= AA_EXEC_PUX;
+ else if (!strcmp(perm, "exec_unsafe"))
+ *mask |= AA_EXEC_UNSAFE;
+ else if (!strcmp(perm, "exec_inherit"))
+ *mask |= AA_EXEC_INHERIT;
+ else {
+ fprintf(stderr, "FAIL: unknown perm: %s\n", perm);
+ return 1;
+ }
+
+ perm = strtok(NULL, ",");
+ }
+
+ return 0;
+}
+
static ssize_t build_query(char **qstr, const char *label, int class,
int argc, char **argv)
{
@@ -149,6 +237,11 @@ int main(int argc, char **argv)
rc = parse_dbus_perms(&mask, class_str + OPT_TYPE_DBUS_LEN);
if (rc)
usage();
+ } else if (!strncmp(class_str, OPT_TYPE_FILE, OPT_TYPE_FILE_LEN)) {
+ class = AA_CLASS_FILE;
+ rc = parse_file_perms(&mask, class_str + OPT_TYPE_FILE_LEN);
+ if (rc)
+ usage();
} else {
fprintf(stderr, "FAIL: unknown rule class: %s\n", class_str);
usage();
--
2.1.4
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
