Re: [apparmor] [PATCH 3/3] tests: Add query_label.sh tests for file queries

Thu, 28 May 2015 12:07:50 -0700 

On 05/27/2015 02:55 PM, Tyler Hicks wrote:
> A number of simple query tests based on read and write perms of files
> and directories.
> 
> Signed-off-by: Tyler Hicks <[email protected]>

Acked-by: John Johansen <[email protected]?

> ---
>  tests/regression/apparmor/query_label.sh | 32 
> ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)
> 
> diff --git a/tests/regression/apparmor/query_label.sh 
> b/tests/regression/apparmor/query_label.sh
> index 099233a..01ec6d1 100755
> --- a/tests/regression/apparmor/query_label.sh
> +++ b/tests/regression/apparmor/query_label.sh
> @@ -209,3 +209,35 @@ perms dbus send
>  querytest "QUERY dbus (svc send)" fail $dbus_svc_query
>  perms dbus receive
>  querytest "QUERY dbus (svc receive)" fail $dbus_svc_query
> +
> +genqueryprofile "file,"
> +expect allow
> +perms file exec,write,read,append,link,lock
> +querytest "QUERY file (all base perms #1)" pass /anything
> +querytest "QUERY file (all base perms #2)" pass /everything
> +
> +genqueryprofile "/etc/passwd r,"
> +expect allow
> +perms file read
> +querytest "QUERY file (passwd)" pass /etc/passwd
> +querytest "QUERY file (passwd bad path #1)" fail /etc/pass
> +querytest "QUERY file (passwd bad path #2)" fail /etc/passwdXXX
> +querytest "QUERY file (passwd bad path #3)" fail /etc/passwd/XXX
> +perms file write
> +querytest "QUERY file (passwd bad perms #1)" fail /etc/passwd
> +perms file read,write
> +querytest "QUERY file (passwd bad perms #2)" fail /etc/passwd
> +
> +genqueryprofile "/tmp/ rw,"
> +expect allow
> +perms file read,write
> +querytest "QUERY file (/tmp/)" pass /tmp/
> +querytest "QUERY file (/tmp/ bad path)" fail /tmp
> +querytest "QUERY file (/tmp/ bad path)" fail /tmp/tmp/
> +perms file read
> +querytest "QUERY file (/tmp/ read only)" pass /tmp/
> +perms file write
> +querytest "QUERY file (/tmp/ write only)" pass /tmp/
> +expect audit
> +perms file read,write
> +querytest "QUERY file (/tmp/ wrong dir)" pass /etc/
> 


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to