Re: [apparmor] [PATCH 1/3] tests: Make query_label accept file queries

John Johansen Thu, 28 May 2015 12:08:50 -0700

On 05/27/2015 02:55 PM, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks <[email protected]>
Acked-by: John Johansen <[email protected]?



> ---
>  tests/regression/apparmor/query_label.c | 93 
> +++++++++++++++++++++++++++++++++
>  1 file changed, 93 insertions(+)
> 
> diff --git a/tests/regression/apparmor/query_label.c 
> b/tests/regression/apparmor/query_label.c
> index be945cb..bf8dfe9 100644
> --- a/tests/regression/apparmor/query_label.c
> +++ b/tests/regression/apparmor/query_label.c
> @@ -12,6 +12,53 @@
>  #define OPT_TYPE_DBUS                "--dbus="
>  #define OPT_TYPE_DBUS_LEN    strlen(OPT_TYPE_DBUS)
>  
> +#define OPT_TYPE_FILE                "--file="
> +#define OPT_TYPE_FILE_LEN    strlen(OPT_TYPE_FILE)
> +
> +#ifndef AA_CLASS_FILE
> +#define AA_CLASS_FILE                2
> +#endif
> +
> +#ifndef AA_MAY_EXEC
> +#define AA_MAY_EXEC          (1 << 0)
> +#endif
> +
> +#ifndef AA_MAY_WRITE
> +#define AA_MAY_WRITE         (1 << 1)
> +#endif
> +
> +#ifndef AA_MAY_READ
> +#define AA_MAY_READ          (1 << 2)
> +#endif
> +
> +#ifndef AA_MAY_APPEND
> +#define AA_MAY_APPEND                (1 << 3)
> +#endif
> +
> +#ifndef AA_MAY_LINK
> +#define AA_MAY_LINK          (1 << 4)
> +#endif
> +
> +#ifndef AA_MAY_LOCK
> +#define AA_MAY_LOCK          (1 << 5)
> +#endif
> +
> +#ifndef AA_EXEC_MMAP
> +#define AA_EXEC_MMAP         (1 << 6)
> +#endif
> +
> +#ifndef AA_EXEC_PUX
> +#define AA_EXEC_PUX          (1 << 7)
> +#endif
> +
> +#ifndef AA_EXEC_UNSAFE
> +#define AA_EXEC_UNSAFE               (1 << 8)
> +#endif
> +
> +#ifndef AA_EXEC_INHERIT
> +#define AA_EXEC_INHERIT              (1 << 9)
> +#endif
> +
>  static char *progname = NULL;
>  
>  void usage(void)
> @@ -26,9 +73,11 @@ void usage(void)
>       fprintf(stderr, "  LABEL\t\tThe AppArmor label to use in the query\n");
>       fprintf(stderr, "  CLASS\t\tThe rule class and may consist of:\n");
>       fprintf(stderr, "\t\t  dbus\n");
> +     fprintf(stderr, "\t\t  file\n");
>       fprintf(stderr, "  PERMS\t\tA comma separated list of permissions. 
> Possibilities\n");
>       fprintf(stderr, "\t\tfor the supported rule classes are:\n");
>       fprintf(stderr, "\t\t  dbus: send,receive,bind\n");
> +     fprintf(stderr, "\t\t  file: 
> exec,write,read,append,link,lock,exec_mmap,exec_pux,exec_unsafe,exec_inherit\n");
>       fprintf(stderr, "\t\tAdditionaly, PERMS can be empty to indicate an 
> empty mask\n");
>       exit(1);
>  }
> @@ -83,6 +132,45 @@ static int parse_dbus_perms(uint32_t *mask, char *perms)
>       return 0;
>  }
>  
> +static int parse_file_perms(uint32_t *mask, char *perms)
> +{
> +     char *perm;
> +
> +     *mask = 0;
> +
> +     perm = strtok(perms, ",");
> +     while (perm) {
> +             if (!strcmp(perm, "exec"))
> +                     *mask |= AA_MAY_EXEC;
> +             else if (!strcmp(perm, "write"))
> +                     *mask |= AA_MAY_WRITE;
> +             else if (!strcmp(perm, "read"))
> +                     *mask |= AA_MAY_READ;
> +             else if (!strcmp(perm, "append"))
> +                     *mask |= AA_MAY_APPEND;
> +             else if (!strcmp(perm, "link"))
> +                     *mask |= AA_MAY_LINK;
> +             else if (!strcmp(perm, "lock"))
> +                     *mask |= AA_MAY_LOCK;
> +             else if (!strcmp(perm, "exec_mmap"))
> +                     *mask |= AA_EXEC_MMAP;
> +             else if (!strcmp(perm, "exec_pux"))
> +                     *mask |= AA_EXEC_PUX;
> +             else if (!strcmp(perm, "exec_unsafe"))
> +                     *mask |= AA_EXEC_UNSAFE;
> +             else if (!strcmp(perm, "exec_inherit"))
> +                     *mask |= AA_EXEC_INHERIT;
> +             else {
> +                     fprintf(stderr, "FAIL: unknown perm: %s\n", perm);
> +                     return 1;
> +             }
> +
> +             perm = strtok(NULL, ",");
> +     }
> +
> +     return 0;
> +}
> +
>  static ssize_t build_query(char **qstr, const char *label, int class,
>                          int argc, char **argv)
>  {
> @@ -149,6 +237,11 @@ int main(int argc, char **argv)
>               rc = parse_dbus_perms(&mask, class_str + OPT_TYPE_DBUS_LEN);
>               if (rc)
>                       usage();
> +     } else if (!strncmp(class_str, OPT_TYPE_FILE, OPT_TYPE_FILE_LEN)) {
> +             class = AA_CLASS_FILE;
> +             rc = parse_file_perms(&mask, class_str + OPT_TYPE_FILE_LEN);
> +             if (rc)
> +                     usage();
>       } else {
>               fprintf(stderr, "FAIL: unknown rule class: %s\n", class_str);
>               usage();
> 


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 1/3] tests: Make query_label accept file queries

Reply via email to