On 08/01/2013 02:01 AM, Tyler Hicks wrote:
> Integrate dbus tests into the regression testing framework.
>
> This started out as dbus-send.c, from the dbus source, and then grew
> from there.
>
> dbus_message is an example "client" program that only sends out
> messages. dbus_service binds to a well-known name and then listens and
> responds to incoming messages. They share some code in dbus_common.c.
>
> The test scripts, dbus_message.sh and dbus_service.sh, share some
> functionality in dbus.inc.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
so I did a quick skim and I am mostly happy with it. What I would like
is a test if dbus support is available and to bail out if it isn't.
I know we haven't done this before, but it is something that has been
missing and I find I am really wanting with these new features.
I have kicked out a proposed patch that should provide what is needed
for dbus, and we can expand it if needed later
I'll try to get a little more time with the patch later, currently
its at the tentative Acked-by stage.
> ---
> tests/regression/apparmor/Makefile | 15 +-
> tests/regression/apparmor/dbus.conf | 27 +++
> tests/regression/apparmor/dbus.inc | 96 ++++++++
> tests/regression/apparmor/dbus_common.c | 267 ++++++++++++++++++++++
> tests/regression/apparmor/dbus_common.h | 28 +++
> tests/regression/apparmor/dbus_message.c | 364
> ++++++++++++++++++++++++++++++
> tests/regression/apparmor/dbus_message.sh | 125 ++++++++++
> tests/regression/apparmor/dbus_service.c | 316 ++++++++++++++++++++++++++
> tests/regression/apparmor/dbus_service.sh | 136 +++++++++++
> 9 files changed, 1373 insertions(+), 1 deletion(-)
> create mode 100644 tests/regression/apparmor/dbus.conf
> create mode 100644 tests/regression/apparmor/dbus.inc
> create mode 100644 tests/regression/apparmor/dbus_common.c
> create mode 100644 tests/regression/apparmor/dbus_common.h
> create mode 100644 tests/regression/apparmor/dbus_message.c
> create mode 100755 tests/regression/apparmor/dbus_message.sh
> create mode 100644 tests/regression/apparmor/dbus_service.c
> create mode 100755 tests/regression/apparmor/dbus_service.sh
>
> diff --git a/tests/regression/apparmor/Makefile
> b/tests/regression/apparmor/Makefile
> index 2021f51..0a05655 100644
> --- a/tests/regression/apparmor/Makefile
> +++ b/tests/regression/apparmor/Makefile
> @@ -23,6 +23,8 @@ SRC=access.c \
> chown.c \
> clone.c \
> coredump.c \
> + dbus_message.c \
> + dbus_service.c \
> deleted.c \
> environ.c \
> env_check.c \
> @@ -118,6 +120,8 @@ TESTS=access \
> chdir \
> clone \
> coredump \
> + dbus_message \
> + dbus_service \
> deleted \
> environ \
> exec \
> @@ -161,6 +165,15 @@ all: $(EXEC) changehat.h
> changehat_pthread: changehat_pthread.c changehat.h
> ${CC} ${CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS} -pthread
>
> +dbus_common.o: dbus_common.c dbus_common.h
> + ${CC} ${CFLAGS} ${LDFLAGS} $^ -c ${LDLIBS} $(shell pkg-config --cflags
> --libs dbus-1)
> +
> +dbus_message: dbus_message.c dbus_common.o
> + ${CC} ${CFLAGS} ${LDFLAGS} $^ -o dbus_message ${LDLIBS} $(shell
> pkg-config --cflags --libs dbus-1)
> +
> +dbus_service: dbus_message dbus_service.c dbus_common.o
> + ${CC} ${CFLAGS} ${LDFLAGS} $(filter-out dbus_message, $^) -o
> dbus_service ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
> +
> tests: all
> @if [ `whoami` = "root" ] ;\
> then \
> @@ -200,6 +213,6 @@ alltests: all
> fi
>
> clean:
> - rm -f $(EXEC)
> + rm -f $(EXEC) dbus_common.o
>
> regex.sh: open exec
> diff --git a/tests/regression/apparmor/dbus.conf
> b/tests/regression/apparmor/dbus.conf
> new file mode 100644
> index 0000000..96b88fb
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus.conf
> @@ -0,0 +1,27 @@
> +<!-- This configuration file controls the per-user-login-session message bus.
> + Add a session-local.conf and edit that rather than changing this
> + file directly. -->
> +
> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration
> 1.0//EN"
> + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
> +<busconfig>
> + <!-- Our well-known bus type, don't change this -->
> + <type>session</type>
> +
> + <!-- If we fork, keep the user's original umask to avoid affecting
> + the behavior of child processes. -->
> + <keep_umask/>
> +
> + <listen>unix:tmpdir=/tmp</listen>
> +
> + <standard_session_servicedirs />
> +
> + <policy context="default">
> + <!-- Allow everything to be sent -->
> + <allow send_destination="*" eavesdrop="true"/>
> + <!-- Allow everything to be received -->
> + <allow eavesdrop="true"/>
> + <!-- Allow anyone to own anything -->
> + <allow own="*"/>
> + </policy>
> +</busconfig>
> diff --git a/tests/regression/apparmor/dbus.inc
> b/tests/regression/apparmor/dbus.inc
> new file mode 100644
> index 0000000..ecf9488
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus.inc
> @@ -0,0 +1,96 @@
> +# vim:syntax=sh
> +#
> +# Copyright (C) 2013 Canonical, Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation, version 2 of the
> +# License.
> +
> +gendbusprofile()
> +{
> + genprofile --stdin <<EOF
> +$test {
> + @{gen $test}
> + $@
> +}
> +EOF
> +}
> +
> +start_bus()
> +{
> + out=$(dbus-daemon --fork --print-pid --print-address
> --config-file=dbus.conf)
> + if [ $? -ne 0 ]
> + then
> + fatalerror "Failed to start DBus daemon\n"
> + fi
> +
> + bus_addr=$(echo $out | cut -d\ -f 1)
> + bus_pid=$(echo $out | cut -d\ -f 2)
> + do_onexit="kill $bus_pid"
> + export DBUS_SESSION_BUS_ADDRESS=$bus_addr
> +}
> +
> +bus="session"
> +dest=com.apparmor.Test
> +path=/com/apparmor/Test
> +iface=com.apparmor.Test
> +
> +# parameters: bus message_type destination path interface.member
> +#
> +# destination must be a connection name or "broadcast" for a broadcast signal
> +send()
> +{
> + d=""
> +
> + if [ "$3" == "broadcast" ]
> + then
> + if [ "$2" != "signal" ]
> + then
> + fatalerror "Cannot send broadcast for message type \"$1\""
> + fi
> + else
> + d="--name=$3"
> + fi
> +
> + out=$(./dbus_message --$1 --type=$2 $d $4 $5 2>&1)
> + if [ $? -ne 0 ]
> + then
> + fatalerror "$out"
> + fi
> +}
> +
> +sendsignal()
> +{
> + send "$bus" "signal" "$dest" "$path" "${iface}.Signal"
> +}
> +
> +sendbroadcastsignal()
> +{
> + send "$bus" "signal" "broadcast" "$path" "${iface}.Signal"
> +}
> +
> +sendmethod()
> +{
> + send "$bus" "method_call" "$dest" "$path" "${iface}.Method"
> +}
> +
> +compare_logs()
> +{
> + local msg
> + local rc=0
> +
> + cmp -s "$1" "$3" || rc=$?
> + if [ $rc -ne 0 ] && [ "$2" == "eq" ]
> + then
> + msg="Log files \"$1\" and \"$3\" are different, but should be
> equal."
> + elif [ $rc -eq 0 ] && [ "$2" == "ne" ]
> + then
> + msg="Log files \"$1\" and \"$3\" are the same, but should be
> different."
> + else
> + return
> + fi
> +
> + echo "Error: ${testname} failed. Test '${_testdesc}' produced
> unexpected log contents. ${msg}"
> + testfailed
> +}
> diff --git a/tests/regression/apparmor/dbus_common.c
> b/tests/regression/apparmor/dbus_common.c
> new file mode 100644
> index 0000000..2bdefd0
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_common.c
> @@ -0,0 +1,267 @@
> +/* dbus_common.c
> + *
> + * Copyright (C) 2003 Philip Blundell <ph...@gnu.org>
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * Originally dbus-send.c from the dbus package. It has been heavily modified
> + * to work within the regression test framework.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> + *
> + */
> +
> +#define _GNU_SOURCE
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +
> +#include "dbus_common.h"
> +
> +const char*
> +type_to_name (int message_type)
> +{
> + switch (message_type)
> + {
> + case DBUS_MESSAGE_TYPE_SIGNAL:
> + return "signal";
> + case DBUS_MESSAGE_TYPE_METHOD_CALL:
> + return "method call";
> + case DBUS_MESSAGE_TYPE_METHOD_RETURN:
> + return "method return";
> + case DBUS_MESSAGE_TYPE_ERROR:
> + return "error";
> + default:
> + return "(unknown message type)";
> + }
> +}
> +
> +void
> +log_message (int log_fd, const char *prefix, DBusMessage *message)
> +{
> + const char *sender = NULL;
> + const char *destination = NULL;
> + const char *unique = "(UNIQUE)";
> + int message_type;
> +
> + if (log_fd < 0)
> + return;
> +
> + message_type = dbus_message_get_type (message);
> + sender = dbus_message_get_sender (message);
> + destination = dbus_message_get_destination (message);
> +
> + /**
> + * Remove unique (random) names from the logs since they make it impossible
> + * to do simple log comparisons between two different test runs.
> + */
> + if (sender && sender[0] == ':')
> + sender = unique;
> + if (destination && destination[0] == ':')
> + destination = unique;
> +
> + dprintf (log_fd, "%s%s sender=%s -> dest=%s",
> + prefix, type_to_name (message_type),
> + sender ? sender : "(null)",
> + destination ? destination : "(null)");
> +
> + switch (message_type)
> + {
> + case DBUS_MESSAGE_TYPE_METHOD_CALL:
> + case DBUS_MESSAGE_TYPE_SIGNAL:
> + dprintf (log_fd, " path=%s; interface=%s; member=%s\n",
> + dbus_message_get_path (message),
> + dbus_message_get_interface (message),
> + dbus_message_get_member (message));
> + break;
> +
> + case DBUS_MESSAGE_TYPE_ERROR:
> + dprintf (log_fd, " error_name=%s\n",
> + dbus_message_get_error_name (message));
> + break;
> +
> + default:
> + dprintf (log_fd, "\n");
> + break;
> + }
> +}
> +
> +void
> +append_arg (DBusMessageIter *iter, int type, const char *value)
> +{
> + dbus_uint16_t uint16;
> + dbus_int16_t int16;
> + dbus_uint32_t uint32;
> + dbus_int32_t int32;
> + dbus_uint64_t uint64;
> + dbus_int64_t int64;
> + double d;
> + unsigned char byte;
> + dbus_bool_t v_BOOLEAN;
> +
> + /* FIXME - we are ignoring OOM returns on all these functions */
> + switch (type)
> + {
> + case DBUS_TYPE_BYTE:
> + byte = strtoul (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_BYTE, &byte);
> + break;
> +
> + case DBUS_TYPE_DOUBLE:
> + d = strtod (value, NULL);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_DOUBLE, &d);
> + break;
> +
> + case DBUS_TYPE_INT16:
> + int16 = strtol (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_INT16, &int16);
> + break;
> +
> + case DBUS_TYPE_UINT16:
> + uint16 = strtoul (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_UINT16, &uint16);
> + break;
> +
> + case DBUS_TYPE_INT32:
> + int32 = strtol (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &int32);
> + break;
> +
> + case DBUS_TYPE_UINT32:
> + uint32 = strtoul (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_UINT32, &uint32);
> + break;
> +
> + case DBUS_TYPE_INT64:
> + int64 = strtoll (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_INT64, &int64);
> + break;
> +
> + case DBUS_TYPE_UINT64:
> + uint64 = strtoull (value, NULL, 0);
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_UINT64, &uint64);
> + break;
> +
> + case DBUS_TYPE_STRING:
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &value);
> + break;
> +
> + case DBUS_TYPE_OBJECT_PATH:
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_OBJECT_PATH, &value);
> + break;
> +
> + case DBUS_TYPE_BOOLEAN:
> + if (strcmp (value, "true") == 0)
> + {
> + v_BOOLEAN = TRUE;
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_BOOLEAN, &v_BOOLEAN);
> + }
> + else if (strcmp (value, "false") == 0)
> + {
> + v_BOOLEAN = FALSE;
> + dbus_message_iter_append_basic (iter, DBUS_TYPE_BOOLEAN, &v_BOOLEAN);
> + }
> + else
> + {
> + fprintf (stderr, "FAIL: Expected \"true\" or \"false\" instead of
> \"%s\"\n", value);
> + exit (1);
> + }
> + break;
> +
> + default:
> + fprintf (stderr, "FAIL: Unsupported data type %c\n", (char) type);
> + exit (1);
> + }
> +}
> +
> +void
> +append_array (DBusMessageIter *iter, int type, const char *value)
> +{
> + const char *val;
> + char *dupval = strdup (value);
> +
> + val = strtok (dupval, ",");
> + while (val != NULL)
> + {
> + append_arg (iter, type, val);
> + val = strtok (NULL, ",");
> + }
> + free (dupval);
> +}
> +
> +void
> +append_dict (DBusMessageIter *iter, int keytype, int valtype, const char
> *value)
> +{
> + const char *val;
> + char *dupval = strdup (value);
> +
> + val = strtok (dupval, ",");
> + while (val != NULL)
> + {
> + DBusMessageIter subiter;
> +
> + dbus_message_iter_open_container (iter,
> + DBUS_TYPE_DICT_ENTRY,
> + NULL,
> + &subiter);
> +
> + append_arg (&subiter, keytype, val);
> + val = strtok (NULL, ",");
> + if (val == NULL)
> + {
> + fprintf (stderr, "FAIL: Malformed dictionary\n");
> + exit (1);
> + }
> + append_arg (&subiter, valtype, val);
> +
> + dbus_message_iter_close_container (iter, &subiter);
> + val = strtok (NULL, ",");
> + }
> + free (dupval);
> +}
> +
> +int
> +type_from_name (const char *arg)
> +{
> + int type;
> + if (!strcmp (arg, "string"))
> + type = DBUS_TYPE_STRING;
> + else if (!strcmp (arg, "int16"))
> + type = DBUS_TYPE_INT16;
> + else if (!strcmp (arg, "uint16"))
> + type = DBUS_TYPE_UINT16;
> + else if (!strcmp (arg, "int32"))
> + type = DBUS_TYPE_INT32;
> + else if (!strcmp (arg, "uint32"))
> + type = DBUS_TYPE_UINT32;
> + else if (!strcmp (arg, "int64"))
> + type = DBUS_TYPE_INT64;
> + else if (!strcmp (arg, "uint64"))
> + type = DBUS_TYPE_UINT64;
> + else if (!strcmp (arg, "double"))
> + type = DBUS_TYPE_DOUBLE;
> + else if (!strcmp (arg, "byte"))
> + type = DBUS_TYPE_BYTE;
> + else if (!strcmp (arg, "boolean"))
> + type = DBUS_TYPE_BOOLEAN;
> + else if (!strcmp (arg, "objpath"))
> + type = DBUS_TYPE_OBJECT_PATH;
> + else
> + {
> + fprintf (stderr, "FAIL: Unknown type \"%s\"\n", arg);
> + exit (1);
> + }
> + return type;
> +}
> diff --git a/tests/regression/apparmor/dbus_common.h
> b/tests/regression/apparmor/dbus_common.h
> new file mode 100644
> index 0000000..b5730a0
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_common.h
> @@ -0,0 +1,28 @@
> +/* dbus_common.h
> + *
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> + *
> + */
> +
> +#include <dbus/dbus.h>
> +
> +const char* type_to_name (int message_type);
> +void log_message (int log_fd, const char *prefix, DBusMessage *message);
> +void append_arg (DBusMessageIter *iter, int type, const char *value);
> +void append_array (DBusMessageIter *iter, int type, const char *value);
> +void append_dict (DBusMessageIter *iter, int keytype, int valtype, const
> char *value);
> +int type_from_name (const char *arg);
> diff --git a/tests/regression/apparmor/dbus_message.c
> b/tests/regression/apparmor/dbus_message.c
> new file mode 100644
> index 0000000..6e53a4f
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_message.c
> @@ -0,0 +1,364 @@
> +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
> +/* dbus_message.c Utility program to send messages from the command line
> + *
> + * Copyright (C) 2003 Philip Blundell <ph...@gnu.org>
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * Originally dbus-send.c from the dbus package. It has been heavily modified
> + * to work within the regression test framework.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> + *
> + */
> +
> +#define _GNU_SOURCE
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +
> +#include "dbus_common.h"
> +
> +DBusConnection *connection;
> +DBusError error;
> +DBusBusType type = DBUS_BUS_SESSION;
> +const char *type_str = NULL;
> +const char *name = NULL;
> +const char *interface = NULL;
> +const char *member = NULL;
> +const char *path = NULL;
> +int message_type = DBUS_MESSAGE_TYPE_SIGNAL;
> +const char *address = NULL;
> +int session_or_system = FALSE;
> +int log_fd = -1;
> +
> +static void
> +usage (int ecode)
> +{
> + char *prefix = ecode ? "FAIL: " : "";
> +
> + fprintf (stderr, "%6sUsage: dbus_message [ADDRESS] [--name=NAME]
> [--type=TYPE] <path> <interface.member> [contents ...]\n"
> + " ADDRESS\t\t--system, --session (default), or
> --address=ADDR\n"
> + " NAME\t\tthe message destination\n"
> + " TYPE\t\tsignal (default) or method_call\n"
> + " path\t\tpath to object (such as /org/freedesktop/DBus)\n"
> + " interface\t\tinterface to use (such as
> org.freedesktop.DBus)\n"
> + " member\t\tname of the method or signal (such as
> ListNames)\n",
> + prefix);
> + exit (ecode);
> +}
> +
> +static int
> +do_message (int argc, char *argv[])
> +{
> + DBusMessage *message;
> + DBusMessageIter iter;
> + int i = 0;
> +
> + if (message_type == DBUS_MESSAGE_TYPE_METHOD_CALL)
> + {
> + message = dbus_message_new_method_call (NULL,
> + path,
> + interface,
> + member);
> + dbus_message_set_auto_start (message, TRUE);
> + }
> + else if (message_type == DBUS_MESSAGE_TYPE_SIGNAL)
> + {
> + message = dbus_message_new_signal (path, interface, member);
> + }
> + else
> + {
> + fprintf (stderr, "FAIL: Internal error, unknown message type\n");
> + return 1;
> + }
> +
> + if (message == NULL)
> + {
> + fprintf (stderr, "FAIL: Couldn't allocate D-Bus message\n");
> + return 1;
> + }
> +
> + if (name && !dbus_message_set_destination (message, name))
> + {
> + fprintf (stderr, "FAIL: Not enough memory\n");
> + return 1;
> + }
> +
> + dbus_message_iter_init_append (message, &iter);
> +
> + while (i < argc)
> + {
> + char *arg;
> + char *c;
> + int type;
> + int secondary_type;
> + int container_type;
> + DBusMessageIter *target_iter;
> + DBusMessageIter container_iter;
> +
> + type = DBUS_TYPE_INVALID;
> + arg = argv[i++];
> + c = strchr (arg, ':');
> +
> + if (c == NULL)
> + {
> + fprintf (stderr, "FAIL: %s: Data item \"%s\" is badly formed\n",
> argv[0], arg);
> + return 1;
> + }
> +
> + *(c++) = 0;
> +
> + container_type = DBUS_TYPE_INVALID;
> +
> + if (strcmp (arg, "variant") == 0)
> + container_type = DBUS_TYPE_VARIANT;
> + else if (strcmp (arg, "array") == 0)
> + container_type = DBUS_TYPE_ARRAY;
> + else if (strcmp (arg, "dict") == 0)
> + container_type = DBUS_TYPE_DICT_ENTRY;
> +
> + if (container_type != DBUS_TYPE_INVALID)
> + {
> + arg = c;
> + c = strchr (arg, ':');
> + if (c == NULL)
> + {
> + fprintf (stderr, "FAIL: %s: Data item \"%s\" is badly formed\n",
> argv[0], arg);
> + return 1;
> + }
> + *(c++) = 0;
> + }
> +
> + if (arg[0] == 0)
> + type = DBUS_TYPE_STRING;
> + else
> + type = type_from_name (arg);
> +
> + if (container_type == DBUS_TYPE_DICT_ENTRY)
> + {
> + char sig[5];
> + arg = c;
> + c = strchr (c, ':');
> + if (c == NULL)
> + {
> + fprintf (stderr, "FAIL: %s: Data item \"%s\" is badly formed\n",
> argv[0], arg);
> + return 1;
> + }
> + *(c++) = 0;
> + secondary_type = type_from_name (arg);
> + sig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;
> + sig[1] = type;
> + sig[2] = secondary_type;
> + sig[3] = DBUS_DICT_ENTRY_END_CHAR;
> + sig[4] = '\0';
> + dbus_message_iter_open_container (&iter,
> + DBUS_TYPE_ARRAY,
> + sig,
> + &container_iter);
> + target_iter = &container_iter;
> + }
> + else if (container_type != DBUS_TYPE_INVALID)
> + {
> + char sig[2];
> + sig[0] = type;
> + sig[1] = '\0';
> + dbus_message_iter_open_container (&iter,
> + container_type,
> + sig,
> + &container_iter);
> + target_iter = &container_iter;
> + }
> + else
> + target_iter = &iter;
> +
> + if (container_type == DBUS_TYPE_ARRAY)
> + {
> + append_array (target_iter, type, c);
> + }
> + else if (container_type == DBUS_TYPE_DICT_ENTRY)
> + {
> + append_dict (target_iter, type, secondary_type, c);
> + }
> + else
> + append_arg (target_iter, type, c);
> +
> + if (container_type != DBUS_TYPE_INVALID)
> + {
> + dbus_message_iter_close_container (&iter,
> + &container_iter);
> + }
> + }
> +
> + if (message_type == DBUS_MESSAGE_TYPE_METHOD_CALL)
> + {
> + DBusMessage *reply;
> +
> + log_message (log_fd, "sent ", message);
> + dbus_error_init (&error);
> + reply = dbus_connection_send_with_reply_and_block (connection,
> + message, -1,
> + &error);
> + if (dbus_error_is_set (&error))
> + {
> + fprintf (stderr, "FAIL: %s: %s\n",
> + error.name,
> + error.message);
> + return 1;
> + }
> +
> + if (reply)
> + {
> + dbus_message_unref (reply);
> + }
> + }
> + else
> + {
> + log_message (log_fd, "sent ", message);
> + dbus_connection_send (connection, message, NULL);
> + dbus_connection_flush (connection);
> + }
> +
> + dbus_message_unref (message);
> +
> + return 0;
> +}
> +
> +int
> +main (int argc, char *argv[])
> +{
> + int i, rc;
> +
> + if (argc < 3)
> + usage (1);
> +
> + for (i = 1; i < argc && interface == NULL; i++)
> + {
> + char *arg = argv[i];
> +
> + if (strcmp (arg, "--system") == 0)
> + {
> + type = DBUS_BUS_SYSTEM;
> + session_or_system = TRUE;
> + }
> + else if (strcmp (arg, "--session") == 0)
> + {
> + type = DBUS_BUS_SESSION;
> + session_or_system = TRUE;
> + }
> + else if (strstr (arg, "--address") == arg)
> + {
> + address = strchr (arg, '=');
> +
> + if (address == NULL)
> + {
> + fprintf (stderr, "FAIL: \"--address=\" requires an ADDRESS\n");
> + usage (1);
> + }
> + else
> + {
> + address = address + 1;
> + }
> + }
> + else if (strstr (arg, "--name=") == arg)
> + name = strchr (arg, '=') + 1;
> + else if (strstr (arg, "--type=") == arg)
> + type_str = strchr (arg, '=') + 1;
> + else if (strstr (arg, "--log=") == arg)
> + {
> + char *path = strchr (arg, '=') + 1;
> +
> + log_fd = open (path, O_CREAT | O_TRUNC | O_WRONLY,
> + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH |
> S_IWOTH);
> + if (log_fd < 0)
> + {
> + fprintf (stderr, "FAIL: Couldn't open log file \"%s\": %m\n",
> + path);
> + exit (1);
> + }
> + }
> + else if (!strcmp(arg, "--help"))
> + usage (0);
> + else if (arg[0] == '-')
> + usage (1);
> + else if (path == NULL)
> + path = arg;
> + else /* interface == NULL guaranteed by the 'while' loop */
> + interface = arg;
> + }
> +
> + if (interface == NULL)
> + usage (1);
> + else
> + {
> + char *last_dot = strrchr (interface, '.');
> +
> + if (last_dot == NULL)
> + {
> + fprintf (stderr, "FAIL: Must use org.mydomain.Interface.Member
> notation, no dot in \"%s\"\n",
> + interface);
> + exit (1);
> + }
> + *last_dot = '\0';
> + member = last_dot + 1;
> + }
> +
> + if (session_or_system && address != NULL)
> + {
> + fprintf (stderr, "FAIL: \"--address\" may not be used with
> \"--system\" or \"--session\"\n");
> + usage (1);
> + }
> +
> + if (type_str != NULL)
> + {
> + message_type = dbus_message_type_from_string (type_str);
> + if (!(message_type == DBUS_MESSAGE_TYPE_METHOD_CALL ||
> + message_type == DBUS_MESSAGE_TYPE_SIGNAL))
> + {
> + fprintf (stderr, "FAIL: Message type \"%s\" is not supported\n",
> + type_str);
> + exit (1);
> + }
> + }
> +
> + dbus_error_init (&error);
> +
> + if (address != NULL)
> + connection = dbus_connection_open (address, &error);
> + else
> + connection = dbus_bus_get (type, &error);
> +
> + if (connection == NULL)
> + {
> + fprintf (stderr, "FAIL: Failed to open connection to \"%s\" message
> bus: %s\n",
> + (address != NULL) ? address :
> + ((type == DBUS_BUS_SYSTEM) ? "system" : "session"),
> + error.message);
> + dbus_error_free (&error);
> + exit (1);
> + }
> + else if (address != NULL)
> + dbus_bus_register (connection, &error);
> +
> + rc = do_message (argc - i, argv + i);
> + dbus_connection_unref (connection);
> + if (rc == 0)
> + printf ("PASS\n");
> +
> + exit (rc);
> +}
> diff --git a/tests/regression/apparmor/dbus_message.sh
> b/tests/regression/apparmor/dbus_message.sh
> new file mode 100755
> index 0000000..3199fe9
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_message.sh
> @@ -0,0 +1,125 @@
> +#! /bin/bash
> +# Copyright (C) 2013 Canonical, Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation, version 2 of the
> +# License.
> +
> +#=NAME dbus_message
> +#=DESCRIPTION
> +# This test verifies that the dbus message sending is indeed restricted for
> +# confined processes.
> +#=END
> +
> +pwd=`dirname $0`
> +pwd=`cd $pwd ; /bin/pwd`
> +
> +bin=$pwd
> +
> +. $bin/prologue.inc
> +. $bin/dbus.inc
> +
> +listnames="--type=method_call --session --name=org.freedesktop.DBus
> /org/freedesktop/DBus org.freedesktop.DBus.ListNames"
> +
> +unconfined_log="${tmpdir}/unconfined.log"
> +unconfined_args="--log=$unconfined_log $listnames"
> +
> +confined_log="${tmpdir}/confined.log"
> +confined_args="--log=$confined_log $listnames"
> +
> +message_gendbusprofile()
> +{
> + gendbusprofile "${confined_log} w,
> + $@"
> +}
> +
> +start_bus
> +
> +settest dbus_message
> +
> +# Make sure can send unconfined
> +
> +runchecktest "message (unconfined)" pass $unconfined_args
> +
> +# Make sure send is denied when confined but not allowed
> +
> +message_gendbusprofile
> +runchecktest "message (confined w/o dbus allowed)" fail $confined_args
> +
> +message_gendbusprofile "dbus receive,"
> +runchecktest "message (receive allowed)" fail $confined_args
> +
> +message_gendbusprofile "dbus bind,"
> +runchecktest "message (bind allowed)" fail $confined_args
> +
> +message_gendbusprofile "dbus (receive, bind),"
> +runchecktest "message (receive bind allowed)" fail $confined_args
> +
> +# Make sure send is allowed when confined with appropriate permissions
> +
> +message_gendbusprofile "dbus,"
> +runtestfg "message (dbus allowed)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus send,"
> +runtestfg "message (send allowed)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus (send, receive),"
> +runtestfg "message (send receive allowed)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus (send, bind),"
> +runtestfg "message (send bind allowed)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus (send, receive, bind),"
> +runtestfg "message (send receive bind allowed)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +# Make sure send is allowed when confined with appropriate permissions along
> +# with conditionals
> +
> +message_gendbusprofile "dbus send bus=session,"
> +runtestfg "message (send allowed w/ bus)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session
> peer=(name=org.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ bus, dest)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus
> peer=(name=org.freedesktop.DBus),"
> +runchecktest "message (send allowed w/ bus, dest, path)" pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus
> interface=org.freedesktop.DBus peer=(name=org.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ bus, dest, path, interface)" pass
> $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus
> interface=org.freedesktop.DBus member={Hello,ListNames}
> peer=(name=org.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ bus, dest, path, interface, method)"
> pass $confined_args
> +checktestfg "compare_logs $unconfined_log eq $confined_log"
> +
> +# Make sure send is denied when confined with appropriate permissions along
> +# with incorrect conditionals
> +
> +message_gendbusprofile "dbus send bus=system,"
> +runtestfg "message (send allowed w/ wrong bus)" fail $confined_args
> +checktestfg "compare_logs $unconfined_log ne $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session
> peer=(name=com.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ wrong dest)" fail $confined_args
> +checktestfg "compare_logs $unconfined_log ne $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/bad/freedesktop/DBus
> peer=(name=bad.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ wrong path)" fail $confined_args
> +checktestfg "compare_logs $unconfined_log ne $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus
> interface=bad.freedesktop.DBus peer=(name=bad.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ wrong interface)" fail $confined_args
> +checktestfg "compare_logs $unconfined_log ne $confined_log"
> +
> +message_gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus
> interface=com.freedesktop.DBus member=Hello peer=(name=bad.freedesktop.DBus),"
> +runtestfg "message (send allowed w/ wrong method)" fail $confined_args
> +checktestfg "compare_logs $unconfined_log ne $confined_log"
> diff --git a/tests/regression/apparmor/dbus_service.c
> b/tests/regression/apparmor/dbus_service.c
> new file mode 100644
> index 0000000..0b7ebee
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_service.c
> @@ -0,0 +1,316 @@
> +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
> +/* dbus_service.c Utility program to send messages from the command line
> + *
> + * Copyright (C) 2003 Philip Blundell <ph...@gnu.org>
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * Originally dbus-send.c from the dbus package. It has been heavily modified
> + * to work within the regression test framework.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> + *
> + */
> +
> +#define _GNU_SOURCE
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <signal.h>
> +#include <sys/file.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +
> +#include "dbus_common.h"
> +
> +static int terminate = 0;
> +DBusConnection *connection;
> +DBusError error;
> +DBusBusType type = DBUS_BUS_SESSION;
> +const char *name = NULL;
> +const char *path = NULL;
> +const char *interface = NULL;
> +const char *member = NULL;
> +const char *address = NULL;
> +int session_or_system = FALSE;
> +int log_fd = -1;
> +int lock_fd = 0;
> +
> +static void
> +usage (int ecode)
> +{
> + char *prefix = ecode ? "FAIL: " : "";
> +
> + fprintf (stderr, "%6sUsage: dbus_service [ADDRESS] --name=<NAME> <path>
> <interface>\n\n"
> + " ADDRESS\t\t--system, --session (default), or
> --address=ADDR\n"
> + " NAME\t\tthe well-known name to bind to\n"
> + " path\t\tpath to object (such as /org/freedesktop/DBus)\n"
> + " interface\t\tinterface to use (such as
> org.freedesktop.DBus)\n\n"
> + " The method <interface>.Method replies with an empty
> method_reply message.\n"
> + " The signal <interface>.Signal is accepted by the service.\n",
> + prefix);
> + exit (ecode);
> +}
> +
> +/**
> + * Returns -1 upon error, 0 when there are no more messages, 1 when the
> program
> + * should exit
> + */
> +static int
> +handle_messages (void)
> +{
> + DBusMessage *message;
> +
> + if (!dbus_connection_read_write (connection, 250))
> + {
> + fprintf (stderr, "FAIL: Connecion is closed\n");
> + return -1;
> + }
> +
> + for (;;)
> + {
> + message = dbus_connection_pop_message (connection);
> + if (message == NULL)
> + return 0;
> +
> + log_message (log_fd, "received ", message);
> +
> + if (dbus_message_is_signal (message, interface, "Signal"))
> + {
> + dbus_message_unref (message);
> + continue;
> + }
> + else if (dbus_message_is_method_call (message, interface, "Method"))
> + {
> + DBusMessage *reply;
> +
> + reply = dbus_message_new_method_return (message);
> + dbus_message_unref (message);
> +
> + log_message (log_fd, "sent ", reply);
> + dbus_connection_send (connection, reply, NULL);
> + dbus_connection_flush (connection);
> + dbus_message_unref (reply);
> + continue;
> + }
> + else if (dbus_message_get_type (message) ==
> DBUS_MESSAGE_TYPE_METHOD_CALL)
> + {
> + DBusMessage *reply;
> +
> + reply = dbus_message_new_error (message,
> DBUS_ERROR_UNKNOWN_METHOD, NULL);
> + dbus_message_unref (message);
> +
> + log_message (log_fd, "sent ", reply);
> + dbus_connection_send (connection, reply, NULL);
> + dbus_connection_flush (connection);
> + dbus_message_unref (reply);
> + continue;
> + }
> + else
> + {
> + dbus_message_unref (message);
> + continue;
> + }
> + }
> +
> + return 0;
> +}
> +
> +void
> +sigterm_handler(int signum)
> +{
> + terminate = 1;
> +}
> +
> +static int
> +setup_signal_handling(void)
> +{
> + struct sigaction sa;
> + int rc;
> +
> + sa.sa_handler = sigterm_handler;
> + sigemptyset (&sa.sa_mask);
> + sa.sa_flags = 0;
> + rc = sigaction (SIGTERM, &sa, NULL);
> + if (rc < 0)
> + {
> + fprintf (stderr, "FAIL: Could not set up signal handling\n");
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +int
> +do_service (void)
> +{
> + int rc;
> +
> + rc = dbus_bus_request_name (connection, name,
> + DBUS_NAME_FLAG_REPLACE_EXISTING,
> + &error);
> + if (dbus_error_is_set (&error))
> + {
> + fprintf (stderr, "FAIL: %s: %s\n", error.name, error.message);
> + dbus_error_free (&error);
> + }
> + if (rc != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER)
> + {
> + return 1;
> + }
> +
> + if (lock_fd >= 0)
> + {
> + rc = flock (lock_fd, LOCK_UN);
> + if (rc < 0)
> + {
> + fprintf (stderr, "FAIL: Failed to unlock lock file: %m\n");
> + return 1;
> + }
> + }
> +
> + rc = 0;
> + while (!terminate && !rc)
> + rc = handle_messages ();
> +
> + /* If we've received SIGTERM, try one last time to drain the incoming
> queue */
> + if (terminate && !rc)
> + rc = handle_messages ();
> +
> + if (rc < 0)
> + exit (1);
> +
> + rc = dbus_bus_release_name (connection, name, &error);
> + if (dbus_error_is_set (&error))
> + {
> + fprintf (stderr, "FAIL: %s: %s\n", error.name, error.message);
> + dbus_error_free (&error);
> + }
> + if (rc != DBUS_RELEASE_NAME_REPLY_RELEASED)
> + {
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> +int
> +main (int argc, char *argv[])
> +{
> + int i, rc;
> +
> + if (argc < 3)
> + usage (1);
> +
> + for (i = 1; i < argc && interface == NULL; i++)
> + {
> + char *arg = argv[i];
> +
> + if (strcmp (arg, "--system") == 0)
> + {
> + type = DBUS_BUS_SYSTEM;
> + session_or_system = TRUE;
> + }
> + else if (strcmp (arg, "--session") == 0)
> + {
> + type = DBUS_BUS_SESSION;
> + session_or_system = TRUE;
> + }
> + else if (strstr (arg, "--address") == arg)
> + {
> + address = strchr (arg, '=');
> +
> + if (address == NULL)
> + {
> + fprintf (stderr, "FAIL: \"--address=\" requires an ADDRESS\n");
> + usage (1);
> + }
> + else
> + {
> + address = address + 1;
> + }
> + }
> + else if (strstr (arg, "--name=") == arg)
> + name = strchr (arg, '=') + 1;
> + else if (strstr (arg, "--log=") == arg)
> + {
> + char *path = strchr (arg, '=') + 1;
> +
> + log_fd = open (path, O_CREAT | O_TRUNC | O_WRONLY,
> + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH |
> S_IWOTH);
> + if (log_fd < 0)
> + {
> + fprintf (stderr, "FAIL: Couldn't open log file \"%s\"\n",
> path);
> + exit (1);
> + }
> + }
> + else if (strstr (arg, "--lock-fd=") == arg)
> + {
> + char *fd = strchr (arg, '=') + 1;
> +
> + lock_fd = atoi(fd);
> + }
> + else if (!strcmp(arg, "--help"))
> + usage (0);
> + else if (arg[0] == '-')
> + usage (1);
> + else if (path == NULL)
> + path = arg;
> + else /* interface == NULL guaranteed by the 'while' loop */
> + interface = arg;
> + }
> +
> + if (name == NULL || path == NULL || interface == NULL || i < argc)
> + usage (1);
> +
> + if (session_or_system &&
> + (address != NULL))
> + {
> + fprintf (stderr, "FAIL: \"--address\" may not be used with
> \"--system\" or \"--session\"\n");
> + usage (1);
> + }
> +
> + rc = setup_signal_handling ();
> + if (rc != 0)
> + exit (1);
> +
> + dbus_error_init (&error);
> +
> + if (address != NULL)
> + connection = dbus_connection_open (address, &error);
> + else
> + connection = dbus_bus_get (type, &error);
> +
> + if (connection == NULL)
> + {
> + fprintf (stderr, "FAIL: Failed to open connection to \"%s\" message
> bus: %s\n",
> + (address != NULL) ? address :
> + ((type == DBUS_BUS_SYSTEM) ? "system" : "session"),
> + error.message);
> + dbus_error_free (&error);
> + exit (1);
> + }
> + else if (address != NULL)
> + dbus_bus_register (connection, &error);
> +
> + rc = do_service ();
> +
> + dbus_connection_unref (connection);
> +
> + if (rc == 0)
> + printf ("PASS\n");
> +
> + exit (rc);
> +}
> diff --git a/tests/regression/apparmor/dbus_service.sh
> b/tests/regression/apparmor/dbus_service.sh
> new file mode 100755
> index 0000000..5026141
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_service.sh
> @@ -0,0 +1,136 @@
> +#! /bin/bash
> +# Copyright (C) 2013 Canonical, Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation, version 2 of the
> +# License.
> +
> +#=NAME dbus_service
> +#=DESCRIPTION
> +# This test verifies that dbus services are restricted for confined
> processes.
> +#=END
> +
> +pwd=`dirname $0`
> +pwd=`cd $pwd ; /bin/pwd`
> +
> +bin=$pwd
> +
> +. $bin/prologue.inc
> +. $bin/dbus.inc
> +
> +service="--$bus --name=$dest $path $iface"
> +unconfined_log="${tmpdir}/unconfined.log"
> +confined_log="${tmpdir}/confined.log"
> +
> +service_runchecktest()
> +{
> + runchecktest "$1" "$2" $service
> +}
> +
> +service_runtestbg()
> +{
> + local lock=${tmpdir}/lock
> + local lockfd=-1
> + local args=$service
> +
> + if [ $# -gt 2 ]
> + then
> + args="--log=$3 $args"
> + fi
> +
> + exec {lockfd}>$lock
> + flock -n $lockfd
> + args="--lock-fd=$lockfd $args"
> +
> + runtestbg "$1" "$2" $args
> +
> + exec {lockfd}>&-
> + flock -w 30 $lock true
> + rm $lock
> +}
> +
> +service_checktestbg()
> +{
> + kill -SIGTERM $_pid
> + checktestbg "$@"
> +}
> +
> +service_gendbusprofile()
> +{
> + gendbusprofile "$unconfined_log w,
> + $@"
> +}
> +
> +start_bus
> +
> +# Make sure we can bind a bus name and receive a message unconfined
> +
> +settest dbus_service
> +
> +service_runtestbg "service (unconfined)" pass $confined_log
> +sendmethod
> +sendsignal
> +service_checktestbg
> +
> +# Make sure we get denials when confined but not allowed
> +
> +genprofile
> +service_runchecktest "service (confined w/o dbus perms)" fail
> +
> +service_gendbusprofile "dbus send,"
> +service_runchecktest "service (send allowed)" fail
> +
> +service_gendbusprofile "dbus receive,"
> +service_runchecktest "service (receive allowed)" fail
> +
> +service_gendbusprofile "dbus bind,"
> +service_runchecktest "service (bind allowed)" fail
> +
> +# Make sure we're okay when confined with appropriate permissions
> +
> +service_gendbusprofile "dbus,"
> +service_runtestbg "service (dbus allowed)" pass $unconfined_log
> +sendmethod
> +sendsignal
> +service_checktestbg "compare_logs $unconfined_log eq $confined_log"
> +
> +service_gendbusprofile "dbus (send, receive, bind),"
> +service_runtestbg "service (send receive bind allowed)" pass $unconfined_log
> +sendmethod
> +sendsignal
> +service_checktestbg "compare_logs $unconfined_log eq $confined_log"
> +
> +service_gendbusprofile "dbus (send receive bind) bus=session,"
> +service_runtestbg "service (send receive bind w/ bus)" pass $unconfined_log
> +sendmethod
> +sendsignal
> +service_checktestbg "compare_logs $unconfined_log eq $confined_log"
> +
> +service_gendbusprofile "dbus bind bus=session name=$dest, \
> + dbus receive bus=session, \
> + dbus send bus=session peer=(name=org.freedesktop.DBus),"
> +service_runtestbg "service (receive bind w/ bus, dest)" pass $unconfined_log
> +sendmethod
> +sendsignal
> +service_checktestbg "compare_logs $unconfined_log eq $confined_log"
> +
> +service_gendbusprofile "dbus bind bus=session name=$dest, \
> + dbus receive bus=session, \
> + dbus send bus=session peer=(name=org.freedesktop.DBus),"
> +service_runtestbg "service (receive bind w/ bus, dest)" pass $unconfined_log
> +sendmethod
> +sendsignal
> +service_checktestbg "compare_logs $unconfined_log eq $confined_log"
> +
> +# Make sure we're denied when confined without appropriate conditionals
> +
> +service_gendbusprofile "dbus bind bus=system name=$dest, \
> + dbus receive bus=system, \
> + dbus send bus=session peer=(name=org.freedesktop.DBus),"
> +runchecktest "service (receive bind w/ wrong bus)" fail $service
> +
> +service_gendbusprofile "dbus bind bus=session name=${dest}.BAD, \
> + dbus receive bus=session, \
> + dbus send bus=session peer=(name=org.freedesktop.DBus),"
> +runchecktest "service (receive bind w/ wrong dest)" fail $service
>
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
