[apparmor] [PATCH 3/4] tests: Update unix_fd_server.sh for af_unix mediation

Thu, 04 Sep 2014 15:44:08 -0700 

Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
 tests/regression/apparmor/unix_fd_server.sh | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/tests/regression/apparmor/unix_fd_server.sh 
b/tests/regression/apparmor/unix_fd_server.sh
index 6bc5158..b38ec68 100755
--- a/tests/regression/apparmor/unix_fd_server.sh
+++ b/tests/regression/apparmor/unix_fd_server.sh
@@ -25,6 +25,11 @@ socket=${tmpdir}/unix_fd_test
 fd_client=$PWD/unix_fd_client
 okperm=rw
 badperm=w
+af_unix=""
+
+if [ "$(have_features network/af_unix)" == "true" ]; then
+       af_unix="unix:create"
+fi
 
 # Content generated with:
 # dd if=/dev/urandom bs=32 count=4 2> /dev/null | od -x | head -8 | sed -e 
's/^[[:xdigit:]]\{7\}//g' -e 's/ //g'
@@ -51,7 +56,7 @@ rm -f ${socket}
 
 # PASS - confined -> unconfined
 
-genprofile $file:$okperm $socket:rw $fd_client:ux
+genprofile $file:$okperm $af_unix $socket:rw $fd_client:ux
 
 runchecktest "fd passing; confined -> unconfined" pass $file $socket $fd_client
 
@@ -60,7 +65,7 @@ rm -f ${socket}
 
 # FAIL - confined (bad perm) -> unconfined
 
-genprofile $file:$badperm $socket:rw $fd_client:ux
+genprofile $file:$badperm $af_unix $socket:rw $fd_client:ux
 
 runchecktest "fd passing; confined (bad perm) -> unconfined" fail $file 
$socket $fd_client
 
@@ -69,7 +74,7 @@ rm -f ${socket}
 
 # FAIL - confined (no perm) -> unconfined
 
-genprofile $socket:rw $fd_client:ux
+genprofile $af_unix $socket:rw $fd_client:ux
 
 runchecktest "fd passing; confined (no perm) -> unconfined" fail $file $socket 
$fd_client
 
@@ -78,7 +83,7 @@ rm -f ${socket}
 
 # PASS (due to delegation) - unconfined -> confined
 
-genprofile image=$fd_client $file:$okperm $socket:rw
+genprofile image=$fd_client $file:$okperm $af_unix $socket:rw
 runchecktest "fd passing; unconfined -> confined" pass $file $socket $fd_client
 
 sleep 1
@@ -86,7 +91,7 @@ rm -f ${socket}
 
 # PASS (due to delegation) - unconfined -> confined (no perm)
 
-genprofile image=$fd_client $socket:rw
+genprofile image=$fd_client $af_unix $socket:rw
 runchecktest "fd passing; unconfined -> confined (no perm)" pass $file $socket 
$fd_client
 
 sleep 1
@@ -94,7 +99,7 @@ rm -f ${socket}
 
 # PASS - confined -> confined
 
-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client 
$file:$okperm $socket:rw
+genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client 
$file:$okperm $af_unix $socket:rw
 runchecktest "fd passing; confined -> confined" pass $file $socket $fd_client
 
 sleep 1
@@ -102,7 +107,7 @@ rm -f ${socket}
 
 # FAIL - confined (bad perm) -> confined
 
-genprofile $file:$badperm $socket:rw $fd_client:px -- image=$fd_client 
$file:$okperm $socket:rw
+genprofile $file:$badperm $af_unix $socket:rw $fd_client:px -- 
image=$fd_client $file:$okperm $af_unix $socket:rw
 runchecktest "fd passing; confined (bad perm) -> confined" fail $file $socket 
$fd_client
 
 sleep 1
@@ -110,7 +115,7 @@ rm -f ${socket}
 
 # FAIL - confined (no perm) -> confined
 
-genprofile $socket:rw $fd_client:px -- image=$fd_client $file:$okperm 
$socket:rw
+genprofile $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm 
$af_unix $socket:rw
 runchecktest "fd passing; confined (no perm) -> confined" fail $file $socket 
$fd_client
 
 sleep 1
@@ -118,7 +123,7 @@ rm -f ${socket}
 
 # FAIL - confined -> confined (bad perm)
 
-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client 
$file:$badperm $socket:rw
+genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client 
$file:$badperm $af_unix $socket:rw
 runchecktest "fd passing; confined -> confined (bad perm)" fail $file $socket 
$fd_client
 
 sleep 1
@@ -126,7 +131,7 @@ rm -f ${socket}
 
 # FAIL - confined -> confined (no perm)
 
-genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client 
$socket:rw
+genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client 
$af_unix $socket:rw
 runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket 
$fd_client
 
 sleep 1
@@ -135,7 +140,7 @@ rm -f ${socket}
 if [ "$(have_features policy/versions/v6)" == "true" ] ; then
     # FAIL - confined client, no access to the socket file
 
-    genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client 
$file:$okperm
+    genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- 
image=$fd_client $file:$okperm $af_unix 
     runchecktest "fd passing; confined client w/o socket access" fail $file 
$socket $fd_client
 
     sleep 1
-- 
2.1.0


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to