On Mon, Apr 13, 2015 at 04:56:32PM -0500, Tyler Hicks wrote: > Test confinement context splitting, using aa_splitcon(3), with and > without a valid mode pointer. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com< I've got a question about one specific aspect of the API: > + TEST_SPLITCON("/a/b/c (complain)\n", NULL, NULL, > + "path split w/ invalid trailing newline"); > + > + TEST_SPLITCON("unconfined\n", NULL, NULL, > + "unconfined w/ invalid trailing newline"); Is it a good idea to forbid the trailing newline? /proc/*/attr/current includes the newline and forcing application programmers to deal with it before handing the string to aa_splitcon() feels like a needless annoyance. I also think it'd be worth representing some KOI8, Big5, and similar encodings, but properly testing those has been on my todo list for a decade now, so no particular rush here either. Thanks > --- > libraries/libapparmor/src/Makefile.am | 6 +- > libraries/libapparmor/src/tst_kernel.c | 133 > +++++++++++++++++++++++++++++++++ > 2 files changed, 138 insertions(+), 1 deletion(-) > create mode 100644 libraries/libapparmor/src/tst_kernel.c > > diff --git a/libraries/libapparmor/src/Makefile.am > b/libraries/libapparmor/src/Makefile.am > index 505d1f7..deca53e 100644 > --- a/libraries/libapparmor/src/Makefile.am > +++ b/libraries/libapparmor/src/Makefile.am > @@ -67,7 +67,11 @@ tst_aalogmisc_LDADD = .libs/libapparmor.a > tst_features_SOURCES = tst_features.c > tst_features_LDADD = .libs/libapparmor.a > > -check_PROGRAMS = tst_aalogmisc tst_features > +tst_kernel_SOURCES = tst_kernel.c > +tst_kernel_LDADD = .libs/libapparmor.a > +tst_kernel_LDFLAGS = -pthread > + > +check_PROGRAMS = tst_aalogmisc tst_features tst_kernel > TESTS = $(check_PROGRAMS) > > EXTRA_DIST = grammar.y scanner.l libapparmor.map libapparmor.pc > diff --git a/libraries/libapparmor/src/tst_kernel.c > b/libraries/libapparmor/src/tst_kernel.c > new file mode 100644 > index 0000000..8a8e70e > --- /dev/null > +++ b/libraries/libapparmor/src/tst_kernel.c > @@ -0,0 +1,133 @@ > +/* > + * Copyright (c) 2015 > + * Canonical, Ltd. (All rights reserved) > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of version 2 of the GNU General Public > + * License published by the Free Software Foundation. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, contact Novell, Inc. or Canonical > + * Ltd. > + */ > + > +#include <stdio.h> > +#include <string.h> > + > +#include "features.c" > + > +static int nullcmp_and_strcmp(const void *s1, const void *s2) > +{ > + /* Return 0 if both pointers are NULL & non-zero if only one is NULL */ > + if (!s1 || !s2) > + return s1 != s2; > + > + return strcmp(s1, s2); > +} > + > +static int do_test_aa_splitcon(char *con, char **mode, > + const char *expected_label, > + const char *expected_mode, const char *error) > +{ > + char *label; > + int rc = 0; > + > + label = aa_splitcon(con, mode); > + > + if (nullcmp_and_strcmp(label, expected_label)) { > + fprintf(stderr, "FAIL: %s: label \"%s\" != \"%s\"\n", > + error, label, expected_label); > + rc = 1; > + } > + > + if (mode && nullcmp_and_strcmp(*mode, expected_mode)) { > + fprintf(stderr, "FAIL: %s: mode \"%s\" != \"%s\"\n", > + error, *mode, expected_mode); > + rc = 1; > + } > + > + return rc; > +} > + > +#define TEST_SPLITCON(con, expected_label, expected_mode, error) \ > + do { \ > + char c1[] = con; \ > + char c2[] = con; \ > + char *mode; \ > + \ > + if (do_test_aa_splitcon(c1, &mode, expected_label, \ > + expected_mode, error)) { \ > + rc = 1; \ > + } else if (do_test_aa_splitcon(c2, NULL, expected_label,\ > + NULL, \ > + error " (NULL mode)")) { \ > + rc = 1; \ > + } \ > + } while (0) > + > + > +static int test_aa_splitcon(void) > +{ > + int rc = 0; > + > + TEST_SPLITCON("label (mode)", "label", "mode", "basic split"); > + > + TEST_SPLITCON("/a/b/c (enforce)", "/a/b/c", "enforce", > + "path enforce split"); > + > + TEST_SPLITCON("/a/b/c (complain)", "/a/b/c", "complain", > + "path complain split"); > + > + TEST_SPLITCON("profile_name (enforce)", "profile_name", "enforce", > + "name enforce split"); > + > + TEST_SPLITCON("profile_name (complain)", "profile_name", "complain", > + "name complain split"); > + > + TEST_SPLITCON("unconfined", "unconfined", NULL, "unconfined"); > + > + TEST_SPLITCON("(odd) (enforce)", "(odd)", "enforce", > + "parenthesized label #1"); > + > + TEST_SPLITCON("(odd) (enforce) (enforce)", "(odd) (enforce)", "enforce", > + "parenthesized label #2"); > + > + TEST_SPLITCON("/usr/bin/😺 (enforce)", "/usr/bin/😺", "enforce", > + "non-ASCII path"); > + > + TEST_SPLITCON("👍 (enforce)", "👍", "enforce", "non-ASCII profile name"); > + > + /* Negative tests */ > + > + TEST_SPLITCON("", NULL, NULL, "empty string test"); > + > + TEST_SPLITCON("/a/b/c (complain)\n", NULL, NULL, > + "path split w/ invalid trailing newline"); > + > + TEST_SPLITCON("unconfined\n", NULL, NULL, > + "unconfined w/ invalid trailing newline"); > + > + TEST_SPLITCON("profile\t(enforce)", NULL, NULL, > + "invalid tab separator"); > + > + TEST_SPLITCON("profile(enforce)", NULL, NULL, > + "invalid missing separator"); > + > + return rc; > +} > + > +int main(void) > +{ > + int retval, rc = 0; > + > + retval = test_aa_splitcon(); > + if (retval) > + rc = retval; > + > + return rc; > +}
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor