def _run_test(self, params, expected):
logfile = '%s.in' % params
profile_dummy_file = 'AATest_does_exist'
# we need to find out the profile name and aamode (complain vs. enforce mode) so that the test can access the correct place in storage
parser = ReadLog('', '', '', '')
parsed_event = parser.parse_event(read_file(logfile))
if not parsed_event: # AA_RECORD_INVALID
return
if params.split('/')[-1] in log_to_profile_skip:
return
aamode = parsed_event['aamode']
if aamode in [
'AUDIT', 'STATUS', 'HINT'
]: # ignore some event types # XXX maybe we shouldn't ignore AUDIT events?
return
if aamode not in ['PERMITTING', 'REJECTING']:
raise Exception('Unexpected aamode %s' % parsed_event['aamode'])
# cleanup apparmor.aa storage
apparmor.aa.log = dict()
apparmor.aa.aa = apparmor.aa.hasher()
apparmor.aa.prelog = apparmor.aa.hasher()
profile = parsed_event['profile']
hat = profile
if '//' in profile:
profile, hat = profile.split('//')
apparmor.aa.existing_profiles = {profile: profile_dummy_file}
log_reader = ReadLog(dict(), logfile, apparmor.aa.existing_profiles,
'')
log = log_reader.read_log('')
for root in log:
apparmor.aa.handle_children('', '',
root) # interactive for exec events!
log_dict = apparmor.aa.collapse_log()
apparmor.aa.filelist = apparmor.aa.hasher()
apparmor.aa.filelist[profile_dummy_file]['profiles'][profile] = True
new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile],
profile, None)
expected_profile = read_file('%s.profile' % params)
if params.split('/')[-1] in log_to_profile_known_failures:
self.assertNotEqual(new_profile, expected_profile) # known failure
else:
self.assertEqual(new_profile, expected_profile)
def logfile_to_profile(logfile):
profile_dummy_file = 'AATest_does_exist'
# we need to find out the profile name and aamode (complain vs. enforce mode) so that the test can access the correct place in storage
parser = ReadLog('', '', '')
parsed_event = parser.parse_event(read_file(logfile))
if not parsed_event: # AA_RECORD_INVALID
return None, 'INVALID'
aamode = parsed_event['aamode']
if aamode in [
'AUDIT', 'STATUS', 'HINT'
]: # ignore some event types # XXX maybe we shouldn't ignore AUDIT events?
return None, aamode
if aamode not in ['PERMITTING', 'REJECTING']:
raise Exception('Unexpected aamode %s' % parsed_event['aamode'])
# cleanup apparmor.aa storage
apparmor.aa.log = dict()
apparmor.aa.aa = apparmor.aa.hasher()
profile, hat = split_name(parsed_event['profile'])
apparmor.aa.active_profiles = ProfileList()
# optional for now, might be needed one day
# if profile.startswith('/'):
# apparmor.aa.active_profiles.add_profile(profile_dummy_file, profile, profile)
# else:
apparmor.aa.active_profiles.add_profile(profile_dummy_file, profile, '')
log_reader = ReadLog(logfile, apparmor.aa.active_profiles, '')
hashlog = log_reader.read_log('')
apparmor.aa.ask_exec(hashlog)
apparmor.aa.ask_addhat(hashlog)
log_dict = apparmor.aa.collapse_log(hashlog, ignore_null_profiles=False)
if profile != hat:
# log event for a child profile means log_dict only contains the child profile
# initialize parent profile in log_dict as ProfileStorage to ensure writing the profile doesn't fail
# (in "normal" usage outside of this test, log_dict will not be handed over to serialize_profile())
if log_dict[aamode][profile][profile] != {}:
raise Exception(
'event for child profile, but parent profile was initialized nevertheless. Logfile: %s'
% logfile)
log_dict[aamode][profile][profile] = apparmor.aa.ProfileStorage(
'TEST DUMMY for empty parent profile', profile_dummy_file,
'logfile_to_profile()')
log_is_empty = True
for tmpaamode in hashlog:
for tmpprofile in hashlog[tmpaamode]:
for tmpruletype in hashlog[tmpaamode][tmpprofile]:
if tmpruletype == 'final_name' and hashlog[tmpaamode][
tmpprofile]['final_name'] == tmpprofile:
continue # final_name is a copy of the profile name (may be changed by ask_exec(), but that won't happen in this test)
if hashlog[tmpaamode][tmpprofile][tmpruletype]:
log_is_empty = False
if logfile.split('/')[-1][:-3] in log_to_profile_known_empty_log:
# unfortunately this function might be called outside Unittest.TestCase, therefore we can't use assertEqual / assertNotEqual
if log_is_empty == False:
raise Exception(
'got non-empty log for logfile in log_to_profile_known_empty_log: %s %s'
% (logfile, hashlog))
else:
if log_is_empty == True:
raise Exception(
'got empty log for logfile not in log_to_profile_known_empty_log: %s %s'
% (logfile, hashlog))
new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile],
profile, {})
return profile, new_profile
