def _run_test(self, params, expected):
with open_file_read(params['file']) as f_in:
data = f_in.readlines()
if params['disabled']:
# skip disabled testcases
return
if params['tools_wrong']:
# if the tools are marked as being wrong about a profile, expect the opposite result
# this makes sure we notice any behaviour change, especially not being wrong anymore
expected = not expected
# make sure the profile is known in active_profiles.files
apparmor.active_profiles.init_file(params['file'])
if expected:
apparmor.parse_profile_data(data, params['file'], 0)
apparmor.active_profiles.get_all_merged_variables(
params['file'],
apparmor.include_list_recursive(
apparmor.active_profiles.files[params['file']]))
else:
with self.assertRaises(AppArmorException):
apparmor.parse_profile_data(data, params['file'], 0)
apparmor.active_profiles.get_all_merged_variables(
params['file'],
apparmor.include_list_recursive(
apparmor.active_profiles.files[params['file']]))
def test_parse_empty_profile_01(self):
prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
def test_parse_empty_profile_01(self):
prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
def _run_test(self, params, expected):
with open_file_read(params['file']) as f_in:
data = f_in.readlines()
if params['disabled']:
# skip disabled testcases
return
if params['tools_wrong']:
# if the tools are marked as being wrong about a profile, expect the opposite result
# this makes sure we notice any behaviour change, especially not being wrong anymore
expected = not expected
if expected:
apparmor.parse_profile_data(data, params['file'], 0)
else:
with self.assertRaises(AppArmorException):
apparmor.parse_profile_data(data, params['file'], 0)
def test_parse_xattrs_02(self):
prof = parse_profile_data('/foo xattrs=(user.bar=bar user.foo=*) {\n}\n'.split(), 'somefile', False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar user.foo=*')
def test_parse_xattrs_03(self):
d = '/foo xattrs=(user.bar=bar) flags=(complain) {\n}\n'
prof = parse_profile_data(d.split(), 'somefile', False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], 'complain')
self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar')
def test_parse_xattrs_04(self):
with self.assertRaises(AppArmorException):
# flags before xattrs
d = '/foo flags=(complain) xattrs=(user.bar=bar) {\n}\n'
parse_profile_data(d.split(), 'somefile', False)
def test_parse_duplicate_hat(self):
with self.assertRaises(AppArmorException):
# file contains two hats with the same name
parse_profile_data('profile /foo {\n^baz {\n}\n^baz {\n}\n}\n'.split(), 'somefile', False)
def test_parse_duplicate_child_profile(self):
with self.assertRaises(AppArmorException):
# file contains two child profiles with the same name
parse_profile_data('profile /foo {\nprofile /bar {\n}\nprofile /bar {\n}\n}\n'.split(), 'somefile', False)
def test_parse_empty_profile_02(self):
with self.assertRaises(AppArmorException):
# file contains two profiles with the same name
parse_profile_data('profile /foo {\n}\nprofile /foo {\n}\n'.split(), 'somefile', False)
def test_parse_empty_profile_02(self):
with self.assertRaises(AppArmorException):
# file contains two profiles with the same name
parse_profile_data(
'profile /foo {\n}\nprofile /foo {\n}\n'.split(), 'somefile',
False)
