def _check_invalid_rawrule(self, rawrule):
obj = None
self.assertFalse(PtraceRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = PtraceRule(PtraceRule.parse(rawrule))
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
def test_write_manually(self):
obj = PtraceRule('read', '/foo', allow_keyword=True)
expected = ' allow ptrace read peer=/foo,'
self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
def test_borked_obj_is_covered_2(self):
obj = PtraceRule.parse('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.peer = ''
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_ptrace_from_log(self):
parser = ReadLog('', '', '', '')
event = 'type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"'
parsed_event = parser.parse_event(event)
self.assertEqual(
parsed_event, {
'request_mask': 'tracedby',
'denied_mask': 'tracedby',
'error_code': 0,
'magic_token': 0,
'parent': 0,
'profile':
'/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
'peer':
'/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
'operation': 'ptrace',
'resource': None,
'info': None,
'aamode': 'REJECTING',
'time': 1409700683,
'active_hat': None,
'pid': 22465,
'task': 0,
'attr': None,
'name2': None,
'name': None,
'family': None,
'protocol': None,
'sock_type': None,
})
obj = PtraceRule(parsed_event['denied_mask'],
parsed_event['peer'],
log_event=parsed_event)
# audit allow deny comment access all? peer all?
expected = exp(
False, False, False, '', {'tracedby'}, False,
'/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
False)
self._compare_obj(obj, expected)
self.assertEqual(
obj.get_raw(1),
' ptrace tracedby peer=/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace,'
)
class PtraceFromInit(PtraceTest):
tests = [
# PtraceRule object audit allow deny comment access all? peer all?
(PtraceRule('r', 'unconfined', deny=True),
exp(False, False, True, '', {'r'}, False, 'unconfined', False)),
(PtraceRule(('r', 'read'), '/bin/foo'),
exp(False, False, False, '', {'r', 'read'}, False, '/bin/foo',
False)),
(PtraceRule(PtraceRule.ALL, '/bin/foo'),
exp(False, False, False, '', None, True, '/bin/foo', False)),
(PtraceRule('rw', '/bin/foo'),
exp(False, False, False, '', {'rw'}, False, '/bin/foo', False)),
(PtraceRule('rw', PtraceRule.ALL),
exp(False, False, False, '', {'rw'}, False, None, True)),
(PtraceRule(PtraceRule.ALL, PtraceRule.ALL),
exp(False, False, False, '', None, True, None, True)),
]
def _run_test(self, obj, expected):
self._compare_obj(obj, expected)
def test_empty_data_2(self):
obj = PtraceRule('read', '/foo')
obj.peer = ''
# no ptrace set, and ALL not set
with self.assertRaises(AppArmorBug):
obj.get_clean(1)
def test_missing_params_2(self):
with self.assertRaises(TypeError):
PtraceRule('r')
def _run_test(self, params, expected):
with self.assertRaises(expected):
PtraceRule(params[0], params[1])