コード例 #1
0
    def _check_invalid_rawrule(self, rawrule):
        obj = None
        self.assertFalse(PtraceRule.match(rawrule))
        with self.assertRaises(AppArmorException):
            obj = PtraceRule(PtraceRule.parse(rawrule))

        self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
コード例 #2
0
    def test_write_manually(self):
        obj = PtraceRule('read', '/foo', allow_keyword=True)

        expected = '    allow ptrace read peer=/foo,'

        self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
        self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
コード例 #3
0
    def test_borked_obj_is_covered_2(self):
        obj = PtraceRule.parse('ptrace read peer=/foo,')

        testobj = PtraceRule('read', '/foo')
        testobj.peer = ''

        with self.assertRaises(AppArmorBug):
            obj.is_covered(testobj)
コード例 #4
0
    def test_ptrace_from_log(self):
        parser = ReadLog('', '', '', '')
        event = 'type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"'

        parsed_event = parser.parse_event(event)

        self.assertEqual(
            parsed_event, {
                'request_mask': 'tracedby',
                'denied_mask': 'tracedby',
                'error_code': 0,
                'magic_token': 0,
                'parent': 0,
                'profile':
                '/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
                'peer':
                '/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
                'operation': 'ptrace',
                'resource': None,
                'info': None,
                'aamode': 'REJECTING',
                'time': 1409700683,
                'active_hat': None,
                'pid': 22465,
                'task': 0,
                'attr': None,
                'name2': None,
                'name': None,
                'family': None,
                'protocol': None,
                'sock_type': None,
            })

        obj = PtraceRule(parsed_event['denied_mask'],
                         parsed_event['peer'],
                         log_event=parsed_event)

        #              audit  allow  deny   comment    access        all?   peer                                                           all?
        expected = exp(
            False, False, False, '', {'tracedby'}, False,
            '/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace',
            False)

        self._compare_obj(obj, expected)

        self.assertEqual(
            obj.get_raw(1),
            '  ptrace tracedby peer=/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace,'
        )
コード例 #5
0
class PtraceFromInit(PtraceTest):
    tests = [
        # PtraceRule object                                   audit  allow  deny   comment        access        all?   peer            all?
        (PtraceRule('r', 'unconfined', deny=True),
         exp(False, False, True, '', {'r'}, False, 'unconfined', False)),
        (PtraceRule(('r', 'read'), '/bin/foo'),
         exp(False, False, False, '', {'r', 'read'}, False, '/bin/foo',
             False)),
        (PtraceRule(PtraceRule.ALL, '/bin/foo'),
         exp(False, False, False, '', None, True, '/bin/foo', False)),
        (PtraceRule('rw', '/bin/foo'),
         exp(False, False, False, '', {'rw'}, False, '/bin/foo', False)),
        (PtraceRule('rw', PtraceRule.ALL),
         exp(False, False, False, '', {'rw'}, False, None, True)),
        (PtraceRule(PtraceRule.ALL, PtraceRule.ALL),
         exp(False, False, False, '', None, True, None, True)),
    ]

    def _run_test(self, obj, expected):
        self._compare_obj(obj, expected)
コード例 #6
0
 def test_empty_data_2(self):
     obj = PtraceRule('read', '/foo')
     obj.peer = ''
     # no ptrace set, and ALL not set
     with self.assertRaises(AppArmorBug):
         obj.get_clean(1)
コード例 #7
0
 def test_missing_params_2(self):
     with self.assertRaises(TypeError):
         PtraceRule('r')
コード例 #8
0
 def _run_test(self, params, expected):
     with self.assertRaises(expected):
         PtraceRule(params[0], params[1])