def test_write_manually(self): obj = ChangeProfileRule(None, '/foo', 'bar', allow_keyword=True) expected = ' allow change_profile /foo -> bar,' self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule') self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
def test_write_manually(self): obj = ChangeProfileRule('/foo', 'bar', allow_keyword=True) expected = ' allow change_profile /foo -> bar,' self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule') self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
def test_change_profile_from_log(self): parser = ReadLog('', '', '', '') event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"' # libapparmor doesn't understand this log format (from JJ) # event = '[ 97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"' parsed_event = parser.parse_event(event) self.assertEqual( parsed_event, { 'request_mask': None, 'denied_mask': None, 'error_code': 0, 'magic_token': 0, 'parent': 0, 'profile': '/foo/changeprofile', 'operation': 'change_profile', 'resource': None, 'info': None, 'aamode': 'REJECTING', 'time': 1428699242, 'active_hat': None, 'pid': 3459, 'task': 0, 'attr': None, 'name2': '/foo/rename', # target 'name': None, 'family': None, 'protocol': None, 'sock_type': None, }) obj = ChangeProfileRule(None, ChangeProfileRule.ALL, parsed_event['name2'], log_event=parsed_event) # audit allow deny comment execmode execcond all? targetprof all? expected = exp(False, False, False, '', None, None, True, '/foo/rename', False) self._compare_obj(obj, expected) self.assertEqual(obj.get_raw(1), ' change_profile -> /foo/rename,')
def test_net_from_log(self): parser = ReadLog('', '', '', '', '') event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"' # libapparmor doesn't understand this log format (from JJ) # event = '[ 97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"' parsed_event = parser.parse_event(event) self.assertEqual(parsed_event, { 'request_mask': None, 'denied_mask': None, 'error_code': 0, #'family': 'inet', 'magic_token': 0, 'parent': 0, 'profile': '/foo/changeprofile', 'operation': 'change_profile', 'resource': None, 'info': None, 'aamode': 'REJECTING', 'time': 1428699242, 'active_hat': None, 'pid': 3459, 'task': 0, 'attr': None, 'name2': '/foo/rename', # target 'name': None, }) obj = ChangeProfileRule(ChangeProfileRule.ALL, parsed_event['name2'], log_event=parsed_event) # audit allow deny comment execcond all? targetprof all? expected = exp(False, False, False, '' , None, True, '/foo/rename', False) self._compare_obj(obj, expected) self.assertEqual(obj.get_raw(1), ' change_profile -> /foo/rename,')