Activation test: exercise what happens with nonexistent AppArmor labels

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2016-11-21 21:18:15 +0000
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2016-11-28 12:11:56 +0000
commit: 025c5dc5d586c639937124270f16ed63f5d42e0b (patch)
tree: 3ac31ed6b31ed8af90f50fb3a1b3b8a0b0705dc3 /test/data
parent: 80654389f8c22a8999466a186bd408ce967c52eb (diff)
download: dbus-025c5dc5d586c639937124270f16ed63f5d42e0b.tar.gz
4 files changed, 16 insertions, 4 deletions
diff --git a/test/data/dbus-installed-tests.aaprofile.in b/test/data/dbus-installed-tests.aaprofile.in
index de34c2dd..b19ee7a7 100644
--- a/test/data/dbus-installed-tests.aaprofile.in
+++ b/test/data/dbus-installed-tests.aaprofile.in
@@ -50,6 +50,9 @@
 
     deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation//com.example.SendDeniedByAppArmorLabel),
     deny dbus send peer=(name=com.example.SendDeniedByAppArmorName),
+
+    # There is no profile of this name. That's deliberate.
+    deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel),
   }
 
   # Used when we check that XML-based policy still works.
diff --git a/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in
new file mode 100644
index 00000000..bf843b13
--- /dev/null
+++ b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in
@@ -0,0 +1,6 @@
+[D-BUS Service]
+Name=com.example.SendDeniedByNonexistentAppArmorLabel
+Exec=/bin/false SendDeniedByNonexistentAppArmorLabel
+SystemdService=dbus-com.example.SendDeniedByNonexistentAppArmorLabel.service
+# This label is not defined in any AppArmor profile
+AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel
diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service b/test/data/systemd-activation/com.example.SystemdActivatable3.service
deleted file mode 100644
index f6f0559c..00000000
--- a/test/data/systemd-activation/com.example.SystemdActivatable3.service
+++ /dev/null
@@ -1,4 +0,0 @@
-[D-BUS Service]
-Name=com.example.SystemdActivatable3
-Exec=/bin/false 3
-SystemdService=dbus-com.example.SystemdActivatable3.service
diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service.in b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in
new file mode 100644
index 00000000..05180647
--- /dev/null
+++ b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in
@@ -0,0 +1,7 @@
+[D-BUS Service]
+Name=com.example.SystemdActivatable3
+Exec=/bin/false 3
+SystemdService=dbus-com.example.SystemdActivatable3.service
+# This AppArmor label doesn't actually exist, but that's OK - nothing
+# prevents us from sending messages to it.
+AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SystemdActivatable3
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2016-11-21 21:18:15 +0000
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2016-11-28 12:11:56 +0000
commit	025c5dc5d586c639937124270f16ed63f5d42e0b (patch)
tree	3ac31ed6b31ed8af90f50fb3a1b3b8a0b0705dc3 /test/data
parent	80654389f8c22a8999466a186bd408ce967c52eb (diff)
download	dbus-025c5dc5d586c639937124270f16ed63f5d42e0b.tar.gz