diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-21 21:18:15 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-28 12:11:56 +0000 |
commit | 025c5dc5d586c639937124270f16ed63f5d42e0b (patch) | |
tree | 3ac31ed6b31ed8af90f50fb3a1b3b8a0b0705dc3 /test/data | |
parent | 80654389f8c22a8999466a186bd408ce967c52eb (diff) | |
download | dbus-025c5dc5d586c639937124270f16ed63f5d42e0b.tar.gz |
Activation test: exercise what happens with nonexistent AppArmor labels
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
Diffstat (limited to 'test/data')
4 files changed, 16 insertions, 4 deletions
diff --git a/test/data/dbus-installed-tests.aaprofile.in b/test/data/dbus-installed-tests.aaprofile.in index de34c2dd..b19ee7a7 100644 --- a/test/data/dbus-installed-tests.aaprofile.in +++ b/test/data/dbus-installed-tests.aaprofile.in @@ -50,6 +50,9 @@ deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation//com.example.SendDeniedByAppArmorLabel), deny dbus send peer=(name=com.example.SendDeniedByAppArmorName), + + # There is no profile of this name. That's deliberate. + deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel), } # Used when we check that XML-based policy still works. diff --git a/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in new file mode 100644 index 00000000..bf843b13 --- /dev/null +++ b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=com.example.SendDeniedByNonexistentAppArmorLabel +Exec=/bin/false SendDeniedByNonexistentAppArmorLabel +SystemdService=dbus-com.example.SendDeniedByNonexistentAppArmorLabel.service +# This label is not defined in any AppArmor profile +AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service b/test/data/systemd-activation/com.example.SystemdActivatable3.service deleted file mode 100644 index f6f0559c..00000000 --- a/test/data/systemd-activation/com.example.SystemdActivatable3.service +++ /dev/null @@ -1,4 +0,0 @@ -[D-BUS Service] -Name=com.example.SystemdActivatable3 -Exec=/bin/false 3 -SystemdService=dbus-com.example.SystemdActivatable3.service diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service.in b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in new file mode 100644 index 00000000..05180647 --- /dev/null +++ b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in @@ -0,0 +1,7 @@ +[D-BUS Service] +Name=com.example.SystemdActivatable3 +Exec=/bin/false 3 +SystemdService=dbus-com.example.SystemdActivatable3.service +# This AppArmor label doesn't actually exist, but that's OK - nothing +# prevents us from sending messages to it. +AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SystemdActivatable3 |