diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-21 21:18:15 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-28 12:11:56 +0000 |
| commit | 025c5dc5d586c639937124270f16ed63f5d42e0b (patch) | |
| tree | 3ac31ed6b31ed8af90f50fb3a1b3b8a0b0705dc3 /test | |
| parent | 80654389f8c22a8999466a186bd408ce967c52eb (diff) | |
| download | dbus-025c5dc5d586c639937124270f16ed63f5d42e0b.tar.gz | |
Activation test: exercise what happens with nonexistent AppArmor labels
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
Diffstat (limited to 'test')
6 files changed, 21 insertions, 5 deletions
diff --git a/test/Makefile.am b/test/Makefile.am index eb221228..df0ab362 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -385,6 +385,8 @@ in_data = \ data/dbus-installed-tests.aaprofile.in \ data/systemd-activation/com.example.ReceiveDeniedByAppArmorLabel.service.in \ data/systemd-activation/com.example.SendDeniedByAppArmorLabel.service.in \ + data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in \ + data/systemd-activation/com.example.SystemdActivatable3.service.in \ data/valid-config-files-system/debug-allow-all-fail.conf.in \ data/valid-config-files-system/debug-allow-all-pass.conf.in \ data/valid-config-files/debug-allow-all-sha1.conf.in \ @@ -473,7 +475,6 @@ static_data = \ data/systemd-activation/com.example.SendDeniedByAppArmorName.service \ data/systemd-activation/com.example.SystemdActivatable1.service \ data/systemd-activation/com.example.SystemdActivatable2.service \ - data/systemd-activation/com.example.SystemdActivatable3.service \ data/systemd-activation/org.freedesktop.systemd1.service \ data/valid-config-files/basic.conf \ data/valid-config-files/basic.d/basic.conf \ diff --git a/test/data/dbus-installed-tests.aaprofile.in b/test/data/dbus-installed-tests.aaprofile.in index de34c2dd..b19ee7a7 100644 --- a/test/data/dbus-installed-tests.aaprofile.in +++ b/test/data/dbus-installed-tests.aaprofile.in @@ -50,6 +50,9 @@ deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation//com.example.SendDeniedByAppArmorLabel), deny dbus send peer=(name=com.example.SendDeniedByAppArmorName), + + # There is no profile of this name. That's deliberate. + deny dbus send peer=(label=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel), } # Used when we check that XML-based policy still works. diff --git a/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in new file mode 100644 index 00000000..bf843b13 --- /dev/null +++ b/test/data/systemd-activation/com.example.SendDeniedByNonexistentAppArmorLabel.service.in @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=com.example.SendDeniedByNonexistentAppArmorLabel +Exec=/bin/false SendDeniedByNonexistentAppArmorLabel +SystemdService=dbus-com.example.SendDeniedByNonexistentAppArmorLabel.service +# This label is not defined in any AppArmor profile +AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SendDeniedByNonexistentAppArmorLabel diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service b/test/data/systemd-activation/com.example.SystemdActivatable3.service deleted file mode 100644 index f6f0559c..00000000 --- a/test/data/systemd-activation/com.example.SystemdActivatable3.service +++ /dev/null @@ -1,4 +0,0 @@ -[D-BUS Service] -Name=com.example.SystemdActivatable3 -Exec=/bin/false 3 -SystemdService=dbus-com.example.SystemdActivatable3.service diff --git a/test/data/systemd-activation/com.example.SystemdActivatable3.service.in b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in new file mode 100644 index 00000000..05180647 --- /dev/null +++ b/test/data/systemd-activation/com.example.SystemdActivatable3.service.in @@ -0,0 +1,7 @@ +[D-BUS Service] +Name=com.example.SystemdActivatable3 +Exec=/bin/false 3 +SystemdService=dbus-com.example.SystemdActivatable3.service +# This AppArmor label doesn't actually exist, but that's OK - nothing +# prevents us from sending messages to it. +AssumedAppArmorLabel=@DBUS_TEST_EXEC@/test-apparmor-activation-com.example.SystemdActivatable3 diff --git a/test/sd-activation.c b/test/sd-activation.c index f296d324..24ac2107 100644 --- a/test/sd-activation.c +++ b/test/sd-activation.c @@ -828,6 +828,9 @@ main (int argc, g_test_add ("/sd-activation/apparmor/deny-send/by-label", Fixture, "com.example.SendDeniedByAppArmorLabel", setup, test_deny_send, teardown); + g_test_add ("/sd-activation/apparmor/deny-send/by-nonexistent-label", Fixture, + "com.example.SendDeniedByNonexistentAppArmorLabel", + setup, test_deny_send, teardown); g_test_add ("/sd-activation/apparmor/deny-send/by-name", Fixture, "com.example.SendDeniedByAppArmorName", setup, test_deny_send, teardown); |