~ubuntu-branches/ubuntu/wily/apparmor/wily

echo "Error: ${testname} failed. Test '${_testdesc}' was expected to terminate with signal ${expectedsig}. Instead it terminated with signal ${killedsig}"

247

testfailed

248

249

;;

250

*) echo "Error: ${testname} failed. Test '${_testdesc}' was expected to '${_pfmode}'. Reason for failure 'killed by signal ${killedsig}'"

251

testfailed

252

;;

253

esac

254

;;

255

*) testerror

256

;;

257

esac

258

}

259

260

runchecktest()

261

{

262

if [ -z "${__NO_TRAP_ERR}" ]

263

then

264

trap "error_handler" ERR

265

266

267

runtestfg "$@"

268

checktestfg

269

}

270

271

runchecktest_errno()

272

{

273

local errno=$(perl -MPOSIX -e 'printf "%d\n", '$1';')

274

shift 1

275

276

if [ -z "${__NO_TRAP_ERR}" ]

277

then

278

trap "error_handler" ERR

279

280

281

runtestfg "$@"

282

if [ "$test_rc" == "$errno" ] ; then

283

checktestfg

284

else

285

echo "Error: ${testname} failed. Test '${_testdesc}' was expected to '${_pfmode}'. Reason for failure expect errno ${errno} != ${test_rc}"

286

testfailed

287

288

}

289

290

emit_profile()

291

{

292

if [ -z "${__NO_TRAP_ERR}" ]

293

then

294

trap "error_handler" ERR

295

296

297

local subprofile wflag

298

#global name outfile profile dynlibs profilenames

299

300

subprofile=0

301

wflag=""

302

303

case "$1" in

304

*^*) wflag="--nowarn"

305

subprofile=1

306

;;

307

esac

308

309

mkflags="${wflag} ${escapeflag}"

310

311

name=$1; perm=$2; shift 2

312

313

if [ "$subprofile" -eq 1 -o "$nodefaults" -eq 1 ]

314

then

315

# skip dynamic libs for subprofiles

316

$bin/mkprofile.pl ${mkflags} $name ${outfile}:w "$@" >> $profile

317

else

318

$bin/mkprofile.pl ${mkflags} $name ${name}:${perm} $dynlibs ${outfile}:w "$@" >> $profile

319

320

321

echo $name >> $profilenames

322

}

323

324

genprofile()

325

{

326

if [ -z "${__NO_TRAP_ERR}" ]

327

then

328

trap "error_handler" ERR

329

330

331

local num_emitted imagename hat args arg names1 names2

332

#global complainflag escapeflag nodefaults profile profilenames

333

334

complainflag=""

335

escapeflag=""

336

nodefaults=0

337

while /bin/true

338

339

case "$1" in

340

"-C") complainflag="-C"

341

;;

342

"-E") escapeflag="-E"

343

;;

344

"-N") nodefaults=1

345

;;

346

*) break

347

;;

348

esac

349

shift

350

done

351

352

# save previous profile

353

if [ -f $profile ]

354

then

355

mv $profile ${profile}.old

356

mv $profilenames ${profilenames}.old

357

358

359

num_emitted=0

360

361

while /bin/true

362

363

imagename=$test

364

imageperm=rix

365

366

# image/subhat allows overriding of the default

367

# imagename which is based on the testname

368

369

# it is most often used after --, in fact it is basically

370

# mandatory after --

371

case "$1" in

372

image=*) imagename=`echo $1 | sed 's/^image=[rix]*//'`

373

if [ ! -x "$imagename" ]

374

then

375

fatalerror "invalid imagename specified in input '$1'"

376

377

perm=`echo $1 | sed -n 's/^image=$[rix]*$.*$/\1/p'`

378

if [ -n "$perm" ]

379

then

380

imageperm=$perm

381

382

num_emitted=0

383

shift

384

;;

385

subhat=*) fatalerror "'subhat=hatname' is no longer supported ('$1')"

386

shift

387

;;

388

esac

389

390

num_args=0

391

while [ $# -gt 0 ]

392

393

arg="$1"

394

shift

395

396

# -- is the seperator between profiles

397

if [ "$arg" == "--" ]

398

then

399

eval emit_profile \"$imagename\" \"$imageperm\" \

400

$(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)

401

num_emitted=$((num_emitted + 1))

402

num_args=0

403

continue 2

404

else

405

args[${num_args}]=${arg}

406

num_args=$(($num_args + 1))

407

408

done

409

410

# output what is in args, or force empty profile

411

if [ -n "$args" -o $num_emitted -eq 0 ] ; then

412

eval emit_profile \"$imagename\" \"$imageperm\" \

413

$(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)

414

415

416

break

417

done

418

419

# if old and new profiles consist of the same entries

420

# we can do a replace, else remove/reload

421

if [ $profileloaded -eq 1 ]

422

then

423

names1=$tmpdir/sorted1

424

names2=$tmpdir/sorted2

425

sort $profilenames > $names1

426

sort ${profilenames}.old > $names2

427

428

if cmp -s $names1 $names2

429

then

430

replaceprofile

431

else

432

removeprofile ${profile}.old

433

loadprofile

434

435

436

rm -f $names1 $names2

437

438

else

439

loadprofile

440

441

442

rm -f ${profile}.old ${profilenames}.old

443

}

444

445

loadprofile()

446

{

447

#global complainflaf profile profileloaded

448

449

$subdomain ${parser_args} $complainflag < $profile > /dev/null

450

if [ $? -ne 0 ]

451

then

452

removeprofile

453

fatalerror "Unable to load profile $profile"

454

else

455

profileloaded=1

456

457

}

458

459

replaceprofile()

460

{

461

#global complainflag profile

462

463

$subdomain ${parser_args} -r $complainflag < $profile > /dev/null

464

if [ $? -ne 0 ]

465

then

466

fatalerror "Unable to replace profile $profile"

467

468

}

469

470

removeprofile()

471

{

472

local remprofile

473

#global profile profileloaded

474

475

if [ -f "$1" ]

476

then

477

remprofile=$1

478

else

479

remprofile=$profile

480

481

482

$subdomain ${parser_args} -R < $remprofile > /dev/null

483

if [ $? -ne 0 ]

484

then

485

fatalerror "Unable to remove profile $remprofile"

486

else

487

profileloaded=0

488

489

}

490

491

settest()

492

{

493

if [ -z "${__NO_TRAP_ERR}" ]

494

then

495

trap "error_handler" ERR

496

497

498

#global test testname testexec outfile profileloaded

499

500

#testname is the basename of the test, i,e 'open'

501

#test is the full path to the test executable.

502

#testexec is the path than will be run, normally this is the same

503

# as $test, but occasionally, you may want to invoke a wrapper which

504

# will run the test. In this case 'settest <testname> "wrapper {}'

505

# will result in testexec invoking wrapper. {} will be replaced with

506

# $test

507

508

testname=$1

509

510

if [ $# -eq 1 ]

511

then

512

test=$bin/$1

513

testexec=$test

514

elif [ $# -eq 2 ]

515

then

516

test=$bin/$1

517

testexec=`echo $2 | sed "s~{}~$test~"`

518

else

519

fatalerror "settest, illegal usage"

520

521

522

outfile=$tmpdir/output.$1

523

524

if [ -x $test ]

525

then

526

# build list of dynamic libraries required by this executable

527

resolve_libs $test

528

529

530

# Remove any current profile if loaded

531

if [ $profileloaded -eq 1 ]

532

then

533

removeprofile

534

535

}

536

537

# ----------------------------------------------------------------------------

538

539

# MAIN

540

541

trap "exit_handler" EXIT

542

trap "error_handler" ERR 2> /dev/null

543

if [ $? -ne 0 ]

544

then

545

__NO_TRAP_ERR="true"

546

547

548

549

if [ `whoami` != "root" ]

550

then

551

fatalerror "Must be root to run $0"

552

553

554

if [ ! -d "$bin" ]

555

then

556

fatalerror "$0 requires \$bin pointing to binary directory"

557

558

559

# parse arguments.

560

# -r/-retain: flag to retain last failing testcase in tmpdir

561

if [ "$1" == "-retain" -o "$1" == "-r" ]

562

then

563

retaintmpdir=true

564

else

565

retaintmpdir=false

566

567

568

# load user changeable variables

569

. $bin/uservars.inc

570

571

if [ ! -x $subdomain ]

572

then

573

fatalerror "AppArmor parser '$subdomain' is not executable"

574

575

576

profileloaded=0

577

578

tmpdir=$(mktemp -d $tmpdir-XXXXXX)

579

chmod 755 ${tmpdir}

580

export tmpdir

581

582

#set initial testname based on name of script

583

settest `basename $0 | sed 's/\.sh$//'`

584

585

profile=$tmpdir/profile

586

profilenames=$tmpdir/profile.names

587

num_testfailures=0 # exit code of script is set to #failures

Older »