~ubuntu-branches/ubuntu/wily/apparmor/wily

Viewing changes to .pc/parser-run-caching-tests-without-apparmorfs.patch/parser/tst/caching.py

Committer: Package Import Robot
Author(s): Tyler Hicks
Date: 2015-08-12 13:01:56 UTC
Revision ID: package-import@ubuntu.com-20150812130156-j9tnxxx7cfnetf0q

Tags: 2.10-0ubuntu3

* debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
  that resulted in the mtime of generate policy cache files to be set
  incorrectly. The mtime of cache files should be the newest mtime detected
  on the profile and abstraction files used to generate the policy cache
  file. However, the bug caused the mtime of the policy cache file to either
  not be updated or to be updated to an incorrect time. (LP: #1484178)
* debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
  that the policy cache file's mtime is being set correctly and that cache
  handling is correct when the profile or abstraction files are newer than
  the policy cache file.
* debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
  debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
  caching tests to run on the buildds even though apparmorfs isn't mounted.

files added:
.pc/parser-do-cleanup-when-test-was-skipped.patch

.pc/parser-do-cleanup-when-test-was-skipped.patch/parser

.pc/parser-do-cleanup-when-test-was-skipped.patch/parser/tst

.pc/parser-do-cleanup-when-test-was-skipped.patch/parser/tst/testlib.py

.pc/parser-fix-cache-file-mtime-regression.patch

.pc/parser-fix-cache-file-mtime-regression.patch/parser

.pc/parser-fix-cache-file-mtime-regression.patch/parser/policy_cache.c

.pc/parser-run-caching-tests-without-apparmorfs.patch

.pc/parser-run-caching-tests-without-apparmorfs.patch/parser

.pc/parser-run-caching-tests-without-apparmorfs.patch/parser/tst

.pc/parser-run-caching-tests-without-apparmorfs.patch/parser/tst/caching.py

.pc/parser-verify-cache-file-mtime.patch

.pc/parser-verify-cache-file-mtime.patch/parser

.pc/parser-verify-cache-file-mtime.patch/parser/tst

.pc/parser-verify-cache-file-mtime.patch/parser/tst/caching.py

.pc/parser-verify-cache-file-mtime.patch/parser/tst/testlib.py

debian/patches/parser-do-cleanup-when-test-was-skipped.patch

debian/patches/parser-fix-cache-file-mtime-regression.patch

debian/patches/parser-run-caching-tests-without-apparmorfs.patch

debian/patches/parser-verify-cache-file-mtime.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

parser/policy_cache.c

parser/tst/caching.py

parser/tst/testlib.py

Show diffs side-by-side

added added

removed removed

.pc/parser-run-caching-tests-without-apparmorfs.patch/parser/tst/caching.py

#!/usr/bin/env python3

# ------------------------------------------------------------------

# Authors: Steve Beattie <steve@nxnw.org>

# Tyler Hicks <tyhicks@canonical.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of version 2 of the GNU General Public

# License published by the Free Software Foundation.

# ------------------------------------------------------------------

# TODO

# - check cache not used if parser in $PATH is newer

# - check cache used for force-complain, disable symlink, etc.

from argparse import ArgumentParser

import os

import shutil

import time

import tempfile

import unittest

import testlib

ABSTRACTION_CONTENTS = '''

# Simple example abstraction

capability setuid,

'''

ABSTRACTION = 'suid-abstraction'

PROFILE_CONTENTS = '''

# Simple example profile for caching tests

/bin/pingy {

#include <%s>

capability net_raw,

network inet raw,

/bin/ping mixr,

/etc/modules.conf r,

}

''' % (ABSTRACTION)

PROFILE = 'sbin.pingy'

config = None

class AAParserCachingCommon(testlib.AATestTemplate):

do_cleanup = True

def setUp(self):

'''setup for each test'''

global config

# REPORT ALL THE OUTPUT

self.maxDiff = None

# skip all the things if apparmor securityfs isn't mounted

if not os.path.exists("/sys/kernel/security/apparmor"):

raise unittest.SkipTest("WARNING: /sys/kernel/security/apparmor does not exist. "

"Skipping tests")

self.tmp_dir = tempfile.mkdtemp(prefix='aa-caching-')

os.chmod(self.tmp_dir, 0o755)

# create directory for cached blobs

self.cache_dir = os.path.join(self.tmp_dir, 'cache')

os.mkdir(self.cache_dir)

# default path of the output cache file

self.cache_file = os.path.join(self.cache_dir, PROFILE)

# write our sample abstraction and profile out

self.abstraction = testlib.write_file(self.tmp_dir, ABSTRACTION, ABSTRACTION_CONTENTS)

self.profile = testlib.write_file(self.tmp_dir, PROFILE, PROFILE_CONTENTS)

if config.debug:

self.do_cleanup = False

self.debug = True

self.cmd_prefix = [config.parser, '--base', self.tmp_dir, '--skip-kernel-load']

def tearDown(self):

'''teardown for each test'''

if not self.do_cleanup:

print("\n===> Skipping cleanup, leaving testfiles behind in '%s'" % (self.tmp_dir))

else:

if os.path.exists(self.tmp_dir):

shutil.rmtree(self.tmp_dir)

def assert_path_exists(self, path, expected=True):

if expected is True:

self.assertTrue(os.path.exists(path),

'test did not create file %s, when it was expected to do so' % path)

else:

self.assertFalse(os.path.exists(path),

'test created file %s, when it was not expected to do so' % path)

100

101

def compare_features_file(self, features_path, expected=True):

102

# compare features contents

103

expected_output = testlib.read_features_dir('/sys/kernel/security/apparmor/features')

104

with open(features_path) as f:

105

features = f.read()

106

if expected:

107

self.assertEquals(expected_output, features,

108

"features contents differ, expected:\n%s\nresult:\n%s" % (expected_output, features))

109

else:

110

self.assertNotEquals(expected_output, features,

111

"features contents equal, expected:\n%s\nresult:\n%s" % (expected_output, features))

112

113

114

class AAParserBasicCachingTests(AAParserCachingCommon):

115

116

def setUp(self):

117

super(AAParserBasicCachingTests, self).setUp()

118

119

def test_no_cache_by_default(self):

120

'''test profiles are not cached by default'''

121

122

cmd = list(self.cmd_prefix)

123

cmd.extend(['-q', '-r', self.profile])

124

self.run_cmd_check(cmd)

125

self.assert_path_exists(os.path.join(self.cache_dir, PROFILE), expected=False)

126

127

def test_no_cache_w_skip_cache(self):

128

'''test profiles are not cached with --skip-cache'''

129

130

cmd = list(self.cmd_prefix)

131

cmd.extend(['-q', '--write-cache', '--skip-cache', '-r', self.profile])

132

self.run_cmd_check(cmd)

133

self.assert_path_exists(os.path.join(self.cache_dir, PROFILE), expected=False)

134

135

def test_cache_when_requested(self):

136

'''test profiles are cached when requested'''

137

138

cmd = list(self.cmd_prefix)

139

cmd.extend(['-q', '--write-cache', '-r', self.profile])

140

self.run_cmd_check(cmd)

141

self.assert_path_exists(os.path.join(self.cache_dir, PROFILE))

142

143

def test_write_features_when_caching(self):

144

'''test features file is written when caching'''

145

146

cmd = list(self.cmd_prefix)

147

cmd.extend(['-q', '--write-cache', '-r', self.profile])

148

self.run_cmd_check(cmd)

149

self.assert_path_exists(os.path.join(self.cache_dir, PROFILE))

150

self.assert_path_exists(os.path.join(self.cache_dir, '.features'))

151

152

def test_features_match_when_caching(self):

153

'''test features file is written when caching'''

154

155

cmd = list(self.cmd_prefix)

156

cmd.extend(['-q', '--write-cache', '-r', self.profile])

157

self.run_cmd_check(cmd)

158

self.assert_path_exists(os.path.join(self.cache_dir, PROFILE))

159

self.assert_path_exists(os.path.join(self.cache_dir, '.features'))

160

161

self.compare_features_file(os.path.join(self.cache_dir, '.features'))

162

163

164

class AAParserAltCacheBasicTests(AAParserBasicCachingTests):

165

'''Same tests as above, but with an alternate cache location specified on the command line'''

166

167

def setUp(self):

168

super(AAParserAltCacheBasicTests, self).setUp()

169

170

alt_cache_dir = tempfile.mkdtemp(prefix='aa-alt-cache', dir=self.tmp_dir)

171

os.chmod(alt_cache_dir, 0o755)

172

173

self.unused_cache_dir = self.cache_dir

174

self.cache_dir = alt_cache_dir

175

self.cmd_prefix.extend(['--cache-loc', alt_cache_dir])

176

177

def tearDown(self):

178

if len(os.listdir(self.unused_cache_dir)) > 0:

179

self.fail('original cache dir \'%s\' not empty' % self.unused_cache_dir)

180

super(AAParserAltCacheBasicTests, self).tearDown()

181

182

183

class AAParserCreateCacheBasicTestsCacheExists(AAParserBasicCachingTests):

184

'''Same tests as above, but with create cache option on the command line and the cache already exists'''

185

186

def setUp(self):

187

super(AAParserCreateCacheBasicTestsCacheExists, self).setUp()

188

self.cmd_prefix.append('--create-cache-dir')

189

190

191

class AAParserCreateCacheBasicTestsCacheNotExist(AAParserBasicCachingTests):

192

'''Same tests as above, but with create cache option on the command line and cache dir removed'''

193

194

def setUp(self):

195

super(AAParserCreateCacheBasicTestsCacheNotExist, self).setUp()

196

shutil.rmtree(self.cache_dir)

197

self.cmd_prefix.append('--create-cache-dir')

198

199

200

class AAParserCreateCacheAltCacheTestsCacheNotExist(AAParserBasicCachingTests):

201

'''Same tests as above, but with create cache option on the command line,

202

alt cache specified, and cache dir removed'''

203

204

def setUp(self):

205

super(AAParserCreateCacheAltCacheTestsCacheNotExist, self).setUp()

206

shutil.rmtree(self.cache_dir)

207

self.cmd_prefix.append('--create-cache-dir')

208

209

210

class AAParserCachingTests(AAParserCachingCommon):

211

212

def setUp(self):

213

super(AAParserCachingTests, self).setUp()

214

215

r = testlib.filesystem_time_resolution()

216

self.mtime_res = r[1]

217

218

def _generate_cache_file(self):

219

220

cmd = list(self.cmd_prefix)

221

cmd.extend(['-q', '--write-cache', '-r', self.profile])

222

self.run_cmd_check(cmd)

223

self.assert_path_exists(self.cache_file)

224

225

def _set_mtime(self, path, mtime):

226

atime = os.stat(path).st_atime

227

os.utime(path, (atime, mtime))

228

self.assertEquals(os.stat(path).st_mtime, mtime)

229

230

def test_cache_loaded_when_exists(self):

231

'''test cache is loaded when it exists, is newer than profile, and features match'''

232

233

self._generate_cache_file()

234

235

cmd = list(self.cmd_prefix)

236

cmd.extend(['-v', '-r', self.profile])

237

self.run_cmd_check(cmd, expected_string='Cached reload succeeded')

238

239

def test_cache_not_loaded_when_skip_arg(self):

240

'''test cache is not loaded when --skip-cache is passed'''

241

242

self._generate_cache_file()

243

244

cmd = list(self.cmd_prefix)

245

cmd.extend(['-v', '--skip-cache', '-r', self.profile])

246

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

247

248

def test_cache_not_loaded_when_skip_read_arg(self):

249

'''test cache is not loaded when --skip-read-cache is passed'''

250

251

self._generate_cache_file()

252

253

cmd = list(self.cmd_prefix)

254

cmd.extend(['-v', '--skip-read-cache', '-r', self.profile])

255

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

256

257

def test_cache_not_loaded_when_features_differ(self):

258

'''test cache is not loaded when features file differs'''

259

260

self._generate_cache_file()

261

262

testlib.write_file(self.cache_dir, '.features', 'monkey\n')

263

264

cmd = list(self.cmd_prefix)

265

cmd.extend(['-v', '-r', self.profile])

266

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

267

268

def test_cache_writing_does_not_overwrite_features_when_features_differ(self):

269

'''test cache writing does not overwrite the features files when it differs and --skip-bad-cache is given'''

270

271

features_file = testlib.write_file(self.cache_dir, '.features', 'monkey\n')

272

273

cmd = list(self.cmd_prefix)

274

cmd.extend(['-v', '--write-cache', '--skip-bad-cache', '-r', self.profile])

275

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

276

self.assert_path_exists(features_file)

277

# ensure that the features does *not* match the current features set

278

self.compare_features_file(features_file, expected=False)

279

280

def test_cache_writing_skipped_when_features_differ(self):

281

'''test cache writing is skipped when features file differs'''

282

283

testlib.write_file(self.cache_dir, '.features', 'monkey\n')

284

285

cmd = list(self.cmd_prefix)

286

cmd.extend(['-v', '--write-cache', '--skip-bad-cache', '-r', self.profile])

287

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

288

self.assert_path_exists(self.cache_file, expected=False)

289

290

def test_cache_writing_updates_features(self):

291

'''test cache writing updates features'''

292

293

features_file = testlib.write_file(self.cache_dir, '.features', 'monkey\n')

294

295

cmd = list(self.cmd_prefix)

296

cmd.extend(['-v', '--write-cache', '-r', self.profile])

297

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

298

self.assert_path_exists(features_file)

299

self.compare_features_file(features_file)

300

301

def test_cache_writing_updates_cache_file(self):

302

'''test cache writing updates cache file'''

303

304

cache_file = testlib.write_file(self.cache_dir, PROFILE, 'monkey\n')

305

orig_stat = os.stat(cache_file)

306

307

cmd = list(self.cmd_prefix)

308

cmd.extend(['-v', '--write-cache', '-r', self.profile])

309

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

310

self.assert_path_exists(cache_file)

311

stat = os.stat(cache_file)

312

# We check sizes here rather than whether the string monkey is

313

# in cache_contents because of the difficulty coercing cache

314

# file bytes into strings in python3

315

self.assertNotEquals(orig_stat.st_size, stat.st_size, 'Expected cache file to be updated, size is not changed.')

316

self.assertEquals(os.stat(self.profile).st_mtime, stat.st_mtime)

317

318

def test_cache_writing_clears_all_files(self):

319

'''test cache writing clears all cache files'''

320

321

check_file = testlib.write_file(self.cache_dir, 'monkey', 'monkey\n')

322

323

cmd = list(self.cmd_prefix)

324

cmd.extend(['-v', '--write-cache', '-r', self.profile])

325

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

326

self.assert_path_exists(check_file, expected=False)

327

328

def test_profile_mtime_preserved(self):

329

'''test profile mtime is preserved when it is newest'''

330

expected = 1

331

self._set_mtime(self.abstraction, 0)

332

self._set_mtime(self.profile, expected)

333

self._generate_cache_file()

334

self.assertEquals(expected, os.stat(self.cache_file).st_mtime)

335

336

def test_abstraction_mtime_preserved(self):

337

'''test abstraction mtime is preserved when it is newest'''

338

expected = 1000

339

self._set_mtime(self.profile, 0)

340

self._set_mtime(self.abstraction, expected)

341

self._generate_cache_file()

342

self.assertEquals(expected, os.stat(self.cache_file).st_mtime)

343

344

def test_equal_mtimes_preserved(self):

345

'''test equal profile and abstraction mtimes are preserved'''

346

expected = 10000 + self.mtime_res

347

self._set_mtime(self.profile, expected)

348

self._set_mtime(self.abstraction, expected)

349

self._generate_cache_file()

350

self.assertEquals(expected, os.stat(self.cache_file).st_mtime)

351

352

def test_profile_newer_skips_cache(self):

353

'''test cache is skipped if profile is newer'''

354

355

self._generate_cache_file()

356

profile_mtime = os.stat(self.cache_file).st_mtime + self.mtime_res

357

self._set_mtime(self.profile, profile_mtime)

358

359

orig_stat = os.stat(self.cache_file)

360

361

cmd = list(self.cmd_prefix)

362

cmd.extend(['-v', '-r', self.profile])

363

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

364

365

stat = os.stat(self.cache_file)

366

self.assertEquals(orig_stat.st_size, stat.st_size)

367

self.assertEquals(orig_stat.st_ino, stat.st_ino)

368

self.assertEquals(orig_stat.st_mtime, stat.st_mtime)

369

370

def test_abstraction_newer_skips_cache(self):

371

'''test cache is skipped if abstraction is newer'''

372

373

self._generate_cache_file()

374

abstraction_mtime = os.stat(self.cache_file).st_mtime + self.mtime_res

375

self._set_mtime(self.abstraction, abstraction_mtime)

376

377

orig_stat = os.stat(self.cache_file)

378

379

cmd = list(self.cmd_prefix)

380

cmd.extend(['-v', '-r', self.profile])

381

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

382

383

stat = os.stat(self.cache_file)

384

self.assertEquals(orig_stat.st_size, stat.st_size)

385

self.assertEquals(orig_stat.st_ino, stat.st_ino)

386

self.assertEquals(orig_stat.st_mtime, stat.st_mtime)

387

388

def test_profile_newer_rewrites_cache(self):

389

'''test cache is rewritten if profile is newer'''

390

391

self._generate_cache_file()

392

profile_mtime = os.stat(self.cache_file).st_mtime + self.mtime_res

393

self._set_mtime(self.profile, profile_mtime)

394

395

orig_stat = os.stat(self.cache_file)

396

397

cmd = list(self.cmd_prefix)

398

cmd.extend(['-v', '-r', '-W', self.profile])

399

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

400

401

stat = os.stat(self.cache_file)

402

self.assertNotEquals(orig_stat.st_ino, stat.st_ino)

403

self.assertEquals(profile_mtime, stat.st_mtime)

404

405

def test_abstraction_newer_rewrites_cache(self):

406

'''test cache is rewritten if abstraction is newer'''

407

408

self._generate_cache_file()

409

abstraction_mtime = os.stat(self.cache_file).st_mtime + self.mtime_res

410

self._set_mtime(self.abstraction, abstraction_mtime)

411

412

orig_stat = os.stat(self.cache_file)

413

414

cmd = list(self.cmd_prefix)

415

cmd.extend(['-v', '-r', '-W', self.profile])

416

self.run_cmd_check(cmd, expected_string='Replacement succeeded for')

417

418

stat = os.stat(self.cache_file)

419

self.assertNotEquals(orig_stat.st_ino, stat.st_ino)

420

self.assertEquals(abstraction_mtime, stat.st_mtime)

421

422

def test_parser_newer_uses_cache(self):

423

'''test cache is not skipped if parser is newer'''

424

425

self._generate_cache_file()

426

427

# copy parser

428

os.mkdir(os.path.join(self.tmp_dir, 'parser'))

429

new_parser = os.path.join(self.tmp_dir, 'parser', 'apparmor_parser')

430

shutil.copy(config.parser, new_parser)

431

self._set_mtime(new_parser, os.stat(self.cache_file).st_mtime + self.mtime_res)

432

433

cmd = list(self.cmd_prefix)

434

cmd[0] = new_parser

435

cmd.extend(['-v', '-r', self.profile])

436

self.run_cmd_check(cmd, expected_string='Cached reload succeeded for')

437

438

def _purge_cache_test(self, location):

439

440

cache_file = testlib.write_file(self.cache_dir, location, 'monkey\n')

441

442

cmd = list(self.cmd_prefix)

443

cmd.extend(['-v', '--purge-cache', '-r', self.profile])

444

self.run_cmd_check(cmd)

445

# no message is output

446

self.assert_path_exists(cache_file, expected=False)

447

448

def test_cache_purge_removes_features_file(self):

449

'''test cache --purge-cache removes .features file'''

450

self._purge_cache_test('.features')

451

452

def test_cache_purge_removes_cache_file(self):

453

'''test cache --purge-cache removes profile cache file'''

454

self._purge_cache_test(PROFILE)

455

456

def test_cache_purge_removes_other_cache_files(self):

457

'''test cache --purge-cache removes other cache files'''

458

self._purge_cache_test('monkey')

459

460

461

class AAParserAltCacheTests(AAParserCachingTests):

462

'''Same tests as above, but with an alternate cache location specified on the command line'''

463

check_orig_cache = True

464

465

def setUp(self):

466

super(AAParserAltCacheTests, self).setUp()

467

468

alt_cache_dir = tempfile.mkdtemp(prefix='aa-alt-cache', dir=self.tmp_dir)

469

os.chmod(alt_cache_dir, 0o755)

470

471

self.orig_cache_dir = self.cache_dir

472

self.cache_dir = alt_cache_dir

473

self.cache_file = os.path.join(self.cache_dir, PROFILE)

474

self.cmd_prefix.extend(['--cache-loc', alt_cache_dir])

475

476

def tearDown(self):

477

if self.check_orig_cache and len(os.listdir(self.orig_cache_dir)) > 0:

478

self.fail('original cache dir \'%s\' not empty' % self.orig_cache_dir)

479

super(AAParserAltCacheTests, self).tearDown()

480

481

def test_cache_purge_leaves_original_cache_alone(self):

482

'''test cache purging only touches alt cache'''

483

484

# skip tearDown check to ensure non-alt cache is empty

485

self.check_orig_cache = False

486

filelist = [PROFILE, '.features', 'monkey']

487

488

for f in filelist:

489

testlib.write_file(self.orig_cache_dir, f, 'monkey\n')

490

491

self._purge_cache_test(PROFILE)

492

493

for f in filelist:

494

if not os.path.exists(os.path.join(self.orig_cache_dir, f)):

495

self.fail('cache purge removed %s, was not supposed to' % (os.path.join(self.orig_cache_dir, f)))

496

497

498

def main():

499

global config

500

p = ArgumentParser()

501

p.add_argument('-p', '--parser', default=testlib.DEFAULT_PARSER, action="store", dest='parser')

502

p.add_argument('-v', '--verbose', action="store_true", dest="verbose")

503

p.add_argument('-d', '--debug', action="store_true", dest="debug")

504

config = p.parse_args()

505

506

verbosity = 1

507

if config.verbose:

508

verbosity = 2

509

510

test_suite = unittest.TestSuite()

511

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserBasicCachingTests))

512

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserAltCacheBasicTests))

513

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCreateCacheBasicTestsCacheExists))

514

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCreateCacheBasicTestsCacheNotExist))

515

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCreateCacheAltCacheTestsCacheNotExist))

516

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCachingTests))

517

test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserAltCacheTests))

518

rc = 0

519

try:

520

result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)

521

if not result.wasSuccessful():

522

rc = 1

523

except:

524

rc = 1

525

526

return rc

527

528

if __name__ == "__main__":

529

rc = main()

530

exit(rc)

Older »