[apparmor] [PATCH 5/5] tests: Add regression tests for dbus eavesdrop rules

Seth Arnold seth.arnold at canonical.com
Fri Dec 6 02:59:11 UTC 2013 

On Tue, Nov 19, 2013 at 06:16:25PM -0800, Tyler Hicks wrote:
> Simple regression test that calls AddMatch using a match string that
> sets up eavesdropping on all method call messages.
> 
> The shell script file runs the test unconfined and under a variety of
> confinement profiles to make sure that eavesdropping confinement is
> working as intended.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

This looks mostly good, a few small comments inline. Address them as you
wish.

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> ---
>  tests/regression/apparmor/Makefile          |   5 +
>  tests/regression/apparmor/dbus_eavesdrop.c  | 148 ++++++++++++++++++++++++++++
>  tests/regression/apparmor/dbus_eavesdrop.sh |  77 +++++++++++++++
>  3 files changed, 230 insertions(+)
>  create mode 100644 tests/regression/apparmor/dbus_eavesdrop.c
>  create mode 100755 tests/regression/apparmor/dbus_eavesdrop.sh
> 
> diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
> index 623d1ac..0337b5d 100644
> --- a/tests/regression/apparmor/Makefile
> +++ b/tests/regression/apparmor/Makefile
> @@ -23,6 +23,7 @@ SRC=access.c \
>      chown.c \
>      clone.c \
>      coredump.c \
> +    dbus_eavesdrop.c \
>      dbus_message.c \
>      dbus_service.c \
>      deleted.c \
> @@ -101,6 +102,7 @@ TESTS=access \
>        chdir \
>        clone \
>        coredump \
> +      dbus_eavesdrop \
>        dbus_message \
>        dbus_service \
>        deleted \
> @@ -152,6 +154,9 @@ changehat_pthread: changehat_pthread.c changehat.h
>  dbus_common.o: dbus_common.c dbus_common.h
>  	${CC} ${CFLAGS} ${LDFLAGS} $^ -c ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
>  
> +dbus_eavesdrop: dbus_eavesdrop.c dbus_common.o
> +	${CC} ${CFLAGS} ${LDFLAGS} $^ -o dbus_eavesdrop ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
> +

I know this was just following the nearby pattern, but dbus_eavesdrop
in the recipe could be replaced with $@. Up to you.

(I've got a feeling the two rules could even be combined but my make-fu is
failing me tonight. Another item for the lowest-priority task list. :)

>  dbus_message: dbus_message.c dbus_common.o
>  	${CC} ${CFLAGS} ${LDFLAGS} $^ -o dbus_message ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
>  
> diff --git a/tests/regression/apparmor/dbus_eavesdrop.c b/tests/regression/apparmor/dbus_eavesdrop.c
> new file mode 100644
> index 0000000..9ef8e2e
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_eavesdrop.c
> @@ -0,0 +1,148 @@
> +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
> +/* dbus_service.c  Utility program to attempt to eavesdrop on a bus
> + *
> + * Copyright (C) 2003 Philip Blundell <philb at gnu.org>
> + * Copyright (C) 2013 Canonical, Ltd.
> + *
> + * Originally dbus-send.c from the dbus package. It has been heavily modified
> + * to work within the regression test framework.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
> + *
> + */
> +
> +#define _GNU_SOURCE
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <signal.h>
> +#include <sys/file.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +
> +#include "dbus_common.h"
> +
> +DBusConnection *connection = NULL;
> +DBusError error;
> +DBusBusType type = DBUS_BUS_SESSION;
> +const char *address = NULL;
> +int session_or_system = FALSE;
> +
> +static void usage(void)
> +{
> +	fprintf(stderr, "Usage: dbus_eavesdrop [ADDRESS]\n\n"
> +		"    ADDRESS\t\t--system, --session (default), or --address=ADDR\n");
> +}
> +
> +static int do_eavesdrop(void)
> +{
> +	dbus_bus_add_match(connection, "eavesdrop=true,type='method_call'",
> +			   &error);
> +	if (dbus_error_is_set(&error)) {
> +		fprintf(stderr, "FAIL: %s: %s\n", error.name, error.message);
> +		dbus_error_free(&error);
> +		return 1;
> +	}
> +
> +	return 0;
> +}
> +
> +int main(int argc, char *argv[])
> +{
> +	int i, rc;
> +
> +	if (argc < 2) {
> +		usage();
> +		rc = 1;
> +		goto out;
> +	}
> +
> +	for (i = 1; i < argc; i++) {
> +		char *arg = argv[i];
> +
> +		if (strcmp(arg, "--system") == 0) {
> +			type = DBUS_BUS_SYSTEM;
> +			session_or_system = TRUE;
> +		} else if (strcmp(arg, "--session") == 0) {
> +			type = DBUS_BUS_SESSION;
> +			session_or_system = TRUE;
> +		} else if (strstr(arg, "--address") == arg) {
> +			address = strchr(arg, '=');
> +
> +			if (address == NULL) {
> +				fprintf(stderr,
> +					"FAIL: \"--address=\" requires an ADDRESS\n");
> +				usage();
> +				rc = 1;
> +				goto out;
> +			} else {
> +				address = address + 1;
> +			}
> +		} else if (!strcmp(arg, "--help")) {
> +			usage();
> +			rc = 0;
> +			goto out;
> +		} else {
> +			usage();
> +			rc = 1;
> +			goto out;
> +		}
> +	}
> +
> +	if ((session_or_system == FALSE && address == NULL) || i < argc) {
> +		usage();
> +		rc = 1;
> +		goto out;
> +	}
> +
> +	if (session_or_system && (address != NULL)) {
> +		fprintf(stderr,
> +			"FAIL: \"--address\" may not be used with \"--system\" or \"--session\"\n");
> +		usage();
> +		rc = 1;
> +		goto out;
> +	}
> +
> +	dbus_error_init(&error);
> +
> +	if (address != NULL)
> +		connection = dbus_connection_open(address, &error);
> +	else
> +		connection = dbus_bus_get(type, &error);
> +
> +	if (connection == NULL) {
> +		fprintf(stderr,
> +			"FAIL: Failed to open connection to \"%s\" message bus: %s\n",
> +			address ? address :
> +				  ((type == DBUS_BUS_SYSTEM) ? "system" : "session"),
> +			error.message);
> +		dbus_error_free(&error);
> +		rc = 1;
> +		goto out;
> +	} else if (address != NULL)
> +		dbus_bus_register(connection, &error);
> +
> +	rc = do_eavesdrop();
> +
> +out:
> +	if (connection)
> +		dbus_connection_unref(connection);
> +
> +	if (rc == 0)
> +		printf("PASS\n");
> +
> +	exit(rc);
> +}
> diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
> new file mode 100755
> index 0000000..39e0796
> --- /dev/null
> +++ b/tests/regression/apparmor/dbus_eavesdrop.sh
> @@ -0,0 +1,77 @@
> +#! /bin/bash
> +#	Copyright (C) 2013 Canonical, Ltd.
> +#
> +#	This program is free software; you can redistribute it and/or
> +#	modify it under the terms of the GNU General Public License as
> +#	published by the Free Software Foundation, version 2 of the
> +#	License.
> +
> +#=NAME dbus_eavesdrop
> +#=DESCRIPTION
> +# This test verifies that dbus eavesdropping is restricted for confined
> +# processes.
> +#=END
> +
> +pwd=`dirname $0`
> +pwd=`cd $pwd ; /bin/pwd`
> +
> +bin=$pwd
> +
> +. $bin/prologue.inc
> +required_features dbus
> +. $bin/dbus.inc
> +
> +args="--session"
> +
> +start_bus
> +
> +# Make sure we can eavesdrop unconfined
> +
> +settest dbus_eavesdrop
> +
> +runchecktest "eavesdrop (unconfined)" pass $args
> +
> +# Make sure we get denials when confined but not allowed
> +
> +genprofile
> +runchecktest "eavesdrop (confined w/o dbus perms)" fail $args
> +
> +gendbusprofile "dbus send,"
> +runchecktest "eavesdrop (confined w/ only send allowed)" fail $args
> +
> +gendbusprofile "dbus eavesdrop,"
> +runchecktest "eavesdrop (confined w/ only eavesdrop allowed)" fail $args
> +
> +# Make sure we're okay when confined with appropriate permissions
> +
> +gendbusprofile "dbus,"
> +runchecktest "eavesdrop (dbus allowed)" pass $args
> +
> +gendbusprofile "dbus (send eavesdrop),"
> +runchecktest "eavesdrop (send, receive bind allowed)" pass $args

I think the text doesn't match the generated profile; receive and bind
aren't listed explicitly here.

> +
> +gendbusprofile "dbus (send eavesdrop) bus=session,"
> +runchecktest "eavesdrop (send, eavesdrop allowed w/ bus conditional)" pass $args
> +
> +gendbusprofile "dbus send bus=session path=/org/freedesktop/DBus \
> +			interface=org.freedesktop.DBus \
> +			member=Hello, \
> +		dbus send bus=session path=/org/freedesktop/DBus \
> +			interface=org.freedesktop.DBus \
> +			member=AddMatch, \
> +		dbus eavesdrop bus=session,"
> +runchecktest "eavesdrop (send, eavesdrop allowed w/ bus and send member conditionals)" pass $args
> +
> +gendbusprofile "dbus send, \
> +		audit dbus eavesdrop,"
> +runchecktest "eavesdrop (send allowed, eavesdrop audited)" pass $args
> +
> +# Make sure we're denied when confined without appropriate conditionals
> +
> +gendbusprofile "dbus send bus=session, \
> +		dbus eavesdrop bus=system,"
> +runchecktest "eavesdrop (wrong bus)" fail $args
> +
> +gendbusprofile "dbus send, \
> +		deny dbus eavesdrop,"
> +runchecktest "eavesdrop (send allowed, eavesdrop denied)" fail $args
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131205/b23fcc62/attachment.pgp>

More information about the AppArmor mailing list