Remove the apparmor-folks tests

Folks test cases are not so relevant anymore.

The apparmor-folks test case has not been executed for several releases
already (it was not executed for 18.12 and for 18.09 was only executed
for half the platforms with some failures too).

This commit removes the apparmor-folks tests.
Signed-off-by: Luis Araujo <luis.araujo@collabora.co.uk>

Makefile

@@ -4,7 +4,6 @@ pkglibdir = /usr/lib/apertis-tests
 
 SUBDIRS = \
 	apparmor/goals \
-	apparmor/folks \
 	apparmor/geoclue \
 	apparmor/tracker \
 	apparmor/ofono \
@@ -33,7 +32,6 @@ COPY = \
 	$(wildcard apparmor/*.yaml) \
 	apertis_tests_lib \
 	apparmor/automated \
-	apparmor/folks \
 	apparmor/run-aa-test \
 	common \
 	dbus \

apparmor/folks/Makefile

-all:
-	:
-
-clean:
-	:
-
-install:
-	:
-
-check:
-	test $$(id -u) = 0
-	for p in $(wildcard usr.*); do apparmor_parser -r $$p || exit $$?; done
-	${CURDIR}/test-folks

apparmor/folks/R1.13b_folks-alias-persistence.sh

-#!/bin/sh
-# vim: set sts=4 sw=4 et tw=0 :
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-
-if [ $# -ne 0 ]; then
-    echo "Usage: $0"
-    exit 1
-fi
-
-${TEST_DIR}/../../folks/folks-alias-persistence.sh

apparmor/folks/R1.13b_folks-eds-compatibility.sh

-#!/bin/sh
-# vim: set sts=4 sw=4 et tw=0 :
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-
-if [ $# -ne 0 ]; then
-    echo "Usage: $0"
-    exit 1
-fi
-
-${TEST_DIR}/../../folks/folks-eds-compatibility.sh

apparmor/folks/R1.13b_folks-metacontacts-linking.sh

-#!/bin/sh
-# vim: set sts=4 sw=4 et tw=0 :
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-
-if [ $# -ne 0 ]; then
-    echo "Usage: $0"
-    exit 1
-fi
-
-${TEST_DIR}/../../folks/folks-metacontacts-linking.sh

apparmor/folks/R1.13b_folks-metacontacts-unlinking.sh

-#!/bin/sh
-# vim: set sts=4 sw=4 et tw=0 :
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-
-if [ $# -ne 0 ]; then
-    echo "Usage: $0"
-    exit 1
-fi
-
-${TEST_DIR}/../../folks/folks-metacontacts-unlinking.sh

apparmor/folks/R6.4.2_folks-metacontacts-antilinking.sh

-#!/bin/sh
-# vim: set sts=4 sw=4 et tw=0 :
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-
-if [ $# -ne 0 ]; then
-    echo "Usage: $0"
-    exit 1
-fi
-
-${TEST_DIR}/../../folks/folks-metacontacts-antilinking.sh

apparmor/folks/test-folks

-#!/bin/sh
-# vim: tw=0
-
-set -e
-
-TEST_DIR="$(cd "$(dirname "$0")" && pwd)"
-RUN_AA_TEST="${RUN_AA_TEST:-${TEST_DIR}/../run-aa-test}"
-
-TESTS="R1.13b_folks-alias-persistence.sh
-R1.13b_folks-eds-compatibility.sh
-R1.13b_folks-metacontacts-linking.sh
-R1.13b_folks-metacontacts-unlinking.sh
-R6.4.2_folks-metacontacts-antilinking.sh
-test-malicious.sh"
-
-for IN in ${TEST_DIR}/*.in; do
-	OUT="${IN%.in}"
-	sed -e "s!@CURDIR@!${TEST_DIR}!g" \
-		< "$IN" > "$OUT"
-done
-
-apparmor_parser -r ${TEST_DIR}/*.profile
-
-# If a previous test has (wrongly) created this file, it's going to
-# be a problem for us.
-rm -f /home/user/_file_which_do_not_exist_
-
-e=0
-for TEST in $TESTS; do
-	EXPECTED_RULE="`basename $TEST .sh`.expected"
-	"${RUN_AA_TEST}" "${TEST_DIR}"/${EXPECTED_RULE} "${TEST_DIR}"/${TEST} || e=1
-done
-
-exit $e

apparmor/folks/test-malicious.expected

-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:w
-operation:open
-name:/home/user/_file_which_do_not_exist_
-request_mask:w
-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:r
-operation:open
-name:/home/user/.bash_history
-request_mask:r
-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:d
-operation:unlink
-name:/home/user/.bash_history
-request_mask:d
-## alternative ##
-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:c
-operation:mknod
-name:/home/user/_file_which_do_not_exist_
-request_mask:c
-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:r
-operation:open
-name:/home/user/.bash_history
-request_mask:r
-====
-profile:/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh
-sdmode:REJECTING
-denied_mask:d
-operation:unlink
-name:/home/user/.bash_history
-request_mask:d

apparmor/folks/test-malicious.expected.in

-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:w
-operation:open
-name:/home/user/_file_which_do_not_exist_
-request_mask:w
-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:r
-operation:open
-name:/home/user/.bash_history
-request_mask:r
-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:d
-operation:unlink
-name:/home/user/.bash_history
-request_mask:d
-## alternative ##
-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:c
-operation:mknod
-name:/home/user/_file_which_do_not_exist_
-request_mask:c
-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:r
-operation:open
-name:/home/user/.bash_history
-request_mask:r
-====
-profile:@CURDIR@/test-malicious.sh
-sdmode:REJECTING
-denied_mask:d
-operation:unlink
-name:/home/user/.bash_history
-request_mask:d

apparmor/folks/test-malicious.profile.in

-# Author: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
-# Profile in Folks' AppArmor test suite, to check for malicous access
-
-#include <tunables/global>
-
-@CURDIR@/test-malicious.sh {
-    #include <abstractions/chaiwala-base>
-    #include <abstractions/folks>
-
-    # let us read our own /proc for debugging
-    owner @{PROC}/@{pid}/attr/current r,
-    ptrace (read) peer=@{profile_name},
-
-    # being a bash script we need to allow some more stuff in order to test
-    # what we need to test: file permission in $HOME
-    /dev/tty   rw,
-    /bin/touch ixrm,
-    /bin/cat ixrm,
-    /bin/rm ixrm,
-
-    @CURDIR@/test-malicious.sh rm,
-}

apparmor/folks/test-malicious.sh

-#!/bin/sh
-
-set -e
-set -x
-e=0
-
-cat /proc/$$/attr/current
-
-# Test <abstractions/folks> in malicious ways
-# Here we test that an attacker cannot access files we mean not to be accessible
-
-#NOTE: the profile for this script will allow /bin/touch and the other binaries
-# as well as the abstractions/consoles
-
-# This should not be accessible and auditd should complain
-if touch $HOME/_file_which_do_not_exist_; then
-    echo "that should not have worked"
-    e=1
-fi
-
-# This should not be accessible and auditd should complain
-if cat $HOME/.bash_history; then
-    echo "that should not have worked"
-    e=1
-fi
-
-# This should not be accessible and auditd should complain
-if rm -f $HOME/.bash_history; then
-    echo "that should not have worked"
-    e=1
-fi
-
-exit $e

apparmor/folks/usr.lib.chaiwala-apparmor-folks-tests.test-malicious

-# Author: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
-# Profile in Folks' AppArmor test suite, to check for malicous access
-
-#include <tunables/global>
-
-/usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh {
-    #include <abstractions/chaiwala-base>
-    #include <abstractions/folks>
-
-    # let us read our own /proc for debugging
-    owner @{PROC}/@{pid}/attr/current r,
-    ptrace (read) peer=@{profile_name},
-
-    # being a shell script we need to allow some more stuff in order to test
-    # what we need to test: file permission in $HOME
-    /dev/tty   rw,
-    /bin/touch ixrm,
-    /bin/cat ixrm,
-    /bin/rm ixrm,
-
-    /usr/lib/chaiwala-apparmor-folks-tests/test-malicious.sh rm,
-}

debian/apertis-tests.install

@@ -2,7 +2,6 @@ usr/lib/apertis-tests/apertis_tests_lib
 usr/lib/apertis-tests/apparmor/*.sh
 usr/lib/apertis-tests/apparmor/*.yaml
 usr/lib/apertis-tests/apparmor/automated
-usr/lib/apertis-tests/apparmor/folks
 usr/lib/apertis-tests/apparmor/run-aa-test
 usr/lib/apertis-tests/common
 usr/lib/apertis-tests/dbus