From 424a35c95d9f117f8d4e08662da2ad7a76ed3f0d Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip.withnall@collabora.co.uk>
Date: Wed, 16 Mar 2016 11:10:32 +0000
Subject: [PATCH] apparmor: Do not rely on $HOME being set for AppArmor
 malicious tests

If an AppArmor malicious test is run as a systemd system job (using
`run-test-in-systemd --system`), $HOME will explicitly not be set, which
results in the program trying to read (null)/.bash_history, rather than
the expected /home/user/.bash_history.

Fix that by hard-coding it to use /home/user/.bash_history if $HOME is
not set. If the username changes in future, the tests should start
failing, which will allow us to update it again.

Bug-Apertis: https://bugs.apertis.org/show_bug.cgi?id=681

Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Signed-off-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D2283
---
 apparmor/common/function-malicious-override.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/apparmor/common/function-malicious-override.c b/apparmor/common/function-malicious-override.c
index 40765d9f..c2bd400b 100644
--- a/apparmor/common/function-malicious-override.c
+++ b/apparmor/common/function-malicious-override.c
@@ -11,17 +11,29 @@
 
 #include <glib.h>
 
+#define CHAIWALA_USER "user"
+
 void
 do_malicious_stuff (void)
 {
     char* filename;
     char* contents;
     GError* error = NULL;
+    const gchar *home_dir = NULL;
 
     /* We'll try to load the contents of the user's bash history.
      * Do not use g_get_home_dir() here as it could read from /etc/passwd,
-     * which could mean we require more AppArmor rules just for this test. */
-    filename = g_strdup_printf ("%s/.bash_history", g_getenv ("HOME"));
+     * which could mean we require more AppArmor rules just for this test.
+     *
+     * If this service is being run as a systemd system service (by
+     * run-test-in-systemd --system), $HOME will not be available, so use a
+     * hard-coded home directory. */
+    home_dir = g_getenv ("HOME");
+    if (home_dir != NULL)
+        filename = g_build_filename (home_dir, ".bash_history", NULL);
+    else
+        filename = g_build_filename ("/home", CHAIWALA_USER, ".bash_history", NULL);
+
     g_file_get_contents (filename, &contents, NULL, &error);
 
     if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES)) {
-- 
GitLab