Add run-aa-test

A number of tests use the script run-aa-test. Add the shell port of this script to common so that it doesn't need to be replicated in multiple places.

Signed-off-by: Martyn Welch martyn.welch@collabora.co.uk

run-aa-test

+#!/bin/sh
+#
+# Copyright © 2018 Collabora Ltd.
+#
+# Based on python version of run-aa-test
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ALTERNATIVE_SEPARATOR="## alternative ##"
+END=2
+
+case $(echo ${LAUNCH_DBUS} | tr [A-Z] [a-z]) in
+0 | no | false)
+	LAUNCH_DBUS="False"
+	;;
+*)
+	LAUNCH_DBUS="True"
+esac
+
+case $(echo ${RUN_AS_USER} | tr [A-Z] [a-z]) in
+0 | no | false)
+	RUN_AS_USER="False"
+	;;
+*)
+	RUN_AS_USER="True"
+esac
+
+CHAIWALA_UID=1000
+CHAIWALA_USER="user"
+
+# Check parameters
+if [ $# -lt 2 ]; then
+
+	echo "Usage: run-aa-test <expectation-file> <command> <argument-1> <argument-2> …"
+	echo "\"export LAUNCH_DBUS=no\" in the test script to not launch a dbus session."
+	echo "\"export RUN_AS_USER=no\" in the test script to not run as ${CHAIWALA_USER}"
+	exit 1
+fi
+
+EXPECT_FILE=$1
+shift
+
+if [ ! -r ${EXPECT_FILE} ]; then
+	echo "Cannot read specified expectation file: ${EXPECT_FILE}"
+	exit 1
+fi
+
+if [ ! -x $1 ]; then
+	echo "Cannot execute specified test executable: $1"
+	exit 1
+fi
+
+SOMETHING_FAILED="False"
+# typically "normal.expected" or "malicious.expected"
+TEST_TITLE=$( basename ${EXPECT_FILE} )
+
+# Touch .bash_history, which we use in some tests, if it's not there.
+bash_history="/home/${CHAIWALA_USER}/.bash_history"
+if [ ! -r ${bash_history} ]; then
+	RET=$( sudo -u ${CHAIWALA_USER} touch ${bash_history} )
+	if [ $RET != 0 ]; then
+		echo "Failed to create .bash_history: $RET"
+		exit 1
+	fi
+fi
+
+# Catch any new lines added to audit.log
+AUDIT_FILE=$( mktemp )
+tail -n0 -f /var/log/audit/audit.log > ${AUDIT_FILE} &
+AUDIT_PID=$!
+
+if [ "${LAUNCH_DBUS}" = "True" ]; then
+	# Start a new D-Bus session for this test
+	CMD="dbus-run-session -- $*"
+else
+	CMD=$*
+fi
+
+CMDLINE=""
+for PREFIX in '' '/usr/lib/apertis-tests/'; do
+	TOOL="${PREFIX}common/run-test-in-systemd"
+	if [ -x ${TOOL} ]; then
+		CMDLINE=${TOOL}
+		break
+	fi
+done
+
+if [ "$CMDLINE" = "" ]; then
+	echo "common/run-test-in-systemd not found"
+	exit 1
+fi
+
+CMDLINE="${CMDLINE} --no-lava"
+
+if [ "${RUN_AA_TEST_TIMEOUT}" != "" ]; then
+	CMDLINE="${CMDLINE} --timeout=${RUN_AA_TEST_TIMEOUT}"
+fi
+
+if [ "${RUN_AS_USER}" = "True" ]; then
+	CMDLINE="${CMDLINE} --user=${CHAIWALA_UID}"
+else
+	CMDLINE="${CMDLINE} --system"
+fi
+
+CMDLINE="${CMDLINE} ${CMD}"
+
+echo "#=== running test script: ${CMDLINE} ==="
+
+setsid ${CMDLINE}
+RET=$?
+
+echo "#--- end of test script, status: ${RET}"
+
+if [ "${RET}" = "0" ]; then
+	echo "${TEST_TITLE}_underlying_tests: pass"
+else
+	echo "# ${CMDLINE} exited ${RET}"
+	# typically "normal.expected_underlying_tests: fail"
+	echo "${TEST_TITLE}_underlying_tests: fail"
+	SOMETHING_FAILED="True"
+fi
+
+# Give auditd time to log the entries.
+sleep 3
+
+# Need to stop tailing audit
+kill ${AUDIT_PID}
+
+echo "#=== ${TEST_TITLE} ==="
+
+echo "#---8<--- raw output in audit log"
+cat ${AUDIT_FILE} | sed 's/^/# /'
+echo "#--->8---"
+
+echo "#---8<--- expected output from aa_log_extract_tokens.pl"
+cat ${EXPECT_FILE} | sed 's/^/# /'
+echo "#--->8---"
+
+EXPECT_SPLIT_DIR=$(mktemp -d)
+
+cp ${EXPECT_FILE} ${EXPECT_SPLIT_DIR}/REMAIN
+
+EXPECT_COUNT=1
+
+SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${EXPECT_SPLIT_DIR}/REMAIN | cut -d: -f1 )
+while [ "${SEPARATOR}" != "" ]; do
+	echo "SEPARATOR=\"${SEPARATOR}\""
+	echo "REMAIN:"
+	cat ${EXPECT_SPLIT_DIR}/REMAIN
+	head -n $((${SEPARATOR}-1)) ${EXPECT_SPLIT_DIR}/REMAIN > ${EXPECT_SPLIT_DIR}/EXPECT${EXPECT_COUNT}
+	SEPARATOR=$((${SEPARATOR}+1))
+	tail -n +${SEPARATOR} ${EXPECT_SPLIT_DIR}/REMAIN > ${EXPECT_SPLIT_DIR}/REMAIN.new
+	mv ${EXPECT_SPLIT_DIR}/REMAIN.new ${EXPECT_SPLIT_DIR}/REMAIN
+	EXPECT_COUNT=$((${EXPECT_COUNT}+1))
+	SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${EXPECT_SPLIT_DIR}/REMAIN | cut -d: -f1 )
+done
+
+mv ${EXPECT_SPLIT_DIR}/REMAIN ${EXPECT_SPLIT_DIR}/EXPECT${EXPECT_COUNT}
+
+PARSE_FILE="${EXPECT_SPLIT_DIR}/PARSE"
+
+RET=$( cat ${AUDIT_FILE} | /usr/bin/aa_log_extract_tokens.pl REJECTING > ${PARSE_FILE} )
+
+if [ "${RET}" != "0" ]; then
+	echo "# aa_log_extract_tokens.pl failed, trying line-by-line..."
+
+	LINES=$(wc -l ${AUDIT_FILE} | cut -d ' ' -f1 )
+	
+	cat ${AUDIT_FILE} | while read LINE; do
+		echo ${LINE} | /usr/bin/aa_log_extract_tokens.pl REJECTING 2>${EXPECT_SPLIT_DIR}/STDERR > ${EXPECT_SPLIT_DIR}/STDOUT
+		RET=$?
+		cat ${EXPECT_SPLIT_DIR}/STDOUT >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+
+		cat ${EXPECT_SPLIT_DIR}/STDERR | sed 's/^/E: /' >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+
+		if [ "$RET" != "0" ]; then
+			echo -n "^ original line: ${LINE}" >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+		fi
+	done
+
+	mv ${EXPECT_SPLIT_DIR}/ERRPARSE ${PARSE_FILE}
+fi
+
+echo "#---8<--- actual output from aa_log_extract_tokens.pl"
+cat ${PARSE_FILE} | sed 's/^/# /'
+echo "#--->8---"
+
+MATCH_EXPECTATION="False"
+
+# We might have alternative expectations, take that into consideration.
+OUTPUT_MD5=$( cat ${PARSE_FILE} | md5sum )
+COUNT=$( ls -1 ${EXPECT_SPLIT_DIR}/EXPECT* | wc -l )
+NUM=1
+while [ $((${NUM} <= ${COUNT})) = 1 ]; do
+	EXPECTED_MD5=$( cat ${EXPECT_SPLIT_DIR}/EXPECT${NUM} | md5sum )
+	if [ "${OUTPUT_MD5}" = "${EXPECTED_MD5}" ]; then
+		echo "# audit log matches alternative expectation ${NUM}/${COUNT}"
+		MATCH_EXPECTATION="True"
+	fi
+	NUM=$((${NUM}+1))
+done
+
+if [ "${MATCH_EXPECTATION}" = "True" ]; then
+	echo "${TEST_TITLE}: pass"
+else
+	echo "#---8<--- diff"
+	diff -urN ${EXPECT_SPLIT_DIR}/EXPECT${NUM} ${PARSE_FILE}
+	echo "#--->8---"
+	echo "${TEST_TITLE}: fail"
+	SOMETHING_FAILED="True"
+fi
+
+if [ "${SOMETHING_FAILED}" = "True" ]; then
+	exit 1
+fi
+
+exit 0