Commit 5cb5daf4 authored by anonym's avatar anonym
Browse files

Rework how we test AppArmor denials.

The basic idea is to first run a "I start monitoring the AppArmor log"
step, which records the current time, and that any "AppArmor has
denied" step run for the same profile later will only look at entries
from that time and on. The wordings on the steps now make the
scenarios a bit clearer, and we also don't have to clear syslog any
more as an ugly workaround.

Furthermore, this will bring us close to a clean solution of #9924,
which will require us to run a sysctl command *before* anything that
could generate the AppArmor log entries we're interested in. The "I
monitor" step is a perfect candidate for that, wereas we before would
need yet another step.
parent 502edfcb
......@@ -25,23 +25,21 @@ Feature: Using Evince
Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
Given AppArmor has not denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
Given I start monitoring the AppArmor log of "/usr/bin/evince"
When I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
When I close Evince
Given AppArmor has not denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
Given I restart monitoring the AppArmor log of "/usr/bin/evince"
When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
When I close Evince
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay. We have to clear syslog first,
# otherwise we'll look for the same entry as above again.
Given I clear syslog
And AppArmor has not denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
Given I restart monitoring the AppArmor log of "/usr/bin/evince"
When I try to open "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
@keep_volumes
......@@ -68,7 +66,7 @@ Feature: Using Evince
Given a computer
When I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
Then the file "/home/amnesia/Persistent/default-testpage.pdf" exists
Given AppArmor has not denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
Given I start monitoring the AppArmor log of "/usr/bin/evince"
And I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
......@@ -112,12 +112,12 @@ Feature: Chatting anonymously using Pidgin
# This should really be in dedicated scenarios, but it would be
# too costly to set up the virtual USB drive with persistence more
# than once in this feature.
Given AppArmor has not denied "/usr/bin/pidgin" from opening "/home/amnesia/.gnupg/test.crt"
Given I start monitoring the AppArmor log of "/usr/bin/pidgin"
Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
And AppArmor has denied "/usr/bin/pidgin" from opening "/home/amnesia/.gnupg/test.crt"
When I close Pidgin's certificate import failure dialog
And I close Pidgin's certificate manager
Given AppArmor has not denied "/usr/bin/pidgin" from opening "/live/persistence/TailsData_unlocked/gnupg/test.crt"
Given I restart monitoring the AppArmor log of "/usr/bin/pidgin"
Then I cannot add a certificate from the "/live/persistence/TailsData_unlocked/gnupg" directory to Pidgin
And AppArmor has denied "/usr/bin/pidgin" from opening "/live/persistence/TailsData_unlocked/gnupg/test.crt"
When I close Pidgin's certificate import failure dialog
......
......@@ -1120,19 +1120,28 @@ Given /^I wait (?:between (\d+) and )?(\d+) seconds$/ do |min, max|
sleep(time)
end
Given /^I clear syslog$/ do
Given /^I (?:re)?start monitoring the AppArmor log of "([^"]+)"$/ do |profile|
next if @skip_steps_while_restoring_background
@vm.execute_successfully('echo > /var/log/syslog')
# We will only care about entries for this profile from this time
# and on.
guest_time = DateTime.parse(@vm.execute_successfully('date').stdout)
@apparmor_profile_monitoring_start ||= Hash.new
@apparmor_profile_monitoring_start[profile] = guest_time
end
When /^AppArmor has (not )?denied "([^"]+)" from opening "([^"]+)"(?: after at most (\d+) seconds)?$/ do |anti_test, profile, file, time|
next if @skip_steps_while_restoring_background
expected_cmd_status = anti_test ? false : true
audit_line = 'apparmor="DENIED" operation="open" profile="%s" name="%s"' %
[profile, file]
assert(@apparmor_profile_monitoring_start &&
@apparmor_profile_monitoring_start[profile],
"It seems the profile '#{profile}' isn't being monitored by the " +
"'I monitor the AppArmor log of ...' step")
audit_line_regex = 'apparmor="DENIED" operation="open" profile="%s" name="%s"' % [profile, file]
block = Proc.new do
cmd = @vm.execute("grep -qF '#{audit_line}' /var/log/syslog")
assert_equal(expected_cmd_status, cmd.success?)
audit_lines = @vm.execute("grep -F '#{audit_line_regex}' /var/log/syslog").stdout.split("\n")
audit_lines.select! do |line|
DateTime.parse(line) >= @apparmor_profile_monitoring_start[profile]
end
assert(audit_lines.empty? == (anti_test ? true : false))
true
end
begin
......
......@@ -70,26 +70,25 @@ Feature: Browsing the web using the Tor Browser
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" exists
And the file "/live/overlay/home/amnesia/.gnupg/synaptic.html" exists
And the file "/tmp/synaptic.html" exists
And I start the Tor Browser
Given I start monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
When I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
And I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
Then I see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/Tor Browser/synaptic.html"
Given AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
When I open the address "file:///home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/.gnupg/synaptic.html"
Given AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
When I open the address "file:///lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay. We have to clear syslog first,
# otherwise we'll look for the same entry as above again.
And I clear syslog
Given AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
When I open the address "file:///live/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
# We do not get any AppArmor log for when access to files in /tmp is denied
# since we explictly override (commit 51c0060) the rules (from the user-tmp
......
......@@ -18,31 +18,30 @@ Feature: Using Totem
And I start Tails from DVD with network unplugged and I login
And I copy the sample videos to "/home/amnesia" as user "amnesia"
And the file "/home/amnesia/video.mp4" exists
Given I start monitoring the AppArmor log of "/usr/bin/totem"
When I open "/home/amnesia/video.mp4" with Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
And AppArmor has not denied "/usr/bin/totem" from opening "/home/amnesia/video.mp4"
Given I close Totem
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
And the file "/home/amnesia/.gnupg/video.mp4" exists
And AppArmor has not denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
Given I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
Given I close Totem
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" exists
And AppArmor has not denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
Given I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
Given I close Totem
And the file "/live/overlay/home/amnesia/.gnupg/video.mp4" exists
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay. We have to clear syslog first,
# otherwise we'll look for the same entry as above again.
And I clear syslog
And AppArmor has not denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
And I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/live/overlay/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
@check_tor_leaks
......@@ -75,7 +74,7 @@ Feature: Using Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
Given I close Totem
And the file "/home/amnesia/.gnupg/video.mp4" exists
And AppArmor has not denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
And I start monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment