apparmor-session-lockdown-no-deny automated

medium

Image Types:
basesdk-amd64 / hmi-armhf / hmi-arm64 / hmi-amd64 / sdk-amd64
Image Deployment:
APT
Type:
functional

Description

Test that the session lockdown profile is not blocking more than it should.


Pre Conditions

  1. Ensure Rootfs is remounted as read/write.
  2. $ sudo mount -o remount,rw /
  3. Install dependencies
  4. $ sudo apt install apertis-tests-apparmor-report apparmor-utils apparmor python3
  5. Restart the system to restore the filesystem state to read-only before running the test.
  6. $ sudo reboot
  7. Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
  8. $ git clone --branch apertis/v2025pre https://gitlab.apertis.org/pkg/apertis-tests.git
  9. Copy the test directory apertis-tests to the target device:
  10. $ DUT_IP=<device-ip>
    $ scp -r apertis-tests user@$DUT_IP:
  11. Log into the target device:
  12. $ ssh user@$DUT_IP

Execution Steps

  1. Enter test directory:
  2. $ cd apertis-tests
  3. Execute the following command:
  4. $ common/run-test-in-systemd --timeout=900 --user=user --basename apparmor/apparmor-session-lockdown-no-deny.py

Expected

Script should report 'pass' for all the tests, something like:

RESULT:pulseaudio_running:pass

RESULT:apparmor_enabled:pass

RESULT:/usr/sbin/connmand_enforce_mode:pass

RESULT:/usr/bin/pipewire_enforce_mode:pass

RESULT:/usr/bin/wireplumber_enforce_mode:pass

RESULT:/usr/lib/tracker/tracker-miner-fs_enforce_mode:pass

RESULT:/usr/lib/tracker/tracker-store_enforce_mode:pass

RESULT:/usr/sbin/ofonod_enforce_mode:pass

RESULT:audit_log_complaints:pass