apparmor-tracker automated
medium
- Image Types:
- sdk-amd64 / target-armhf-internal / target-amd64
- Image Deployment:
- APT
- Type:
- functional
Description
Tests that the tracker abstraction and tracker profiles don't cause false negatives and that it does not allow arbitrary reading of files in the home directory.
Pre Conditions
- Ensure Rootfs is remounted as read/write.
- Install dependencies
- Restart the system to restore the filesystem state to read-only before running the test.
- Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
- Copy the test directory apertis-tests to the target device:
- Log into the target device:
- Requires the multimedia demopack to be pre-installed on the tested image under /home/shared
$ sudo mount -o remount,rw /
$ sudo apt install busybox apertis-tests-apparmor-report apertis-tests-apparmor-tracker auditd gir1.2-grilo-0.3 gir1.2-tracker-2.0 python3 python3-gi wget
$ sudo reboot
$ git clone --branch apertis/v2020dev0 https://gitlab.apertis.org/infrastructure/apertis-tests.git
$ DUT_IP=<device-ip>
$ scp -r apertis-tests user@$DUT_IP:
$ ssh user@$DUT_IP
Execution Steps
- Enter test directory:
- Execute the following commands:
$ cd apertis-tests
$ echo -n | sudo tee /var/log/audit/audit.log
$ common/run-test-in-systemd --name run-test-tracker --timeout 3000 apparmor/tracker/test-tracker
$ sudo journalctl -b -t audit -o cat | /usr/bin/aa_log_extract_tokens.sh ALLOWED DENIED
Expected
Both tests should report pass and not fail:
tracker.normal.expected: pass
tracker.malicious.expected: pass
Notes
- Make sure that you have disconnect the ethernet connection to the target before you start the tethering process.
- The results of the tests printed to the standard output are enough to determine whether they passed or fail.
- If you get a failure and need to report a bug please run sudo watch-aa on a terminal and run the case that is failing (separately, if both), and add the logs you get to the bug report.