apparmor-session-lockdown-no-deny automated
medium
- Image Types:
- basesdk-amd64 / hmi-armhf / hmi-arm64 / hmi-amd64 / sdk-amd64
- Image Deployment:
- APT
- Type:
- functional
Description
Test that the session lockdown profile is not blocking more than it should.
Pre Conditions
- Ensure Rootfs is remounted as read/write.
- Install dependencies
- Restart the system to restore the filesystem state to read-only before running the test.
- Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
- Copy the test directory apertis-tests to the target device:
- Log into the target device:
$ sudo mount -o remount,rw /
$ sudo apt install apertis-tests-apparmor-report apparmor-utils apparmor python3
$ sudo reboot
$ git clone --branch apertis/v2026dev1 https://gitlab.apertis.org/pkg/apertis-tests.git
$ DUT_IP=<device-ip>
$ scp -r apertis-tests user@$DUT_IP:
$ ssh user@$DUT_IP
Execution Steps
- Enter test directory:
- Execute the following command:
$ cd apertis-tests
$ common/run-test-in-systemd --timeout=900 --user=user --basename apparmor/apparmor-session-lockdown-no-deny.py
Expected
Script should report 'pass' for all the tests, something like:
RESULT:pulseaudio_running:pass
RESULT:apparmor_enabled:pass
RESULT:/usr/sbin/connmand_enforce_mode:pass
RESULT:/usr/bin/pipewire_enforce_mode:pass
RESULT:/usr/bin/wireplumber_enforce_mode:pass
RESULT:/usr/lib/tracker/tracker-miner-fs_enforce_mode:pass
RESULT:/usr/lib/tracker/tracker-store_enforce_mode:pass
RESULT:/usr/sbin/ofonod_enforce_mode:pass
RESULT:audit_log_complaints:pass