From 4d944bcd4e731ab7bfe8d01a7041ea0ebdc090f1 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 5 Nov 2019 16:43:29 -0800 Subject: apparmor: add AppArmor KUnit tests for policy unpack Add KUnit tests to test AppArmor unpacking of userspace policies. AppArmor uses a serialized binary format for loading policies. To find policy format documentation see Documentation/admin-guide/LSM/apparmor.rst. In order to write the tests against the policy unpacking code, some static functions needed to be exposed for testing purposes. One of the goals of this patch is to establish a pattern for which testing these kinds of functions should be done in the future. Signed-off-by: Brendan Higgins Signed-off-by: Mike Salvatore Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Shuah Khan --- security/apparmor/Kconfig | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'security/apparmor/Kconfig') diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index a422a349f926..d54793073d1c 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -68,3 +68,19 @@ config SECURITY_APPARMOR_DEBUG_MESSAGES Set the default value of the apparmor.debug kernel parameter. When enabled, various debug messages will be logged to the kernel message buffer. + +config SECURITY_APPARMOR_KUNIT_TEST + bool "Build KUnit tests for policy_unpack.c" + depends on KUNIT && SECURITY_APPARMOR + help + This builds the AppArmor KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a + production build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. -- cgit v1.2.3