2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file access_provider.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Common functions and macros used in security-tests package.
22 #include <sys/types.h>
24 #include <sys/smack.h>
26 #include <access_provider2.h>
28 #include <tests_common.h>
32 std::string toSmackLabel(const std::string &ownerId) {
36 if (ownerId[0] == '/') {
37 return ownerId.substr(1, std::string::npos);
40 return "User::App::" + ownerId;
43 } // anonymous namespace
45 AccessProvider::AccessProvider(const std::string &ownerId)
46 : m_mySubject(toSmackLabel(ownerId))
47 , m_inSwitchContext(false)
49 RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
53 AccessProvider::AccessProvider(const std::string &ownerId, int uid, int gid)
54 : m_mySubject(toSmackLabel(ownerId))
55 , m_inSwitchContext(false)
57 RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
59 applyAndSwithToUser(uid, gid);
62 void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
63 m_smackAccess.add(m_mySubject, api, rule);
66 void AccessProvider::apply() {
67 // This should be done by security-manager
68 m_smackAccess.add("System", m_mySubject, "w");
69 m_smackAccess.add(m_mySubject, "System", "w");
70 m_smackAccess.apply();
73 void AccessProvider::applyAndSwithToUser(int uid, int gid)
75 RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
78 char* my_label = NULL;
79 RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0);
82 m_origLabel = std::string(my_label);
85 RUNNER_ASSERT(m_origLabel.size() > 0);
87 RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
88 "Error in smack_revoke_subject(" << m_mySubject << ")");
90 RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
91 "Error in smack_set_label_for_self.");
95 RUNNER_ASSERT_MSG(0 == setegid(gid),
97 RUNNER_ASSERT_MSG(0 == seteuid(uid),
99 m_inSwitchContext = true;
102 void AccessProvider::allowJournaldLogs() {
103 allowAPI("System::Run","wx"); // necessary for logging with journald
106 ScopedAccessProvider::~ScopedAccessProvider()
108 if(m_inSwitchContext == true)
110 RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid.");
111 RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
112 RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
113 "Error in smack_revoke_subject(" << m_mySubject << ")");
114 RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()),
115 "Error in smack_set_label_for_self.");
116 m_inSwitchContext = false;