2 * This file is part of buxton.
4 * Copyright (C) 2013 Intel Corporation
6 * buxton is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1
9 * of the License, or (at your option) any later version.
21 #include <sys/types.h>
26 #include "configurator.h"
27 #include "check_utils.h"
34 #error "re-run configure with --enable-debug"
37 static pid_t daemon_pid;
39 static void exec_daemon(void)
43 //FIXME: path is wrong for makedistcheck
44 snprintf(path, PATH_MAX, "%s/check_buxtond", get_current_dir_name());
46 if (execl(path, "check_buxtond", (const char*)NULL) < 0) {
47 fail("couldn't exec: %m");
49 fail("should never reach here");
52 static void setup(void)
58 unlink(buxton_socket());
61 sigaddset(&sigset, SIGCHLD);
62 sigprocmask(SIG_BLOCK, &sigset, NULL);
65 fail_if(pid < 0, "couldn't fork");
76 static void teardown(void)
82 pid = waitpid(daemon_pid, &status, WNOHANG);
83 fail_if(pid == -1, "waitpid error");
85 fail("daemon crashed!");
87 /* if the daemon is still running, kill it */
88 kill(SIGTERM, daemon_pid);
90 kill(SIGKILL, daemon_pid);
95 START_TEST(smack_access_check)
101 ret = buxton_cache_smack_rules();
102 fail_if(!ret, "Failed to cache Smack rules");
104 subject = buxton_string_pack("system");
105 object = buxton_string_pack("base/sample/key");
106 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
107 fail_if(!ret, "Read access was denied, but should have been granted");
108 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
109 fail_if(ret, "Write access was granted, but should have been denied");
111 subject = buxton_string_pack("system");
112 object = buxton_string_pack("system/sample/key");
113 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
114 fail_if(!ret, "Read access was denied");
115 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
116 fail_if(!ret, "Write access was denied");
118 subject = buxton_string_pack("*");
119 object = buxton_string_pack("foo");
120 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
121 fail_if(ret, "Read access granted for * subject");
122 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
123 fail_if(ret, "Write access granted for * subject");
125 subject = buxton_string_pack("foo");
126 object = buxton_string_pack("@");
127 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
128 fail_if(!ret, "Read access denied for @ object");
129 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
130 fail_if(!ret, "Write access denied for @ object");
132 subject = buxton_string_pack("@");
133 object = buxton_string_pack("foo");
134 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
135 fail_if(!ret, "Read access denied for @ subject");
136 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
137 fail_if(!ret, "Write access denied for @ subject");
139 subject = buxton_string_pack("foo");
140 object = buxton_string_pack("*");
141 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
142 fail_if(!ret, "Read access denied for * object");
143 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
144 fail_if(!ret, "Write access denied for * object");
146 subject = buxton_string_pack("foo");
147 object = buxton_string_pack("foo");
148 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
149 fail_if(!ret, "Read access denied for matching subject/object");
150 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
151 fail_if(!ret, "Write access denied for matching subject/object");
153 subject = buxton_string_pack("foo");
154 object = buxton_string_pack("_");
155 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
156 fail_if(!ret, "Read access denied for _ object");
158 subject = buxton_string_pack("^");
159 object = buxton_string_pack("foo");
160 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
161 fail_if(!ret, "Read access denied for ^ subject");
163 subject = buxton_string_pack("subjecttest");
164 object = buxton_string_pack("objecttest");
165 ret = buxton_check_smack_access(&subject, &object, ACCESS_READ);
166 fail_if(ret, "Read access granted for unrecognized subject/object");
168 subject = buxton_string_pack("subjecttest");
169 object = buxton_string_pack("objecttest");
170 ret = buxton_check_smack_access(&subject, &object, ACCESS_WRITE);
171 fail_if(ret, "Write access granted for unrecognized subject/object");
180 bool __attribute__((unused))dummy;
182 s = suite_create("smack");
184 dummy = buxton_cache_smack_rules();
185 if (buxton_smack_enabled()) {
186 tc = tcase_create("smack access test functions");
187 tcase_add_checked_fixture(tc, setup, teardown);
188 /* TODO: add tests that use actual client Smack labels */
189 suite_add_tcase(s, tc);
191 tc = tcase_create("smack libsecurity functions");
192 tcase_add_test(tc, smack_access_check);
193 suite_add_tcase(s, tc);
195 buxton_log("Smack support not detected; skipping this test suite\n");
207 putenv("BUXTON_CONF_FILE=" ABS_TOP_BUILDDIR "/test/test.conf");
209 sr = srunner_create(s);
210 srunner_run_all(sr, CK_VERBOSE);
211 number_failed = srunner_ntests_failed(sr);
214 return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
218 * Editor modelines - http://www.wireshark.org/tools/modelines.html
223 * indent-tabs-mode: t
226 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
227 * :indentSize=8:tabSize=8:noTabs=false: