2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runer
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_child.h>
34 #include <dpl/log/log.h>
35 #include <sys/types.h>
38 #include <sys/xattr.h>
39 #include <sys/smack.h>
40 #include <privilege-control.h>
44 #define SMACK_RULES_DIR "/etc/smack/accesses.d/"
45 #define SMACK_LOAD2 "/smack/load2"
46 #define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
47 #define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
48 #define APPID_DIR "test_APP_ID_dir"
49 #define APPID_SHARED_DIR "test_APP_ID_shared_dir"
50 #define CANARY_LABEL "tiny_yellow_canary"
52 #define APP_ID "test_APP"
53 #define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
54 #define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
56 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
58 #define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
59 #define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
61 #define APP_TEST_APP_1 "test-application1"
62 #define APP_TEST_APP_2 "test-application_2"
63 #define APP_TEST_APP_3 "test-app-3"
64 #define APP_TEST_AV_1 "test-antivirus1"
65 #define APP_TEST_AV_2 "test-antivirus_2"
66 #define APP_TEST_AV_3 "test-av-3"
67 #define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
68 #define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
72 #define APP_USER_NAME "app"
73 #define APP_HOME_DIR "/opt/home/app"
75 // How many open file descriptors should ftw() function use?
76 #define FTW_MAX_FDS 16
78 // Rules from test_privilege_control_rules.smack
79 const std::vector< std::vector<std::string> > rules = {
80 { APP_ID, "test_book_1", "r" },
81 { APP_ID, "test_book_2", "w" },
82 { APP_ID, "test_book_3", "x" },
83 { APP_ID, "test_book_4", "rw" },
84 { APP_ID, "test_book_5", "rx" },
85 { APP_ID, "test_book_6", "wx" },
86 { APP_ID, "test_book_7", "rwx" },
87 { "test_subject_1", APP_ID, "r" },
88 { "test_subject_2", APP_ID, "w" },
89 { "test_subject_3", APP_ID, "x" },
90 { "test_subject_4", APP_ID, "rw" },
91 { "test_subject_5", APP_ID, "rx" },
92 { "test_subject_6", APP_ID, "wx" },
93 { "test_subject_7", APP_ID, "rwx" },
94 { APP_ID, APPID_SHARED_DIR, "rwxat"}};
99 const char* OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_blahblah.smack";
100 const char* WRT_BLAHBLAH = "/usr/share/privilege-control/WGT_blahblah.smack";
101 const char* OTHER_BLAHBLAH = "/usr/share/privilege-control/blahblah.smack";
102 const char* BLAHBLAH_FEATURE = "http://feature/blah/blahblah";
105 * Check if every rule is true.
106 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't
108 int test_have_all_accesses(const std::vector< std::vector<std::string> >& rules){
110 for(uint i =0; i<rules.size();++i ){
111 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
119 * Check if every rule is true.
120 * @return 1 if ANY rule in SMACK, 0 if
122 int test_have_any_accesses(const std::vector< std::vector<std::string> >& rules){
124 for(uint i =0; i<rules.size();++i ){
125 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
132 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
134 int nftw_remove_labels(const char *fpath, const struct stat *sb,
135 int typeflag, struct FTW *ftwbuf)
137 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
138 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
139 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
144 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat *sb,
145 int typeflag, struct FTW *ftwbuf)
147 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
148 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
149 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
154 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat *sb,
155 int typeflag, struct FTW *ftwbuf)
161 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
162 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
163 result = strcmp(CANARY_LABEL, label);
164 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
167 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
168 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
169 result = strcmp(CANARY_LABEL, label);
170 RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
173 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
174 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
175 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
180 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
181 int typeflag, struct FTW *ftwbuf)
187 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
188 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
189 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
190 result = strcmp(APPID_DIR, label);
191 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
194 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
195 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
196 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
197 RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
198 result = strcmp(APPID_DIR, label);
199 RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
201 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
204 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
205 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
206 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
211 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
212 int typeflag, struct FTW *ftwbuf)
218 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
219 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
220 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
221 result = strcmp(APPID_SHARED_DIR, label);
222 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
225 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
226 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
227 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
230 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
231 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
232 if (S_ISDIR(sb->st_mode)) {
233 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
234 result = strcmp("TRUE", label);
235 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
237 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
242 int file_exists(const char* path)
244 FILE* file = fopen(path, "r");
252 void osp_blahblah_check(int line_no, const std::vector<std::string>& rules)
254 std::ifstream smack_file(OSP_BLAHBLAH);
255 RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
257 auto it = rules.begin();
259 while(std::getline(smack_file,line)) {
260 RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
261 RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
265 RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
270 void remove_smack_files()
272 unlink(OSP_BLAHBLAH);
273 unlink(WRT_BLAHBLAH);
274 unlink(OTHER_BLAHBLAH);
277 int smack_file_name(const char* app_id, char** path)
279 if (asprintf(path, SMACK_RULES_DIR "/%s", app_id) == -1) {
280 RUNNER_ASSERT_MSG(false, "asprint failed");
287 int cleaning_smack_app_files (void)
292 smack_file_name(APP_TEST_APP_1, &path);
296 smack_file_name(APP_TEST_APP_2, &path);
300 smack_file_name(APP_TEST_APP_3, &path);
304 smack_file_name(APP_TEST_AV_1, &path);
308 smack_file_name(APP_TEST_AV_2, &path);
312 smack_file_name(APP_TEST_AV_3, &path);
319 int cleaning_smack_database_files (void)
324 unlink(SMACK_APPS_LABELS_DATABASE);
325 fd = open(SMACK_APPS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
331 unlink(SMACK_AVS_LABELS_DATABASE);
332 fd = open(SMACK_AVS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
342 * Test setting labels for all files and folders in given path.
344 RUNNER_TEST(privilege_control02_app_label_dir)
348 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
349 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
351 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
352 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
354 result = app_label_dir(APPID_DIR, TEST_APP_DIR);
355 RUNNER_ASSERT_MSG(result == 0, "app_label_dir() failed");
357 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
358 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
360 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
361 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
364 RUNNER_TEST(privilege_control03_app_label_shared_dir)
368 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
369 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
371 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
372 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
374 result = app_label_shared_dir(APP_ID, APPID_SHARED_DIR, TEST_APP_DIR);
375 RUNNER_ASSERT_MSG(result == 0, "app_label_shared_dir() failed");
377 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
378 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
380 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
381 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
386 * Add permisions from test_privilege_control_rules template
388 RUNNER_TEST(privilege_control04_add_permissions)
390 int result = app_add_permissions(APP_ID, PRIVS);
391 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
392 " Error adding app permissions. Errno: " << result);
394 // Check if the accesses are realy applied..
395 result = test_have_all_accesses(rules);
396 RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
399 FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
400 RUNNER_ASSERT_MSG(pFile != NULL,
401 "SMACK file NOT created!. Errno: " << errno);
404 fseek(pFile, 0L, SEEK_END);
405 int smack_file_length = ftell(pFile);
406 RUNNER_ASSERT_MSG(smack_file_length>0,
407 "SMACK file empty, but privileges list was not empty.. Errno: " << errno);
415 * Revoke permissions from the list. Should be executed as privileged user.
417 RUNNER_CHILD_TEST(privilege_control06_revoke_permissions)
423 // Revoke permissions
424 result = app_revoke_permissions(APP_ID);
425 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
426 "Error revoking app permissions. Errno: " << result);
428 // Are all the permissions revoked?
429 result = test_have_all_accesses(rules);
430 RUNNER_ASSERT_MSG(result!=1, "Not all permisions revoked.");
432 smack_file_name(APP_ID, &path);
433 fd = open(path, O_RDONLY);
434 RUNNER_ASSERT_MSG(fd >= 0, "SMACK file deleted after app_revoke_permissions");
435 RUNNER_ASSERT_MSG(lseek(fd, 0, SEEK_END) == 0, "SMACK file not empty after app_revoke_permissions");
440 static void read_gids(std::set<unsigned> &set, const char* file_path)
442 FILE *f = fopen(file_path, "r");
443 RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
445 while (fscanf(f, "%u\n", &gid) == 1) {
451 * Set APP privileges.
453 RUNNER_CHILD_TEST(privilege_control05_set_app_privilege)
458 smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
459 smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
461 // Set APP privileges
462 result = set_app_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
463 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
465 // Check if SMACK label really set
467 result = smack_new_label_from_self(&label);
468 RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
469 RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
470 result = strcmp(APP_ID, label);
471 RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
473 // Check if DAC privileges really set
474 RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
475 RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
477 result = strcmp(getenv("HOME"), APP_HOME_DIR);
478 RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR");
480 result = strcmp(getenv("USER"), APP_USER_NAME);
481 RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME");
483 std::set<unsigned> groups_check;
484 read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
485 read_gids(groups_check, LIBPRIVILEGE_TEST_DAC_FILE);
487 int groups_cnt = getgroups(0, NULL);
488 RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
489 gid_t *groups_list = (gid_t *) calloc(groups_cnt, sizeof(gid_t));
490 RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
491 getgroups(groups_cnt, groups_list);
493 for (int i = 0; i < groups_cnt; ++i) {
494 if (groups_check.erase(groups_list[i]) == 0) {
495 // getgroups() may also return process' main group
496 if (groups_list[i] == getgid())
497 RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
500 std::string groups_left;
501 for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
502 groups_left.append(std::to_string(*it)).append(" ");
504 RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
507 RUNNER_TEST(privilege_control08_app_give_access)
509 const char *subject = "lkjq345v34sfa";
510 const char *object = "lk9290f92lkjz";
511 smack_accesses *tmp = NULL;
513 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
515 std::unique_ptr<smack_accesses,std::function<void(smack_accesses*)>>
516 smack(tmp, smack_accesses_free);
518 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "r--a-"));
519 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
521 app_give_access(subject, object, "wt");
523 RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwat"));
524 RUNNER_ASSERT(0 == smack_have_access(subject, object, "x"));
526 app_revoke_access(subject, object);
528 RUNNER_ASSERT(1 == smack_have_access(subject, object, "ra"));
529 RUNNER_ASSERT(0 == smack_have_access(subject, object, "w"));
530 RUNNER_ASSERT(0 == smack_have_access(subject, object, "x"));
531 RUNNER_ASSERT(0 == smack_have_access(subject, object, "t"));
533 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-"));
534 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
538 * Add new API feature
540 RUNNER_TEST(privilege_control09_add_api_feature)
544 remove_smack_files();
547 // argument validation
548 result = add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL);
549 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
551 result = add_api_feature(APP_TYPE_OSP,"" , NULL, NULL);
552 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
555 // already existing features
556 result = add_api_feature(APP_TYPE_OSP,"messaging" , NULL, NULL);
557 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
559 result = add_api_feature(APP_TYPE_OSP,"blahblah/messaging" , NULL, NULL);
560 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
562 result = add_api_feature(APP_TYPE_WGT,"blahblahblah/messaging" , NULL, NULL);
563 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
565 result = add_api_feature(APP_TYPE_OTHER,"blah/messaging" , NULL, NULL);
566 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
570 result = add_api_feature(APP_TYPE_OSP,"blahblah" , NULL, NULL);
571 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
573 result = add_api_feature(APP_TYPE_WGT,"blahblah" , NULL, NULL);
574 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
576 result = add_api_feature(APP_TYPE_OTHER,"blahblah" , NULL, NULL);
577 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
580 // smack files existence
581 result = file_exists(OSP_BLAHBLAH);
582 RUNNER_ASSERT(result == -1);
584 result = file_exists(WRT_BLAHBLAH);
585 RUNNER_ASSERT(result == -1);
587 result = file_exists(OTHER_BLAHBLAH);
588 RUNNER_ASSERT(result == -1);
592 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , { NULL }, NULL);
593 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
594 result = file_exists(OSP_BLAHBLAH);
595 RUNNER_ASSERT(result == -1);
597 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "", NULL }, NULL);
598 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
599 result = file_exists(OSP_BLAHBLAH);
600 RUNNER_ASSERT(result == 0);
601 remove_smack_files();
603 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ " \t\n", "\t \n", "\n\t ", NULL }, NULL);
604 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
605 result = file_exists(OSP_BLAHBLAH);
606 RUNNER_ASSERT(result == 0);
607 remove_smack_files();
611 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed", NULL }, NULL);
612 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
613 result = file_exists(OSP_BLAHBLAH);
614 RUNNER_ASSERT(result == -1);
616 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed malformed", NULL }, NULL);
617 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
618 result = file_exists(OSP_BLAHBLAH);
619 RUNNER_ASSERT(result == -1);
621 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "-malformed malformed rwxat", NULL }, NULL);
622 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
623 result = file_exists(OSP_BLAHBLAH);
624 RUNNER_ASSERT(result == -1);
626 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "~/\"\\\ malformed rwxat", NULL }, NULL);
627 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
628 result = file_exists(OSP_BLAHBLAH);
629 RUNNER_ASSERT(result == -1);
631 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "subject object rwxat something else", NULL }, NULL);
632 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
633 result = file_exists(OSP_BLAHBLAH);
634 RUNNER_ASSERT(result == -1);
638 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed malformed maaaaaalformed", NULL }, NULL);
639 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
640 osp_blahblah_check(__LINE__, { "malformed malformed r--a-" });
641 remove_smack_files();
643 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "subject object foo", NULL }, NULL);
644 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
645 osp_blahblah_check(__LINE__, { "subject object -----" });
646 remove_smack_files();
648 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
649 "subject object\t rwxat",
651 "subject2\tobject2 txarw",
654 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
655 osp_blahblah_check(__LINE__, { "subject object rwxat", "subject2 object2 rwxat"});
656 remove_smack_files();
658 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
659 "Sub::jE,ct object a-RwX",
661 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
662 osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa-"});
663 remove_smack_files();
665 // TODO For now identical/complementary rules are not merged.
666 result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
667 "subject object rwxat",
669 "subject object txarw",
672 RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
673 osp_blahblah_check(__LINE__, { "subject object rwxat", "subject object rwxat"});
674 remove_smack_files();
677 // TODO database group ids
681 * Check app_install function
683 RUNNER_TEST(privilege_control01_app_install)
689 smack_file_name(APP_ID, &path);
692 result = app_install(APP_ID);
693 RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
695 // checking if file really exists
696 fd = open(path, O_RDONLY);
697 RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << path << " : " << result << ". Errno: " << strerror(errno));
701 // try install second time app with the same ID - it should failed with -1 (Errno: File exists).
702 result = app_install(APP_ID);
703 RUNNER_ASSERT_MSG(result == -1, "app_install returned " << result <<". Errno: " << strerror(errno));
707 * Check app_install function
709 RUNNER_TEST(privilege_control07_app_uninstall)
715 smack_file_name(APP_ID, &path);
716 result = app_uninstall(APP_ID);
717 RUNNER_ASSERT_MSG(result == 0, "app_uninstall returned " << result <<". Errno: " << strerror(errno));
719 // checking if file really exists
720 smack_file_name(APP_ID, &path);
721 fd = open(path, O_RDONLY);
722 RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after app_uninstall");
728 * Check app_register_av function
729 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
731 RUNNER_TEST(privilege_control10_app_register_av)
734 //FILE* file_av = NULL;
735 //FILE* file_app = NULL;
742 //char label1[SMACK_LABEL_LEN +1];
743 //char label2[SMACK_LABEL_LEN +1];
744 //char acces_rights[6 +1];
745 //char row[2 * SMACK_LABEL_LEN + 20] //
746 const char* correct_antivirus1_rules = "test-antivirus1 test-application1 rwx--\n"
747 "test-antivirus1 test-application_2 rwx--\n"
748 "test-antivirus1 test-app-3 rwx--";
749 const char* correct_antivirus2_rules = "test-antivirus_2 test-application1 rwx--\n"
750 "test-antivirus_2 test-application_2 rwx--\n"
751 "test-antivirus_2 test-app-3 rwx--";
754 cleaning_smack_app_files();
755 cleaning_smack_database_files();
757 result = app_install(APP_TEST_APP_1);
758 RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
760 result = app_install(APP_TEST_APP_2);
761 RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
763 result = app_register_av(APP_TEST_AV_1);
764 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
766 result = app_install(APP_TEST_APP_3);
767 RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
769 result = app_register_av(APP_TEST_AV_2);
770 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
772 // checking rules for anti virus 1
773 // compare between file in /etc/smack/access.d/ and correct value (correct_antivirus1_rules).
774 len = strlen(correct_antivirus1_rules);
775 buff = (char *) malloc((len+1) * sizeof(char));
776 smack_file_name(APP_TEST_AV_1, &path);
777 fd = open(path, O_RDONLY);
779 RUNNER_ASSERT_MSG(fd > -1, "file open failed " << result <<". Errno: " << strerror(errno));
780 result = read(fd, buff, len);
784 RUNNER_ASSERT_MSG(result > -1, "read from file descriptor failed. Errno: " << strerror(errno));
785 result = strncmp(buff, correct_antivirus1_rules, len);
786 RUNNER_ASSERT_MSG(result == 0, "Rules do not match: " << result << "\n\"" << buff << "\"\n\"" << correct_antivirus1_rules << "\"\n" << len);
789 // checking rules for anti virus 2
790 len = strlen(correct_antivirus2_rules);
791 buff = (char *) malloc((len+1) * sizeof(char));
792 smack_file_name(APP_TEST_AV_2, &path);
793 fd = open(path, O_RDONLY);
795 RUNNER_ASSERT_MSG(fd > -1, "file open failed " << result <<". Errno: " << strerror(errno));
796 result = read(fd, buff, len);
800 RUNNER_ASSERT_MSG(result > -1, "read from file descriptor failed. Errno: " << strerror(errno));
801 result = strncmp(buff, correct_antivirus2_rules, len);
802 RUNNER_ASSERT_MSG(result == 0, "Rules do not match: " << result << "\n\"" << buff << "\"\n\"" << correct_antivirus1_rules << "\"\n" << len);
806 cleaning_smack_app_files();
807 cleaning_smack_database_files();