2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runner
33 #include <sys/socket.h>
37 #include <dpl/test/test_runner.h>
38 #include <dpl/test/test_runner_multiprocess.h>
39 #include <sys/smack.h>
40 #include <privilege-control.h>
41 #include <tests_common.h>
42 #include <libprivilege-control_test_common.h>
47 #define APP_USER_NAME "app"
48 #define APP_HOME_DIR "/opt/home/app"
51 #define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
54 typedef std::unique_ptr<smack_accesses,std::function<void (smack_accesses*)> > SmackUniquePtr;
56 void closefdptr(int* fd) { close(*fd); }
57 typedef std::unique_ptr<int, std::function<void (int*)> > FDUniquePtr;
60 /////////////////////////////////////////
61 //////NOSMACK ENVIRONMENT TESTS//////////
62 /////////////////////////////////////////
65 * NOSMACK version of nftw_check_labels_app_shared_dir function.
67 * This function used with nftw should expect -1 result from smack_have_access instead of 1.
69 int nftw_check_labels_app_shared_dir_nosmack(const char *fpath, const struct stat *sb,
70 int /*typeflag*/, struct FTW* /*ftwbuf*/)
75 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
76 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
77 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
79 result = strcmp(APPID_SHARED_DIR, label);
80 RUNNER_ASSERT_MSG(result == 0,
81 "ACCESS label on " << fpath << " is incorrect. Result: " << result);
83 //The only exception in nftw_check_labels_app_shared_dir
84 //smack_have_access returns -1 because of no SMACK.
85 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat");
86 RUNNER_ASSERT_MSG(result == -1,
87 "smack_have_access should return error (SMACK is off). Result: " << result);
89 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
90 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
91 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
93 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
94 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
95 if (S_ISDIR(sb->st_mode)) {
96 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
97 result = strcmp("TRUE", label);
98 RUNNER_ASSERT_MSG(result == 0,
99 "TRANSMUTE label on " << fpath << " is not set. Result: " << result);
101 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
106 RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
109 * NOSMACK version of privilege_control03 test.
111 * Uses nosmack version of nftw_check_labels_app_shared_dir (defined above).
113 RUNNER_TEST_NOSMACK(privilege_control03_app_label_shared_dir_nosmack)
119 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
120 RUNNER_ASSERT_MSG(result != PC_OPERATION_SUCCESS,
121 "perm_app_setup_path should fail here. Result: " << result);
125 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
126 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
127 "Unable to clean up Smack labels in " << TEST_APP_DIR);
129 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
130 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
131 "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
135 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
136 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
137 "perm_app_setup_path() failed. Result: " << result);
141 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
142 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
143 "Unable to check Smack labels for shared app dir");
145 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
146 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
147 "Unable to check Smack labels for non-app dir");
151 * NOSMACK version of privilege_control04 test.
153 * Tries to add permisions from test_privilege_control_rules template and checks if
154 * smack_have_access returns -1 on check between every rule.
156 RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
162 result = perm_app_uninstall(APP_ID);
163 RUNNER_ASSERT_MSG(result == 0,
164 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
166 result = perm_app_install(APP_ID);
167 RUNNER_ASSERT_MSG(result == 0,
168 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
171 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
172 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
173 "Error adding app permissions. Result: " << result);
177 //Check if smack_have_access always fails on every rule
178 result = test_have_nosmack_accesses(rules_efl);
179 RUNNER_ASSERT_MSG(result == -1,
180 "Despite SMACK being off some accesses were added. Result: " << result);
182 // TODO check entry in database
185 void set_app_privilege_nosmack(int line_no,
186 const char* app_id, app_type_t app_type,
187 const char** privileges, const char* type,
188 const char* app_path, const char* dac_file,
189 const rules_t &rules)
191 check_app_installed(line_no, app_path);
197 result = perm_app_uninstall(app_id);
198 RUNNER_ASSERT_MSG(result == 0,
199 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
201 result = perm_app_install(app_id);
202 RUNNER_ASSERT_MSG(result == 0,
203 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
205 result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
206 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
207 " Error enabling app permissions. Result: " << result);
211 result = test_have_nosmack_accesses(rules);
212 RUNNER_ASSERT_MSG(result == -1, "Line: " << line_no <<
213 " Permissions shouldn't be added. Result: " << result);
215 result = perm_app_set_privilege(app_id, type, app_path);
216 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
217 " Error in perm_app_set_privilege. Error: " << result);
219 //Even though app privileges are set, no smack label should be extracted.
221 result = smack_new_label_from_self(&label);
222 RUNNER_ASSERT_MSG(result == -1, "Line: " << line_no <<
223 " new_label_from_self should return error (SMACK is off). Result: " << result);
224 RUNNER_ASSERT_MSG(label == NULL, "Line: " << line_no <<
225 " new_label_from_self shouldn't allocate memory for label.");
227 check_groups(dac_file);
231 * NOSMACK version of privilege_control05_set_app_privilege test.
233 * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
234 * expected to return different result.
236 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
240 check_app_installed(__LINE__, APP_SET_PRIV_PATH);
243 smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
244 smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
247 result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
248 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
249 "Error in perm_app_set_privilege. Error: " << result);
251 //Even though app privileges are set, no smack label should be extracted.
253 result = smack_new_label_from_self(&label);
254 RUNNER_ASSERT_MSG(result == -1,
255 "new_label_from_self should return error (SMACK is off). Result: " << result);
256 RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
258 //Check if DAC privileges really set
259 RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
260 RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
262 result = strcmp(getenv("HOME"), APP_HOME_DIR);
263 RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
265 result = strcmp(getenv("USER"), APP_USER_NAME);
266 RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
268 check_groups(LIBPRIVILEGE_TEST_DAC_FILE);
272 * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
274 * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
276 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
278 set_app_privilege_nosmack(__LINE__, WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
279 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
283 * NOSMACK version of privilege_control05_set_app_privilege_wgt_partner test.
287 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_partner_nosmack)
289 set_app_privilege_nosmack(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
290 "wgt_partner", WGT_PARTNER_APP_PATH,
291 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
295 * NOSMACK version of privilege_control05_set_app_privilege_wgt_platform test.
299 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_platform_nosmack)
301 set_app_privilege_nosmack(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
302 "wgt_platform", WGT_PLATFORM_APP_PATH,
303 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
307 * NOSMACK version of privilege_control05_set_app_privilege_osp test.
311 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
313 set_app_privilege_nosmack(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
314 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
318 * NOSMACK version of privilege_control05_set_app_privilege_osp_partner test.
322 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_partner_nosmack)
324 set_app_privilege_nosmack(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
325 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
329 * NOSMACK version of privilege_control05_set_app_privilege_osp_platform test.
333 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_platform_nosmack)
335 set_app_privilege_nosmack(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
336 NULL, OSP_PLATFORM_APP_PATH,
337 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
341 * Revoke permissions from the list. Should be executed as privileged user.
343 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
345 test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, false);
349 * Revoke permissions from the list. Should be executed as privileged user.
351 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_partner_nosmack)
353 test_revoke_permissions(__LINE__, WGT_PARTNER_APP_ID, rules_wgt_partner, false);
357 * Revoke permissions from the list. Should be executed as privileged user.
359 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_platform_nosmack)
361 test_revoke_permissions(__LINE__, WGT_PLATFORM_APP_ID, rules_wgt_platform, false);
365 * Revoke permissions from the list. Should be executed as privileged user.
367 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
369 test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, false);
373 * Revoke permissions from the list. Should be executed as privileged user.
375 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_partner_nosmack)
377 test_revoke_permissions(__LINE__, OSP_PARTNER_APP_ID, rules_osp_partner, false);
381 * Revoke permissions from the list. Should be executed as privileged user.
383 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_platform_nosmack)
385 test_revoke_permissions(__LINE__, OSP_PLATFORM_APP_ID, rules_osp_platform, false);
389 * NOSMACK version of privilege_control10_app_register_av test.
391 * Uses NOSMACK version of checkOnlyAvAccess (mentioned above), rest of the test is identical to
392 * it's SMACK version.
394 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
395 RUNNER_TEST_NOSMACK(privilege_control10_app_register_av_nosmack)
397 RUNNER_IGNORED_MSG("app_register_av is not implemented");
401 smack_revoke_subject(APP_TEST_AV_1);
402 smack_revoke_subject(APP_TEST_AV_2);
404 cleaning_smack_app_files();
408 // Adding two apps before antivir
409 result = perm_app_install(APP_TEST_APP_1);
410 RUNNER_ASSERT_MSG(result == 0,
411 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
413 result = perm_app_install(APP_TEST_APP_2);
414 RUNNER_ASSERT_MSG(result == 0,
415 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
420 result = app_register_av(APP_TEST_AV_1);
421 RUNNER_ASSERT_MSG(result == 0,
422 "app_register_av returned " << result << ". Errno: " << strerror(errno));
424 // Checking added apps accesses
425 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
426 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
431 result = perm_app_install(APP_TEST_APP_3);
432 RUNNER_ASSERT_MSG(result == 0,
433 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
437 // Checking app accesses
438 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
439 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
440 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
442 // Adding second antivir
443 result = app_register_av(APP_TEST_AV_2);
444 RUNNER_ASSERT_MSG(result == 0,
445 "app_register_av returned " << result << ". Errno: " << strerror(errno));
447 // Checking app accesses
448 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
449 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
450 checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
451 checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
452 checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
453 checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
456 smack_revoke_subject(APP_TEST_AV_1);
457 smack_revoke_subject(APP_TEST_AV_2);
459 cleaning_smack_app_files();
462 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
465 * NOSMACK version of privilege_control11_app_enable_permissions test.
467 * Since the original test did the same thing around five times, there is no need to redo the
468 * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
469 * test_have_nosmack_accesses will check if smack_have_access still returns error and then
470 * we will check if SMACK file was correctly created.
472 RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
478 result = perm_app_uninstall(WGT_APP_ID);
479 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
480 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
482 result = perm_app_install(WGT_APP_ID);
483 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
484 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
486 result = perm_app_revoke_permissions(WGT_APP_ID);
487 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
488 "Error revoking app permissions. Result: " << result);
490 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
491 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
492 "Error enabling app permissions. Result: " << result);
496 //Check if accesses aren't added
497 result = test_have_nosmack_accesses(rules2);
498 RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
500 // TODO check entry in database
505 result = perm_app_revoke_permissions(WGT_APP_ID);
506 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
507 "Error revoking app permissions. Result: " << result);
512 RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
514 test_app_enable_permissions_efl(false);
518 * Check perm_app_install function
520 RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
522 test_app_disable_permissions_efl(false);
526 * Remove previously granted SMACK permissions based on permissions list.
528 RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
530 test_app_disable_permissions(false);
534 * NOSMACK version of privilege_control13 test.
536 * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
539 RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
545 result = perm_app_uninstall(WGT_APP_ID);
546 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
547 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
549 result = perm_app_install(WGT_APP_ID);
550 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
551 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
553 // Prepare permissions to reset
554 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
555 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
556 " Error adding app permissions. Result: " << result);
559 result = perm_app_reset_permissions(WGT_APP_ID);
560 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
561 "Error reseting app permissions. Result: " << result);
565 result = test_have_nosmack_accesses(rules2);
566 RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
570 // Disable permissions
571 result = perm_app_revoke_permissions(WGT_APP_ID);
572 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
573 "Error disabling app permissions. Result: " << result);
579 * NOSMACK version of privilege_control15_app_id_from_socket.
581 * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
582 * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
583 * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
584 * assumed to react correctly and are not tested in this test case.
586 * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
587 * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
588 * correct behavior for perm_app_id_from_socket would be returning NULL label.
590 RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
593 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
595 //Clean up before creating socket
598 //Create our server and client with fork
600 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
602 if (!pid) { //child (server)
603 int sock, result, fd;
606 sock = socket(AF_UNIX, SOCK_STREAM, 0);
607 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
609 //Bind socket to address
610 result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
613 RUNNER_ASSERT_MSG(false, "bind failed: " << strerror(errno));
616 //Prepare for listening
617 result = listen(sock, 1);
620 RUNNER_ASSERT_MSG(false, "listen failed: " << strerror(errno));
625 fd = accept(sock, NULL, NULL);
627 RUNNER_ASSERT_MSG(fd >= 0, "accept failed: " << strerror(errno));
629 //Wait a little bit for client to use perm_app_id_from_socket
635 } else { //parent (client)
636 // Give server some time to setup listening socket
639 char* smack_label = NULL;
642 sock = socket(AF_UNIX, SOCK_STREAM, 0);
643 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
645 //Try connecting to address
646 result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
649 RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
652 //Use perm_app_id_from_socket. Should fail and return NULL smack_label.
653 smack_label = perm_app_id_from_socket(sock);
654 if (smack_label != NULL) {
656 RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket should fail.");
661 RUNNER_ASSERT_MSG(smack_label == NULL, "perm_app_id_from_socket should fail.");
666 * Next three functions are defined only because of NOSMACK environment.
668 * Inside check_labels_dir_nosmack, smack_have_access should expect error, not access granted.
670 int check_labels_dir_nosmack(const char *fpath, const struct stat *sb,
671 const char *labels_db_path, const char *dir_db_path,
677 char label_temp[SMACK_LABEL_LEN + 1];
681 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
682 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
683 RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
686 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
689 RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
694 RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
698 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
702 RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
704 if (S_ISDIR(sb->st_mode)) {
708 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
710 result = strcmp("TRUE", label);
714 RUNNER_ASSERT_MSG(false,
715 "TRANSMUTE label on " << fpath << " is not set to TRUE Result: " << result);
717 } else if (label != NULL) {
720 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
725 fs_db.open(labels_db_path, std::ios_base::in);
726 if (!(fs_db.good())) {
728 RUNNER_ASSERT_MSG(false, "Can not open database for apps");
731 while(!fs_db.eof()) {
732 fs_db.getline(label_temp, 255);
733 result = smack_have_access(label_temp, label_gen, access);
734 if (result != -1) { //expect error, not access granted
736 RUNNER_ASSERT_MSG(false, "smack_have_access should fail. Result: " << result);
742 fs_db.open(dir_db_path, std::ios_base::in);
745 RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
749 while(!fs_db.eof()) {
750 fs_db.getline(label_temp, 255);
751 if (strcmp(label_gen, label_temp) == 0) {
759 RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
764 RUNNER_TEST_NOSMACK(privilege_control17_appsettings_privilege_nosmack)
766 test_appsettings_privilege(false);
770 * NOSMACK version of privilege_control18 test.
772 * Uses NOSMACK version of nftw_check_labels_app_public_dir.
774 RUNNER_TEST_NOSMACK(privilege_control18_app_setup_path_public_nosmack)
778 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
779 RUNNER_ASSERT_MSG(result == 0,
780 "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
782 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
783 RUNNER_ASSERT_MSG(result == 0,
784 "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
788 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
789 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
793 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
794 RUNNER_ASSERT_MSG(result == 0,
795 "Unable to check Smack labels for non-app dir. Result: " << result);
800 * NOSMACK version of privilege_control19 test.
802 * Uses NOSMACK version of nftw_check_labels_app_settings_dir.
804 RUNNER_TEST_NOSMACK(privilege_control19_app_setup_path_settings_nosmack)
808 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
809 RUNNER_ASSERT_MSG(result == 0,
810 "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
812 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
813 RUNNER_ASSERT_MSG(result == 0,
814 "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
818 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
819 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
823 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
824 RUNNER_ASSERT_MSG(result == 0,
825 "Unable to check Smack labels for non-app dir. Result: " << result);
830 * NOSMACK version of privilege_control20 test.
832 * Uses NOSMACK version of test_have_nosmack_accesses.
834 RUNNER_TEST_NOSMACK(privilege_control20_app_setup_path_npruntime_nosmack)
838 std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
843 result = perm_app_uninstall(APP_NPRUNTIME);
844 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
846 result = perm_app_install(APP_NPRUNTIME);
847 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
849 result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
850 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
854 RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
855 labelPtr.reset(label);
857 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
860 const std::vector< std::vector<std::string> > np_rules = {
861 { APP_NPRUNTIME, nptargetlabel, "rw" },
862 { nptargetlabel, APP_NPRUNTIME, "rxat" },
863 { nptargetlabel, "system::homedir", "rxat" },
864 { nptargetlabel, "xorg", "rw" },
865 { nptargetlabel, "crash-worker", "rwxa" },
866 { nptargetlabel, "sys-assert::core", "rwxat" },
867 { nptargetlabel, "syslogd", "rw" },
870 // Check if accesses aren't added
871 result = test_have_nosmack_accesses(np_rules);
872 RUNNER_ASSERT_MSG(result == -1, "Accesses shouldn't be added. Result: " << result);
876 // Uninstall app runtime
877 result = perm_app_uninstall(APP_NPRUNTIME);
878 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
884 * NOSMACK version of privielge_control21b test.
886 * Instead of error caused by incorrect params expect access granted, becuase SMACK is off.
888 RUNNER_TEST_NOSMACK(privilege_control21b_incorrect_params_smack_pid_have_access_nosmack)
890 int result = smack_pid_have_access(PID_CORRECT, "some_object", NULL);
891 RUNNER_ASSERT_MSG(result == 1,
892 "smack_pid_have_access should return access granted. Result: " << result);
894 result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
895 RUNNER_ASSERT_MSG(result == 1,
896 "smack_pid_have_access should return access granted. Result: " << result);
898 result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
899 RUNNER_ASSERT_MSG(result == 1,
900 "smack_pid_have_access should return access granted. Result: " << result);
902 result = smack_pid_have_access(PID_INCORRECT, "some_object", "rw");
903 RUNNER_ASSERT_MSG(result == 1,
904 "smack_pid_have_access should return access granted. Result: " << result);