2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases_perm_add_additional_rules.cpp
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief libprivilege-control test_cases_perm_add_additional_rules tests
28 #include <sys/smack.h>
30 #include <privilege-control.h>
31 #include <dpl/test/test_runner.h>
32 #include <tests_common.h>
33 #include <libprivilege-control_test_common.h>
34 #include "common/duplicates.h"
35 #include "common/db.h"
37 const char* additional_rules_empty[] = {
40 const char* additional_rules_rollback[] = {
41 "app1 ~PUBLIC_PATH~ rw",
42 "~PUBLIC_PATH~ app2 rw",
43 "app3 ~GROUP_PATH~ rw",
44 "~GROUP_PATH~ app4 rw",
45 "app5 ~SETTINGS_PATH~ rw",
46 "~SETTINGS_PATH~ app6 rw",
47 "app7 ~NPRUNTIME_PATH~ rw",
48 "~NPRUNTIME_PATH~ app8 rw",
52 const char* additional_rules_test_case_bad_01[] = {
56 const char* additional_rules_test_case_bad_02[] = {
57 "AAA BBB 1234567890123456789012345678901234567890123456789012345678901234567890",
60 const char* additional_rules_test_case_bad_03[] = {
61 "~PUBLIC_PATH~ ~PUBLIC_PATH~ rw",
64 const char* additional_rules_test_case_bad_04[] = {
65 "~ALL_APPS~ ~ALL_APPS~ wax",
68 const char* additional_rules_test_case_bad_05[] = {
69 "~ALL_APPS~ ~costam r",
72 const char* additional_rules_test_case_bad_06[] = {
76 const char* additional_rules_test_case_good_01[] = {
80 const char* additional_rules_test_case_good_02[] = {
81 "qazapp1 ~PUBLIC_PATH~ r",
82 "~PUBLIC_PATH~ wsxapp2 w",
83 "qazapp3 ~GROUP_PATH~ x",
84 "~GROUP_PATH~ wsxapp4 t",
85 "qazapp5 ~SETTINGS_PATH~ a",
86 "~SETTINGS_PATH~ wsxapp6 l",
87 "qazapp7 ~NPRUNTIME_PATH~ rwxatl",
88 "~NPRUNTIME_PATH~ wsxapp8 ------",
89 "qazapp9 ~ALL_APPS~ rwx",
90 "~ALL_APPS~ wsxapp10 rwx",
91 "qazapp11 ~ALL_APPS_WITH_SAME_PERMISSION~ rwxt",
92 "~ALL_APPS_WITH_SAME_PERMISSION~ wsxapp12 rwxt",
95 const char* additional_rules_test_case_good_03[] = {
96 "~ALL_APPS~ costam wata",
99 void test_one_additional_rules_set(const char** rules)
102 additional_rules parsed_rules;
104 // Parse rules and check if they are valid
105 bool correct_rules = additional_rules_parse(rules, parsed_rules);
107 // Apply known set of additional rules and close db transaction to apply them to smack
109 result = perm_add_additional_rules(additional_rules_rollback);
110 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
111 "Failed on applying rollback additional rules with result = " << result);
114 // Try setting test set
116 result = perm_add_additional_rules(rules);
120 // If rules are correct test set should be applied succesfully
121 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
122 "perm_add_additional_rules failed. result = " << result);
125 TestLibPrivilegeControlDatabase db_test;
126 db_test.test_db_after__perm_add_additional_rules(parsed_rules);
128 // If rules are not valid test set should not be applied and db should rollback to known set
129 RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS,
130 "perm_add_additional_rules succeeded, but shouldn't.");
133 additional_rules parsed_rollback_rules;
134 additional_rules_parse(additional_rules_rollback, parsed_rollback_rules);
135 TestLibPrivilegeControlDatabase db_test;
136 db_test.test_db_after__perm_add_additional_rules(parsed_rollback_rules);
140 RUNNER_TEST(privilege_control26_perm_add_additional_rules_database)
142 UNUSED RestoreAdditionalRulesGuard guard;
143 test_one_additional_rules_set(additional_rules_empty);
144 test_one_additional_rules_set(additional_rules_rollback);
146 test_one_additional_rules_set(additional_rules_test_case_bad_01);
147 test_one_additional_rules_set(additional_rules_test_case_bad_02);
148 test_one_additional_rules_set(additional_rules_test_case_bad_03);
149 test_one_additional_rules_set(additional_rules_test_case_bad_04);
150 test_one_additional_rules_set(additional_rules_test_case_bad_05);
151 test_one_additional_rules_set(additional_rules_test_case_bad_06);
153 test_one_additional_rules_set(additional_rules_test_case_good_01);
154 test_one_additional_rules_set(additional_rules_test_case_good_02);
155 test_one_additional_rules_set(additional_rules_test_case_good_03);
158 /**************************************************************************************************/
167 typedef std::vector<smack_rule> smack_rules_vector;
169 void test_one_smack_rule(const smack_rule& rule)
173 const std::vector<std::string> access = {"r", "w", "x" ,"a", "t", "l"};
174 for (auto a = access.begin(); a != access.end(); ++a) {
175 result = smack_have_access(rule.subject.c_str(), rule.object.c_str(), a->c_str());
177 if (rule.access.find(*a) != std::string::npos)
178 pass = (result == 1);
180 pass = (result <= 0);
182 RUNNER_ASSERT_MSG_BT(pass, "rule = {" << rule.subject << "; " << rule.object << "; " <<
183 rule.access << "}" << std::endl <<
184 "access = " << *a << std::endl <<
185 "result = " << result << std::endl);
189 void test_smack_rules_vector(const smack_rules_vector& rules)
191 for (auto rule = rules.begin(); rule != rules.end(); ++rule)
192 test_one_smack_rule(*rule);
195 const std::string APP27_A = "APP27_A";
196 const std::string APP27_B = "APP27_B";
197 const std::string APP27_C = "APP27_C";
198 const std::string APP27_D = "APP27_D";
199 const std::string APP27_E = "APP27_E";
200 const std::string APP27_F = "APP27_F";
202 const std::string APP27_A_PUB = "/etc/smack/test_privilege_control_DIR/A_PUBLIC";
203 const std::string APP27_D_PUB = "/etc/smack/test_privilege_control_DIR/D_PUBLIC";
204 const std::string APP27_E_PUB = "/etc/smack/test_privilege_control_DIR/E_PUBLIC";
206 const std::string APP27_A_PUB_ID = smack_label_for_path(APP27_A, APP27_A_PUB);
207 const std::string APP27_D_PUB_ID = smack_label_for_path(APP27_D, APP27_D_PUB);
208 const std::string APP27_E_PUB_ID = smack_label_for_path(APP27_E, APP27_E_PUB);
210 const std::string APP27_B_SET = "/etc/smack/test_privilege_control_DIR/B_SETTINGS";
211 const std::string APP27_C_SET = "/etc/smack/test_privilege_control_DIR/C_SETTINGS";
212 const std::string APP27_E_SET = "/etc/smack/test_privilege_control_DIR/E_SETTINGS";
214 const std::string APP27_B_SET_ID = smack_label_for_path(APP27_B, APP27_B_SET);
215 const std::string APP27_C_SET_ID = smack_label_for_path(APP27_C, APP27_C_SET);
216 const std::string APP27_E_SET_ID = smack_label_for_path(APP27_E, APP27_E_SET);
218 const std::string APP27_A_GRP = "/etc/smack/test_privilege_control_DIR/A_GROUP";
219 const std::string APP27_B_GRP = "/etc/smack/test_privilege_control_DIR/B_GROUP";
220 const std::string APP27_F_GRP = "/etc/smack/test_privilege_control_DIR/F_GROUP";
222 const std::string APP27_A_GRP_ID = "A";
223 const std::string APP27_B_GRP_ID = "B";
224 const std::string APP27_F_GRP_ID = "F";
226 const smack_rules_vector initial_state = {
227 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
228 { APP27_B, APP27_A_PUB_ID, "rx" },
229 { APP27_C, APP27_A_PUB_ID, "rx" },
230 { APP27_D, APP27_A_PUB_ID, "rx" },
231 { APP27_E, APP27_A_PUB_ID, "rx" },
232 { APP27_F, APP27_A_PUB_ID, "" },
234 { APP27_A, APP27_D_PUB_ID, "rx" },
235 { APP27_B, APP27_D_PUB_ID, "rx" },
236 { APP27_C, APP27_D_PUB_ID, "rx" },
237 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
238 { APP27_E, APP27_D_PUB_ID, "rx" },
239 { APP27_F, APP27_D_PUB_ID, "" },
241 { APP27_A, APP27_E_PUB_ID, "" },
242 { APP27_B, APP27_E_PUB_ID, "" },
243 { APP27_C, APP27_E_PUB_ID, "" },
244 { APP27_D, APP27_E_PUB_ID, "" },
245 { APP27_E, APP27_E_PUB_ID, "" },
246 { APP27_F, APP27_E_PUB_ID, "" },
248 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
249 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
250 { APP27_C, APP27_A_GRP_ID, "" },
251 { APP27_D, APP27_A_GRP_ID, "" },
252 { APP27_E, APP27_A_GRP_ID, "" },
253 { APP27_F, APP27_A_GRP_ID, "" },
255 { APP27_A, APP27_B_GRP_ID, "" },
256 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
257 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
258 { APP27_D, APP27_B_GRP_ID, "" },
259 { APP27_E, APP27_B_GRP_ID, "" },
260 { APP27_F, APP27_B_GRP_ID, "" },
262 { APP27_A, APP27_F_GRP_ID, "" },
263 { APP27_B, APP27_F_GRP_ID, "" },
264 { APP27_C, APP27_F_GRP_ID, "" },
265 { APP27_D, APP27_F_GRP_ID, "" },
266 { APP27_E, APP27_F_GRP_ID, "" },
267 { APP27_F, APP27_F_GRP_ID, "" },
269 { APP27_A, APP27_B_SET_ID, "" },
270 { APP27_B, APP27_B_SET_ID, "rwxatl" },
271 { APP27_C, APP27_B_SET_ID, "" },
272 { APP27_D, APP27_B_SET_ID, "" },
273 { APP27_E, APP27_B_SET_ID, "" },
274 { APP27_F, APP27_B_SET_ID, "" },
276 { APP27_A, APP27_C_SET_ID, "" },
277 { APP27_B, APP27_C_SET_ID, "" },
278 { APP27_C, APP27_C_SET_ID, "" },
279 { APP27_D, APP27_C_SET_ID, "" },
280 { APP27_E, APP27_C_SET_ID, "" },
281 { APP27_F, APP27_C_SET_ID, "" },
283 { APP27_A, APP27_E_SET_ID, "" },
284 { APP27_B, APP27_E_SET_ID, "" },
285 { APP27_C, APP27_E_SET_ID, "" },
286 { APP27_D, APP27_E_SET_ID, "" },
287 { APP27_E, APP27_E_SET_ID, "rwxatl" },
288 { APP27_F, APP27_E_SET_ID, "" }
291 const smack_rules_vector rules_1_state = {
292 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
293 { APP27_B, APP27_A_PUB_ID, "rx" },
294 { APP27_C, APP27_A_PUB_ID, "rx" },
295 { APP27_D, APP27_A_PUB_ID, "rxl" },
296 { APP27_E, APP27_A_PUB_ID, "rwxatl" },
297 { APP27_F, APP27_A_PUB_ID, "rwxatl" },
299 { APP27_A, APP27_D_PUB_ID, "rx" },
300 { APP27_B, APP27_D_PUB_ID, "rx" },
301 { APP27_C, APP27_D_PUB_ID, "rx" },
302 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
303 { APP27_E, APP27_D_PUB_ID, "rwxatl" },
304 { APP27_F, APP27_D_PUB_ID, "rwxatl" },
306 { APP27_A, APP27_E_PUB_ID, "" },
307 { APP27_B, APP27_E_PUB_ID, "" },
308 { APP27_C, APP27_E_PUB_ID, "" },
309 { APP27_D, APP27_E_PUB_ID, "" },
310 { APP27_E, APP27_E_PUB_ID, "" },
311 { APP27_F, APP27_E_PUB_ID, "" },
313 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
314 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
315 { APP27_C, APP27_A_GRP_ID, "" },
316 { APP27_D, APP27_A_GRP_ID, "ra" },
317 { APP27_E, APP27_A_GRP_ID, "" },
318 { APP27_F, APP27_A_GRP_ID, "" },
320 { APP27_A, APP27_B_GRP_ID, "" },
321 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
322 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
323 { APP27_D, APP27_B_GRP_ID, "ra" },
324 { APP27_E, APP27_B_GRP_ID, "" },
325 { APP27_F, APP27_B_GRP_ID, "" },
327 { APP27_A, APP27_F_GRP_ID, "" },
328 { APP27_B, APP27_F_GRP_ID, "" },
329 { APP27_C, APP27_F_GRP_ID, "" },
330 { APP27_D, APP27_F_GRP_ID, "" },
331 { APP27_E, APP27_F_GRP_ID, "" },
332 { APP27_F, APP27_F_GRP_ID, "" },
334 { APP27_A, APP27_B_SET_ID, "ra" },
335 { APP27_B, APP27_B_SET_ID, "rwxatl" },
336 { APP27_C, APP27_B_SET_ID, "" },
337 { APP27_D, APP27_B_SET_ID, "" },
338 { APP27_E, APP27_B_SET_ID, "xl" },
339 { APP27_F, APP27_B_SET_ID, "" },
341 { APP27_A, APP27_C_SET_ID, "" },
342 { APP27_B, APP27_C_SET_ID, "" },
343 { APP27_C, APP27_C_SET_ID, "" },
344 { APP27_D, APP27_C_SET_ID, "" },
345 { APP27_E, APP27_C_SET_ID, "" },
346 { APP27_F, APP27_C_SET_ID, "" },
348 { APP27_A, APP27_E_SET_ID, "ra" },
349 { APP27_B, APP27_E_SET_ID, "" },
350 { APP27_C, APP27_E_SET_ID, "" },
351 { APP27_D, APP27_E_SET_ID, "" },
352 { APP27_E, APP27_E_SET_ID, "rwxatl" },
353 { APP27_F, APP27_E_SET_ID, "" }
356 const smack_rules_vector add_app_state = {
357 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
358 { APP27_B, APP27_A_PUB_ID, "rx" },
359 { APP27_C, APP27_A_PUB_ID, "rx" },
360 { APP27_D, APP27_A_PUB_ID, "rxl" },
361 { APP27_E, APP27_A_PUB_ID, "rwxatl" },
362 { APP27_F, APP27_A_PUB_ID, "rwxatl" },
364 { APP27_A, APP27_D_PUB_ID, "rx" },
365 { APP27_B, APP27_D_PUB_ID, "rx" },
366 { APP27_C, APP27_D_PUB_ID, "rx" },
367 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
368 { APP27_E, APP27_D_PUB_ID, "rwxatl" },
369 { APP27_F, APP27_D_PUB_ID, "rwxatl" },
371 { APP27_A, APP27_E_PUB_ID, "" },
372 { APP27_B, APP27_E_PUB_ID, "" },
373 { APP27_C, APP27_E_PUB_ID, "" },
374 { APP27_D, APP27_E_PUB_ID, "" },
375 { APP27_E, APP27_E_PUB_ID, "" },
376 { APP27_F, APP27_E_PUB_ID, "" },
378 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
379 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
380 { APP27_C, APP27_A_GRP_ID, "" },
381 { APP27_D, APP27_A_GRP_ID, "ra" },
382 { APP27_E, APP27_A_GRP_ID, "" },
383 { APP27_F, APP27_A_GRP_ID, "" },
385 { APP27_A, APP27_B_GRP_ID, "" },
386 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
387 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
388 { APP27_D, APP27_B_GRP_ID, "ra" },
389 { APP27_E, APP27_B_GRP_ID, "" },
390 { APP27_F, APP27_B_GRP_ID, "" },
392 { APP27_A, APP27_F_GRP_ID, "rwxatl" },
393 { APP27_B, APP27_F_GRP_ID, "" },
394 { APP27_C, APP27_F_GRP_ID, "" },
395 { APP27_D, APP27_F_GRP_ID, "ra" },
396 { APP27_E, APP27_F_GRP_ID, "" },
397 { APP27_F, APP27_F_GRP_ID, "rwxatl" },
399 { APP27_A, APP27_B_SET_ID, "ra" },
400 { APP27_B, APP27_B_SET_ID, "rwxatl" },
401 { APP27_C, APP27_B_SET_ID, "" },
402 { APP27_D, APP27_B_SET_ID, "" },
403 { APP27_E, APP27_B_SET_ID, "xl" },
404 { APP27_F, APP27_B_SET_ID, "" },
406 { APP27_A, APP27_C_SET_ID, "" },
407 { APP27_B, APP27_C_SET_ID, "" },
408 { APP27_C, APP27_C_SET_ID, "" },
409 { APP27_D, APP27_C_SET_ID, "" },
410 { APP27_E, APP27_C_SET_ID, "" },
411 { APP27_F, APP27_C_SET_ID, "" },
413 { APP27_A, APP27_E_SET_ID, "ra" },
414 { APP27_B, APP27_E_SET_ID, "" },
415 { APP27_C, APP27_E_SET_ID, "" },
416 { APP27_D, APP27_E_SET_ID, "" },
417 { APP27_E, APP27_E_SET_ID, "rwxatl" },
418 { APP27_F, APP27_E_SET_ID, "" }
421 const smack_rules_vector add_dir_state = {
422 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
423 { APP27_B, APP27_A_PUB_ID, "rx" },
424 { APP27_C, APP27_A_PUB_ID, "rx" },
425 { APP27_D, APP27_A_PUB_ID, "rxl" },
426 { APP27_E, APP27_A_PUB_ID, "rwxatl" },
427 { APP27_F, APP27_A_PUB_ID, "rwxatl" },
429 { APP27_A, APP27_D_PUB_ID, "rx" },
430 { APP27_B, APP27_D_PUB_ID, "rx" },
431 { APP27_C, APP27_D_PUB_ID, "rx" },
432 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
433 { APP27_E, APP27_D_PUB_ID, "rwxatl" },
434 { APP27_F, APP27_D_PUB_ID, "rwxatl" },
436 { APP27_A, APP27_E_PUB_ID, "rx" },
437 { APP27_B, APP27_E_PUB_ID, "rx" },
438 { APP27_C, APP27_E_PUB_ID, "rx" },
439 { APP27_D, APP27_E_PUB_ID, "rxl" },
440 { APP27_E, APP27_E_PUB_ID, "rwxatl" },
441 { APP27_F, APP27_E_PUB_ID, "rwxatl" },
443 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
444 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
445 { APP27_C, APP27_A_GRP_ID, "" },
446 { APP27_D, APP27_A_GRP_ID, "rwxatl" },
447 { APP27_E, APP27_A_GRP_ID, "" },
448 { APP27_F, APP27_A_GRP_ID, "" },
450 { APP27_A, APP27_B_GRP_ID, "rwxatl" },
451 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
452 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
453 { APP27_D, APP27_B_GRP_ID, "ra" },
454 { APP27_E, APP27_B_GRP_ID, "" },
455 { APP27_F, APP27_B_GRP_ID, "" },
457 { APP27_A, APP27_F_GRP_ID, "" },
458 { APP27_B, APP27_F_GRP_ID, "" },
459 { APP27_C, APP27_F_GRP_ID, "rwxatl" },
460 { APP27_D, APP27_F_GRP_ID, "ra" },
461 { APP27_E, APP27_F_GRP_ID, "" },
462 { APP27_F, APP27_F_GRP_ID, "" },
464 { APP27_A, APP27_B_SET_ID, "ra" },
465 { APP27_B, APP27_B_SET_ID, "rwxatl" },
466 { APP27_C, APP27_B_SET_ID, "" },
467 { APP27_D, APP27_B_SET_ID, "" },
468 { APP27_E, APP27_B_SET_ID, "xl" },
469 { APP27_F, APP27_B_SET_ID, "" },
471 { APP27_A, APP27_C_SET_ID, "ra" },
472 { APP27_B, APP27_C_SET_ID, "" },
473 { APP27_C, APP27_C_SET_ID, "rwxatl" },
474 { APP27_D, APP27_C_SET_ID, "" },
475 { APP27_E, APP27_C_SET_ID, "xl" },
476 { APP27_F, APP27_C_SET_ID, "" },
478 { APP27_A, APP27_E_SET_ID, "ra" },
479 { APP27_B, APP27_E_SET_ID, "" },
480 { APP27_C, APP27_E_SET_ID, "" },
481 { APP27_D, APP27_E_SET_ID, "" },
482 { APP27_E, APP27_E_SET_ID, "rwxatl" },
483 { APP27_F, APP27_E_SET_ID, "" }
486 const smack_rules_vector rules_2_state = {
487 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
488 { APP27_B, APP27_A_PUB_ID, "rx" },
489 { APP27_C, APP27_A_PUB_ID, "rxlt" },
490 { APP27_D, APP27_A_PUB_ID, "rxa" },
491 { APP27_E, APP27_A_PUB_ID, "rwxl" },
492 { APP27_F, APP27_A_PUB_ID, "" },
494 { APP27_A, APP27_D_PUB_ID, "rx" },
495 { APP27_B, APP27_D_PUB_ID, "rx" },
496 { APP27_C, APP27_D_PUB_ID, "rxlt" },
497 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
498 { APP27_E, APP27_D_PUB_ID, "rwxl" },
499 { APP27_F, APP27_D_PUB_ID, "" },
501 { APP27_A, APP27_E_PUB_ID, "" },
502 { APP27_B, APP27_E_PUB_ID, "" },
503 { APP27_C, APP27_E_PUB_ID, "" },
504 { APP27_D, APP27_E_PUB_ID, "" },
505 { APP27_E, APP27_E_PUB_ID, "" },
506 { APP27_F, APP27_E_PUB_ID, "" },
508 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
509 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
510 { APP27_C, APP27_A_GRP_ID, "" },
511 { APP27_D, APP27_A_GRP_ID, "" },
512 { APP27_E, APP27_A_GRP_ID, "" },
513 { APP27_F, APP27_A_GRP_ID, "" },
515 { APP27_A, APP27_B_GRP_ID, "" },
516 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
517 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
518 { APP27_D, APP27_B_GRP_ID, "" },
519 { APP27_E, APP27_B_GRP_ID, "" },
520 { APP27_F, APP27_B_GRP_ID, "" },
522 { APP27_A, APP27_F_GRP_ID, "" },
523 { APP27_B, APP27_F_GRP_ID, "" },
524 { APP27_C, APP27_F_GRP_ID, "" },
525 { APP27_D, APP27_F_GRP_ID, "" },
526 { APP27_E, APP27_F_GRP_ID, "" },
527 { APP27_F, APP27_F_GRP_ID, "" },
529 { APP27_A, APP27_B_SET_ID, "" },
530 { APP27_B, APP27_B_SET_ID, "rwxatl" },
531 { APP27_C, APP27_B_SET_ID, "" },
532 { APP27_D, APP27_B_SET_ID, "" },
533 { APP27_E, APP27_B_SET_ID, "" },
534 { APP27_F, APP27_B_SET_ID, "" },
536 { APP27_A, APP27_C_SET_ID, "" },
537 { APP27_B, APP27_C_SET_ID, "" },
538 { APP27_C, APP27_C_SET_ID, "" },
539 { APP27_D, APP27_C_SET_ID, "" },
540 { APP27_E, APP27_C_SET_ID, "" },
541 { APP27_F, APP27_C_SET_ID, "" },
543 { APP27_A, APP27_E_SET_ID, "" },
544 { APP27_B, APP27_E_SET_ID, "" },
545 { APP27_C, APP27_E_SET_ID, "" },
546 { APP27_D, APP27_E_SET_ID, "" },
547 { APP27_E, APP27_E_SET_ID, "rwxatl" },
548 { APP27_F, APP27_E_SET_ID, "" }
551 const smack_rules_vector rules_3_state = {
552 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
553 { APP27_B, APP27_A_PUB_ID, "rx" },
554 { APP27_C, APP27_A_PUB_ID, "rx" },
555 { APP27_D, APP27_A_PUB_ID, "rx" },
556 { APP27_E, APP27_A_PUB_ID, "rx" },
557 { APP27_F, APP27_A_PUB_ID, "" },
559 { APP27_A, APP27_D_PUB_ID, "rx" },
560 { APP27_B, APP27_D_PUB_ID, "rx" },
561 { APP27_C, APP27_D_PUB_ID, "rx" },
562 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
563 { APP27_E, APP27_D_PUB_ID, "rx" },
564 { APP27_F, APP27_D_PUB_ID, "" },
566 { APP27_A, APP27_E_PUB_ID, "" },
567 { APP27_B, APP27_E_PUB_ID, "" },
568 { APP27_C, APP27_E_PUB_ID, "" },
569 { APP27_D, APP27_E_PUB_ID, "" },
570 { APP27_E, APP27_E_PUB_ID, "" },
571 { APP27_F, APP27_E_PUB_ID, "" },
573 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
574 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
575 { APP27_C, APP27_A_GRP_ID, "xlt" },
576 { APP27_D, APP27_A_GRP_ID, "" },
577 { APP27_E, APP27_A_GRP_ID, "rwl" },
578 { APP27_F, APP27_A_GRP_ID, "" },
580 { APP27_A, APP27_B_GRP_ID, "" },
581 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
582 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
583 { APP27_D, APP27_B_GRP_ID, "" },
584 { APP27_E, APP27_B_GRP_ID, "rwl" },
585 { APP27_F, APP27_B_GRP_ID, "" },
587 { APP27_A, APP27_F_GRP_ID, "" },
588 { APP27_B, APP27_F_GRP_ID, "" },
589 { APP27_C, APP27_F_GRP_ID, "" },
590 { APP27_D, APP27_F_GRP_ID, "" },
591 { APP27_E, APP27_F_GRP_ID, "" },
592 { APP27_F, APP27_F_GRP_ID, "" },
594 { APP27_A, APP27_B_SET_ID, "" },
595 { APP27_B, APP27_B_SET_ID, "rwxatl" },
596 { APP27_C, APP27_B_SET_ID, "" },
597 { APP27_D, APP27_B_SET_ID, "" },
598 { APP27_E, APP27_B_SET_ID, "" },
599 { APP27_F, APP27_B_SET_ID, "" },
601 { APP27_A, APP27_C_SET_ID, "" },
602 { APP27_B, APP27_C_SET_ID, "" },
603 { APP27_C, APP27_C_SET_ID, "" },
604 { APP27_D, APP27_C_SET_ID, "" },
605 { APP27_E, APP27_C_SET_ID, "" },
606 { APP27_F, APP27_C_SET_ID, "" },
608 { APP27_A, APP27_E_SET_ID, "" },
609 { APP27_B, APP27_E_SET_ID, "" },
610 { APP27_C, APP27_E_SET_ID, "" },
611 { APP27_D, APP27_E_SET_ID, "" },
612 { APP27_E, APP27_E_SET_ID, "rwxatl" },
613 { APP27_F, APP27_E_SET_ID, "" }
616 const smack_rules_vector rules_4_state = {
617 { APP27_A, APP27_A_PUB_ID, "rwxatl" },
618 { APP27_B, APP27_A_PUB_ID, "rx" },
619 { APP27_C, APP27_A_PUB_ID, "rx" },
620 { APP27_D, APP27_A_PUB_ID, "rx" },
621 { APP27_E, APP27_A_PUB_ID, "rx" },
622 { APP27_F, APP27_A_PUB_ID, "" },
624 { APP27_A, APP27_D_PUB_ID, "rx" },
625 { APP27_B, APP27_D_PUB_ID, "rx" },
626 { APP27_C, APP27_D_PUB_ID, "rx" },
627 { APP27_D, APP27_D_PUB_ID, "rwxatl" },
628 { APP27_E, APP27_D_PUB_ID, "rx" },
629 { APP27_F, APP27_D_PUB_ID, "" },
631 { APP27_A, APP27_E_PUB_ID, "" },
632 { APP27_B, APP27_E_PUB_ID, "" },
633 { APP27_C, APP27_E_PUB_ID, "" },
634 { APP27_D, APP27_E_PUB_ID, "" },
635 { APP27_E, APP27_E_PUB_ID, "" },
636 { APP27_F, APP27_E_PUB_ID, "" },
638 { APP27_A, APP27_A_GRP_ID, "rwxatl" },
639 { APP27_B, APP27_A_GRP_ID, "rwxatl" },
640 { APP27_C, APP27_A_GRP_ID, "" },
641 { APP27_D, APP27_A_GRP_ID, "" },
642 { APP27_E, APP27_A_GRP_ID, "" },
643 { APP27_F, APP27_A_GRP_ID, "" },
645 { APP27_A, APP27_B_GRP_ID, "" },
646 { APP27_B, APP27_B_GRP_ID, "rwxatl" },
647 { APP27_C, APP27_B_GRP_ID, "rwxatl" },
648 { APP27_D, APP27_B_GRP_ID, "" },
649 { APP27_E, APP27_B_GRP_ID, "" },
650 { APP27_F, APP27_B_GRP_ID, "" },
652 { APP27_A, APP27_F_GRP_ID, "" },
653 { APP27_B, APP27_F_GRP_ID, "" },
654 { APP27_C, APP27_F_GRP_ID, "" },
655 { APP27_D, APP27_F_GRP_ID, "" },
656 { APP27_E, APP27_F_GRP_ID, "" },
657 { APP27_F, APP27_F_GRP_ID, "" },
659 { APP27_A, APP27_B_SET_ID, "" },
660 { APP27_B, APP27_B_SET_ID, "rwxatl" },
661 { APP27_C, APP27_B_SET_ID, "xlt" },
662 { APP27_D, APP27_B_SET_ID, "" },
663 { APP27_E, APP27_B_SET_ID, "rwl" },
664 { APP27_F, APP27_B_SET_ID, "" },
666 { APP27_A, APP27_C_SET_ID, "" },
667 { APP27_B, APP27_C_SET_ID, "" },
668 { APP27_C, APP27_C_SET_ID, "" },
669 { APP27_D, APP27_C_SET_ID, "" },
670 { APP27_E, APP27_C_SET_ID, "" },
671 { APP27_F, APP27_C_SET_ID, "" },
673 { APP27_A, APP27_E_SET_ID, "" },
674 { APP27_B, APP27_E_SET_ID, "ra" },
675 { APP27_C, APP27_E_SET_ID, "xlt" },
676 { APP27_D, APP27_E_SET_ID, "" },
677 { APP27_E, APP27_E_SET_ID, "rwxatl" },
678 { APP27_F, APP27_E_SET_ID, "" }
681 const std::vector<std::string> directories_27 = { APP27_A_PUB, APP27_D_PUB, APP27_E_PUB,
682 APP27_B_SET, APP27_C_SET, APP27_E_SET,
683 APP27_A_GRP, APP27_B_GRP, APP27_F_GRP};
685 void additional_rules_prepare_directories(void)
687 for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
688 int result = mkdir(dir->c_str(), 0);
689 RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == EEXIST), "directory = " <<
690 dir->c_str() << "; result = " << result << "; errno = " << errno <<
691 "; error = " << strerror(errno));
695 void additional_rules_set_initial_state(void)
700 result = perm_app_install(APP27_A.c_str());
701 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
702 result = perm_app_setup_path(APP27_A.c_str(), APP27_A_PUB.c_str(), PERM_APP_PATH_PUBLIC);
703 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
704 result = perm_app_setup_path(APP27_A.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
705 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
707 result = perm_app_install(APP27_B.c_str());
708 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
709 result = perm_app_setup_path(APP27_B.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
710 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
711 result = perm_app_setup_path(APP27_B.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
712 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
713 result = perm_app_setup_path(APP27_B.c_str(), APP27_B_SET.c_str(), PERM_APP_PATH_SETTINGS);
714 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
716 result = perm_app_install(APP27_C.c_str());
717 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
718 result = perm_app_setup_path(APP27_C.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
719 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
721 result = perm_app_install(APP27_D.c_str());
722 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
723 result = perm_app_setup_path(APP27_D.c_str(), APP27_D_PUB.c_str(), PERM_APP_PATH_PUBLIC);
724 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
726 result = perm_app_install(APP27_E.c_str());
727 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
728 result = perm_app_setup_path(APP27_E.c_str(), APP27_E_SET.c_str(), PERM_APP_PATH_SETTINGS);
729 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
734 void additional_rules_set_add_app_state(void)
739 result = perm_app_setup_path(APP27_A.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
740 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
742 result = perm_app_install(APP27_F.c_str());
743 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
744 result = perm_app_setup_path(APP27_F.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
745 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
749 void additional_rules_set_add_dir_state(void)
754 result = perm_app_setup_path(APP27_E.c_str(), APP27_E_PUB.c_str(), PERM_APP_PATH_PUBLIC);
755 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
757 result = perm_app_setup_path(APP27_A.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
758 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
759 result = perm_app_setup_path(APP27_C.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
760 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
761 result = perm_app_setup_path(APP27_D.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
762 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
764 result = perm_app_setup_path(APP27_C.c_str(), APP27_C_SET.c_str(), PERM_APP_PATH_SETTINGS);
765 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
769 void free_null_term_tab(char** tab)
776 void set_rules_1_state(void)
780 char* rules[count] = {};
781 std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
783 result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), APP27_A_PUB_ID.c_str(), "rwx");
784 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
785 result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), APP27_D_PUB_ID.c_str(), "rwxa");
786 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
787 result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "rxl");
788 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
789 result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "rwxat");
790 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
791 result = asprintf(&rules[i++], "%s %s %s", APP27_F.c_str(), "~PUBLIC_PATH~", "rwxatl");
792 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
793 result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~GROUP_PATH~", "ra");
794 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
795 result = asprintf(&rules[i++], "%s %s %s", APP27_A.c_str(), "~SETTINGS_PATH~", "ra");
796 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
797 result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "xl");
798 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
802 result = perm_add_additional_rules((const char**)rules);
805 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
808 void set_rules_2_state(void)
812 char* rules[count] = {};
813 std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
815 result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~PUBLIC_PATH~", "r");
816 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
817 result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~PUBLIC_PATH~", "lt");
818 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
819 result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "xa");
820 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
821 result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "w");
822 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
826 result = perm_add_additional_rules((const char**) rules);
829 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
832 void set_rules_3_state(void)
836 char* rules[count] = {};
837 std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
839 result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~GROUP_PATH~", "ra");
840 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
841 result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~GROUP_PATH~", "xlt");
842 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
843 result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~GROUP_PATH~", "rw");
844 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
848 result = perm_add_additional_rules((const char**) rules);
851 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
854 void set_rules_4_state(void)
858 char* rules[count] = {};
859 std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
861 result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~SETTINGS_PATH~", "ra");
862 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
863 result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~SETTINGS_PATH~", "xlt");
864 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
865 result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "rw");
866 RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
870 result = perm_add_additional_rules((const char**) rules);
873 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
876 void cleanup_additional_rules_apps(void)
879 const std::vector<std::string> apps = { APP27_A, APP27_B, APP27_C, APP27_D, APP27_E, APP27_F };
882 for (auto a = apps.begin(); a != apps.end(); ++a) {
883 result = perm_app_uninstall(a->c_str());
884 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "app = " << a->c_str() <<
885 "; result = " << result);
890 void cleanup_additional_rules_rules(void)
893 const char* empty[] = { NULL };
895 result = perm_add_additional_rules(empty);
897 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
900 void cleanup_additional_rules_directories(void)
902 for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
903 int result = rmdir(dir->c_str());
904 RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == ENOENT),
905 "directory = " << dir->c_str() << "; result = " << result <<
906 "; errno = " << errno << "; error = " << strerror(errno));
910 void cleanup_additional_rules_all(void)
912 cleanup_additional_rules_apps();
913 cleanup_additional_rules_rules();
914 additional_rules_prepare_directories();
917 RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_1_rollback)
919 UNUSED RestoreAdditionalRulesGuard guard;
920 cleanup_additional_rules_all();
923 additional_rules_set_initial_state();
924 test_smack_rules_vector(initial_state);
926 //set state with some public additional rules
928 test_smack_rules_vector(rules_1_state);
930 //rollback to initial state
931 cleanup_additional_rules_rules();
932 test_smack_rules_vector(initial_state);
935 cleanup_additional_rules_all();
938 RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_2_add_app)
940 UNUSED RestoreAdditionalRulesGuard guard;
941 cleanup_additional_rules_all();
944 additional_rules_set_initial_state();
945 test_smack_rules_vector(initial_state);
947 //set state with some public additional rules
949 test_smack_rules_vector(rules_1_state);
952 additional_rules_set_add_app_state();
953 test_smack_rules_vector(add_app_state);
956 cleanup_additional_rules_all();
959 RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_3_add_dir)
961 UNUSED RestoreAdditionalRulesGuard guard;
962 cleanup_additional_rules_all();
965 additional_rules_set_initial_state();
966 test_smack_rules_vector(initial_state);
968 //set state with some public additional rules
970 test_smack_rules_vector(rules_1_state);
973 additional_rules_set_add_dir_state();
974 test_smack_rules_vector(add_dir_state);
977 cleanup_additional_rules_all();
980 RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_4_update_rules)
982 UNUSED RestoreAdditionalRulesGuard guard;
983 cleanup_additional_rules_all();
986 additional_rules_set_initial_state();
987 test_smack_rules_vector(initial_state);
989 //set state with some additional rules
991 test_smack_rules_vector(rules_1_state);
993 //set state with some public additional rules
995 test_smack_rules_vector(rules_2_state);
997 //set state with some group additional rules
999 test_smack_rules_vector(rules_3_state);
1001 //set state with some settings additional rules
1002 set_rules_4_state();
1003 test_smack_rules_vector(rules_4_state);
1006 cleanup_additional_rules_all();