2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Pawel Polawski (p.polawski@samsung.com)
21 * @brief libprivilege test runer
25 #include <dpl/test/test_runner.h>
26 #include <dpl/log/log.h>
28 #include <sys/types.h>
33 #include <sys/smack.h>
35 #include <sys/xattr.h>
37 int files_compare(int fd1, int fd2)
41 //for getting files sizes
45 void * h1 = MAP_FAILED;
46 void * h2 = MAP_FAILED;
48 //getting files information
49 if(fstat(fd1, &fs1) == -1) {
53 if(fstat(fd2, &fs2) == -1) {
58 if(fs1.st_size != fs2.st_size) //if files are identical size will be the same
61 //mapping files to process memory
62 if((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) {
66 if((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
71 result = memcmp(h1, h2, fs1.st_size);
73 //cleaning after mmap()
76 munmap(h2, fs2.st_size);
78 munmap(h1, fs1.st_size);
83 RUNNER_TEST_GROUP_INIT(libsmack)
85 RUNNER_TEST(smack01_storing_and_restoring_rules)
88 * author: Pawel Polawski
89 * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
90 * smack_accesses_free, smack_accesses_save
91 * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
92 * stored and restored from file.
93 * expect: Rules created and stored in file should be identical to predefined template.
96 struct smack_accesses * rules = NULL; //rules prepared in this test case
97 struct smack_accesses * import_test = NULL; //rules imported from file
99 int result; //result of each operation to be tested by RUNNER_ASSERT
100 int fd, tmp, sample; //file descripptors for save / restore rules tests
102 //int smack_accesses_new(struct smack_accesses **accesses);
103 result = smack_accesses_new(&rules); //rules struct init
104 RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
105 result = smack_accesses_new(&import_test); //rules struct init
106 RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
109 fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
110 RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
111 tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
112 RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
113 sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
114 RUNNER_ASSERT_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
116 //int smack_accesses_add(struct smack_accesses *handle, const char *subject,
117 // const char *object, const char *access_type);
118 result = smack_accesses_add(rules, "writer", "book", "rw");
119 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
120 result = smack_accesses_add(rules, "reader", "book", "wx");
121 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
123 //int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject,
124 // const char *object, const char *access_add, const char *access_del);
125 result = smack_accesses_add_modify(rules, "reader", "book", "r", "wx");
126 RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
128 //int smack_accesses_save(struct smack_accesses *handle, int fd);
129 result = smack_accesses_save(rules, fd);
130 RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
132 //int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd);
133 result = lseek(fd, 0, SEEK_SET);
134 RUNNER_ASSERT_MSG(result == 0, "lseek() error");
135 result = smack_accesses_add_from_file(import_test, fd);
136 RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
138 result = smack_accesses_save(import_test, tmp);
139 RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
141 result = files_compare(fd, tmp); //comparing rules saved in file, restored from it and stored one more time
142 RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
144 result = files_compare(tmp, sample); //comparing rules stored in file with reference preinstalled rules
145 RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
147 //void smack_accesses_free(struct smack_accesses *handle);
148 smack_accesses_free(rules);
149 smack_accesses_free(import_test);
151 //closing file descriptors
157 RUNNER_TEST(smack02_aplying_rules_into_kernel)
160 * author: Pawel Polawski
161 * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
162 * smack_accesses_add, smack_accesses_free
163 * description: In this test case aplying rules to kernel will be tested. After that function for test
164 * accesses will be used.
165 * expect: In case of correct rules access should be granted.
168 //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
170 struct smack_accesses * rules = NULL; //rules prepared in this test case
171 int result; //for storing functions results
173 result = smack_accesses_new(&rules); //rules struct init
174 RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
176 //adding test rules to struct
177 result = smack_accesses_add(rules, "writer", "book", "rwx");
178 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
179 result = smack_accesses_add(rules, "reader", "book", "r");
180 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
181 result = smack_accesses_add(rules, "spy", "book", "rwx");
182 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
184 //int smack_accesses_apply(struct smack_accesses *handle);
185 result = smack_accesses_apply(rules); //applying rules to kernel
186 RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
188 //int smack_have_access(const char *subject, const char *object,
189 // const char *access_type);
190 result = smack_have_access("spy", "book", "rwx"); //should have access - rule exist
191 RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
192 result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only
193 RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
194 result = smack_have_access("mars", "book", "rwx"); //should have no acces - rule not exist
195 RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
197 //int smack_revoke_subject(const char *subject);
198 result = smack_revoke_subject("snickers"); //this subject do not exist in kernel rules
199 RUNNER_ASSERT_MSG(result == -1, "Error in rmoving not existing subject from kernel"); // <----- TODO: this one should be changed (== 0) after fixing revoke_subject in kernel
200 result = smack_revoke_subject("spy"); //this subject exist in kernel rules
201 RUNNER_ASSERT_MSG(result == 0, "Error in rmoving existing subject from kernel");
203 result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel
204 RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now spy should have no access
205 result = smack_have_access("spy", "book", "-----"); //and should have "-----" rule
206 RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
208 result = smack_accesses_add(rules, "twix", "book", "rwx"); //for create new rule as a consequence of use accesses_clear() below
209 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
211 //int smack_accesses_clear(struct smack_accesses *handle);
212 result = smack_accesses_clear(rules); //"spy" removed before by using smack_revoke_subject()
213 RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
215 result = smack_have_access("writer", "book", "rwx"); //testing acces after acces_clear()
216 RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now writer also should have no access
217 result = smack_have_access("writer", "book", "-----"); //and should have "-----" rule
218 RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
219 result = smack_have_access("twix", "book", "-----"); //rule created by calling accesses_clear()
220 RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
223 smack_accesses_free(rules);
226 //pairs of rules for test with mixed cases, different length and mixed order
227 char * rules_tab[] = {
228 "reader1", "-", "-----",
229 "reader2", "--------", "-----",
230 "reader3", "RwXaT", "rwxat",
231 "reader4", "RrrXXXXTTT", "r-x-t",
232 "reader5", "-r-w-a-t", "rw-at",
233 "reader6", "", "-----",
234 "reader7", "xa--Rt---W", "rwxat",
235 "reader8", "#Ax[T].!~W@1}", "-wxat"
238 RUNNER_TEST(smack03_mixed_rule_string_add)
241 * author: Pawel Polawski
242 * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
243 * description: In thist test case rules based on mixed string are added to kernel.
244 * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
245 * expect: Rules should be parsed correct and aplied to kernel.
248 //In thist test case mixed string are used as rules applied to kernel, next they are
249 //readed and compared with correct form of rules
251 struct smack_accesses * rules = NULL; //rules prepared in this test case
252 int result; //for storing functions results
255 result = smack_accesses_new(&rules); //rules struct init
256 RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
258 //adding test rules with mixed string
259 for(i = 0; i < (3 * 8) ; i += 3) {
260 result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
261 RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
265 //FIXME: Using clear() here can cover error in accesses_apply() function
266 //result = smack_accesses_clear(rules);
267 //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
269 //applying rules to kernel
270 result = smack_accesses_apply(rules);
271 RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
273 //checking accesses using normal rules
274 for(i = 0; i < (3 * 8) ; i += 3) {
275 result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table
276 RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
280 smack_accesses_free(rules);
284 RUNNER_TEST(smack04_mixed_rule_string_have_access)
287 * author: Pawel Polawski
288 * test: smack_have_access
289 * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
290 * expect: Subjects should have accesses to the objects.
293 //In this test case we checking previous aplied rules but for compare mixed strings are used
298 //rules were added in previous RUNNER_TEST section
299 //checking accesses using mixed rules
300 for(i = 0; i < (3 * 8) ; i += 3) {
301 result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
302 RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
306 //RUNNER_TEST(smackXX_accesses_add_modify)
309 // - what if we want to apply rule that is already in kernel?
310 // - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
311 // - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
314 RUNNER_TEST(smack05_self_label)
317 * author: Pawel Polawski
318 * test: smack_set_label_for_self, smack_new_label_from_self
319 * description: In this test case process test it own default label. Next label is changed
320 * and tested one more time if change was successfull.
321 * expect: Proces should have default "-" label and can change it to the oter one.
324 //In this test case process will manipulate it own label
330 const int B_SIZE = 8;
333 char * def_rule = "_";
335 //int smack_new_label_from_self(char **label);
336 result = smack_new_label_from_self(&label);
337 RUNNER_ASSERT_MSG(result == 0, "Error in getting self label");
339 //comparing this label with default one "_"
340 result = strcmp(label, def_rule);
341 RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
343 //comparing this rule with received from /proc/self/attr/current
344 fd = open("/proc/self/attr/current", O_RDONLY, 0644);
345 RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
346 result = read(fd, buff, B_SIZE);
347 RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
348 result = strncmp(buff, def_rule, result);
349 RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
353 //now time for setting labels:
355 //int smack_set_label_for_self(const char *label);
356 result = smack_set_label_for_self("cola");
357 RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
359 //checking new label using smack function
360 result = smack_new_label_from_self(&label);
361 RUNNER_ASSERT_MSG(result == 0, "Error in getting self label");
362 result = strcmp(label, "cola");
363 RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
365 //checking new label using /proc/self/attr/current
366 result = lseek(fd, 0, SEEK_SET); //going to the file beginning
367 RUNNER_ASSERT_MSG(result == 0, "lseek() error");
368 result = read(fd, buff, B_SIZE);
369 RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
370 result = strncmp(buff, "cola", result);
371 RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
377 //RUNNER_TEST(smackXX_parent_child_label)
379 //In this test case parent process and child labels will be tested
380 //Parent will fork and check child's label. First fork will be with default "_" parent label,
381 //second one witch changed label.
384 //bellow function is from libsmack.c witch changed name
385 char * xattr(enum smack_label_type type)
388 case SMACK_LABEL_ACCESS:
389 return "security.SMACK64";
390 case SMACK_LABEL_EXEC:
391 return "security.SMACK64EXEC";
392 case SMACK_LABEL_MMAP:
393 return "security.SMACK64MMAP";
394 case SMACK_LABEL_TRANSMUTE:
395 return "security.SMACK64TRANSMUTE";
396 case SMACK_LABEL_IPIN:
397 return "security.SMACK64IPIN";
398 case SMACK_LABEL_IPOUT:
399 return "security.SMACK64IPOUT";
401 /* Should not reach this point */
406 //TODO: In bellow RUNNER_TEST add lget / lset functions to be testet the same way as normal get / set
407 RUNNER_TEST(smack06_get_set_label)
410 * author: Pawel Polawski
411 * test: smack_getlabel, smack_setlabel
412 * description: In this test case file label is tested using SMACK API functions and system xattr functions.
413 * Functions tested here is used for normal files.
414 * expect: Function should return default label, and the new one after change it.
417 //In this test case will be tested setting and getting file label
418 //If file is symbolic link functions should follow it
420 //SMACK xattr from libsmack.c:
422 //case SMACK_LABEL_ACCESS:
423 // return "security.SMACK64";
424 //case SMACK_LABEL_EXEC:
425 // return "security.SMACK64EXEC";
426 //case SMACK_LABEL_MMAP:
427 // return "security.SMACK64MMAP";
428 //case SMACK_LABEL_TRANSMUTE:
429 // return "security.SMACK64TRANSMUTE";
430 //case SMACK_LABEL_IPIN:
431 // return "security.SMACK64IPIN";
432 //case SMACK_LABEL_IPOUT:
433 // return "security.SMACK64IPOUT";
438 const int B_SIZE = 8;
441 char * file_path = "/etc/smack/test_smack_rules";
444 //preparing environment by restoring default "_" label
445 result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
446 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
449 //int smack_getlabel(const char *path, char** label,
450 // enum smack_label_type type);
451 result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
452 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
453 //get label, should be default "_"
454 result = strcmp(label, "_");
455 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
457 //get label using xattr function
458 result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
459 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
460 //check label, should match the one readed by smack function
461 result = strncmp(buff, "_", result);
462 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
465 //int smack_setlabel(const char *path, const char* label,
466 // enum smack_label_type type);
467 result = smack_setlabel(file_path, "fanta", SMACK_LABEL_ACCESS);
468 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
471 //get label using smack function
472 result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
473 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
474 //get label, should be default "fanta"
475 result = strcmp(label, "fanta");
476 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
478 //get label using xattr function
479 result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
480 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
481 //check label, should match the one readed by smack function
482 result = strncmp(buff, "fanta", result);
483 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
486 //RUNNER_TEST(smackXX_get_label_exec)
488 //In this test case EXEC label will be tested
489 //by setting this type of label, reading it and testing executed binary exit status
492 RUNNER_TEST(smack07_l_get_set_label)
495 * author: Pawel Polawski
496 * test: smack_lgetlabel, smack_lsetlabel, smack_getlabel
497 * description: Functions tested here are similar to one from previous test case. The difference
498 * is that in case of symbolic link they follows it and operates on file pointed by it.
499 * expect: All label manipulations should affect file pointed by symbolic link.
505 const int B_SIZE = 8;
508 char * file_path = "/etc/smack/test_smack_rules_lnk";
511 //preparing environment by restoring default "_" label
512 result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS);
513 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
514 result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
515 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
518 //int smack_lgetlabel(const char *path, char** label,
519 // enum smack_label_type type);
520 result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
521 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
522 //get label of symbolic link, should be default "_"
523 result = strcmp(label, "_");
524 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
526 //get label using xattr function
527 result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
528 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
529 //check label, should match the one readed by smack function
530 result = strncmp(buff, "_", result);
531 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
534 //int smack_lsetlabel(const char *path, const char* label,
535 // enum smack_label_type type);
536 result = smack_lsetlabel(file_path, "7up", SMACK_LABEL_ACCESS);
537 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
538 //and set label for file pointed by link
539 result = smack_setlabel(file_path, "mirinda", SMACK_LABEL_ACCESS);
540 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
543 //get label using smack function
544 result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
545 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
546 //check label, should be "7up"
547 result = strcmp(label, "7up");
548 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
550 //get label using xattr function
551 result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
552 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
553 //check label, should match the one readed by smack function
554 result = strncmp(buff, "7up", result);
555 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
558 //now similar to above, but folowing symbolic link set before to "mirinda"
559 result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
560 RUNNER_ASSERT_MSG(result == 0, "Error gettin label of file pointed by symbolic link");
561 //now label should be "mirinda" for file instead of "7up" set for link
562 result = strcmp(label, "mirinda");
563 RUNNER_ASSERT_MSG(result == 0, "Wrong label of file pointed by symbolic link");
565 //get label using xattr function
566 result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
567 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
568 //check label, should match the one readed by smack function
569 result = strncmp(buff, "mirinda", result);
570 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
573 RUNNER_TEST(smack08_f_get_set_label)
576 * author: Pawel Polawski
577 * test: smack_fgetlabel, smack_fsetlabel
578 * description: This test case is similar to test case smack06 above. The difference
579 * is that argument is file descriptor instead of file path.
580 * Function not follow symbolic link and operates directly on it.
581 * expect: All label manipulations should affect symbolic link itself.
587 const int B_SIZE = 8;
591 char * file_path = "/etc/smack/test_smack_rules";
593 fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules
594 RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules");
596 //preparing environment by restoring default "_" label
597 result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS);
598 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
601 //int smack_fgetlabel(int fd, char** label,
602 // enum smack_label_type type);
603 result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
604 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
605 //check label, should be "_"
606 result = strcmp(label, "_");
607 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
609 //get label using xattr function
610 result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
611 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
612 //check label, should match the one readed by smack function
613 result = strncmp(buff, "_", result);
614 RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
617 //int smack_fsetlabel(int fd, const char* label,
618 // enum smack_label_type type);
619 result = smack_fsetlabel(fd, "sprite", SMACK_LABEL_ACCESS);
620 RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
623 //get label using smack function
624 result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
625 RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
626 //check label, should be "sprite"
627 result = strcmp(label, "sprite");
628 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
630 //get label using xattr function
631 result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
632 RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
633 //check label, should match the one readed by smack function
634 result = strncmp(buff, "sprite", result);
635 RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
641 //int smack_new_label_from_socket(int fd, char **label);