-RUNNER_TEST(privilege_control20_app_setup_path_npruntime)
-{
- int result = 0;
- std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
- std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
- char *label = NULL;
-
- DB_BEGIN
-
- result = perm_app_uninstall(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
-
- result = perm_app_install(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
-
- result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
-
- DB_END
-
- RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
- labelPtr.reset(label);
- label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
-
- // test smack accesses
- result = smack_have_access(APP_NPRUNTIME, nptargetlabel.c_str(), "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "Error: subject: " << APP_NPRUNTIME << " has not rw access to object: "
- << nptargetlabel.c_str() << ". Result: " << result);
-
- result = smack_have_access(nptargetlabel.c_str(), APP_NPRUNTIME, "rxat");
- RUNNER_ASSERT_MSG(result == 1,
- "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: "
- << APP_NPRUNTIME << ". Result: " << result);
-
- result = smack_have_access(nptargetlabel.c_str(), "system::homedir", "rxat");
- RUNNER_ASSERT_MSG(result == 1,
- "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: "
- << "system::homedir. Result: " << result);
-
- result = smack_have_access(nptargetlabel.c_str(), "xorg", "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "Error: subject: " << nptargetlabel.c_str() << " has not rw access to object: "
- << "xorg. Result: " << result);
-
- result = perm_app_uninstall(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
-}
-
-RUNNER_TEST(privilege_control21_early_rules)
-{
- RUNNER_IGNORED_MSG("early rules are not implemented");
-
- int result;
- int fd = -1;
- int pass_1 = 0;
- int pass_2 = 0;
- char *single_line_format = NULL;
- char *perm = NULL;
- FILE *file = NULL;
-
- char subject[SMACK_LABEL_LEN + 1] = {0};
- char object[SMACK_LABEL_LEN + 1] = {0};
- char rule_add[SMACK_ACC_LEN + 1] = {0};
- char rule_remove[SMACK_ACC_LEN + 1] = {0};
-
- unlink(SMACK_RULES_DIR APP_ID);
-
- DB_BEGIN
-
- perm_app_uninstall(APP_ID);
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- close(fd);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
- fd = -1;
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
- result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
-
- DB_END
-
- file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
-
- result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
-
- while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
- pass_1 = 1; // Found rule for APP_ID
- continue;
- }
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
- pass_2 = 1; // Found rule for APP_TEST_APP_1
- continue;
- }
- }
- fclose(file);
- file = NULL;
-
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
-
- // Checking if "early rule" for APP_ID was really removed
- // We also should make sure that "early rules" for other apps wasn't removed
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- pass_1 = 1;
- pass_2 = 0;
-
- file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
-
- while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
- pass_1 = 0; // Found rule for APP_ID - it should NOT be here
- continue;
- }
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
- pass_2 = 1; // Found rule for APP_TEST_APP_1
- continue;
- }
- }
- fclose(file);
- file = NULL;
-
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
-
- // Removing and checking "early rule" for APP_TEST_APP_1
- result = perm_app_uninstall(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- pass_1 = 1;
- pass_2 = 1;
-
- file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
-
- while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
- pass_1 = 0; // Found rule for APP_ID - it should NOT be here
- continue;
- }
- if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
- pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
- continue;
- }
- }
- free(single_line_format);
- fclose(file);
-
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
-}
-
-/**
- * AV Privilege test cases.
- *
- * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
- * deprecated APP_TYPE_OTHER type.
- */
-
-int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
- struct FTW* /*pfwt*/)
-{
- int result = -1;
-
- struct stat filestat;
-
- result = stat(filename, &filestat);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
-
- if(S_ISREG(filestat.st_mode)) {
- result = unlink(filename);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
- } else if(S_ISDIR(filestat.st_mode)) {
- result = rmdir(filename);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
- }
-
- return 0;
-}
-
-void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
- const char* shared_label)
-{
- int result = -1;
-
- result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
- ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
- << result << ", app_path_type: " << app_path_type);
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
- << result << ", app_path_type: " << app_path_type);
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
- << result << ", app_path_type: " << app_path_type);
- result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
- << result << ", app_path_type: " << app_path_type);
-
- DB_END
-}
-
-void InstallAV(const char* av_id, app_type_t av_type)
-{
- int result = -1;
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(av_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
- << result << ", av_type: " << av_type);
- result = perm_app_uninstall(av_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
- << result << ", av_type: " << av_type);