#include <sys/wait.h>
#include "tests_common.h"
#include <access_provider.h>
+#include <fs_label_manager.h>
#include "memory.h"
const char* const TEST_SUBJECT = "test_subject";
RUNNER_ASSERT_MSG_BT(result == 0, "Proces rule in /proc/self/attr/current other than set");
}
-//RUNNER_TEST(smackXX_parent_child_label)
-//{
-//In this test case parent process and child labels will be tested
-//Parent will fork and check child's label. First fork will be with default "_" parent label,
-//second one witch changed label.
-//}
-
-//bellow function is from libsmack.c witch changed name
-const char *xattr(enum smack_label_type type)
-{
- switch (type) {
- case SMACK_LABEL_ACCESS:
- return "security.SMACK64";
- case SMACK_LABEL_EXEC:
- return "security.SMACK64EXEC";
- case SMACK_LABEL_MMAP:
- return "security.SMACK64MMAP";
- case SMACK_LABEL_TRANSMUTE:
- return "security.SMACK64TRANSMUTE";
- case SMACK_LABEL_IPIN:
- return "security.SMACK64IPIN";
- case SMACK_LABEL_IPOUT:
- return "security.SMACK64IPOUT";
- default:
- /* Should not reach this point */
- return NULL;
- }
-}
-
-//TODO: In bellow RUNNER_TEST add lget / lset functions to be testet the same way as normal get / set
-RUNNER_TEST(smack06_get_set_label)
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0)
{
- /*
- * author: Pawel Polawski
- * test: smack_getlabel, smack_setlabel
- * description: In this test case file label is tested using SMACK API functions and system xattr functions.
- * Functions tested here is used for normal files.
- * expect: Function should return default label, and the new one after change it.
- */
-
- //In this test case will be tested setting and getting file label
- //If file is symbolic link functions should follow it
-
- //SMACK xattr from libsmack.c:
- //
- //case SMACK_LABEL_ACCESS:
- // return "security.SMACK64";
- //case SMACK_LABEL_EXEC:
- // return "security.SMACK64EXEC";
- //case SMACK_LABEL_MMAP:
- // return "security.SMACK64MMAP";
- //case SMACK_LABEL_TRANSMUTE:
- // return "security.SMACK64TRANSMUTE";
- //case SMACK_LABEL_IPIN:
- // return "security.SMACK64IPIN";
- //case SMACK_LABEL_IPOUT:
- // return "security.SMACK64IPOUT";
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_0";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
- int result;
- char *label = NULL;
+ const std::string filePath = "file";
- char buff[SMACK_LABEL_LEN+1];
- const char* s06testlabel = "s06testlabel";
- const char *file_path = "/etc/smack/test_smack_rules";
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
- //preparing environment by restoring default "_" label
- result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
+ // reset labels first time
+ fs.testSmackClearLabels(filePath);
- result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //get label, should be default "_"
- result = strcmp(label, "_");
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, "_", result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- result = smack_setlabel(file_path, s06testlabel, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //get label using smack function
- result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //get label, should be default s06testlabel
- result = strcmp(label, s06testlabel);
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
- //get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, s06testlabel, result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+ // reset labels second time
+ fs.testSmackClearLabels(filePath);
}
-//RUNNER_TEST(smackXX_get_label_exec)
-//{
-//In this test case EXEC label will be tested
-//by setting this type of label, reading it and testing executed binary exit status
-//}
-
-RUNNER_TEST(smack07_l_get_set_label)
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1)
{
- /*
- * author: Pawel Polawski
- * test: smack_lgetlabel, smack_lsetlabel, smack_getlabel
- * description: Functions tested here are similar to one from previous test case. The difference
- * is that in case of symbolic link they follows it and operates on file pointed by it.
- * expect: All label manipulations should affect file pointed by symbolic link.
- */
-
- int result;
- char *label = NULL;
-
- char buff[SMACK_LABEL_LEN+1];
- const char* s07testlabel1 = "s07testlabel1";
- const char* s07testlabel2 = "s07testlabel2";
-
- const char *file_path = "/etc/smack/test_smack_rules_lnk";
-
- //preparing environment by restoring default "_" label
- result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
- result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //get label of symbolic link, should be default "_"
- result = strcmp(label, "_");
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //get label using xattr function
- result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, "_", result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- result = smack_lsetlabel(file_path, s07testlabel1, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
- //and set label for file pointed by link
- result = smack_setlabel(file_path, s07testlabel2, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //get label using smack function
- result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //check label, should be s07testlabel1
- result = strcmp(label, s07testlabel1);
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
- //get label using xattr function
- result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, s07testlabel1, result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
- //now similar to above, but folowing symbolic link set before to s07testlabel2
- result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error gettin label of file pointed by symbolic link");
- //now label should be s07testlabel2 for file instead of s07testlabel1 set for link
- result = strcmp(label, s07testlabel2);
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link");
-
- //get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, s07testlabel2, result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+
+ // set and get labels first time
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ // set and get same labels second time
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
}
-RUNNER_TEST(smack08_f_get_set_label)
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2)
{
- /*
- * author: Pawel Polawski
- * test: smack_fgetlabel, smack_fsetlabel
- * description: This test case is similar to test case smack06 above. The difference
- * is that argument is file descriptor instead of file path.
- * Function not follow symbolic link and operates directly on it.
- * expect: All label manipulations should affect symbolic link itself.
- */
-
- int result;
- char *label = NULL;
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_2";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
+ const std::string linkPath = "link";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+ fs.createLink(linkPath, filePath);
+
+ // set and get labels for file to which link points
+ fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
+
+ // link labels should not be changed
+ fs.testSmackLGetLabel(linkPath, NULL, SMACK_LABEL_ACCESS);
+ fs.testSmackLGetLabel(linkPath, NULL, SMACK_LABEL_EXEC);
+}
- char buff[SMACK_LABEL_LEN+1];
- const char* s08testlabel = "s08testlabel";
+RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1)
+{
+ const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "fileAccess";
+ const char* testLabelExec = "fileExec";
+ const char* testLinkLabelAccess = "linkAccess";
+ const char* testLinkLabelExec = "linkExec";
+ const std::string filePath = "file";
+ const std::string linkPath = "link";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+ fs.createLink(linkPath, filePath);
+
+ // set different labels for link and file
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
+
+ // get those labels
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
+}
- int fd;
- const char *file_path = "/etc/smack/test_smack_rules";
+RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1)
+{
+ const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
- fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules
- RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules");
- FdUniquePtr fd_ptr(&fd);
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
- //preparing environment by restoring default "_" label
- result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
- result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //check label, should be "_"
- result = strcmp(label, "_");
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //get label using xattr function
- result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, "_", result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- result = smack_fsetlabel(fd, s08testlabel, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //get label using smack function
- result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //check label, should be s08testlabel
- result = strcmp(label, s08testlabel);
- free(label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
- //get label using xattr function
- result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
- //check label, should match the one readed by smack function
- result = strncmp(buff, s08testlabel, result);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+ // set and get labels for fd
+ fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
}
RUNNER_TEST_SMACK(smack10_adding_removing_rules)
projects / platform / core / test / security-tests.git / blobdiff