* @file test_cases.cpp
* @author Pawel Polawski (p.polawski@samsung.com)
* @author Jan Olszak (j.olszak@samsung.com)
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
* @version 1.0
- * @brief libprivilege test runer
+ * @brief libsmack test runner
*/
#include <string>
#include <sys/wait.h>
#include "tests_common.h"
#include <access_provider.h>
+#include "memory.h"
-#define TEST_SUBJECT "test_subject"
-#define TEST_OBJECT "test_oject"
-#define TEST_OBJECT_2 "test_oject_2"
+const char* const TEST_SUBJECT = "test_subject";
+const char* const TEST_OBJECT = "test_object";
+const char* const TEST_OBJECT_2 = "test_object_2";
-#define SOCK_PATH "/tmp/test-smack-socket"
+const std::string testDir = "/opt/home/app/";
+const std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
-std::string testDir = "/opt/home/app/";
-std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
+//This one define is required for sockaddr_un initialization
+#define SOCK_PATH "/tmp/test-smack-socket"
int files_compare(int fd1, int fd2)
{
- int result = 0;
-
//for getting files sizes
struct stat fs1, fs2;
void *h2 = MAP_FAILED;
//getting files information
- if (fstat(fd1, &fs1) == -1) {
- perror("fstat");
- return -1;
- }
- if (fstat(fd2, &fs2) == -1) {
- perror("fstat");
- return -1;
- }
+ RUNNER_ASSERT_MSG_BT(fstat(fd1, &fs1) == 0, "fstat failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(fstat(fd2, &fs2) == 0, "fstat failed: " << strerror(errno));
if (fs1.st_size != fs2.st_size) //if files are identical size will be the same
return -1;
//mapping files to process memory
- if ((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) {
- result = -1;
- goto end;
- }
+ RUNNER_ASSERT_MSG_BT((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED,
+ "mmap failed for fd=" << fd1 << " : " << strerror(errno));
+
if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
- result = -1;
- goto end;
+ munmap(h1, fs1.st_size);
+ RUNNER_ASSERT_MSG_BT(h2 != MAP_FAILED, "mmap failed for fd=" << fd2
+ << " : " << strerror(errno));
}
- result = memcmp(h1, h2, fs1.st_size);
-
- //cleaning after mmap()
-end:
- if (h2 != MAP_FAILED)
- munmap(h2, fs2.st_size);
- if (h1 != MAP_FAILED)
- munmap(h1, fs1.st_size);
+ int result = memcmp(h1, h2, fs1.st_size);
+ munmap(h1, fs1.st_size);
+ munmap(h2, fs2.st_size);
return result;
}
-
RUNNER_TEST_GROUP_INIT(libsmack)
/**
* Helper method to reset privileges at the begginning of tests.
*/
void clean_up()
{
- struct smack_accesses *rules = NULL;
- int result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
-
- // CLEAN UP
- smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwxat");
- smack_accesses_apply(rules);
- smack_accesses_free(rules);
-
- // PREINIT CHECK.
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"w") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"x") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"a") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"t") != 1, "Rule has previous privileges after cleaning up!");
+ smack_revoke_subject(TEST_SUBJECT);
}
/**
bool checkNoAccesses(const char *subject, const char *object)
{
int result;
- result = smack_have_access(subject, object,"r");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"w");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"x");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"a");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"t");
- if (result == 1) {
- return false;
+ for(const auto &perm : std::vector<std::string> () = {"r", "w", "a","t", "l"}) {
+ result = smack_have_access(subject, object, perm.c_str());
+ if (result == 1) {
+ return false;
+ }
}
return true;
}
void removeAccessesAll()
{
- struct smack_accesses *rules = NULL;
- int result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
-
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_03", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_03", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_03", "", "rxwat");
-
- smack_accesses_apply(rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
- smack_accesses_free(rules);
+ for(int i = 1; i <=3; i++)
+ //smack_revoke_subject will fail, when subject does not exist in kernel
+ //as this function is called at test beginning we cannot check return value
+ smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
}
-
/**
* Add a new access with smack_accesses_add_modify()
*/
clean_up();
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
// THE TEST
result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify by empty rules");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
RUNNER_ASSERT_MSG_BT(result == 1, "Rule modified (added 'xr'), but no change made.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){
int result;
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
clean_up();
// THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r","");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0, "Modification didn't work");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0,
+ "Modification didn't work");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){
int result;
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
clean_up();
// THE TEST
// Add r privilage
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r","");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1, "Adding privileges didn't work");
- smack_accesses_free(rules);
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1,
+ "Adding privileges didn't work");
// Revoke r privilege
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
RUNNER_ASSERT_MSG_BT(result == 0, "Modification didn't work, rule has still 'r' privileges.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
/**
RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){
int result;
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
clean_up();
// THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
/**
RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){
int result;
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
clean_up();
// THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){
int result;
struct smack_accesses *rules = NULL;
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
clean_up();
// THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwt","");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt","");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"ax","rt");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
/**
struct smack_accesses *rules = NULL;
for (i = 0; i < accessesBasic.size(); ++i) {
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),accessesBasic[i].c_str());
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str(), accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
" Error while checking smack access. Accesses exist.");
// CLEAN UP
clean_up();
- smack_accesses_free(rules);
}
}
for (i = 0; i < accessesBasic.size(); ++i) {
// Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),"");
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str(),"");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str(),"");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str(),"");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. "
+ "Rule " << accessesBasic[i].c_str() << " does not exist.");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. "
+ "Rule " << accessesBasic[i].c_str() << " does not exist.");
// Revoking subject
result = smack_revoke_subject(TEST_SUBJECT);
RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
" Revoke didn't work. Accesses exist.");
- smack_accesses_free(rules);
}
}
for (i = 0; i < accessesBasic.size(); ++i) {
// Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
- result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
-
- smack_accesses_free(rules);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
// Creating and clearing rules with TEST_OBJECT
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
- result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules);
+ result = smack_accesses_clear(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work.");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does exist.");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work. Rule "
+ << accessesBasic[i].c_str() << " does exist.");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 1, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
-
- smack_accesses_free(rules);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Clearing rules didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
- // Creating and clearing rules with TEST_OBJECT_2
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ // Creating and clearing rules with TEST_OBJECT
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
- result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules);
+ result = smack_accesses_clear(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work.");
- smack_accesses_free(rules);
-
RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
" Clear didn't work. Accesses exist.");
RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
int fd, tmp, sample; //file descripptors for save / restore rules tests
//int smack_accesses_new(struct smack_accesses **accesses);
- result = smack_accesses_new(&rules); //rules struct init
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
- result = smack_accesses_new(&import_test); //rules struct init
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+ RUNNER_ASSERT_BT(smack_accesses_new(&import_test) == 0);
+ SmackAccessesPtr import_ptr(import_test);
//opening files
fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to create /tmp/smack01_rules");
+ FdUniquePtr fd_ptr(&fd);
tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to create /tmp/smack01_tmp");
+ FdUniquePtr tmp_ptr(&tmp);
sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
RUNNER_ASSERT_MSG_BT(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
+ FdUniquePtr sample_ptr(&sample);
- //int smack_accesses_add(struct smack_accesses *handle, const char *subject,
- // const char *object, const char *access_type);
- result = smack_accesses_add(rules, "writer", "book", "rw");
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules, "reader", "book", "wx");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- //int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject,
- // const char *object, const char *access_add, const char *access_del);
- result = smack_accesses_add_modify(rules, "reader", "book", "r", "wx");
+ result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx");
RUNNER_ASSERT_MSG_BT(0 == result, "Unable to modify smack rules");
- //int smack_accesses_save(struct smack_accesses *handle, int fd);
- result = smack_accesses_save(rules, fd);
+ result = smack_accesses_save(rules_ptr.get(), fd);
RUNNER_ASSERT_MSG_BT(0 == result, "Unable to save smack_accesses instance in file");
- //int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd);
result = lseek(fd, 0, SEEK_SET);
RUNNER_ASSERT_MSG_BT(result == 0, "lseek() error");
- result = smack_accesses_add_from_file(import_test, fd);
+ result = smack_accesses_add_from_file(import_ptr.get(), fd);
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to import rules from file");
- result = smack_accesses_save(import_test, tmp);
+ result = smack_accesses_save(import_ptr.get(), tmp);
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to save smack_accesses instance in file");
- result = files_compare(fd, tmp); //comparing rules saved in file, restored from it and stored one more time
+ //comparing rules saved in file, restored from it and stored one more time
+ result = files_compare(fd, tmp);
RUNNER_ASSERT_MSG_BT(result == 0, "No match in stored and restored rules");
- result = files_compare(tmp, sample); //comparing rules stored in file with reference preinstalled rules
+ //comparing rules stored in file with reference preinstalled rules
+ result = files_compare(tmp, sample);
RUNNER_ASSERT_MSG_BT(result == 0, "No match in stored rules and pattern file");
-
- //void smack_accesses_free(struct smack_accesses *handle);
- smack_accesses_free(rules);
- smack_accesses_free(import_test);
-
- //closing file descriptors
- close(fd);
- close(tmp);
- close(sample);
}
RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel)
struct smack_accesses *rules = NULL; //rules prepared in this test case
int result; //for storing functions results
- result = smack_accesses_new(&rules); //rules struct init
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
//adding test rules to struct
- result = smack_accesses_add(rules, "writer", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules, "reader", "book", "r");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules, "spy", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- //int smack_accesses_apply(struct smack_accesses *handle);
- result = smack_accesses_apply(rules); //applying rules to kernel
+ result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to apply rules into kernel");
- //int smack_have_access(const char *subject, const char *object,
- // const char *access_type);
- result = smack_have_access("spy", "book", "rwx"); //should have access - rule exist
+ //should have access - rule exist
+ result = smack_have_access("spy", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 1, "Error while checking Smack access");
- result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only
+ //should have no access - wrong rule, should be "r" only
+ result = smack_have_access("reader", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking Smack access");
- result = smack_have_access("s02badsubjectlabel", "book", "rwx"); //should fail - rule not exist
+ //should fail - rule not exist
+ result = smack_have_access("s02badsubjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == -1, "Error while checking Smack access");
- //int smack_revoke_subject(const char *subject);
- result = smack_revoke_subject("s02nonexistinglabel"); //this subject do not exist in kernel rules
+ //this subject do not exist in kernel rules
+ result = smack_revoke_subject("s02nonexistinglabel");
RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing not existing subject from kernel");
result = smack_revoke_subject("spy"); //this subject exist in kernel rules
RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing existing subject from kernel");
- result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //now spy should have no access
+ //testing access after revoke_subject() from kernel
+ result = smack_have_access("spy", "book", "rwx");
+ //now spy should have no access
+ RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel");
//for create new rule as a consequence of use accesses_clear() below
- result = smack_accesses_add(rules, "s02subjectlabel", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- //int smack_accesses_clear(struct smack_accesses *handle);
- result = smack_accesses_clear(rules); //"spy" removed before by using smack_revoke_subject()
+ //"spy" removed before by using smack_revoke_subject()
+ result = smack_accesses_clear(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error in clearing rules in kernel");
- result = smack_have_access("writer", "book", "rwx"); //testing acces after acces_clear()
- RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //now writer also should have no access
+ //testing acces after acces_clear()
+ result = smack_have_access("writer", "book", "rwx");
+ //now writer also should have no access
+ RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel");
- //free resources
- smack_accesses_free(rules);
}
//pairs of rules for test with mixed cases, different length and mixed order
-const char *rules_tab[] = {
- "reader1", "-", "-----",
- "reader2", "--------", "-----",
- "reader3", "RwXaT", "rwxat",
- "reader4", "RrrXXXXTTT", "r-x-t",
- "reader5", "-r-w-a-t", "rw-at",
- "reader6", "", "-----",
- "reader7", "xa--Rt---W", "rwxat",
- "reader8", "#Ax[T].!~W@1}", "-wxat"
+std::vector< std::vector<std::string> > correct_rules = {
+ { "reader1", "-", "------" },
+ { "reader2", "--------", "------" },
+ { "reader3", "RwXaTl", "rwxatl" },
+ { "reader4", "RrrXXXXTTT", "r-x-t-" },
+ { "reader5", "-r-w-a-t-", "rw-at-" },
+ { "reader6", "", "------" },
+ { "reader7", "xa--Rt---W--L", "rwxatl" },
};
RUNNER_TEST_SMACK(smack03_mixed_rule_string_add)
struct smack_accesses *rules = NULL; //rules prepared in this test case
int result; //for storing functions results
- int i;
int expected;
- result = smack_accesses_new(&rules); //rules struct init
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
//adding test rules with mixed string
- for (i = 0; i < (3 * 8); i += 3) {
- result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ //using mixed rules from table
+ result = smack_accesses_add(rules_ptr.get(),
+ (*rule)[0].c_str(),
+ "book",
+ (*rule)[1].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
}
//RUNNER_ASSERT_MSG_BT(result == 0, "Error in clearing rules in kernel");
//applying rules to kernel
- result = smack_accesses_apply(rules);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to apply rules into kernel");
//checking accesses using normal rules
- for (i = 0; i < (3 * 8); i += 3) {
- if (!strcmp(rules_tab[i + 2], "-----"))
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ if ((*rule)[2] == "------")
expected = 0;
else
expected = 1;
- result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table
+ //using normal rules from table
+ result = smack_have_access((*rule)[0].c_str(),
+ "book",
+ (*rule)[2].c_str());
RUNNER_ASSERT_MSG_BT(result == expected, "Error while checking Smack access");
}
-
- //free resources
- smack_accesses_free(rules);
}
RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access)
//In this test case we checking previous aplied rules but for compare mixed strings are used
int result;
- int i;
int expected;
//rules were added in previous RUNNER_TEST section
//checking accesses using mixed rules
- for (i = 0; i < (3 * 8); i += 3) {
- if (!strcmp(rules_tab[i + 2], "-----"))
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ if ((*rule)[2] == "------")
expected = 0;
else
expected = 1;
- result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
+ //using mixed rules from table
+ result = smack_have_access((*rule)[0].c_str(),
+ "book",
+ (*rule)[1].c_str());
RUNNER_ASSERT_MSG_BT(result == expected, "Error while checking Smack access");
}
}
const char *def_rule = "_";
- //int smack_new_label_from_self(char **label);
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG_BT(result >= 0, "Error in getting self label");
-
//comparing this label with default one "_"
result = strcmp(label, def_rule);
+ free(label);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong default process label");
//comparing this rule with received from /proc/self/attr/current
fd = open("/proc/self/attr/current", O_RDONLY, 0644);
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /proc/self/attr/current");
+ FdUniquePtr fd_ptr(&fd);
result = read(fd, buff, B_SIZE);
RUNNER_ASSERT_MSG_BT(result >= 0, "Error in reading from file /proc/self/attr/current");
result = strncmp(buff, def_rule, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong default process rule");
- free(label);
-
//now time for setting labels:
- //int smack_set_label_for_self(const char *label);
result = smack_set_label_for_self("cola");
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting self label");
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG_BT(result >= 0, "Error in getting self label");
result = strcmp(label, "cola");
+ free(label);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong process label");
//checking new label using /proc/self/attr/current
RUNNER_ASSERT_MSG_BT(result >= 0, "Error in reading from file /proc/self/attr/current");
result = strncmp(buff, "cola", result);
RUNNER_ASSERT_MSG_BT(result == 0, "Proces rule in /proc/self/attr/current other than set");
-
- free(label);
- close(fd);
}
//RUNNER_TEST(smackXX_parent_child_label)
char buff[SMACK_LABEL_LEN+1];
const char* s06testlabel = "s06testlabel";
-
const char *file_path = "/etc/smack/test_smack_rules";
-
//preparing environment by restoring default "_" label
result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //int smack_getlabel(const char *path, char** label,
- // enum smack_label_type type);
result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//get label, should be default "_"
result = strcmp(label, "_");
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
+
//get label using xattr function
result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
result = strncmp(buff, "_", result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //int smack_setlabel(const char *path, const char* label,
- // enum smack_label_type type);
result = smack_setlabel(file_path, s06testlabel, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
//get label using smack function
result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//get label, should be default s06testlabel
result = strcmp(label, s06testlabel);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+
//get label using xattr function
result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
const char *file_path = "/etc/smack/test_smack_rules_lnk";
-
//preparing environment by restoring default "_" label
result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //int smack_lgetlabel(const char *path, char** label,
- // enum smack_label_type type);
result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//get label of symbolic link, should be default "_"
result = strcmp(label, "_");
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
+
//get label using xattr function
result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
result = strncmp(buff, "_", result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //int smack_lsetlabel(const char *path, const char* label,
- // enum smack_label_type type);
result = smack_lsetlabel(file_path, s07testlabel1, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
//and set label for file pointed by link
result = smack_setlabel(file_path, s07testlabel2, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
//get label using smack function
result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//check label, should be s07testlabel1
result = strcmp(label, s07testlabel1);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+
//get label using xattr function
result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
result = strncmp(buff, s07testlabel1, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
//now similar to above, but folowing symbolic link set before to s07testlabel2
result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error gettin label of file pointed by symbolic link");
//now label should be s07testlabel2 for file instead of s07testlabel1 set for link
result = strcmp(label, s07testlabel2);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link");
+
//get label using xattr function
result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules");
+ FdUniquePtr fd_ptr(&fd);
//preparing environment by restoring default "_" label
result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
- //int smack_fgetlabel(int fd, char** label,
- // enum smack_label_type type);
result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//check label, should be "_"
result = strcmp(label, "_");
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
+
//get label using xattr function
result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
result = strncmp(buff, "_", result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
-
- //int smack_fsetlabel(int fd, const char* label,
- // enum smack_label_type type);
result = smack_fsetlabel(fd, s08testlabel, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
-
//get label using smack function
result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
//check label, should be s08testlabel
result = strcmp(label, s08testlabel);
- RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
+
//get label using xattr function
result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
result = strncmp(buff, s08testlabel, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
-
-
- close(fd);
}
RUNNER_TEST_SMACK(smack10_adding_removing_rules)
unsigned int i;
int result;
- struct smack_accesses *rulesBasic = NULL;
+ struct smack_accesses *rules = NULL;
for (i = 0; i < accessesBasic.size(); ++i)
{
// Creating rules
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
// Adding accesses
- result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access. Result: " << result);
- smack_accesses_free(rulesBasic);
- rulesBasic = NULL;
-
// Deleting all rules
clean_up();
}
for (i = 0; i < 3; ++i)
{
// --- Creating rules (r or w or x)
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
// Adding accesses
- result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add rulesBasic. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
" Error while checking smack access. Result: " << result);
// --- Modifying accesses (r for wx or w for rx or x for rw)
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
RUNNER_ASSERT_MSG_BT(result == 0,
" Error while checking smack access. Result: " << result);
- smack_accesses_free(rulesBasic);
- rulesBasic = NULL;
-
+ rules_ptr.release();
// --- Creating complementary rules (r or w or x)
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
// Adding accesses
- result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add rulesBasic. Result: " << result);
// Checking if accesses were created
" Error while checking smack access. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
" Error while checking smack access. Result: " << result);
// --- Modifying accesses (adding rwx and removing r or w or x)
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"rwx",accessesBasic[i].c_str());
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx",
+ accessesBasic[i].c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
" Error while checking smack access. Result: " << result);
// --- Adding crossing accesses (rx or rw or wx)
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[3 + ((i + 1) % 3)].c_str());
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[3 + ((i + 1) % 3)].c_str());
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access. Result: " << result);
" Error while checking smack access. Result: " << result);
// Deleting all rules
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"","rwx");
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result);
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking smack access. Result: " << result);
- smack_accesses_free(rulesBasic);
- rulesBasic = NULL;
-
// Deleting all rules
clean_up();
}
int result;
int fd;
- struct smack_accesses *rulesBasic = NULL;
+ struct smack_accesses *rules = NULL;
// Pre-cleanup
removeAccessesAll();
- // Creating rules
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
// Loading file with rwxat rules - test_smack_rules_full
fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
// Adding rules from file
- result = smack_accesses_add_from_file(rulesBasic, fd);
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
close(fd);
RUNNER_ASSERT_MSG_BT(result == 0, "Error importing accesses from file");
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking rules
- result = smack_have_access("test_subject_01", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error while checking smack accesses.");
result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack accesses.");
// Removing rules
removeAccessesAll();
- smack_accesses_free(rulesBasic);
-
// Creating rules
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
// Loading file with partial wrong rules - test_smack_rules2
fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
// Adding rules from file
- result = smack_accesses_add_from_file(rulesBasic, fd);
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
close(fd);
- RUNNER_ASSERT_MSG_BT(result == 0, "Accesses were loaded from file");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Error importing accesses from file");
// Applying rules
- result = smack_accesses_apply(rulesBasic);
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
// Checking rules
RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_01"),
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_02", "rwat");
+ result = smack_have_access("test_subject_01", "test_object_02", "rwatl");
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
result = smack_have_access("test_subject_01", "test_object_03", "wat");
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_02", "test_object_01"),
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_02", "test_object_02", "wa-ft");
+ result = smack_have_access("test_subject_02", "test_object_02", "wa-lt");
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
result = smack_have_access("test_subject_02", "test_object_03", "wr");
result = smack_have_access("test_subject_03", "test_object_02", "rwat");
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_03", "w");
+ result = smack_have_access("test_subject_03", "test_object_03", "w---l-");
RUNNER_ASSERT_MSG_BT(result == 1,
" Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
// Removing rules
removeAccessesAll();
- smack_accesses_free(rulesBasic);
-
// Creating rules
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
// Loading file with partial wrong rules - test_smack_rules3
fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
// Adding rules from file
- result = smack_accesses_add_from_file(rulesBasic, fd);
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
close(fd);
RUNNER_ASSERT_MSG_BT(result != 0, "Accesses were loaded from file");
- // Applying rules
- result = smack_accesses_apply(rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- result = smack_have_access("test_subject_01", "test_object_01", "rwat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result );
- RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_02"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_03", "x");
- RUNNER_ASSERT_MSG_BT(result == 0,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result );
-
// Removing rules
removeAccessesAll();
- smack_accesses_free(rulesBasic);
-
// Creating rules
- result = smack_accesses_new(&rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result);
+ rules_ptr.release();
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
// Loading file with partial wrong rules - test_smack_rules4
fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
// Adding rules from file
- result = smack_accesses_add_from_file(rulesBasic, fd);
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
close(fd);
RUNNER_ASSERT_MSG_BT(result != 0, "Accesses were loaded from file");
- // Applying rules
- result = smack_accesses_apply(rulesBasic);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- result = smack_have_access("test_subject_01", "test_object_01", "rxwat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result );
- RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_02"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_03", "a");
- RUNNER_ASSERT_MSG_BT(result == 0,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result );
-
// Removing rules
removeAccessesAll();
-
- smack_accesses_free(rulesBasic);
}
//int smack_new_label_from_socket(int fd, char **label);
static void smack_set_another_label_for_self(void)
{
static int number = time(NULL);
- int result;
- char *smack_label;
number++;
- result = asprintf(&smack_label, "s%d", number);
- RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
- result = smack_set_label_for_self(smack_label);
+ std::string smack_label("s" + std::to_string(number));
+
+ int result = smack_set_label_for_self(smack_label.c_str());
RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self(" << smack_label << ") failed");
- free(smack_label);
}
static void smack_unix_sock_server(int sock)
{
int fd, result;
- char *smack_label;
+ char *label;
alarm(2);
fd = accept(sock, NULL, NULL);
alarm(0);
- if (fd < 0)
- return;
- result = smack_new_label_from_self(&smack_label);
+ RUNNER_ASSERT_BT(fd >= 0);
+ FdUniquePtr fd_ptr(&fd);
+
+ result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG_BT(result >= 0, "smack_new_label_from_self() failed");
- result = write(fd, smack_label, strlen(smack_label));
- RUNNER_ASSERT_MSG_BT(result == (int)strlen(smack_label), "write() failed");
- close(fd);
- free(smack_label);
+ CStringPtr label_ptr(label);
+ result = write(fd, label, strlen(label));
+ RUNNER_ASSERT_MSG_BT(result == (int)strlen(label), "write() failed");
+
}
RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket)
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
+ SockUniquePtr sock_ptr(&sock);
result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
RUNNER_ASSERT_MSG_BT(result == 0, "bind failed: " << strerror(errno));
result = listen(sock, 1);
smack_set_another_label_for_self();
smack_unix_sock_server(sock);
}
- close(sock);
exit(0);
} else { /* parent process, client */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
+ SockUniquePtr sock_ptr(&sock);
result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
RUNNER_ASSERT_MSG_BT(result == 0, "connect failed: " << strerror(errno));
alarm(2);
result = read(sock, smack_label1, SMACK_LABEL_LEN);
- RUNNER_ASSERT_MSG_BT(result >= 0, "read failed: " << strerror(errno));
alarm(0);
+ RUNNER_ASSERT_MSG_BT(result >= 0, "read failed: " << strerror(errno));
smack_label1[result] = '\0';
result = smack_new_label_from_socket(sock, &smack_label2);
+ SmackLabelPtr label2_ptr(smack_label2);
RUNNER_ASSERT_MSG_BT(result >= 0, "smack_label_from_socket failed");
- result = strcmp(smack_label1, smack_label2);
+ result = strcmp(smack_label1, label2_ptr.get());
if (i < 3)
- RUNNER_ASSERT_MSG_BT(result == 0, "smack labels differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i);
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack labels differ: '" << smack_label1
+ << "' != '" << smack_label2 << "' i == " << i);
else
- RUNNER_ASSERT_MSG_BT(result != 0, "smack labels do not differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i);
- close(sock);
+ RUNNER_ASSERT_MSG_BT(result != 0, "smack labels do not differ: '" << smack_label1
+ << "' != '" << smack_label2 << "' i == " << i);
}
}
}
RUNNER_ASSERT_MSG_BT(fd > -1, "Unable to create file for tests: " << strerror(errno));
//for descriptor protection
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
//change owner and group to user APP
int ret = chown(filePath.c_str(), APP_UID, APP_GID);
const std::string ruleAll = "x";
SecurityServer::AccessProvider provider(subject);
- provider.allowAPI("system::homedir", ruleAll);
- provider.allowAPI(object, access);
+ provider.addObjectRule("User", ruleAll);
+ provider.addObjectRule(object, access);
provider.applyAndSwithToUser(APP_UID, APP_GID);
}
//function inside checks if rule exist after add it
SecurityServer::AccessProvider provider(selfLabel);
- provider.allowAPI(filename, "l");
+ provider.addObjectRule(filename, "l");
provider.apply();
int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR, 0);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
SecurityServer::AccessProvider provider(selfLabel);
provider.applyAndSwithToUser(APP_UID, APP_GID);
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR, 0);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
prepareEnvironment(selfLabel, filename, "l");
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR, 0);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
prepareEnvironment(selfLabel, filename, "w");
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
int ret = flock(fd, LOCK_SH | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to shared lock file: " << strerror(errno));
int child_fd = open(filePath.c_str(), O_RDWR);
RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno));
-
//for descriptor protection
- FDUniquePtr fp(&child_fd, closeFdPtr);
+ FdUniquePtr child_fd_ptr(&child_fd);
ret = flock(child_fd, LOCK_SH | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to lock file with shared lock: "
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_str(&fd);
int ret = flock(fd, LOCK_SH | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to shared lock file: " << strerror(errno));
int child_fd = open(filePath.c_str(), O_RDONLY, 0);
RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno));
-
//for descriptor protection
- FDUniquePtr fp(&child_fd, closeFdPtr);
+ FdUniquePtr child_fd_ptr(&child_fd);
ret = flock(child_fd, LOCK_SH | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to lock file with shared lock: "
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
int ret = flock(fd, LOCK_EX | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to exclusive lock file: " << strerror(errno));
int child_fd = open(filePath.c_str(), O_RDWR, 0);
RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno));
-
//for descriptor protection
- FDUniquePtr fp(&child_fd, closeFdPtr);
+ FdUniquePtr child_fd_ptr(&child_fd);
ret = flock(child_fd, LOCK_EX | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret < 0, "Error, able to lock file with exclusive lock");
createFileWithLabel(filePath, filename);
int fd = open(filePath.c_str(), O_RDWR, 0);
- FDUniquePtr fp(&fd, closeFdPtr);
+ FdUniquePtr fd_ptr(&fd);
int ret = flock(fd, LOCK_EX | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to exclusive lock file: " << strerror(errno));
int child_fd = open(filePath.c_str(), O_RDONLY, 0);
RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno));
-
//for descriptor protection
- FDUniquePtr fp(&child_fd, closeFdPtr);
+ FdUniquePtr child_fd_ptr(&child_fd);
ret = flock(child_fd, LOCK_EX | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret < 0, "Error, able to lock file with eclusive lock");
RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack)
{
- smack_accesses *tmp = NULL;
+ smack_accesses *rules = NULL;
int result;
//init rules
- result = smack_accesses_new(&tmp);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
-
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
//pass rules to unique_ptr
- AccessesUniquePtr rules(tmp, smack_accesses_free);
+ SmackAccessesPtr rules_ptr(rules);
//adding test rules to struct (same as SMACK version of smack02 test)
- result = smack_accesses_add(rules.get(), "writer", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules.get(), "reader", "book", "r");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules.get(), "spy", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
//applying rules to kernel (should fail)
- result = smack_accesses_apply(rules.get());
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == -1, "Unable to apply rules into kernel");
//calls from SMACK version of this test - all should fail because of SMACK being turned off
result = smack_have_access("spy", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off).");
- result = smack_accesses_add(rules.get(), "s02subjectlabel", "book", "rwx");
+ result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
//smack_accesses_clear should return error aswell
- result = smack_accesses_clear(rules.get());
+ result = smack_accesses_clear(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == -1, "Clearing rules should return error - no SMACK on system.");
result = smack_have_access("writer", "book", "rwx");
smack_accesses* tmp = NULL;
- result = smack_accesses_new(&tmp);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error during rules creation.");
-
- AccessesUniquePtr rules(tmp, smack_accesses_free);
+ RUNNER_ASSERT_BT(smack_accesses_new(&tmp) == 0);
+ SmackAccessesPtr rules(tmp);
//open file with rules
fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG_BT(result == -1, "new_label_from_self should return error (SMACK is off).");
RUNNER_ASSERT_MSG_BT(label == NULL, "new_label_from_self shouldn't allocate memory to label.");
-
//We don't need to remember about freeing label - smack_new_label_from_self must return NULL
//label if it's working properly.
// /proc/self/attr/current shouldn't keep any rules inside
fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
RUNNER_ASSERT_MSG_BT(fd >= 0, "/proc/self/attr/current failed to open.");
+ FdUniquePtr fd_ptr(&fd);
result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
- if(result >= 0) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error.");
- }
+ RUNNER_ASSERT_MSG_BT(result < 0, "Reading /proc/self/attr/current should return error.");
//setting label for self should fail
result = smack_set_label_for_self("s04testlabel");
- if(result != -1) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "set_label_for_self should return error (SMACK is off).");
- }
+ RUNNER_ASSERT_MSG_BT(result == -1, "set_label_for_self should return error (SMACK is off).");
//getting previously set label should also fail
result = smack_new_label_from_self(&label);
- if(result != -1) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "new_label_from_self should return error (SMACK is off).");
- }
- if(label != NULL) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "new_label_from_self shouldn't allocate memory to label.");
- }
+ RUNNER_ASSERT_MSG_BT(result == -1, "new_label_from_self should return error (SMACK is off).");
+ RUNNER_ASSERT_MSG_BT(label == NULL, "new_label_from_self shouldn't allocate memory to label.");
// /proc/self/attr/current still shouldn't keep any rules inside
result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- if(result != 0) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "lseek() error.");
- }
+ RUNNER_ASSERT_MSG_BT(result == 0, "lseek() error.");
result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
- if(result >= 0) {
- close(fd);
- RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error.");
- }
-
- close(fd);
+ RUNNER_ASSERT_MSG_BT(result < 0, "Reading /proc/self/attr/current should return error.");
}
/**
RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack)
{
int result;
- smack_accesses* tmp = NULL;
+ smack_accesses* rules = NULL;
- result = smack_accesses_new(&tmp);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to allocate memory for rules. Result: " << result);
+ RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0);
- AccessesUniquePtr rules(tmp, smack_accesses_free);
+ SmackAccessesPtr rules_ptr(rules);
//Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new
//rule struct and removal of currenctly added and applied rules. clean_up() must be done only
//after smack_accesses_apply().
- result = smack_accesses_add_modify(rules.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
+ result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule. Result: " << result);
- result = smack_accesses_add_modify(rules.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
+ result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule. Result: " << result);
- result = smack_accesses_apply(rules.get());
+ result = smack_accesses_apply(rules_ptr.get());
RUNNER_ASSERT_MSG_BT(result == -1,
"smack_accesses_apply should return error (SMACK is off). Result: " << result);
//Create new socket
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
+ SockUniquePtr sock_ptr(&sock);
//Bind it to sockaddr
result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG_BT(false, "bind failed: " << strerror(errno));
- }
+ RUNNER_ASSERT_MSG_BT(result == 0, "bind failed: " << strerror(errno));
//Prepare for listening
result = listen(sock, 1);
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG_BT(false, "listen failed: " << strerror(errno));
- }
+ RUNNER_ASSERT_MSG_BT(result == 0, "listen failed: " << strerror(errno));
//Accept client
alarm(2);
fd = accept(sock, NULL, NULL);
alarm(0);
- if (fd < 0) {
- close(sock);
- RUNNER_ASSERT_MSG_BT(false, "Failed when accepting connection from client.");
- }
+ RUNNER_ASSERT_MSG_BT(fd >= 0, "Failed when accepting connection from client.");
+ FdUniquePtr fd_ptr(&fd);
//wait for smack_new_label_from_socket execution
usleep(200);
- //Close socket and server
- close(sock);
+ //Close server
exit(0);
}
else { //parent (client)
//Create socket
sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ SockUniquePtr sock_ptr(&sock);
RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
//Connect to sockaddr
result = connect(sock, (struct sockaddr*) &sockaddr,
sizeof(struct sockaddr_un));
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG_BT(false, "connect failed: " << strerror(errno));
- }
+ RUNNER_ASSERT_MSG_BT(result == 0, "connect failed: " << strerror(errno));
//Try getting label, should fail beacuse getsockopt won't get anything
result = smack_new_label_from_socket(sock, &smack_label);
- close(sock);
RUNNER_ASSERT_MSG_BT(result == -1, "smack_new_label_from_socket should fail.");
}
}
projects / platform / core / test / security-tests.git / blobdiff