/*
Tested API functions in this file:
-Protected by "security-server::api-cookie-get" label:
int security_server_get_cookie_size(void);
int security_server_request_cookie(char *cookie, size_t bufferSize);
-
-Protected by "security-server::api-cookie-check" label:
int security_server_check_privilege(const char *cookie, gid_t privilege);
int security_server_check_privilege_by_cookie(const char *cookie,
const char *object,
#include <security-server.h>
#include <smack_access.h>
#include <security_server_tests_common.h>
+#include <memory.h>
const char *ROOT_USER = "root";
const char *PROC_AUDIO_GROUP_NAME = "audio";
-typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
const int KNOWN_COOKIE_SIZE = 20;
RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
*/
//---------------------------------------------------------------------------
-//passing NULL as a buffer pointer
+//passing nullptr as a buffer pointer
RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
{
- int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_request_cookie() argument checking: " << ret);
}
Cookie cookie(KNOWN_COOKIE_SIZE);
int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
"Error in security_server_request_cookie() argument checking: " << ret);
}
//---------------------------------------------------------------------------
-//passing NULL as a cookie pointer
+//passing nullptr as a cookie pointer
RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
{
- int ret = security_server_check_privilege(NULL, 0);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ int ret = security_server_check_privilege(nullptr, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_check_privilege() argument checking: " << ret);
}
//---------------------------------------------------------------------------
-//passing NULL as a cookie pointer
+//passing nullptr as a cookie pointer
RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
{
- int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_check_privilege_by_cookie() argument checking: "
<< ret);
}
-//passing NULL as an object pointer
+//passing nullptr as an object pointer
RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
Cookie cookie = getCookieFromSS();
- int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_check_privilege_by_cookie() argument checking: "
<< ret);
}
-//passing NULL as an access pointer
+//passing nullptr as an access pointer
RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
Cookie cookie = getCookieFromSS();
- int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_check_privilege_by_cookie() argument checking: "
<< ret);
}
//---------------------------------------------------------------------------
-//passing NULL as a cookie pointer
+//passing nullptr as a cookie pointer
RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
{
- int ret = security_server_get_cookie_pid(NULL);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ int ret = security_server_get_cookie_pid(nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
"Error in security_server_get_cookie_pid() argument checking: " << ret);
}
RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
{
const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
- RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
+ RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
}
//---------------------------------------------------------------------------
-//passing NULL as a cookie pointer
+//passing nullptr as a cookie pointer
RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
{
- char *label = NULL;
- label = security_server_get_smacklabel_cookie(NULL);
- RUNNER_ASSERT_MSG_BT(label == NULL,
+ char *label = nullptr;
+ label = security_server_get_smacklabel_cookie(nullptr);
+ RUNNER_ASSERT_MSG(label == nullptr,
"Error in security_server_get_smacklabel_cookie() argument checking");
}
RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
{
int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << ret);
}
int ret;
ret = drop_root_privileges();
- RUNNER_ASSERT_MSG_BT(ret == 0,
+ RUNNER_ASSERT_MSG(ret == 0,
"Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
}
//---------------------------------------------------------------------------
Cookie cookie(cookieSize);
ret = drop_root_privileges();
- RUNNER_ASSERT_MSG_BT(ret == 0,
+ RUNNER_ASSERT_MSG(ret == 0,
"Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
//---------------------------------------------------------------------------
Cookie cookie(cookieSize);
ret = drop_root_privileges();
- RUNNER_ASSERT_MSG_BT(ret == 0,
+ RUNNER_ASSERT_MSG(ret == 0,
"Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
}
//---------------------------------------------------------------------------
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << ret);
}
RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
{
int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << cookieSize);
Cookie cookie(cookieSize);
int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"Error in security_server_request_cookie(): " << ret);
}
RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
{
int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << cookieSize);
SecurityServer::AccessProvider provider("selflabel_02_01");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie(cookieSize);
int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"Error in security_server_request_cookie(): " << ret);
}
RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
{
int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << cookieSize);
cookieSize >>= 1;
Cookie cookie(cookieSize);
int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
"Error in security_server_request_cookie(): " << ret);
}
Cookie cookie = getCookieFromSS();
int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"Error in security_server_check_privilege(): " << ret);
}
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
{
- RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_03_02");
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_check_privilege() should return access denied: " << ret);
}
Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_03_03");
- provider.allowFunction("security_server_check_privilege");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"Error in security_server_check_privilege(): " << ret);
}
Cookie cookie = getCookieFromSS();
int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG_BT(audio_gid > -1,
+ RUNNER_ASSERT_MSG(audio_gid > -1,
"security_server_get_gid() failed. result = " << audio_gid);
int ret = security_server_check_privilege(cookie.data(), audio_gid);
// security_server_check_privilege fails, because the process does not belong to "audio" group
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
}
// add gid
Cookie cookie = getCookieFromSS();
int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG_BT(audio_gid > -1,
+ RUNNER_ASSERT_MSG(audio_gid > -1,
"security_server_get_gid() failed. result = " << audio_gid);
int ret = security_server_check_privilege(cookie.data(), audio_gid);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
}
// test invalid cookie name
{
// create invalid cookie
int size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
+ RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
Cookie cookie(size);
cookie[0] = 'a';
int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
}
//---------------------------------------------------------------------------
Cookie cookie = getCookieFromSS();
int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
+ RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
int pid = getpid();
- RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
+ RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
}
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
{
- RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_05_02");
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_get_cookie_pid() should return access denied: " << ret);
}
Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_05_03");
- provider.allowFunction("security_server_get_cookie_pid");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
+ RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
int pid = getpid();
- RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
+ RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
}
//---------------------------------------------------------------------------
Cookie cookie = getCookieFromSS();
- UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
"No match in smack label received from cookie, received label: "
<< label.get());
}
Cookie cookie = getCookieFromSS();
char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
- RUNNER_ASSERT_MSG_BT(receivedLabel != NULL,
- "security_server_get_smacklabel_cookie returned NULL");
+ RUNNER_ASSERT_MSG(receivedLabel != nullptr,
+ "security_server_get_smacklabel_cookie returned nullptr");
std::string label(receivedLabel);
free(receivedLabel);
- RUNNER_ASSERT_MSG_BT(label.empty(),
+ RUNNER_ASSERT_MSG(label.empty(),
"security_server_get_smacklabel_cookie returned: "
<< label);
}
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
{
- RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_06_02");
provider.applyAndSwithToUser(APP_UID, APP_GID);
- UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(label.get() == NULL,
- "NULL should be received due to access denied, received label: "
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(label.get() == nullptr,
+ "nullptr should be received due to access denied, received label: "
<< label.get());
}
RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
{
SecurityServer::AccessProvider provider("selflabel_06_03");
- provider.allowFunction("security_server_get_smacklabel_cookie");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie = getCookieFromSS();
- UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
"No match in smack label received from cookie, received label: "
<< label.get());
}
add_process_group(PROC_AUDIO_GROUP_NAME);
SecurityServer::AccessProvider provider("subject_1d6eda7d");
- provider.allowFunction("security_server_get_gid");
- provider.allowFunction("security_server_request_cookie");
- provider.allowFunction("security_server_check_privilege");
- provider.allowFunction("security_server_get_cookie_pid");
- provider.allowFunction("security_server_get_smacklabel_cookie");
- provider.allowFunction("security_server_check_privilege_by_pid");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie = getCookieFromSS();
int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
<< "\" gid. Result: " << ret);
ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
int root_gid = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
+ RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
+
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
- UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
}
// disable access and drop privileges
RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
{
- RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
SecurityServer::AccessProvider provider("subject_1d414140");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie = getCookieFromSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_check_privilege should return access denied, "
"ret: " << ret);
ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_get_gid should return access denied, "
"ret: " << ret);
ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_get_cookie_pid should return access denied, "
"ret: " << ret);
- UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
- "access should be denied so label should be NULL: " << ss_label.get());
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
+ "access should be denied so label should be nullptr: " << ss_label.get());
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
"security_server_check_privilege_by_pid should return access denied, "
"ret: " << ret);
}
// drop root privileges
int ret = drop_root_privileges();
- RUNNER_ASSERT_MSG_BT(ret == 0,
+ RUNNER_ASSERT_MSG(ret == 0,
"Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
Cookie cookie = getCookieFromSS();
ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
<< "\" gid. Result: " << ret);
ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"check_privilege failed. Result: " << ret);
ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG_BT(ret == getpid(),
+ RUNNER_ASSERT_MSG(ret == getpid(),
"get_cookie_pid returned different pid than it should. Result: " << ret);
- UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
- RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
"check_privilege_by_pid failed. Result: " << ret);
}