*/
#include <unistd.h>
+#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/smack.h>
#include "tests_common.h"
+#define PROPER_COOKIE_SIZE 20
+
#define ENVIRONMENT \
do { \
const char *subject_label = "mylabel"; \
"Cannot prepare environment for test"); \
} while (0)
+
/**
* Unique_ptr typedef for NOSMACK version of tc06 test
*/
RUNNER_ASSERT(-1 != pid);
if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
- SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+ pid = fork();
+ RUNNER_ASSERT(-1 != pid);
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+ if (0 == pid) {
+ // child
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
- usleep(500);
+ RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
- close(csockfd);
- exit(0);
- } else {
- // parent
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
+ if (csockfd >= 0)
+ close(csockfd);
+ LogDebug("Exit!");
+ exit(0);
+ } else {
+ // parent
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
+ result1 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ result2 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
- close(sockfd);
- }
+ close(sockfd);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
+ }
+ }
}
///////////////////////////
int pid = fork();
RUNNER_ASSERT(-1 != pid);
- if (pid == 0) { //child process
- //Create socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+ if (pid == 0) {
- SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+ pid = fork();
+ RUNNER_ASSERT(-1 != pid);
- //Drop privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ if (pid == 0) { //child process
+ //Create socket
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
- //Prepare for accepting
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
+ //Drop privileges
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
- //Accept connections
- int csockfd;
- RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+ //Prepare for accepting
+ RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
- //wait a little bit for parent to do it's job
- usleep(200);
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
- //cleanup and kill child
- close(csockfd);
- exit(0);
- } else { //parent process
- //Drop root privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ //Accept connections
+ int csockfd;
+ RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
- //Wait for server to set up
- sleep(1);
+ //wait a little bit for parent to do it's job
+ usleep(200);
- //Connect and check privileges
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
+ //cleanup and kill child
+ close(csockfd);
+ exit(0);
+ } else { //parent process
+ //Drop root privileges
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
+ //Wait for server to set up
+ sleep(1);
- close(sockfd);
- }
+ //Connect and check privileges
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
+
+ result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
+ result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
- //Both results (just like in the previous test case) should return success.
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
+ close(sockfd);
+
+ //Both results (just like in the previous test case) should return success.
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
+ }
+ }
}
int apply_smack_rule(const char *subject, const char *object, const char *rule)
return -1;
}
-RUNNER_TEST(tc01_security_server_get_uid_by_cookie)
+RUNNER_TEST(tc10_security_server_get_uid_by_cookie)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
uid_t cookieUid, realUid;
realUid = getuid();
retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie. My uid: " << realUid << " Server error: " << retval);
RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
//checking for input parameters
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
}
-RUNNER_CHILD_TEST(tc01a_security_server_get_uid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc11_security_server_get_uid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
//drop privileges
- RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
//checking function
- uid_t cookieUid, realUid;
- realUid = getuid();
+ uid_t cookieUid;
retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_SOCKET, "Socket not protected by smack");
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
}
-RUNNER_CHILD_TEST(tc01b_security_server_get_uid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc12_security_server_get_uid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+ uid_t realUid = getuid();
+
std::vector<char> cookie(cookieSize);
int retval = security_server_request_cookie(&cookie[0], cookieSize);
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
//drop privileges
- RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
//checking function
- uid_t cookieUid, realUid;
- realUid = getuid();
+ uid_t cookieUid;
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc12_security_server_get_uid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ uid_t realUid = getuid();
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ uid_t cookieUid;
retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
}
+RUNNER_CHILD_TEST_SMACK(tc13_security_server_get_uid_by_cookie_smack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
-RUNNER_TEST(tc02_security_server_get_gid_by_cookie)
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ uid_t cookieUid, realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc13_security_server_get_uid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ uid_t cookieUid, realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
+RUNNER_TEST(tc14_security_server_get_gid_by_cookie)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
}
-RUNNER_CHILD_TEST(tc02a_security_server_get_gid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc15_security_server_get_gid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
//drop privileges
RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
//checking function
gid_t cookieGid, realGid;
realGid = getgid();
retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_SOCKET, "Socket not protected by smack");
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
}
-RUNNER_CHILD_TEST(tc02b_security_server_get_gid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc16_security_server_get_gid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
std::vector<char> cookie(cookieSize);
+
+ gid_t realGid = getgid();
int retval = security_server_request_cookie(&cookie[0], cookieSize);
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
//drop privileges
RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
//checking function
- gid_t cookieGid, realGid;
- realGid = getgid();
+ gid_t cookieGid;
retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc16_security_server_get_gid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+
+ gid_t realGid = getgid();
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ gid_t cookieGid;
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
}
+RUNNER_CHILD_TEST_SMACK(tc17_security_server_get_gid_by_cookie_smack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ //preapare SMACK environment
+ RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ gid_t cookieGid, realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc17_security_server_get_gid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ gid_t cookieGid, realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
+}
+
+RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
+ int res;
+
+ pid_t mypid;
+
+ char *label_smack = NULL;
+ char *label_ss = NULL;
+ char *cookie = NULL;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
+
+ mypid = getpid();
+
+ cookie = (char*) calloc(cookie_size, 1);
+ RUNNER_ASSERT_MSG(NULL != cookie, "Memory allocation error");
+
+ res = security_server_request_cookie(cookie, cookie_size);
+ if (res != SECURITY_SERVER_API_SUCCESS) {
+ free(cookie);
+ RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
+ }
+
+ label_ss = security_server_get_smacklabel_cookie(cookie);
+ free(cookie);
+ RUNNER_ASSERT_MSG(label_ss != NULL, "Error in getting label by cookie");
+
+
+ std::string label_cookie(label_ss);
+ free(label_ss);
+
+ res = smack_new_label_from_self(&label_smack);
+ if (res < 0) {
+ free(label_smack);
+ RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
+ }
+ std::string label_self(label_smack ? label_smack : "");
+ free(label_smack);
+
+ RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
+
+
+ //TODO: here could be label change using SMACK API and checking if it
+ //is changed using security-server API function based on the same cookie
+}
+
+/**
+ * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
+ *
+ * Most of this test goes exactly as the original one. The only difference are the labels:
+ * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and NULL
+ * label - there is no need to re-check it.
+ * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
+ */
+RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
+ int res;
+
+ pid_t mypid;
+
+ char* label_ss = NULL;
+ char* cookie = NULL;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
+ "Wrong cookie size from security-server. Size: " << cookie_size);
+
+ cookie = (char*) calloc(cookie_size, sizeof(char));
+ RUNNER_ASSERT_MSG(NULL != cookie, "Memory allocation error");
+
+ mypid = getpid();
+
+ //Request cookie from SS
+ res = security_server_request_cookie(cookie, cookie_size);
+ std::unique_ptr<char, std::function<void(char*)> > cookie_ptr(cookie, free);
+ cookie = NULL;
+ RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
+ "Error in requesting cookie from security-server. Result: " << res);
+
+ label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
+ RUNNER_ASSERT_MSG(label_ss != NULL, "Error in getting label by cookie");
+
+ //Check if label_ss is correct, that is only one NULL character.
+ if (label_ss[0] != '\0') {
+ free(label_ss);
+ RUNNER_ASSERT_MSG(label_ss[0] == '\0', "label_ss was not an empty string.");
+ }
+
+ free(label_ss);
+}
////////////////////
/////MAIN///////////