const char *TEST07_SUBJECT = "subject_cd738844";
const char *TEST08_SUBJECT = "subject_fd84ba7f";
-const char *API_PASSWD_SET = "security-server::api-password-set";
-const char *API_PASSWD_CHECK = "security-server::api-password-check";
-const char *API_PASSWD_RESET = "security-server::api-password-reset";
-const char *API_RULE_REQUIRED = "w";
-
-int clear_password(char ** /*error*/)
+void clear_password()
{
int ret = -1;
unsigned int attempt, max_attempt, expire_sec;
- const char *subject_allow = "subject_allow";
- struct smack_accesses *handle = NULL;
-
- if (getuid() == 0) {
- reset_security_server();
-
- ret = smack_accesses_new(&handle);
- RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
-
- /* our subject 'subject_allow' has access to security-server::api-password-check */
- ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
- RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
-
- ret = smack_accesses_apply(handle);
- RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
- ret = smack_set_label_for_self(subject_allow);
- RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
+ reset_security_server();
- smack_accesses_free(handle);
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
- RUNNER_ASSERT_BT(expire_sec == 0);
- RUNNER_ASSERT_BT(max_attempt == 0);
- RUNNER_ASSERT_BT(attempt == 0);
-
- /* we revoke all rules for subject 'subject_allow' */
- ret = smack_revoke_subject(subject_allow);
- RUNNER_ASSERT_MSG_BT(ret == 0, "Revoking subject didn't work.");
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- sleep(1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
+ RUNNER_ASSERT_BT(expire_sec == 0);
+ RUNNER_ASSERT_BT(max_attempt == 0);
+ RUNNER_ASSERT_BT(attempt == 0);
- return 0;
- }
- return -1;
+ sleep(1);
}
void check_API_passwd(bool smack) {
{
const char *subject = "abc345v34sfa";
const char *object = "efg678x2lkjz";
- const char *server_api = "security-server::api-data-share";
-
- SmackAccess smack;
- smack.add(subject, object, "-----");
- smack.add(object, server_api, "rw");
- smack.apply();
- smack_set_label_for_self(object);
-
- RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+ SecurityServer::AccessProvider provider(object);
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
security_server_app_give_access(subject, getpid());
{
int ret = -1;
unsigned int attempt, max_attempt, expire_sec;
- char *str = (char*) malloc(256);
attempt = max_attempt = expire_sec = 0;
- ret = clear_password(&str);
- RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << str);
+ clear_password();
SecurityServer::AccessProvider provider(TEST03_SUBJECT);
- provider.allowAPI(API_PASSWD_CHECK, API_RULE_REQUIRED);
- provider.allowAPI(API_PASSWD_SET, API_RULE_REQUIRED);
- provider.allowAPI(API_PASSWD_RESET, API_RULE_REQUIRED);
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
ret = security_server_set_pwd_validity(10);
RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
{
SecurityServer::AccessProvider provider(TEST07_SUBJECT);
- provider.allowFunction("security_server_app_give_access");
+ provider.allowSS();
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());