X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Flibsmack-tests%2Ftest_cases.cpp;h=a864a360def1cbbeb7592e11c834cf6e5884f039;hb=608b7cbb902a2258dd90d961545ae98d367652c6;hp=92c54e6c62855e752db15bdfdb386de3a6b4b287;hpb=9b51772973ee8e6f4c0505d8457cb843e3a67331;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/libsmack-tests/test_cases.cpp b/tests/libsmack-tests/test_cases.cpp index 92c54e6..a864a36 100644 --- a/tests/libsmack-tests/test_cases.cpp +++ b/tests/libsmack-tests/test_cases.cpp @@ -18,8 +18,9 @@ * @file test_cases.cpp * @author Pawel Polawski (p.polawski@samsung.com) * @author Jan Olszak (j.olszak@samsung.com) + * @author Zofia Abramowska (z.abramowska@samsung.com) * @version 1.0 - * @brief libprivilege test runer + * @brief libsmack test runner */ #include @@ -40,20 +41,20 @@ #include #include "tests_common.h" #include +#include "memory.h" -#define TEST_SUBJECT "test_subject" -#define TEST_OBJECT "test_oject" -#define TEST_OBJECT_2 "test_oject_2" +const char* const TEST_SUBJECT = "test_subject"; +const char* const TEST_OBJECT = "test_object"; +const char* const TEST_OBJECT_2 = "test_object_2"; -#define SOCK_PATH "/tmp/test-smack-socket" +const std::string testDir = "/opt/home/app/"; +const std::vector accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" }; -std::string testDir = "/opt/home/app/"; -std::vector accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" }; +//This one define is required for sockaddr_un initialization +#define SOCK_PATH "/tmp/test-smack-socket" int files_compare(int fd1, int fd2) { - int result = 0; - //for getting files sizes struct stat fs1, fs2; @@ -62,62 +63,36 @@ int files_compare(int fd1, int fd2) void *h2 = MAP_FAILED; //getting files information - if (fstat(fd1, &fs1) == -1) { - perror("fstat"); - return -1; - } - if (fstat(fd2, &fs2) == -1) { - perror("fstat"); - return -1; - } + RUNNER_ASSERT_MSG_BT(fstat(fd1, &fs1) == 0, "fstat failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(fstat(fd2, &fs2) == 0, "fstat failed: " << strerror(errno)); if (fs1.st_size != fs2.st_size) //if files are identical size will be the same return -1; //mapping files to process memory - if ((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) { - result = -1; - goto end; - } + RUNNER_ASSERT_MSG_BT((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED, + "mmap failed for fd=" << fd1 << " : " << strerror(errno)); + if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) { - result = -1; - goto end; + munmap(h1, fs1.st_size); + RUNNER_ASSERT_MSG_BT(h2 != MAP_FAILED, "mmap failed for fd=" << fd2 + << " : " << strerror(errno)); } - result = memcmp(h1, h2, fs1.st_size); - - //cleaning after mmap() -end: - if (h2 != MAP_FAILED) - munmap(h2, fs2.st_size); - if (h1 != MAP_FAILED) - munmap(h1, fs1.st_size); + int result = memcmp(h1, h2, fs1.st_size); + munmap(h1, fs1.st_size); + munmap(h2, fs2.st_size); return result; } - RUNNER_TEST_GROUP_INIT(libsmack) /** * Helper method to reset privileges at the begginning of tests. */ void clean_up() { - struct smack_accesses *rules = NULL; - int result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - - // CLEAN UP - smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwxat"); - smack_accesses_apply(rules); - smack_accesses_free(rules); - - // PREINIT CHECK. - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") != 1, "Rule has previous privileges after cleaning up!"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"w") != 1, "Rule has previous privileges after cleaning up!"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"x") != 1, "Rule has previous privileges after cleaning up!"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"a") != 1, "Rule has previous privileges after cleaning up!"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"t") != 1, "Rule has previous privileges after cleaning up!"); + smack_revoke_subject(TEST_SUBJECT); } /** @@ -126,51 +101,23 @@ void clean_up() bool checkNoAccesses(const char *subject, const char *object) { int result; - result = smack_have_access(subject, object,"r"); - if (result == 1) { - return false; - } - result = smack_have_access(subject, object,"w"); - if (result == 1) { - return false; - } - result = smack_have_access(subject, object,"x"); - if (result == 1) { - return false; - } - result = smack_have_access(subject, object,"a"); - if (result == 1) { - return false; - } - result = smack_have_access(subject, object,"t"); - if (result == 1) { - return false; + for(const auto &perm : std::vector () = {"r", "w", "a","t", "l"}) { + result = smack_have_access(subject, object, perm.c_str()); + if (result == 1) { + return false; + } } return true; } void removeAccessesAll() { - struct smack_accesses *rules = NULL; - int result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - - result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_01", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_02", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_03", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_01", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_02", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_03", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_01", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_02", "", "rxwat"); - result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_03", "", "rxwat"); - - smack_accesses_apply(rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); - smack_accesses_free(rules); + for(int i = 1; i <=3; i++) + //smack_revoke_subject will fail, when subject does not exist in kernel + //as this function is called at test beginning we cannot check return value + smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str()); } - /** * Add a new access with smack_accesses_add_modify() */ @@ -180,19 +127,19 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){ clean_up(); struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); // THE TEST result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify by empty rules"); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr"); RUNNER_ASSERT_MSG_BT(result == 1, "Rule modified (added 'xr'), but no change made."); // CLEAN UP clean_up(); - smack_accesses_free(rules); } @@ -202,24 +149,24 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){ int result; struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); clean_up(); // THE TEST - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r",""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r"); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0, "Modification didn't work"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0, + "Modification didn't work"); // CLEAN UP clean_up(); - smack_accesses_free(rules); } @@ -230,32 +177,32 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){ int result; struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); clean_up(); // THE TEST // Add r privilage - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r",""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); - RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1, "Adding privileges didn't work"); - smack_accesses_free(rules); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1, + "Adding privileges didn't work"); // Revoke r privilege - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r"); + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r"); RUNNER_ASSERT_MSG_BT(result == 0, "Modification didn't work, rule has still 'r' privileges."); // CLEAN UP clean_up(); - smack_accesses_free(rules); } /** @@ -264,19 +211,19 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){ int result; struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); clean_up(); // THE TEST - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat",""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r"); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt"); RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'awxt' privileges."); @@ -285,7 +232,6 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){ // CLEAN UP clean_up(); - smack_accesses_free(rules); } /** @@ -295,18 +241,18 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){ int result; struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); clean_up(); // THE TEST - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat",""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r"); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt"); RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'awxt' privileges."); @@ -315,7 +261,6 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){ // CLEAN UP clean_up(); - smack_accesses_free(rules); } @@ -325,19 +270,19 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){ int result; struct smack_accesses *rules = NULL; - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); clean_up(); // THE TEST - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwt",""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt",""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"ax","rt"); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax"); RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule should have 'wax' privileges."); @@ -346,7 +291,6 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){ // CLEAN UP clean_up(); - smack_accesses_free(rules); } /** @@ -359,19 +303,19 @@ RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){ struct smack_accesses *rules = NULL; for (i = 0; i < accessesBasic.size(); ++i) { - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),accessesBasic[i].c_str()); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i].c_str(), accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), " Error while checking smack access. Accesses exist."); // CLEAN UP clean_up(); - smack_accesses_free(rules); } } @@ -386,16 +330,21 @@ RUNNER_TEST_SMACK(smack_revoke_subject_test_1){ for (i = 0; i < accessesBasic.size(); ++i) { // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2 - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),""); - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str(),""); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); + + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i].c_str(),""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, + accessesBasic[i].c_str(),""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist."); + RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. " + "Rule " << accessesBasic[i].c_str() << " does not exist."); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist."); + RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. " + "Rule " << accessesBasic[i].c_str() << " does not exist."); // Revoking subject result = smack_revoke_subject(TEST_SUBJECT); @@ -416,7 +365,6 @@ RUNNER_TEST_SMACK(smack_revoke_subject_test_1){ RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2), " Revoke didn't work. Accesses exist."); - smack_accesses_free(rules); } } @@ -431,47 +379,51 @@ RUNNER_TEST_SMACK(smack_accesses_clear_test_1){ for (i = 0; i < accessesBasic.size(); ++i) { // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2 - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); + result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); + result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules) == 0, "Unable to apply rules"); + RUNNER_ASSERT_MSG_BT(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist."); + RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " + << accessesBasic[i].c_str() << " does not exist."); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist."); - - smack_accesses_free(rules); + RUNNER_ASSERT_MSG_BT(result == 1, "Modification didn't work. Rule " + << accessesBasic[i].c_str() << " does not exist."); // Creating and clearing rules with TEST_OBJECT - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); + result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_clear(rules); + result = smack_accesses_clear(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work."); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does exist."); + RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work. Rule " + << accessesBasic[i].c_str() << " does exist."); result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG_BT(result == 1, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does not exist."); - - smack_accesses_free(rules); + RUNNER_ASSERT_MSG_BT(result == 1, "Clearing rules didn't work. Rule " + << accessesBasic[i].c_str() << " does not exist."); - // Creating and clearing rules with TEST_OBJECT_2 - result = smack_accesses_new(&rules); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + // Creating and clearing rules with TEST_OBJECT + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); - result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); + result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_clear(rules); + result = smack_accesses_clear(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Clearing rules didn't work."); - smack_accesses_free(rules); - RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), " Clear didn't work. Accesses exist."); RUNNER_ASSERT_MSG_BT(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2), @@ -497,58 +449,48 @@ RUNNER_TEST(smack01_storing_and_restoring_rules) int fd, tmp, sample; //file descripptors for save / restore rules tests //int smack_accesses_new(struct smack_accesses **accesses); - result = smack_accesses_new(&rules); //rules struct init - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - result = smack_accesses_new(&import_test); //rules struct init - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); + RUNNER_ASSERT_BT(smack_accesses_new(&import_test) == 0); + SmackAccessesPtr import_ptr(import_test); //opening files fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to create /tmp/smack01_rules"); + FdUniquePtr fd_ptr(&fd); tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to create /tmp/smack01_tmp"); + FdUniquePtr tmp_ptr(&tmp); sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules RUNNER_ASSERT_MSG_BT(sample >= 0, "Unable to open /etc/smack/test_smack_rules"); + FdUniquePtr sample_ptr(&sample); - //int smack_accesses_add(struct smack_accesses *handle, const char *subject, - // const char *object, const char *access_type); - result = smack_accesses_add(rules, "writer", "book", "rw"); + result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules, "reader", "book", "wx"); + result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - //int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject, - // const char *object, const char *access_add, const char *access_del); - result = smack_accesses_add_modify(rules, "reader", "book", "r", "wx"); + result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx"); RUNNER_ASSERT_MSG_BT(0 == result, "Unable to modify smack rules"); - //int smack_accesses_save(struct smack_accesses *handle, int fd); - result = smack_accesses_save(rules, fd); + result = smack_accesses_save(rules_ptr.get(), fd); RUNNER_ASSERT_MSG_BT(0 == result, "Unable to save smack_accesses instance in file"); - //int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd); result = lseek(fd, 0, SEEK_SET); RUNNER_ASSERT_MSG_BT(result == 0, "lseek() error"); - result = smack_accesses_add_from_file(import_test, fd); + result = smack_accesses_add_from_file(import_ptr.get(), fd); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to import rules from file"); - result = smack_accesses_save(import_test, tmp); + result = smack_accesses_save(import_ptr.get(), tmp); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to save smack_accesses instance in file"); - result = files_compare(fd, tmp); //comparing rules saved in file, restored from it and stored one more time + //comparing rules saved in file, restored from it and stored one more time + result = files_compare(fd, tmp); RUNNER_ASSERT_MSG_BT(result == 0, "No match in stored and restored rules"); - result = files_compare(tmp, sample); //comparing rules stored in file with reference preinstalled rules + //comparing rules stored in file with reference preinstalled rules + result = files_compare(tmp, sample); RUNNER_ASSERT_MSG_BT(result == 0, "No match in stored rules and pattern file"); - - //void smack_accesses_free(struct smack_accesses *handle); - smack_accesses_free(rules); - smack_accesses_free(import_test); - - //closing file descriptors - close(fd); - close(tmp); - close(sample); } RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel) @@ -567,64 +509,65 @@ RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel) struct smack_accesses *rules = NULL; //rules prepared in this test case int result; //for storing functions results - result = smack_accesses_new(&rules); //rules struct init - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); //adding test rules to struct - result = smack_accesses_add(rules, "writer", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules, "reader", "book", "r"); + result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules, "spy", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - //int smack_accesses_apply(struct smack_accesses *handle); - result = smack_accesses_apply(rules); //applying rules to kernel + result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel RUNNER_ASSERT_MSG_BT(result == 0, "Unable to apply rules into kernel"); - //int smack_have_access(const char *subject, const char *object, - // const char *access_type); - result = smack_have_access("spy", "book", "rwx"); //should have access - rule exist + //should have access - rule exist + result = smack_have_access("spy", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 1, "Error while checking Smack access"); - result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only + //should have no access - wrong rule, should be "r" only + result = smack_have_access("reader", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking Smack access"); - result = smack_have_access("s02badsubjectlabel", "book", "rwx"); //should fail - rule not exist + //should fail - rule not exist + result = smack_have_access("s02badsubjectlabel", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == -1, "Error while checking Smack access"); - //int smack_revoke_subject(const char *subject); - result = smack_revoke_subject("s02nonexistinglabel"); //this subject do not exist in kernel rules + //this subject do not exist in kernel rules + result = smack_revoke_subject("s02nonexistinglabel"); RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing not existing subject from kernel"); result = smack_revoke_subject("spy"); //this subject exist in kernel rules RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing existing subject from kernel"); - result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel - RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //now spy should have no access + //testing access after revoke_subject() from kernel + result = smack_have_access("spy", "book", "rwx"); + //now spy should have no access + RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //for create new rule as a consequence of use accesses_clear() below - result = smack_accesses_add(rules, "s02subjectlabel", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - //int smack_accesses_clear(struct smack_accesses *handle); - result = smack_accesses_clear(rules); //"spy" removed before by using smack_revoke_subject() + //"spy" removed before by using smack_revoke_subject() + result = smack_accesses_clear(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error in clearing rules in kernel"); - result = smack_have_access("writer", "book", "rwx"); //testing acces after acces_clear() - RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //now writer also should have no access + //testing acces after acces_clear() + result = smack_have_access("writer", "book", "rwx"); + //now writer also should have no access + RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); - //free resources - smack_accesses_free(rules); } //pairs of rules for test with mixed cases, different length and mixed order -const char *rules_tab[] = { - "reader1", "-", "-----", - "reader2", "--------", "-----", - "reader3", "RwXaT", "rwxat", - "reader4", "RrrXXXXTTT", "r-x-t", - "reader5", "-r-w-a-t", "rw-at", - "reader6", "", "-----", - "reader7", "xa--Rt---W", "rwxat", - "reader8", "#Ax[T].!~W@1}", "-wxat" +std::vector< std::vector > correct_rules = { + { "reader1", "-", "------" }, + { "reader2", "--------", "------" }, + { "reader3", "RwXaTl", "rwxatl" }, + { "reader4", "RrrXXXXTTT", "r-x-t-" }, + { "reader5", "-r-w-a-t-", "rw-at-" }, + { "reader6", "", "------" }, + { "reader7", "xa--Rt---W--L", "rwxatl" }, }; RUNNER_TEST_SMACK(smack03_mixed_rule_string_add) @@ -642,15 +585,18 @@ RUNNER_TEST_SMACK(smack03_mixed_rule_string_add) struct smack_accesses *rules = NULL; //rules prepared in this test case int result; //for storing functions results - int i; int expected; - result = smack_accesses_new(&rules); //rules struct init - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); //adding test rules with mixed string - for (i = 0; i < (3 * 8); i += 3) { - result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table + for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { + //using mixed rules from table + result = smack_accesses_add(rules_ptr.get(), + (*rule)[0].c_str(), + "book", + (*rule)[1].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); } @@ -660,21 +606,21 @@ RUNNER_TEST_SMACK(smack03_mixed_rule_string_add) //RUNNER_ASSERT_MSG_BT(result == 0, "Error in clearing rules in kernel"); //applying rules to kernel - result = smack_accesses_apply(rules); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to apply rules into kernel"); //checking accesses using normal rules - for (i = 0; i < (3 * 8); i += 3) { - if (!strcmp(rules_tab[i + 2], "-----")) + for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { + if ((*rule)[2] == "------") expected = 0; else expected = 1; - result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table + //using normal rules from table + result = smack_have_access((*rule)[0].c_str(), + "book", + (*rule)[2].c_str()); RUNNER_ASSERT_MSG_BT(result == expected, "Error while checking Smack access"); } - - //free resources - smack_accesses_free(rules); } RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access) @@ -689,17 +635,19 @@ RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access) //In this test case we checking previous aplied rules but for compare mixed strings are used int result; - int i; int expected; //rules were added in previous RUNNER_TEST section //checking accesses using mixed rules - for (i = 0; i < (3 * 8); i += 3) { - if (!strcmp(rules_tab[i + 2], "-----")) + for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { + if ((*rule)[2] == "------") expected = 0; else expected = 1; - result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table + //using mixed rules from table + result = smack_have_access((*rule)[0].c_str(), + "book", + (*rule)[1].c_str()); RUNNER_ASSERT_MSG_BT(result == expected, "Error while checking Smack access"); } } @@ -733,27 +681,24 @@ RUNNER_TEST_SMACK(smack05_self_label) const char *def_rule = "_"; - //int smack_new_label_from_self(char **label); result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG_BT(result >= 0, "Error in getting self label"); - //comparing this label with default one "_" result = strcmp(label, def_rule); + free(label); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong default process label"); //comparing this rule with received from /proc/self/attr/current fd = open("/proc/self/attr/current", O_RDONLY, 0644); RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /proc/self/attr/current"); + FdUniquePtr fd_ptr(&fd); result = read(fd, buff, B_SIZE); RUNNER_ASSERT_MSG_BT(result >= 0, "Error in reading from file /proc/self/attr/current"); result = strncmp(buff, def_rule, result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong default process rule"); - free(label); - //now time for setting labels: - //int smack_set_label_for_self(const char *label); result = smack_set_label_for_self("cola"); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting self label"); @@ -761,6 +706,7 @@ RUNNER_TEST_SMACK(smack05_self_label) result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG_BT(result >= 0, "Error in getting self label"); result = strcmp(label, "cola"); + free(label); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong process label"); //checking new label using /proc/self/attr/current @@ -770,9 +716,6 @@ RUNNER_TEST_SMACK(smack05_self_label) RUNNER_ASSERT_MSG_BT(result >= 0, "Error in reading from file /proc/self/attr/current"); result = strncmp(buff, "cola", result); RUNNER_ASSERT_MSG_BT(result == 0, "Proces rule in /proc/self/attr/current other than set"); - - free(label); - close(fd); } //RUNNER_TEST(smackXX_parent_child_label) @@ -838,23 +781,19 @@ RUNNER_TEST(smack06_get_set_label) char buff[SMACK_LABEL_LEN+1]; const char* s06testlabel = "s06testlabel"; - const char *file_path = "/etc/smack/test_smack_rules"; - //preparing environment by restoring default "_" label result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - - //int smack_getlabel(const char *path, char** label, - // enum smack_label_type type); result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //get label, should be default "_" result = strcmp(label, "_"); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); + //get label using xattr function result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -862,20 +801,17 @@ RUNNER_TEST(smack06_get_set_label) result = strncmp(buff, "_", result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); - - //int smack_setlabel(const char *path, const char* label, - // enum smack_label_type type); result = smack_setlabel(file_path, s06testlabel, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - //get label using smack function result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //get label, should be default s06testlabel result = strcmp(label, s06testlabel); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); + //get label using xattr function result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -909,22 +845,19 @@ RUNNER_TEST(smack07_l_get_set_label) const char *file_path = "/etc/smack/test_smack_rules_lnk"; - //preparing environment by restoring default "_" label result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - - //int smack_lgetlabel(const char *path, char** label, - // enum smack_label_type type); result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //get label of symbolic link, should be default "_" result = strcmp(label, "_"); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); + //get label using xattr function result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -932,23 +865,20 @@ RUNNER_TEST(smack07_l_get_set_label) result = strncmp(buff, "_", result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); - - //int smack_lsetlabel(const char *path, const char* label, - // enum smack_label_type type); result = smack_lsetlabel(file_path, s07testlabel1, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); //and set label for file pointed by link result = smack_setlabel(file_path, s07testlabel2, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - //get label using smack function result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //check label, should be s07testlabel1 result = strcmp(label, s07testlabel1); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); + //get label using xattr function result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -956,14 +886,14 @@ RUNNER_TEST(smack07_l_get_set_label) result = strncmp(buff, s07testlabel1, result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); - //now similar to above, but folowing symbolic link set before to s07testlabel2 result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error gettin label of file pointed by symbolic link"); //now label should be s07testlabel2 for file instead of s07testlabel1 set for link result = strcmp(label, s07testlabel2); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link"); + //get label using xattr function result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -994,20 +924,19 @@ RUNNER_TEST(smack08_f_get_set_label) fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules"); + FdUniquePtr fd_ptr(&fd); //preparing environment by restoring default "_" label result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - - //int smack_fgetlabel(int fd, char** label, - // enum smack_label_type type); result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //check label, should be "_" result = strcmp(label, "_"); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); + //get label using xattr function result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); @@ -1015,29 +944,23 @@ RUNNER_TEST(smack08_f_get_set_label) result = strncmp(buff, "_", result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label"); - - //int smack_fsetlabel(int fd, const char* label, - // enum smack_label_type type); result = smack_fsetlabel(fd, s08testlabel, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file"); - //get label using smack function result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file"); //check label, should be s08testlabel result = strcmp(label, s08testlabel); - RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); free(label); + RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); + //get label using xattr function result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN); RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file"); //check label, should match the one readed by smack function result = strncmp(buff, s08testlabel, result); RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label"); - - - close(fd); } RUNNER_TEST_SMACK(smack10_adding_removing_rules) @@ -1045,20 +968,20 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) unsigned int i; int result; - struct smack_accesses *rulesBasic = NULL; + struct smack_accesses *rules = NULL; for (i = 0; i < accessesBasic.size(); ++i) { // Creating rules - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); // Adding accesses - result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); + result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created @@ -1066,9 +989,6 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access. Result: " << result); - smack_accesses_free(rulesBasic); - rulesBasic = NULL; - // Deleting all rules clean_up(); } @@ -1076,15 +996,15 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) for (i = 0; i < 3; ++i) { // --- Creating rules (r or w or x) - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); // Adding accesses - result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); + result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add rulesBasic. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); @@ -1097,11 +1017,12 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) " Error while checking smack access. Result: " << result); // --- Modifying accesses (r for wx or w for rx or x for rw) - result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i + 3].c_str(),accessesBasic[i].c_str()); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i + 3].c_str(),accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created @@ -1114,15 +1035,14 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) RUNNER_ASSERT_MSG_BT(result == 0, " Error while checking smack access. Result: " << result); - smack_accesses_free(rulesBasic); - rulesBasic = NULL; - + rules_ptr.release(); // --- Creating complementary rules (r or w or x) - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); // Adding accesses - result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); + result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add rulesBasic. Result: " << result); // Checking if accesses were created @@ -1131,7 +1051,7 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) " Error while checking smack access. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created @@ -1140,11 +1060,12 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) " Error while checking smack access. Result: " << result); // --- Modifying accesses (adding rwx and removing r or w or x) - result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"rwx",accessesBasic[i].c_str()); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx", + accessesBasic[i].c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created @@ -1158,15 +1079,17 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) " Error while checking smack access. Result: " << result); // --- Adding crossing accesses (rx or rw or wx) - result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[3 + ((i + 1) % 3)].c_str(),""); + result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, + accessesBasic[3 + ((i + 1) % 3)].c_str(),""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[3 + ((i + 1) % 3)].c_str()); + result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, + accessesBasic[3 + ((i + 1) % 3)].c_str()); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access. Result: " << result); @@ -1175,15 +1098,12 @@ RUNNER_TEST_SMACK(smack10_adding_removing_rules) " Error while checking smack access. Result: " << result); // Deleting all rules - result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"","rwx"); + result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add modify rulesBasic. Result: " << result); - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking smack access. Result: " << result); - smack_accesses_free(rulesBasic); - rulesBasic = NULL; - // Deleting all rules clean_up(); } @@ -1194,32 +1114,28 @@ RUNNER_TEST_SMACK(smack11_saving_loading_rules) int result; int fd; - struct smack_accesses *rulesBasic = NULL; + struct smack_accesses *rules = NULL; // Pre-cleanup removeAccessesAll(); - // Creating rules - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + SmackAccessesPtr rules_ptr(rules); // Loading file with rwxat rules - test_smack_rules_full fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644); RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full"); // Adding rules from file - result = smack_accesses_add_from_file(rulesBasic, fd); + result = smack_accesses_add_from_file(rules_ptr.get(), fd); close(fd); RUNNER_ASSERT_MSG_BT(result == 0, "Error importing accesses from file"); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking rules - result = smack_have_access("test_subject_01", "test_object_01", "rwxat"); - RUNNER_ASSERT_MSG_BT(result == 1, - " Error while checking smack accesses."); result = smack_have_access("test_subject_01", "test_object_02", "rwxat"); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack accesses."); @@ -1248,29 +1164,28 @@ RUNNER_TEST_SMACK(smack11_saving_loading_rules) // Removing rules removeAccessesAll(); - smack_accesses_free(rulesBasic); - // Creating rules - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); // Loading file with partial wrong rules - test_smack_rules2 fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644); RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules2"); // Adding rules from file - result = smack_accesses_add_from_file(rulesBasic, fd); + result = smack_accesses_add_from_file(rules_ptr.get(), fd); close(fd); - RUNNER_ASSERT_MSG_BT(result == 0, "Accesses were loaded from file"); + RUNNER_ASSERT_MSG_BT(result == 0, "Error importing accesses from file"); // Applying rules - result = smack_accesses_apply(rulesBasic); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); // Checking rules RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_01"), " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); - result = smack_have_access("test_subject_01", "test_object_02", "rwat"); + result = smack_have_access("test_subject_01", "test_object_02", "rwatl"); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); result = smack_have_access("test_subject_01", "test_object_03", "wat"); @@ -1278,7 +1193,7 @@ RUNNER_TEST_SMACK(smack11_saving_loading_rules) " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_02", "test_object_01"), " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); - result = smack_have_access("test_subject_02", "test_object_02", "wa-ft"); + result = smack_have_access("test_subject_02", "test_object_02", "wa-lt"); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); result = smack_have_access("test_subject_02", "test_object_03", "wr"); @@ -1290,78 +1205,46 @@ RUNNER_TEST_SMACK(smack11_saving_loading_rules) result = smack_have_access("test_subject_03", "test_object_02", "rwat"); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_03", "test_object_03", "w"); + result = smack_have_access("test_subject_03", "test_object_03", "w---l-"); RUNNER_ASSERT_MSG_BT(result == 1, " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); // Removing rules removeAccessesAll(); - smack_accesses_free(rulesBasic); - // Creating rules - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); // Loading file with partial wrong rules - test_smack_rules3 fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644); RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules3"); // Adding rules from file - result = smack_accesses_add_from_file(rulesBasic, fd); + result = smack_accesses_add_from_file(rules_ptr.get(), fd); close(fd); RUNNER_ASSERT_MSG_BT(result != 0, "Accesses were loaded from file"); - // Applying rules - result = smack_accesses_apply(rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); - - // Checking rules - result = smack_have_access("test_subject_01", "test_object_01", "rwat"); - RUNNER_ASSERT_MSG_BT(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result ); - RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_02"), - " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Accesses exist."); - result = smack_have_access("test_subject_01", "test_object_03", "x"); - RUNNER_ASSERT_MSG_BT(result == 0, - " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result ); - // Removing rules removeAccessesAll(); - smack_accesses_free(rulesBasic); - // Creating rules - result = smack_accesses_new(&rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while creating new accesses. Result: " << result); + rules_ptr.release(); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); + rules_ptr.reset(rules); // Loading file with partial wrong rules - test_smack_rules4 fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644); RUNNER_ASSERT_MSG_BT(fd >= 0, "Unable to open /etc/smack/test_smack_rules4"); // Adding rules from file - result = smack_accesses_add_from_file(rulesBasic, fd); + result = smack_accesses_add_from_file(rules_ptr.get(), fd); close(fd); RUNNER_ASSERT_MSG_BT(result != 0, "Accesses were loaded from file"); - // Applying rules - result = smack_accesses_apply(rulesBasic); - RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result); - - // Checking rules - result = smack_have_access("test_subject_01", "test_object_01", "rxwat"); - RUNNER_ASSERT_MSG_BT(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result ); - RUNNER_ASSERT_MSG_BT(checkNoAccesses("test_subject_01", "test_object_02"), - " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Accesses exist."); - result = smack_have_access("test_subject_01", "test_object_03", "a"); - RUNNER_ASSERT_MSG_BT(result == 0, - " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result ); - // Removing rules removeAccessesAll(); - - smack_accesses_free(rulesBasic); } //int smack_new_label_from_socket(int fd, char **label); @@ -1370,33 +1253,31 @@ RUNNER_TEST_SMACK(smack11_saving_loading_rules) static void smack_set_another_label_for_self(void) { static int number = time(NULL); - int result; - char *smack_label; number++; - result = asprintf(&smack_label, "s%d", number); - RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed"); - result = smack_set_label_for_self(smack_label); + std::string smack_label("s" + std::to_string(number)); + + int result = smack_set_label_for_self(smack_label.c_str()); RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self(" << smack_label << ") failed"); - free(smack_label); } static void smack_unix_sock_server(int sock) { int fd, result; - char *smack_label; + char *label; alarm(2); fd = accept(sock, NULL, NULL); alarm(0); - if (fd < 0) - return; - result = smack_new_label_from_self(&smack_label); + RUNNER_ASSERT_BT(fd >= 0); + FdUniquePtr fd_ptr(&fd); + + result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG_BT(result >= 0, "smack_new_label_from_self() failed"); - result = write(fd, smack_label, strlen(smack_label)); - RUNNER_ASSERT_MSG_BT(result == (int)strlen(smack_label), "write() failed"); - close(fd); - free(smack_label); + CStringPtr label_ptr(label); + result = write(fd, label, strlen(label)); + RUNNER_ASSERT_MSG_BT(result == (int)strlen(label), "write() failed"); + } RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket) @@ -1413,6 +1294,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket) sock = socket(AF_UNIX, SOCK_STREAM, 0); RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); + SockUniquePtr sock_ptr(&sock); result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); RUNNER_ASSERT_MSG_BT(result == 0, "bind failed: " << strerror(errno)); result = listen(sock, 1); @@ -1428,7 +1310,6 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket) smack_set_another_label_for_self(); smack_unix_sock_server(sock); } - close(sock); exit(0); } else { /* parent process, client */ @@ -1440,21 +1321,24 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket) sock = socket(AF_UNIX, SOCK_STREAM, 0); RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); + SockUniquePtr sock_ptr(&sock); result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); RUNNER_ASSERT_MSG_BT(result == 0, "connect failed: " << strerror(errno)); alarm(2); result = read(sock, smack_label1, SMACK_LABEL_LEN); - RUNNER_ASSERT_MSG_BT(result >= 0, "read failed: " << strerror(errno)); alarm(0); + RUNNER_ASSERT_MSG_BT(result >= 0, "read failed: " << strerror(errno)); smack_label1[result] = '\0'; result = smack_new_label_from_socket(sock, &smack_label2); + SmackLabelPtr label2_ptr(smack_label2); RUNNER_ASSERT_MSG_BT(result >= 0, "smack_label_from_socket failed"); - result = strcmp(smack_label1, smack_label2); + result = strcmp(smack_label1, label2_ptr.get()); if (i < 3) - RUNNER_ASSERT_MSG_BT(result == 0, "smack labels differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i); + RUNNER_ASSERT_MSG_BT(result == 0, "smack labels differ: '" << smack_label1 + << "' != '" << smack_label2 << "' i == " << i); else - RUNNER_ASSERT_MSG_BT(result != 0, "smack labels do not differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i); - close(sock); + RUNNER_ASSERT_MSG_BT(result != 0, "smack labels do not differ: '" << smack_label1 + << "' != '" << smack_label2 << "' i == " << i); } } } @@ -1473,7 +1357,7 @@ void createFileWithLabel(const std::string &filePath, const std::string &fileLab RUNNER_ASSERT_MSG_BT(fd > -1, "Unable to create file for tests: " << strerror(errno)); //for descriptor protection - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); //change owner and group to user APP int ret = chown(filePath.c_str(), APP_UID, APP_GID); @@ -1496,8 +1380,8 @@ void prepareEnvironment(const std::string &subject, const std::string &object, c const std::string ruleAll = "x"; SecurityServer::AccessProvider provider(subject); - provider.allowAPI("system::homedir", ruleAll); - provider.allowAPI(object, access); + provider.addObjectRule("User", ruleAll); + provider.addObjectRule(object, access); provider.applyAndSwithToUser(APP_UID, APP_GID); } @@ -1511,7 +1395,7 @@ RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device) //function inside checks if rule exist after add it SecurityServer::AccessProvider provider(selfLabel); - provider.allowAPI(filename, "l"); + provider.addObjectRule(filename, "l"); provider.apply(); int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l"); @@ -1531,7 +1415,7 @@ RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR, 0); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); SecurityServer::AccessProvider provider(selfLabel); provider.applyAndSwithToUser(APP_UID, APP_GID); @@ -1558,7 +1442,7 @@ RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR, 0); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); prepareEnvironment(selfLabel, filename, "l"); @@ -1584,7 +1468,7 @@ RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR, 0); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); prepareEnvironment(selfLabel, filename, "w"); @@ -1613,7 +1497,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); int ret = flock(fd, LOCK_SH | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to shared lock file: " << strerror(errno)); @@ -1624,9 +1508,8 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child) int child_fd = open(filePath.c_str(), O_RDWR); RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno)); - //for descriptor protection - FDUniquePtr fp(&child_fd, closeFdPtr); + FdUniquePtr child_fd_ptr(&child_fd); ret = flock(child_fd, LOCK_SH | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to lock file with shared lock: " @@ -1651,7 +1534,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_str(&fd); int ret = flock(fd, LOCK_SH | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to shared lock file: " << strerror(errno)); @@ -1663,9 +1546,8 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child) int child_fd = open(filePath.c_str(), O_RDONLY, 0); RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno)); - //for descriptor protection - FDUniquePtr fp(&child_fd, closeFdPtr); + FdUniquePtr child_fd_ptr(&child_fd); ret = flock(child_fd, LOCK_SH | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to lock file with shared lock: " @@ -1690,7 +1572,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); int ret = flock(fd, LOCK_EX | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to exclusive lock file: " << strerror(errno)); @@ -1701,9 +1583,8 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child) int child_fd = open(filePath.c_str(), O_RDWR, 0); RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno)); - //for descriptor protection - FDUniquePtr fp(&child_fd, closeFdPtr); + FdUniquePtr child_fd_ptr(&child_fd); ret = flock(child_fd, LOCK_EX | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret < 0, "Error, able to lock file with exclusive lock"); @@ -1727,7 +1608,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child) createFileWithLabel(filePath, filename); int fd = open(filePath.c_str(), O_RDWR, 0); - FDUniquePtr fp(&fd, closeFdPtr); + FdUniquePtr fd_ptr(&fd); int ret = flock(fd, LOCK_EX | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret == 0, "Error, unable to exclusive lock file: " << strerror(errno)); @@ -1739,9 +1620,8 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child) int child_fd = open(filePath.c_str(), O_RDONLY, 0); RUNNER_ASSERT_MSG_BT(child_fd > -1, "Unable to open created file: " << strerror(errno)); - //for descriptor protection - FDUniquePtr fp(&child_fd, closeFdPtr); + FdUniquePtr child_fd_ptr(&child_fd); ret = flock(child_fd, LOCK_EX | LOCK_NB); RUNNER_ASSERT_MSG_BT(ret < 0, "Error, able to lock file with eclusive lock"); @@ -1769,26 +1649,24 @@ RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child) RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack) { - smack_accesses *tmp = NULL; + smack_accesses *rules = NULL; int result; //init rules - result = smack_accesses_new(&tmp); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance"); - + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); //pass rules to unique_ptr - AccessesUniquePtr rules(tmp, smack_accesses_free); + SmackAccessesPtr rules_ptr(rules); //adding test rules to struct (same as SMACK version of smack02 test) - result = smack_accesses_add(rules.get(), "writer", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules.get(), "reader", "book", "r"); + result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules.get(), "spy", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); //applying rules to kernel (should fail) - result = smack_accesses_apply(rules.get()); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == -1, "Unable to apply rules into kernel"); //calls from SMACK version of this test - all should fail because of SMACK being turned off @@ -1809,11 +1687,11 @@ RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack) result = smack_have_access("spy", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off)."); - result = smack_accesses_add(rules.get(), "s02subjectlabel", "book", "rwx"); + result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx"); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules"); //smack_accesses_clear should return error aswell - result = smack_accesses_clear(rules.get()); + result = smack_accesses_clear(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == -1, "Clearing rules should return error - no SMACK on system."); result = smack_have_access("writer", "book", "rwx"); @@ -1834,10 +1712,8 @@ RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack) smack_accesses* tmp = NULL; - result = smack_accesses_new(&tmp); - RUNNER_ASSERT_MSG_BT(result == 0, "Error during rules creation."); - - AccessesUniquePtr rules(tmp, smack_accesses_free); + RUNNER_ASSERT_BT(smack_accesses_new(&tmp) == 0); + SmackAccessesPtr rules(tmp); //open file with rules fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644); @@ -1866,52 +1742,32 @@ RUNNER_TEST_NOSMACK(smack04_self_label_nosmack) result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG_BT(result == -1, "new_label_from_self should return error (SMACK is off)."); RUNNER_ASSERT_MSG_BT(label == NULL, "new_label_from_self shouldn't allocate memory to label."); - //We don't need to remember about freeing label - smack_new_label_from_self must return NULL //label if it's working properly. // /proc/self/attr/current shouldn't keep any rules inside fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open RUNNER_ASSERT_MSG_BT(fd >= 0, "/proc/self/attr/current failed to open."); + FdUniquePtr fd_ptr(&fd); result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error - if(result >= 0) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error."); - } + RUNNER_ASSERT_MSG_BT(result < 0, "Reading /proc/self/attr/current should return error."); //setting label for self should fail result = smack_set_label_for_self("s04testlabel"); - if(result != -1) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "set_label_for_self should return error (SMACK is off)."); - } + RUNNER_ASSERT_MSG_BT(result == -1, "set_label_for_self should return error (SMACK is off)."); //getting previously set label should also fail result = smack_new_label_from_self(&label); - if(result != -1) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "new_label_from_self should return error (SMACK is off)."); - } - if(label != NULL) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "new_label_from_self shouldn't allocate memory to label."); - } + RUNNER_ASSERT_MSG_BT(result == -1, "new_label_from_self should return error (SMACK is off)."); + RUNNER_ASSERT_MSG_BT(label == NULL, "new_label_from_self shouldn't allocate memory to label."); // /proc/self/attr/current still shouldn't keep any rules inside result = lseek(fd, 0, SEEK_SET); //going to the file beginning - if(result != 0) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "lseek() error."); - } + RUNNER_ASSERT_MSG_BT(result == 0, "lseek() error."); result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error - if(result >= 0) { - close(fd); - RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error."); - } - - close(fd); + RUNNER_ASSERT_MSG_BT(result < 0, "Reading /proc/self/attr/current should return error."); } /** @@ -1925,23 +1781,22 @@ RUNNER_TEST_NOSMACK(smack04_self_label_nosmack) RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack) { int result; - smack_accesses* tmp = NULL; + smack_accesses* rules = NULL; - result = smack_accesses_new(&tmp); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to allocate memory for rules. Result: " << result); + RUNNER_ASSERT_BT(smack_accesses_new(&rules) == 0); - AccessesUniquePtr rules(tmp, smack_accesses_free); + SmackAccessesPtr rules_ptr(rules); //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new //rule struct and removal of currenctly added and applied rules. clean_up() must be done only //after smack_accesses_apply(). - result = smack_accesses_add_modify(rules.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); + result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule. Result: " << result); - result = smack_accesses_add_modify(rules.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); + result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to modify rule. Result: " << result); - result = smack_accesses_apply(rules.get()); + result = smack_accesses_apply(rules_ptr.get()); RUNNER_ASSERT_MSG_BT(result == -1, "smack_accesses_apply should return error (SMACK is off). Result: " << result); @@ -1978,35 +1833,27 @@ RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack) //Create new socket sock = socket(AF_UNIX, SOCK_STREAM, 0); RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); + SockUniquePtr sock_ptr(&sock); //Bind it to sockaddr result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - if (result != 0) { - close(sock); - RUNNER_ASSERT_MSG_BT(false, "bind failed: " << strerror(errno)); - } + RUNNER_ASSERT_MSG_BT(result == 0, "bind failed: " << strerror(errno)); //Prepare for listening result = listen(sock, 1); - if (result != 0) { - close(sock); - RUNNER_ASSERT_MSG_BT(false, "listen failed: " << strerror(errno)); - } + RUNNER_ASSERT_MSG_BT(result == 0, "listen failed: " << strerror(errno)); //Accept client alarm(2); fd = accept(sock, NULL, NULL); alarm(0); - if (fd < 0) { - close(sock); - RUNNER_ASSERT_MSG_BT(false, "Failed when accepting connection from client."); - } + RUNNER_ASSERT_MSG_BT(fd >= 0, "Failed when accepting connection from client."); + FdUniquePtr fd_ptr(&fd); //wait for smack_new_label_from_socket execution usleep(200); - //Close socket and server - close(sock); + //Close server exit(0); } else { //parent (client) @@ -2016,19 +1863,16 @@ RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack) //Create socket sock = socket(AF_UNIX, SOCK_STREAM, 0); + SockUniquePtr sock_ptr(&sock); RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); //Connect to sockaddr result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - if (result != 0) { - close(sock); - RUNNER_ASSERT_MSG_BT(false, "connect failed: " << strerror(errno)); - } + RUNNER_ASSERT_MSG_BT(result == 0, "connect failed: " << strerror(errno)); //Try getting label, should fail beacuse getsockopt won't get anything result = smack_new_label_from_socket(sock, &smack_label); - close(sock); RUNNER_ASSERT_MSG_BT(result == -1, "smack_new_label_from_socket should fail."); } }