+int check_labels_dir(const char *fpath, const struct stat *sb,
+ const char* labels_db_path, const char* dir_db_path,
+ const char* access)
+{
+ int result;
+ char* label;
+ char* label_gen;
+ char* scanf_label_format;
+ char label_temp[SMACK_LABEL_LEN + 1];
+ FILE* file_db;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ if(result != 0){
+ free(label_gen);
+ RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ }
+ if(label != NULL){
+ free(label_gen);
+ free(label);
+ RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
+ }
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ if(result != 0){
+ free(label_gen);
+ free(label);
+ RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ }
+ if (S_ISDIR(sb->st_mode)) {
+ if(label == NULL){
+ free(label_gen);
+ free(label);
+ RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
+ }
+ result = strcmp("TRUE", label);
+ if(result != 0){
+ free(label_gen);
+ free(label);
+ RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
+ }
+ } else if(label != NULL){
+ free(label_gen);
+ free(label);
+ RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
+ }
+
+ free(label);
+
+ if(0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)){
+ free(label_gen);
+ RUNNER_ASSERT_MSG(false, "asprintf failed");
+ }
+
+ file_db = fopen(labels_db_path, "r");
+ if(file_db == NULL){
+ free(label_gen);
+ free(scanf_label_format);
+ RUNNER_ASSERT_MSG(false, "Can not open database for apps");
+ }
+ while(fscanf(file_db, scanf_label_format, label_temp)==1){
+ result = smack_have_access(label_temp, label_gen, access);
+ if(result != 1){
+ fclose(file_db);
+ free(label_gen);
+ free(scanf_label_format);
+ RUNNER_ASSERT_MSG(false,
+ "Error " << access << " access was not given for subject: "
+ << label_temp << ". Result: " << result);
+ }
+ }
+ fclose(file_db);
+
+ file_db = fopen(dir_db_path, "r");
+ if(file_db == NULL){
+ free(label_gen);
+ free(scanf_label_format);
+ RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
+ }
+ bool is_dir = false;
+ while(fscanf(file_db, scanf_label_format, label_temp)==1){
+ if(strcmp(label_gen, label_temp) == 0){
+ is_dir = true;
+ break;
+ }
+ }
+ free(scanf_label_format);
+ free(label_gen);
+ fclose(file_db);
+
+ RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
+
+ return 0;
+}
+
+int nftw_check_labels_app_public_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW * /*ftwbuf*/)
+{
+ return check_labels_dir(fpath, sb,
+ SMACK_APPS_LABELS_DATABASE,
+ SMACK_PUBLIC_DIRS_DATABASE, "rx");
+}
+
+int nftw_check_labels_app_settings_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW * /*ftwbuf*/)
+{
+ return check_labels_dir(fpath, sb,
+ SMACK_APPS_SETTINGS_LABELS_DATABASE,
+ SMACK_SETTINGS_DIRS_DATABASE, "rwx");
+}
+