No longer hardcode application label to "User". Security-manager is switching
to final labeling schema: "User::App::$appId".
Adapting the tests accordingly.
Change-Id: I839027f9bb2b350ec057c08e9382516e194c1a5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-static void generateAppLabel(const std::string &appId, std::string &label)
+static std::string generateAppLabel(const std::string &appId)
- (void) appId;
- label = "User";
+ return "User::App::" + appId;
}
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
}
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
+// nftw doesn't allow passing user data to functions. Work around by using global variable
+static std::string nftw_expected_label;
+bool nftw_expected_transmute;
+bool nftw_expected_exec;
-static int nftw_check_sm_labels_app_rw_dir(const char *fpath, const struct stat *sb,
+static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
- return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
-}
-
-static int nftw_check_sm_labels_app_ro_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
-
- return nftw_check_sm_labels_app_dir(fpath, sb, "User::Home", true, false);
+ return nftw_check_sm_labels_app_dir(fpath, sb,
+ nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
}
static void prepare_app_path()
}
static void prepare_app_path()
-/* TODO: add parameters to this function */
-static void check_app_path_after_install()
+static void check_app_path_after_install(const char *appId)
- result = nftw(SM_RW_PATH, &nftw_check_sm_labels_app_rw_dir, FTW_MAX_FDS, FTW_PHYS);
+ nftw_expected_label = generateAppLabel(appId);
+ nftw_expected_transmute = false;
+ nftw_expected_exec = true;
+
+ result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
- result = nftw(SM_RO_PATH, &nftw_check_sm_labels_app_ro_dir, FTW_MAX_FDS, FTW_PHYS);
+ nftw_expected_label = "User::Home";
+ nftw_expected_transmute = true;
+ nftw_expected_exec = false;
+
+ result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
const privileges_t &allowed_privs, const privileges_t &denied_privs)
{
(void) pkg_id;
const privileges_t &allowed_privs, const privileges_t &denied_privs)
{
(void) pkg_id;
- std::string smackLabel;
- generateAppLabel(app_id, smackLabel);
+ std::string smackLabel = generateAppLabel(app_id);
CynaraTestClient::Client ctc;
CynaraTestClient::Client ctc;
SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
/* TODO: add parameters to this function */
SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
/* TODO: add parameters to this function */
- check_app_path_after_install();
+ check_app_path_after_install(sm_app_id);
InstallRequest requestUninst;
requestUninst.setAppId(sm_app_id);
InstallRequest requestUninst;
requestUninst.setAppId(sm_app_id);
{
const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
{
const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
- const char *const expected_label = USER_APP_ID;
const char *const socketLabel = "not_expected_label";
const char *const socketLabel = "not_expected_label";
+ std::string expected_label = generateAppLabel(app_id);
char *label = nullptr;
CStringPtr labelPtr;
int result;
char *label = nullptr;
CStringPtr labelPtr;
int result;
ssize_t size;
size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
ssize_t size;
size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- result = strcmp(expected_label, value);
+ result = expected_label.compare(value);
RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
expected_label << " Actual: " << value);
size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
expected_label << " Actual: " << value);
size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- result = strcmp(expected_label, value);
+ result = expected_label.compare(value);
RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
expected_label << " Actual: " << value);
RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
expected_label << " Actual: " << value);
" Process label is not set");
labelPtr.reset(label);
" Process label is not set");
labelPtr.reset(label);
- result = strcmp(expected_label, label);
+ result = expected_label.compare(label);
RUNNER_ASSERT_MSG(result == 0,
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
RUNNER_ASSERT_MSG(result == 0,
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
- std::string smackLabel;
- generateAppLabel(update_app_id, smackLabel);
-
struct message {
uid_t uid;
gid_t gid;
struct message {
uid_t uid;
gid_t gid;
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+ admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
- std::string smackLabel;
- generateAppLabel(update_other_app_id, smackLabel);
-
struct message {
uid_t uid;
gid_t gid;
struct message {
uid_t uid;
gid_t gid;
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+ admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
- std::string smackLabel;
- generateAppLabel(update_app_id, smackLabel);
-
struct message {
uid_t uid;
gid_t gid;
struct message {
uid_t uid;
gid_t gid;
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+ admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
PolicyRequest addPolicyRequest;
CynaraTestAdmin::Admin admin;
- std::string smackLabel;
- generateAppLabel(update_app_id, smackLabel);
-
struct message {
uid_t uid;
gid_t gid;
struct message {
uid_t uid;
gid_t gid;
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
//wait for child
RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+ admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
pid = fork();
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
pid = fork();
//wait for child
waitpid(-1, &result, 0);
//wait for child
waitpid(-1, &result, 0);
- admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+ admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
}
if(pid == 0)
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
}
if(pid == 0)