#define APP_TEST "app_test"
+#define APP_NPRUNTIME "app_np_test"
+#define APP_NPRUNTIME_FILE "/etc/smack/test_privilege_control_DIR/app_dir/exec"
+
namespace {
const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
}
-RUNNER_TEST(privilege_control20_early_rules)
+RUNNER_TEST(privilege_control20_app_setup_path_npruntime)
+{
+ int result = 0;
+ std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
+ std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
+ char *label = NULL;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
+
+ result = perm_app_install(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
+
+ result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
+
+ DB_END
+
+ RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
+ labelPtr.reset(label);
+ label = NULL;
+ RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
+
+ // test smack accesses
+ result = smack_have_access(APP_NPRUNTIME, nptargetlabel.c_str(), "rw");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error: subject: " << APP_NPRUNTIME << " has not rw access to object: "
+ << nptargetlabel.c_str() << ". Result: " << result);
+
+ result = smack_have_access(nptargetlabel.c_str(), APP_NPRUNTIME, "rxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: "
+ << APP_NPRUNTIME << ". Result: " << result);
+
+ result = smack_have_access(nptargetlabel.c_str(), "system::homedir", "rxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: "
+ << "system::homedir. Result: " << result);
+
+ result = smack_have_access(nptargetlabel.c_str(), "xorg", "rw");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error: subject: " << nptargetlabel.c_str() << " has not rw access to object: "
+ << "xorg. Result: " << result);
+
+ result = perm_app_uninstall(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
+}
+
+RUNNER_TEST(privilege_control21_early_rules)
{
RUNNER_IGNORED_MSG("early rules are not implemented");