/*
* @file test_cases.cpp
* @author Pawel Polawski (p.polawski@samsung.com)
+ * @author Jan Olszak (j.olszak@samsung.com)
* @version 1.0
* @brief libprivilege test runer
*/
#include <string>
+#include <fcntl.h>
#include <dpl/test/test_runner.h>
#include <dpl/log/log.h>
-
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
-#include <fcntl.h>
-
#include <sys/smack.h>
-
#include <sys/xattr.h>
+#define TEST_SUBJECT "test_subject"
+#define TEST_OBJECT "test_oject"
+
+
int files_compare(int fd1, int fd2)
{
int result = 0;
return result;
}
+
RUNNER_TEST_GROUP_INIT(libsmack)
+/**
+ * Helper method to reset privileges at the begginning of tests.
+ */
+void clean_up(){
+ struct smack_accesses * rules = NULL;
+ int result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ // CLEAN UP
+ smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwxat");
+ smack_accesses_apply(rules);
+ smack_accesses_free(rules);
+
+ // PREINIT CHECK.
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") != 1, "Rule has previous privileges after cleaning up!");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"w") != 1, "Rule has previous privileges after cleaning up!");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"x") != 1, "Rule has previous privileges after cleaning up!");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"a") != 1, "Rule has previous privileges after cleaning up!");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"t") != 1, "Rule has previous privileges after cleaning up!");
+}
+
+/**
+ * Add a new access with smack_accesses_add_modify()
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_1){
+ int result;
+
+ clean_up();
+
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
+ RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
+
+
+/**
+ * Test if rules are applied in the right order, and modification works.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_2){
+ int result;
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0, "Modification didn't work");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
+
+
+/**
+ * Test if rules are applied in the right order, and modification works.
+ * Using different smack_accesses list to add and delete.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_3){
+ int result;
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ clean_up();
+
+ // THE TEST
+ // Add r privilage
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"r","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1, "Adding privileges didn't work");
+ smack_accesses_free(rules);
+
+ // Revoke r privilege
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
+
+/**
+ * Add a list of privileges and then revoke just ONE of them.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_4){
+ int result;
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
+
+/**
+ * Add a list of privileges and then revoke just ONE of them.
+ * Without applying privileges in between those actions.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_5){
+ int result;
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
+
+
+/**
+ * Add a list of privileges and then revoke just TWO of them.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_6){
+ int result;
+ struct smack_accesses * rules = NULL;
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"rwt","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"ax","rt");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+}
RUNNER_TEST(smack01_storing_and_restoring_rules)
{
projects / platform / core / test / security-tests.git / commitdiff