smack_file_name(APP_ID, &path);
unlink(path);
+ app_uninstall(APP_ID);
+
result = app_install(APP_ID);
RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
free(path);
}
+void checkOnlyAvAccess(const char* av_id, const char* app_id, const char* comment){
+ int result;
+ result = smack_have_access(av_id, app_id, "rwx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error while checking " << av_id << " rwx access to "
+ << app_id << " " << comment << " Result: " << result);
+ result = smack_have_access(av_id, app_id, "a");
+ RUNNER_ASSERT_MSG(result == 0,
+ "Error while checking " << av_id << " a access to "
+ << app_id << " " << comment << " Result: " << result);
+ result = smack_have_access(av_id, app_id, "t");
+ RUNNER_ASSERT_MSG(result == 0,
+ "Error while checking " << av_id << " t access to "
+ << app_id << " " << comment << " Result: " << result);
+}
+
/*
* Check app_register_av function
* Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
RUNNER_TEST(privilege_control10_app_register_av)
{
int result;
- //FILE* file_av = NULL;
- //FILE* file_app = NULL;
- //int fd_app = -1;
- int fd = -1;
- char *path = NULL;
- char *buff;
- int len;
int i;
- //char label1[SMACK_LABEL_LEN +1];
- //char label2[SMACK_LABEL_LEN +1];
- //char acces_rights[6 +1];
- //char row[2 * SMACK_LABEL_LEN + 20] //
- const char* correct_antivirus1_rules = "test-antivirus1 test-application1 rwx--\n"
- "test-antivirus1 test-application_2 rwx--\n"
- "test-antivirus1 test-app-3 rwx--";
- const char* correct_antivirus2_rules = "test-antivirus_2 test-application1 rwx--\n"
- "test-antivirus_2 test-application_2 rwx--\n"
- "test-antivirus_2 test-app-3 rwx--";
+
+ struct smack_accesses * rules = NULL;
+ char *path = NULL;
// cleaning
+ smack_revoke_subject(APP_TEST_AV_1);
+ smack_revoke_subject(APP_TEST_AV_2);
+
cleaning_smack_app_files();
cleaning_smack_database_files();
+ // Adding two apps before antivir
result = app_install(APP_TEST_APP_1);
RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
result = app_install(APP_TEST_APP_2);
RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ // Adding antivir
result = app_register_av(APP_TEST_AV_1);
RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
+ // Checking added apps accesses
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
+
+ // Adding third app
result = app_install(APP_TEST_APP_3);
RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ // Checking app accesses
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_install(APP_TEST_APP_3)");
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_install(APP_TEST_APP_3)");
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_install(APP_TEST_APP_3)");
+
+ // Adding second antivir
result = app_register_av(APP_TEST_AV_2);
RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
- // checking rules for anti virus 1
- // compare between file in /etc/smack/access.d/ and correct value (correct_antivirus1_rules).
- len = strlen(correct_antivirus1_rules);
- buff = (char *) malloc((len+1) * sizeof(char));
- smack_file_name(APP_TEST_AV_1, &path);
- fd = open(path, O_RDONLY);
- free(path);
- RUNNER_ASSERT_MSG(fd > -1, "file open failed " << result <<". Errno: " << strerror(errno));
- result = read(fd, buff, len);
- close(fd);
- fd = -1;
- buff[len] = '\0';
- RUNNER_ASSERT_MSG(result > -1, "read from file descriptor failed. Errno: " << strerror(errno));
- result = strncmp(buff, correct_antivirus1_rules, len);
- RUNNER_ASSERT_MSG(result == 0, "Rules do not match: " << result << "\n\"" << buff << "\"\n\"" << correct_antivirus1_rules << "\"\n" << len);
- free(buff);
-
- // checking rules for anti virus 2
- len = strlen(correct_antivirus2_rules);
- buff = (char *) malloc((len+1) * sizeof(char));
- smack_file_name(APP_TEST_AV_2, &path);
- fd = open(path, O_RDONLY);
- free (path);
- RUNNER_ASSERT_MSG(fd > -1, "file open failed " << result <<". Errno: " << strerror(errno));
- result = read(fd, buff, len);
- close (fd);
- fd = -1;
- buff[len] = '\0';
- RUNNER_ASSERT_MSG(result > -1, "read from file descriptor failed. Errno: " << strerror(errno));
- result = strncmp(buff, correct_antivirus2_rules, len);
- RUNNER_ASSERT_MSG(result == 0, "Rules do not match: " << result << "\n\"" << buff << "\"\n\"" << correct_antivirus1_rules << "\"\n" << len);
- free(buff);
+ // Checking app accesses
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
+ checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
+ checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
+ checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
+ checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
// cleaning
+ smack_revoke_subject(APP_TEST_AV_1);
+ smack_revoke_subject(APP_TEST_AV_2);
+
cleaning_smack_app_files();
cleaning_smack_database_files();
}
projects / platform / core / test / security-tests.git / commitdiff