#include <sys/stat.h>
#define SMACK_RULES_DIR "/opt/etc/smack-app/accesses.d/"
-#define SMACK_LOAD2 "/smack/load2"
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
+#define SMACK_LOAD2 "/smack/load2"
+#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-#define APPID_DIR "test_APP_ID_dir"
-#define APPID_SHARED_DIR "test_APP_ID_shared_dir"
-#define CANARY_LABEL "tiny_yellow_canary"
+#define APPID_DIR "test_APP_ID_dir"
+#define APPID_SHARED_DIR "test_APP_ID_shared_dir"
+#define CANARY_LABEL "tiny_yellow_canary"
-#define APP_ID "test_APP"
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
+#define APP_ID "test_APP"
+#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-#define WGT_APP_ID "QwCqJ0ttyS"
-#define WGT_PARTNER_APP_ID "7btsV1Y0sX"
-#define WGT_PLATFORM_APP_ID "G4DE3U2vmW"
-#define WGT_APP_PATH "/opt/usr/apps/QwCqJ0ttyS/bin/QwCqJ0ttyS.TestMisiuPysiu123"
-#define WGT_PARTNER_APP_PATH "/opt/usr/apps/7btsV1Y0sX/bin/7btsV1Y0sX.MisiuPysiu123Partner"
+#define WGT_APP_ID "QwCqJ0ttyS"
+#define WGT_PARTNER_APP_ID "7btsV1Y0sX"
+#define WGT_PLATFORM_APP_ID "G4DE3U2vmW"
+#define WGT_APP_PATH "/opt/usr/apps/QwCqJ0ttyS/bin/QwCqJ0ttyS.TestMisiuPysiu123"
+#define WGT_PARTNER_APP_PATH "/opt/usr/apps/7btsV1Y0sX/bin/7btsV1Y0sX.MisiuPysiu123Partner"
#define WGT_PLATFORM_APP_PATH "/opt/usr/apps/G4DE3U2vmW/bin/G4DE3U2vmW.MisiuPysiu123Platform"
-#define OSP_APP_ID "uqNfgEjqc7"
-#define OSP_PARTNER_APP_ID "j4RuPsZrNt"
-#define OSP_PLATFORM_APP_ID "V5LKqDFBXm"
-#define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
-#define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
+#define OSP_APP_ID "uqNfgEjqc7"
+#define OSP_PARTNER_APP_ID "j4RuPsZrNt"
+#define OSP_PLATFORM_APP_ID "V5LKqDFBXm"
+#define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
+#define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
#define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform"
const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
-#define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
-#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
+#define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
+#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
#define APP_TEST_APP_1 "test-application1"
#define APP_TEST_APP_2 "test-application_2"
#define APP_TEST_APP_3 "test-app-3"
-#define APP_TEST_AV_1 "test-antivirus1"
-#define APP_TEST_AV_2 "test-antivirus_2"
-#define APP_TEST_AV_3 "test-av-3"
+#define APP_TEST_AV_1 "test-antivirus1"
+#define APP_TEST_AV_2 "test-antivirus_2"
+#define APP_TEST_AV_3 "test-av-3"
-#define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
-#define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
-#define SMACK_PUBLIC_DIRS_DATABASE "/opt/dbspace/.privilege_control_public_dirs.db"
+#define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
+#define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
+#define SMACK_PUBLIC_DIRS_DATABASE "/opt/dbspace/.privilege_control_public_dirs.db"
#define SMACK_APPS_SETTINGS_LABELS_DATABASE "/opt/dbspace/.privilege_control_app_setting.db"
-#define SMACK_SETTINGS_DIRS_DATABASE "/opt/dbspace/.privilege_control_setting_dir.db"
+#define SMACK_SETTINGS_DIRS_DATABASE "/opt/dbspace/.privilege_control_setting_dir.db"
#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
#define APP_TEST_SETTINGS_ASP2 "test-app-settings-asp2"
-#define APP_TEST_AV_ASP1 "test-app-av-asp1"
-#define APP_TEST_AV_ASP2 "test-app-av-asp2"
+#define APP_TEST_AV_ASP1 "test-app-av-asp1"
+#define APP_TEST_AV_ASP2 "test-app-av-asp2"
#define SOCK_PATH "/tmp/test-smack-socket"
-#define APP_GID 5000
-#define APP_UID 5000
+#define APP_GID 5000
+#define APP_UID 5000
#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
+#define APP_HOME_DIR "/opt/home/app"
#define APP_FRIEND_1 "app_friend_1"
#define APP_FRIEND_2 "app_friend_2"
// Rules from test_privilege_control_rules.smack
const std::vector< std::vector<std::string> > rules = {
- { APP_ID, "test_book_1", "r" },
- { APP_ID, "test_book_2", "w" },
- { APP_ID, "test_book_3", "x" },
- { APP_ID, "test_book_4", "rw" },
- { APP_ID, "test_book_5", "rx" },
- { APP_ID, "test_book_6", "wx" },
- { APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", APP_ID, "r" },
- { "test_subject_2", APP_ID, "w" },
- { "test_subject_3", APP_ID, "x" },
- { "test_subject_4", APP_ID, "rw" },
- { "test_subject_5", APP_ID, "rx" },
- { "test_subject_6", APP_ID, "wx" },
- { "test_subject_7", APP_ID, "rwx" },
- { APP_ID, APPID_SHARED_DIR, "rwxat"}};
+ { APP_ID, "test_book_1", "r" },
+ { APP_ID, "test_book_2", "w" },
+ { APP_ID, "test_book_3", "x" },
+ { APP_ID, "test_book_4", "rw" },
+ { APP_ID, "test_book_5", "rx" },
+ { APP_ID, "test_book_6", "wx" },
+ { APP_ID, "test_book_7", "rwx" },
+ { "test_subject_1", APP_ID, "r" },
+ { "test_subject_2", APP_ID, "w" },
+ { "test_subject_3", APP_ID, "x" },
+ { "test_subject_4", APP_ID, "rw" },
+ { "test_subject_5", APP_ID, "rx" },
+ { "test_subject_6", APP_ID, "wx" },
+ { "test_subject_7", APP_ID, "rwx" },
+ { APP_ID, APPID_SHARED_DIR, "rwxat"}
+};
// Rules from test_privilege_control_rules2.smack
const std::vector< std::vector<std::string> > rules2 = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "rw" },
- { APP_ID, "test_book_12", "rx" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "rwx" },
- { APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "rw" },
- { "test_subject_12", APP_ID, "rx" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "rwx" },
- { "test_subject_15", APP_ID, "rwxat" }};
+ { APP_ID, "test_book_8", "r" },
+ { APP_ID, "test_book_9", "w" },
+ { APP_ID, "test_book_10", "x" },
+ { APP_ID, "test_book_11", "rw" },
+ { APP_ID, "test_book_12", "rx" },
+ { APP_ID, "test_book_13", "wx" },
+ { APP_ID, "test_book_14", "rwx" },
+ { APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", APP_ID, "r" },
+ { "test_subject_9", APP_ID, "w" },
+ { "test_subject_10", APP_ID, "x" },
+ { "test_subject_11", APP_ID, "rw" },
+ { "test_subject_12", APP_ID, "rx" },
+ { "test_subject_13", APP_ID, "wx" },
+ { "test_subject_14", APP_ID, "rwx" },
+ { "test_subject_15", APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_no_r.smack
const std::vector< std::vector<std::string> > rules2_no_r = {
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "w" },
- { APP_ID, "test_book_12", "x" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "wx" },
- { APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "w" },
- { "test_subject_12", APP_ID, "x" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "wx" },
- { "test_subject_15", APP_ID, "wxat" }};
+ { APP_ID, "test_book_9", "w" },
+ { APP_ID, "test_book_10", "x" },
+ { APP_ID, "test_book_11", "w" },
+ { APP_ID, "test_book_12", "x" },
+ { APP_ID, "test_book_13", "wx" },
+ { APP_ID, "test_book_14", "wx" },
+ { APP_ID, "test_book_15", "wxat" },
+ { "test_subject_9", APP_ID, "w" },
+ { "test_subject_10", APP_ID, "x" },
+ { "test_subject_11", APP_ID, "w" },
+ { "test_subject_12", APP_ID, "x" },
+ { "test_subject_13", APP_ID, "wx" },
+ { "test_subject_14", APP_ID, "wx" },
+ { "test_subject_15", APP_ID, "wxat" }
+};
// Rules from test_privilege_control_rules.smack
// minus test_privilege_control_rules_no_r.smack
const std::vector< std::vector<std::string> > rules2_r = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_11", "r" },
- { APP_ID, "test_book_12", "r" },
- { APP_ID, "test_book_14", "r" },
- { APP_ID, "test_book_15", "r" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_11", APP_ID, "r" },
- { "test_subject_12", APP_ID, "r" },
- { "test_subject_14", APP_ID, "r" },
- { "test_subject_15", APP_ID, "r" }};
+ { APP_ID, "test_book_8", "r" },
+ { APP_ID, "test_book_11", "r" },
+ { APP_ID, "test_book_12", "r" },
+ { APP_ID, "test_book_14", "r" },
+ { APP_ID, "test_book_15", "r" },
+ { "test_subject_8", APP_ID, "r" },
+ { "test_subject_11", APP_ID, "r" },
+ { "test_subject_12", APP_ID, "r" },
+ { "test_subject_14", APP_ID, "r" },
+ { "test_subject_15", APP_ID, "r" }
+};
// Rules from test_privilege_control_rules_wgt.smack for wgt
const std::vector< std::vector<std::string> > rules_wgt = {
- { WGT_APP_ID, "test_book_8", "r" },
- { WGT_APP_ID, "test_book_9", "w" },
- { WGT_APP_ID, "test_book_10", "x" },
- { WGT_APP_ID, "test_book_11", "rw" },
- { WGT_APP_ID, "test_book_12", "rx" },
- { WGT_APP_ID, "test_book_13", "wx" },
- { WGT_APP_ID, "test_book_14", "rwx" },
- { WGT_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_APP_ID, "r" },
- { "test_subject_9", WGT_APP_ID, "w" },
- { "test_subject_10", WGT_APP_ID, "x" },
- { "test_subject_11", WGT_APP_ID, "rw" },
- { "test_subject_12", WGT_APP_ID, "rx" },
- { "test_subject_13", WGT_APP_ID, "wx" },
- { "test_subject_14", WGT_APP_ID, "rwx" },
- { "test_subject_15", WGT_APP_ID, "rwxat" }};
+ { WGT_APP_ID, "test_book_8", "r" },
+ { WGT_APP_ID, "test_book_9", "w" },
+ { WGT_APP_ID, "test_book_10", "x" },
+ { WGT_APP_ID, "test_book_11", "rw" },
+ { WGT_APP_ID, "test_book_12", "rx" },
+ { WGT_APP_ID, "test_book_13", "wx" },
+ { WGT_APP_ID, "test_book_14", "rwx" },
+ { WGT_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", WGT_APP_ID, "r" },
+ { "test_subject_9", WGT_APP_ID, "w" },
+ { "test_subject_10", WGT_APP_ID, "x" },
+ { "test_subject_11", WGT_APP_ID, "rw" },
+ { "test_subject_12", WGT_APP_ID, "rx" },
+ { "test_subject_13", WGT_APP_ID, "wx" },
+ { "test_subject_14", WGT_APP_ID, "rwx" },
+ { "test_subject_15", WGT_APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_wgt.smack for wgt_partner
const std::vector< std::vector<std::string> > rules_wgt_partner = {
- { WGT_PARTNER_APP_ID, "test_book_8", "r" },
- { WGT_PARTNER_APP_ID, "test_book_9", "w" },
- { WGT_PARTNER_APP_ID, "test_book_10", "x" },
- { WGT_PARTNER_APP_ID, "test_book_11", "rw" },
- { WGT_PARTNER_APP_ID, "test_book_12", "rx" },
- { WGT_PARTNER_APP_ID, "test_book_13", "wx" },
- { WGT_PARTNER_APP_ID, "test_book_14", "rwx" },
- { WGT_PARTNER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_PARTNER_APP_ID, "r" },
- { "test_subject_9", WGT_PARTNER_APP_ID, "w" },
- { "test_subject_10", WGT_PARTNER_APP_ID, "x" },
- { "test_subject_11", WGT_PARTNER_APP_ID, "rw" },
- { "test_subject_12", WGT_PARTNER_APP_ID, "rx" },
- { "test_subject_13", WGT_PARTNER_APP_ID, "wx" },
- { "test_subject_14", WGT_PARTNER_APP_ID, "rwx" },
- { "test_subject_15", WGT_PARTNER_APP_ID, "rwxat" }};
+ { WGT_PARTNER_APP_ID, "test_book_8", "r" },
+ { WGT_PARTNER_APP_ID, "test_book_9", "w" },
+ { WGT_PARTNER_APP_ID, "test_book_10", "x" },
+ { WGT_PARTNER_APP_ID, "test_book_11", "rw" },
+ { WGT_PARTNER_APP_ID, "test_book_12", "rx" },
+ { WGT_PARTNER_APP_ID, "test_book_13", "wx" },
+ { WGT_PARTNER_APP_ID, "test_book_14", "rwx" },
+ { WGT_PARTNER_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", WGT_PARTNER_APP_ID, "r" },
+ { "test_subject_9", WGT_PARTNER_APP_ID, "w" },
+ { "test_subject_10", WGT_PARTNER_APP_ID, "x" },
+ { "test_subject_11", WGT_PARTNER_APP_ID, "rw" },
+ { "test_subject_12", WGT_PARTNER_APP_ID, "rx" },
+ { "test_subject_13", WGT_PARTNER_APP_ID, "wx" },
+ { "test_subject_14", WGT_PARTNER_APP_ID, "rwx" },
+ { "test_subject_15", WGT_PARTNER_APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_wgt.smack for wgt_platform
const std::vector< std::vector<std::string> > rules_wgt_platform = {
- { WGT_PLATFORM_APP_ID, "test_book_8", "r" },
- { WGT_PLATFORM_APP_ID, "test_book_9", "w" },
- { WGT_PLATFORM_APP_ID, "test_book_10", "x" },
- { WGT_PLATFORM_APP_ID, "test_book_11", "rw" },
- { WGT_PLATFORM_APP_ID, "test_book_12", "rx" },
- { WGT_PLATFORM_APP_ID, "test_book_13", "wx" },
- { WGT_PLATFORM_APP_ID, "test_book_14", "rwx" },
- { WGT_PLATFORM_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_PLATFORM_APP_ID, "r" },
- { "test_subject_9", WGT_PLATFORM_APP_ID, "w" },
- { "test_subject_10", WGT_PLATFORM_APP_ID, "x" },
- { "test_subject_11", WGT_PLATFORM_APP_ID, "rw" },
- { "test_subject_12", WGT_PLATFORM_APP_ID, "rx" },
- { "test_subject_13", WGT_PLATFORM_APP_ID, "wx" },
- { "test_subject_14", WGT_PLATFORM_APP_ID, "rwx" },
- { "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }};
+ { WGT_PLATFORM_APP_ID, "test_book_8", "r" },
+ { WGT_PLATFORM_APP_ID, "test_book_9", "w" },
+ { WGT_PLATFORM_APP_ID, "test_book_10", "x" },
+ { WGT_PLATFORM_APP_ID, "test_book_11", "rw" },
+ { WGT_PLATFORM_APP_ID, "test_book_12", "rx" },
+ { WGT_PLATFORM_APP_ID, "test_book_13", "wx" },
+ { WGT_PLATFORM_APP_ID, "test_book_14", "rwx" },
+ { WGT_PLATFORM_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", WGT_PLATFORM_APP_ID, "r" },
+ { "test_subject_9", WGT_PLATFORM_APP_ID, "w" },
+ { "test_subject_10", WGT_PLATFORM_APP_ID, "x" },
+ { "test_subject_11", WGT_PLATFORM_APP_ID, "rw" },
+ { "test_subject_12", WGT_PLATFORM_APP_ID, "rx" },
+ { "test_subject_13", WGT_PLATFORM_APP_ID, "wx" },
+ { "test_subject_14", WGT_PLATFORM_APP_ID, "rwx" },
+ { "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_osp.smack for osp
const std::vector< std::vector<std::string> > rules_osp = {
- { OSP_APP_ID, "test_book_8", "r" },
- { OSP_APP_ID, "test_book_9", "w" },
- { OSP_APP_ID, "test_book_10", "x" },
- { OSP_APP_ID, "test_book_11", "rw" },
- { OSP_APP_ID, "test_book_12", "rx" },
- { OSP_APP_ID, "test_book_13", "wx" },
- { OSP_APP_ID, "test_book_14", "rwx" },
- { OSP_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_APP_ID, "r" },
- { "test_subject_9", OSP_APP_ID, "w" },
- { "test_subject_10", OSP_APP_ID, "x" },
- { "test_subject_11", OSP_APP_ID, "rw" },
- { "test_subject_12", OSP_APP_ID, "rx" },
- { "test_subject_13", OSP_APP_ID, "wx" },
- { "test_subject_14", OSP_APP_ID, "rwx" },
- { "test_subject_15", OSP_APP_ID, "rwxat" }};
+ { OSP_APP_ID, "test_book_8", "r" },
+ { OSP_APP_ID, "test_book_9", "w" },
+ { OSP_APP_ID, "test_book_10", "x" },
+ { OSP_APP_ID, "test_book_11", "rw" },
+ { OSP_APP_ID, "test_book_12", "rx" },
+ { OSP_APP_ID, "test_book_13", "wx" },
+ { OSP_APP_ID, "test_book_14", "rwx" },
+ { OSP_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_APP_ID, "r" },
+ { "test_subject_9", OSP_APP_ID, "w" },
+ { "test_subject_10", OSP_APP_ID, "x" },
+ { "test_subject_11", OSP_APP_ID, "rw" },
+ { "test_subject_12", OSP_APP_ID, "rx" },
+ { "test_subject_13", OSP_APP_ID, "wx" },
+ { "test_subject_14", OSP_APP_ID, "rwx" },
+ { "test_subject_15", OSP_APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_osp.smack for osp_partner
const std::vector< std::vector<std::string> > rules_osp_partner = {
- { OSP_PARTNER_APP_ID, "test_book_8", "r" },
- { OSP_PARTNER_APP_ID, "test_book_9", "w" },
- { OSP_PARTNER_APP_ID, "test_book_10", "x" },
- { OSP_PARTNER_APP_ID, "test_book_11", "rw" },
- { OSP_PARTNER_APP_ID, "test_book_12", "rx" },
- { OSP_PARTNER_APP_ID, "test_book_13", "wx" },
- { OSP_PARTNER_APP_ID, "test_book_14", "rwx" },
- { OSP_PARTNER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_PARTNER_APP_ID, "r" },
- { "test_subject_9", OSP_PARTNER_APP_ID, "w" },
- { "test_subject_10", OSP_PARTNER_APP_ID, "x" },
- { "test_subject_11", OSP_PARTNER_APP_ID, "rw" },
- { "test_subject_12", OSP_PARTNER_APP_ID, "rx" },
- { "test_subject_13", OSP_PARTNER_APP_ID, "wx" },
- { "test_subject_14", OSP_PARTNER_APP_ID, "rwx" },
- { "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }};
+ { OSP_PARTNER_APP_ID, "test_book_8", "r" },
+ { OSP_PARTNER_APP_ID, "test_book_9", "w" },
+ { OSP_PARTNER_APP_ID, "test_book_10", "x" },
+ { OSP_PARTNER_APP_ID, "test_book_11", "rw" },
+ { OSP_PARTNER_APP_ID, "test_book_12", "rx" },
+ { OSP_PARTNER_APP_ID, "test_book_13", "wx" },
+ { OSP_PARTNER_APP_ID, "test_book_14", "rwx" },
+ { OSP_PARTNER_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_PARTNER_APP_ID, "r" },
+ { "test_subject_9", OSP_PARTNER_APP_ID, "w" },
+ { "test_subject_10", OSP_PARTNER_APP_ID, "x" },
+ { "test_subject_11", OSP_PARTNER_APP_ID, "rw" },
+ { "test_subject_12", OSP_PARTNER_APP_ID, "rx" },
+ { "test_subject_13", OSP_PARTNER_APP_ID, "wx" },
+ { "test_subject_14", OSP_PARTNER_APP_ID, "rwx" },
+ { "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }
+};
// Rules from test_privilege_control_rules_osp.smack for osp_platform
const std::vector< std::vector<std::string> > rules_osp_platform = {
- { OSP_PLATFORM_APP_ID, "test_book_8", "r" },
- { OSP_PLATFORM_APP_ID, "test_book_9", "w" },
- { OSP_PLATFORM_APP_ID, "test_book_10", "x" },
- { OSP_PLATFORM_APP_ID, "test_book_11", "rw" },
- { OSP_PLATFORM_APP_ID, "test_book_12", "rx" },
- { OSP_PLATFORM_APP_ID, "test_book_13", "wx" },
- { OSP_PLATFORM_APP_ID, "test_book_14", "rwx" },
- { OSP_PLATFORM_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_PLATFORM_APP_ID, "r" },
- { "test_subject_9", OSP_PLATFORM_APP_ID, "w" },
- { "test_subject_10", OSP_PLATFORM_APP_ID, "x" },
- { "test_subject_11", OSP_PLATFORM_APP_ID, "rw" },
- { "test_subject_12", OSP_PLATFORM_APP_ID, "rx" },
- { "test_subject_13", OSP_PLATFORM_APP_ID, "wx" },
- { "test_subject_14", OSP_PLATFORM_APP_ID, "rwx" },
- { "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }};
+ { OSP_PLATFORM_APP_ID, "test_book_8", "r" },
+ { OSP_PLATFORM_APP_ID, "test_book_9", "w" },
+ { OSP_PLATFORM_APP_ID, "test_book_10", "x" },
+ { OSP_PLATFORM_APP_ID, "test_book_11", "rw" },
+ { OSP_PLATFORM_APP_ID, "test_book_12", "rx" },
+ { OSP_PLATFORM_APP_ID, "test_book_13", "wx" },
+ { OSP_PLATFORM_APP_ID, "test_book_14", "rwx" },
+ { OSP_PLATFORM_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_PLATFORM_APP_ID, "r" },
+ { "test_subject_9", OSP_PLATFORM_APP_ID, "w" },
+ { "test_subject_10", OSP_PLATFORM_APP_ID, "x" },
+ { "test_subject_11", OSP_PLATFORM_APP_ID, "rw" },
+ { "test_subject_12", OSP_PLATFORM_APP_ID, "rx" },
+ { "test_subject_13", OSP_PLATFORM_APP_ID, "wx" },
+ { "test_subject_14", OSP_PLATFORM_APP_ID, "rwx" },
+ { "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }
+};
namespace {
+typedef std::unique_ptr<smack_accesses,std::function<void (smack_accesses*)> > SmackUniquePtr;
-typedef std::unique_ptr<smack_accesses,std::function<void(smack_accesses*)>> SmackUniquePtr;
-
-const char* OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char* WRT_BLAHBLAH = "/usr/share/privilege-control/WGT_blahblah.smack";
-const char* OTHER_BLAHBLAH = "/usr/share/privilege-control/blahblah.smack";
-const char* OSP_BLAHBLAH_DAC = "/usr/share/privilege-control/OSP_feature.blah.blahblah.dac";
-const char* WRT_BLAHBLAH_DAC = "/usr/share/privilege-control/WGT_blahblah.dac";
-const char* OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const char* BLAHBLAH_FEATURE = "http://feature/blah/blahblah";
+const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
+const char *WRT_BLAHBLAH = "/usr/share/privilege-control/WGT_blahblah.smack";
+const char *OTHER_BLAHBLAH = "/usr/share/privilege-control/blahblah.smack";
+const char *OSP_BLAHBLAH_DAC = "/usr/share/privilege-control/OSP_feature.blah.blahblah.dac";
+const char *WRT_BLAHBLAH_DAC = "/usr/share/privilege-control/WGT_blahblah.dac";
+const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
+const char *BLAHBLAH_FEATURE = "http://feature/blah/blahblah";
/**
* Check if every rule is true.
* @return 1 if ALL rules in SMACK, 0 if ANY rule isn't
*/
-int test_have_all_accesses(const std::vector< std::vector<std::string> >& rules){
+int test_have_all_accesses(const std::vector< std::vector<std::string> > &rules)
+{
int result;
- for(uint i =0; i<rules.size();++i ){
+ for (uint i = 0; i < rules.size(); ++i) {
result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result !=1)
+ if (result != 1)
return result;
}
return 1;
* Check if every rule is true.
* @return 1 if ANY rule in SMACK, 0 if
*/
-int test_have_any_accesses(const std::vector< std::vector<std::string> >& rules){
+int test_have_any_accesses(const std::vector< std::vector<std::string> > &rules)
+{
int result;
- for(uint i =0; i<rules.size();++i ){
+ for (uint i = 0; i < rules.size(); ++i) {
result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result ==1)
+ if (result == 1)
return 1;
}
return 0;
}
-int nftw_remove_labels(const char *fpath, const struct stat * /*sb*/,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
+ smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
- return 0;
+ return 0;
}
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat * /*sb*/,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
+ smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
- return 0;
+ return 0;
}
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat * /*sb*/,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int result;
- char* label;
+ char *label;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
}
int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int result;
- char* label;
+ char *label;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
result = strcmp(APPID_DIR, label);
RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else if(S_ISLNK(sb->st_mode)) {
+ } else if (S_ISLNK(sb->st_mode)) {
struct stat buf;
- char* target = realpath(fpath, NULL);
+ char *target = realpath(fpath, NULL);
RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
free(target);
if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
}
int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int result;
- char* label;
+ char *label;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
}
int check_labels_dir(const char *fpath, const struct stat *sb,
- const char* labels_db_path, const char* dir_db_path,
- const char* access)
+ const char *labels_db_path, const char *dir_db_path,
+ const char *access)
{
int result;
- char* label;
- char* label_gen;
- char* scanf_label_format;
+ char *label;
+ char *label_gen;
+ char *scanf_label_format;
char label_temp[SMACK_LABEL_LEN + 1];
- FILE* file_db;
+ FILE *file_db;
/* ACCESS */
result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
- /* EXEC */
+ /* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- if(result != 0){
+ if (result != 0) {
free(label_gen);
RUNNER_ASSERT_MSG(false, "Could not get label for the path");
}
- if(label != NULL){
+ if (label != NULL) {
free(label_gen);
free(label);
RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- if(result != 0){
+ if (result != 0) {
free(label_gen);
free(label);
RUNNER_ASSERT_MSG(false, "Could not get label for the path");
}
if (S_ISDIR(sb->st_mode)) {
- if(label == NULL){
+ if (label == NULL) {
free(label_gen);
free(label);
RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
}
result = strcmp("TRUE", label);
- if(result != 0){
+ if (result != 0) {
free(label_gen);
free(label);
RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
}
- } else if(label != NULL){
+ } else if (label != NULL) {
free(label_gen);
free(label);
RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
free(label);
- if(0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)){
+ if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
free(label_gen);
RUNNER_ASSERT_MSG(false, "asprintf failed");
}
file_db = fopen(labels_db_path, "r");
- if(file_db == NULL){
+ if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
RUNNER_ASSERT_MSG(false, "Can not open database for apps");
}
- while(fscanf(file_db, scanf_label_format, label_temp)==1){
+ while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
result = smack_have_access(label_temp, label_gen, access);
- if(result != 1){
+ if (result != 1) {
fclose(file_db);
free(label_gen);
free(scanf_label_format);
fclose(file_db);
file_db = fopen(dir_db_path, "r");
- if(file_db == NULL){
+ if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
}
bool is_dir = false;
- while(fscanf(file_db, scanf_label_format, label_temp)==1){
- if(strcmp(label_gen, label_temp) == 0){
+ while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
+ if (strcmp(label_gen, label_temp) == 0) {
is_dir = true;
break;
}
}
int nftw_check_labels_app_public_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
return check_labels_dir(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
+ SMACK_APPS_LABELS_DATABASE,
+ SMACK_PUBLIC_DIRS_DATABASE, "rx");
}
int nftw_check_labels_app_settings_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW * /*ftwbuf*/)
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
return check_labels_dir(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
+ SMACK_APPS_SETTINGS_LABELS_DATABASE,
+ SMACK_SETTINGS_DIRS_DATABASE, "rwx");
}
-int file_exists(const char* path)
+int file_exists(const char *path)
{
- FILE* file = fopen(path, "r");
+ FILE *file = fopen(path, "r");
if (file) {
fclose(file);
return 0;
return -1;
}
-void osp_blahblah_check(int line_no, const std::vector<std::string>& rules)
+void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
{
std::ifstream smack_file(OSP_BLAHBLAH);
RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
auto it = rules.begin();
std::string line;
- while(std::getline(smack_file,line)) {
+ while (std::getline(smack_file,line)) {
RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
it++;
smack_file.close();
}
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned>& gids)
+void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids)
{
- std::ifstream dac_file(OSP_BLAHBLAH_DAC);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH_DAC);
-
- auto it = gids.begin();
- std::string line;
- while(std::getline(dac_file,line)) {
- std::istringstream is(line);
- unsigned gid;
- is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
- it++;
- }
-
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
-
- dac_file.close();
+ std::ifstream dac_file(OSP_BLAHBLAH_DAC);
+ RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH_DAC);
+
+ auto it = gids.begin();
+ std::string line;
+ while (std::getline(dac_file,line)) {
+ std::istringstream is(line);
+ unsigned gid;
+ is >> gid;
+ RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
+ RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
+ it++;
+ }
+
+ RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
+
+ dac_file.close();
}
void remove_smack_files()
{
- // TODO array
+ // TODO array
unlink(OSP_BLAHBLAH);
unlink(WRT_BLAHBLAH);
unlink(OTHER_BLAHBLAH);
void add_lables_to_db()
{
- FILE* file_db;
+ FILE *file_db;
file_db = fopen(SMACK_AVS_LABELS_DATABASE, "a");
RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
{
int result = app_add_permissions(APP_ID, PRIVS);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ " Error adding app permissions. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
//// File exists?
FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
int smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length>0,
- "SMACK file empty, but privileges list was not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length > 0,
+ "SMACK file empty, but privileges list was not empty.. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
-
}
/**
// Revoke permissions
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(WGT_PARTNER_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(WGT_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(OSP_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(OSP_PARTNER_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(OSP_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
// Are all the permissions revoked?
result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result!=1, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt_partner);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt_platform);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result!=1, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp_partner);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp_platform);
- RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
int smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR WGT_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR WGT_PARTNER_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR WGT_PLATFORM_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR OSP_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR OSP_PARTNER_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR OSP_PLATFORM_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
+ "SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty.. Errno: " << errno);
}
-static void read_gids(std::set<unsigned> &set, const char* file_path)
+static void read_gids(std::set<unsigned> &set, const char *file_path)
{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
+ FILE *f = fopen(file_path, "r");
+ RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
+ unsigned gid;
+ while (fscanf(f, "%u\n", &gid) == 1) {
+ set.insert(gid);
+ }
}
RUNNER_TEST(privilege_control05_add_shared_dir_readers)
{
-
-#define TEST_OBJ "TEST_OBJECT"
+#define TEST_OBJ "TEST_OBJECT"
#define TEST_OBJ_SOME_OTHER "TEST_OBJA"
-#define test_string_01 "TEST_raz TEST_OBJECT r-x-- -----"
-#define test_string_21 "TEST_trzy TEST_OBJA -wx--\n"
-#define test_string_22 "TEST_trzy TEST_OBJECT r-x-- -----\n"
+#define test_string_01 "TEST_raz TEST_OBJECT r-x-- -----"
+#define test_string_21 "TEST_trzy TEST_OBJA -wx--\n"
+#define test_string_22 "TEST_trzy TEST_OBJECT r-x-- -----\n"
int result;
int i;
const int READ_BUF_SIZE = 1000;
char buf[READ_BUF_SIZE];
FILE *file = NULL;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
//test what happens when the label is not correct SMACK label
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in smack_accesses_new. Error: " << result);
for (i = 0; i < 3; i++) {
-
(void)app_uninstall(app_labels[i]);
result = app_install(app_labels[i]);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in app_install.");
RUNNER_ASSERT_MSG(fd != -1, "Error in opening file " << path);
if (i == 1) {
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ,"wt");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
+ result = smack_accesses_add(rules,app_labels[i],TEST_OBJ,"wt");
+ RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
}
if (i == 2) {
- smack_accesses_free(rules);
- result = smack_accesses_new(&rules);
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ_SOME_OTHER,"wx");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
+ smack_accesses_free(rules);
+ result = smack_accesses_new(&rules);
+ result = smack_accesses_add(rules,app_labels[i],TEST_OBJ_SOME_OTHER,"wx");
+ RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
}
result = smack_accesses_apply(rules);
RUNNER_ASSERT_MSG(fd != -1, "smack_accesses_apply failed");
free(path);
close(fd);
-
}
smack_accesses_free(rules);
RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
result = strcmp(buf, test_string_01);
- RUNNER_ASSERT_MSG( result!=0, "add_shared_dir_readers ERROR, file not formatted" << path );
+ RUNNER_ASSERT_MSG( result != 0, "add_shared_dir_readers ERROR, file not formatted" << path );
free(path);
fclose(file);
RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
result = strcmp(buf, test_string_21);
- RUNNER_ASSERT_MSG( result==0, "add_shared_dir_readers ERROR, file not formatted" );
+ RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" );
RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
result = strcmp(buf, test_string_22);
- RUNNER_ASSERT_MSG( result==0, "add_shared_dir_readers ERROR, file not formatted" );
+ RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" );
free(path);
fclose(file);
* Set APP privileges.
*/
-void check_groups(const char* dac_file) {
- std::set<unsigned> groups_check;
- read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
- read_gids(groups_check, dac_file);
-
- int groups_cnt = getgroups(0, NULL);
- RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
- gid_t *groups_list = (gid_t *) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
- RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
-
- for (int i = 0; i < groups_cnt; ++i) {
- //getgroups() can return multiple number of the same group
- //they are returned in sequence, so we will given number when last
- //element of this number is reached
- if( (i < groups_cnt - 1) && (groups_list[i+1] == groups_list[i]))
- continue;
- if (groups_check.erase(groups_list[i]) == 0) {
- // getgroups() may also return process' main group
- if (groups_list[i] != getgid())
- RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
- }
- }
- free(groups_list);
- std::string groups_left;
- for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
+void check_groups(const char *dac_file)
+{
+ std::set<unsigned> groups_check;
+ read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
+ read_gids(groups_check, dac_file);
+
+ int groups_cnt = getgroups(0, NULL);
+ RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
+ gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
+ RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
+
+ for (int i = 0; i < groups_cnt; ++i) {
+ //getgroups() can return multiple number of the same group
+ //they are returned in sequence, so we will given number when last
+ //element of this number is reached
+ if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
+ continue;
+ if (groups_check.erase(groups_list[i]) == 0) {
+ // getgroups() may also return process' main group
+ if (groups_list[i] != getgid())
+ RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
+ }
+ }
+ free(groups_list);
+ std::string groups_left;
+ for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
}
RUNNER_CHILD_TEST(privilege_control05_set_app_privilege)
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_wgt);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(WGT_APP_ID, "wgt", WGT_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
-
-
}
/**
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_wgt_partner);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(WGT_PARTNER_APP_ID, "wgt_partner", WGT_PARTNER_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_wgt_platform);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(WGT_PLATFORM_APP_ID, "wgt_platform", WGT_PLATFORM_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_osp);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(OSP_APP_ID, NULL, OSP_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_osp_partner);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(OSP_PARTNER_APP_ID, NULL, OSP_PARTNER_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_osp_platform);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
result = set_app_privilege(OSP_PLATFORM_APP_ID, NULL, OSP_PLATFORM_APP_PATH);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
// Check if SMACK label really set
- char * label;
+ char *label;
result = smack_new_label_from_self(&label);
RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
result = add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = add_api_feature(APP_TYPE_OSP,"" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
// already existing features
- result = add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = add_api_feature(APP_TYPE_OTHER,"http://tizen.org/privilege/messaging" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OTHER,"http://tizen.org/privilege/messaging", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = add_api_feature(APP_TYPE_OTHER,"http://tizen.org/messaging" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OTHER,"http://tizen.org/messaging", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = add_api_feature(APP_TYPE_OTHER,"http://messaging" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OTHER,"http://messaging", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = add_api_feature(APP_TYPE_OTHER,"messaging.read" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OTHER,"messaging.read", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
// empty features
- result = add_api_feature(APP_TYPE_OSP,"blahblah" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = add_api_feature(APP_TYPE_WGT,"blahblah" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = add_api_feature(APP_TYPE_OTHER,"blahblah" , NULL, NULL, 0);
+ result = add_api_feature(APP_TYPE_OTHER,"blahblah", NULL, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
// empty rules
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , { NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, { NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == 0);
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == 0);
// malformed rules
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed malformed", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "-malformed malformed rwxat", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "~/\"\\ malformed rwxat", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "subject object rwxat something else", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
result = file_exists(OSP_BLAHBLAH);
RUNNER_ASSERT(result == -1);
// correct rules
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "malformed malformed maaaaaalformed", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed maaaaaalformed", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "malformed malformed r--a- -----" });
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){ "subject object foo", NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object foo", NULL }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "subject object ----- -----" });
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
- "subject object\t rwxat",
- " \t \n",
- "subject2\tobject2 txarw",
- "",
- NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
+ "subject object\t rwxat",
+ " \t \n",
+ "subject2\tobject2 txarw",
+ "",
+ NULL
+ }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "subject object rwxat -----", "subject2 object2 rwxat -----"});
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
- "Sub::jE,ct object a-RwX",
- NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
+ "Sub::jE,ct object a-RwX",
+ NULL
+ }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa- -----"});
remove_smack_files();
// TODO For now identical/complementary rules are not merged.
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){
- "subject object rwxat",
- " \t \n",
- "subject object txarw",
- "",
- NULL }, NULL, 0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
+ "subject object rwxat",
+ " \t \n",
+ "subject object txarw",
+ "",
+ NULL
+ }, NULL, 0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "subject object rwxat -----", "subject object rwxat -----"});
remove_smack_files();
// empty group ids
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){"a a a",NULL},(const gid_t[]){0,1,2},0);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},0);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "a a ---a- -----"});
result = file_exists(OSP_BLAHBLAH_DAC);
// valid group ids
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){"a a a",NULL},(const gid_t[]){0,1,2},3);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},3);
printf("%d \n", result);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "a a ---a- -----"});
osp_blahblah_dac_check(__LINE__, {0,1,2});
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){"a a a",NULL},(const gid_t[]){0,1,2},1);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},1);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "a a ---a- -----"});
osp_blahblah_dac_check(__LINE__, {0});
remove_smack_files();
- result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE , (const char*[]){"a a a",NULL},(const gid_t[]){1,1,1},3);
+ result = add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {1,1,1},3);
RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
osp_blahblah_check(__LINE__, { "a a ---a- -----"});
osp_blahblah_dac_check(__LINE__, {1,1,1});
app_uninstall(APP_ID);
result = app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
// checking if file really exists
fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
// try install second time app with the same ID - it should pass.
result = app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
}
/*
int fd = -1;
result = app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "app_uninstall returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_uninstall returned " << result << ". Errno: " << strerror(errno));
// checking if file really exists
fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
free(path);
}
-void checkOnlyAvAccess(const char* av_id, const char* app_id, const char* comment){
+void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
+{
int result;
result = smack_have_access(av_id, app_id, "rwx");
RUNNER_ASSERT_MSG(result == 1,
// Adding two apps before antivir
result = app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
result = app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
// Adding antivir
result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
// Checking added apps accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
// Adding third app
result = app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
// Checking app accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_install(APP_TEST_APP_3)");
// Adding second antivir
result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result <<". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
// Checking app accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ " Error enabling app permissions. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
//// File exists?
pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length>0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length > 0,
+ "SMACK file empty with persistant mode 1. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
// Clean up
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
/**
* Test - Enabling all permissions with persistant mode disabled
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 0);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ " Error enabling app permissions. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
//// File exists?
pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty with persistant mode 0. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length == 0,
+ "SMACK file not empty with persistant mode 0. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
// Clean up
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
/**
* Test - Enabling all permissions in two complementary files
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R_AND_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ " Error enabling app permissions. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
//// File exists?
pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length>0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length > 0,
+ "SMACK file empty with persistant mode 1. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
// Clean up
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
/**
* Test - Enabling some permissions and then enabling complementary permissions
// Enable permission for rules 2 no r
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ " Error enabling app permissions without r. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result==1, "Permissions without r not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
//// File exists?
pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length>0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length > 0,
+ "SMACK file empty with persistant mode 1. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
// Enable permission for rules 2
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app all permissions. Result: " << result);
+ " Error enabling app all permissions. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Permissions all not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
// Clean up
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
/**
* Test - Enabling some permissions and then enabling all permissions
// Enable permission for rules 2 no r
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ " Error enabling app permissions without r. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result==1, "Permissions without r not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
//// File exists?
pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ "SMACK file NOT created!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length>0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ RUNNER_ASSERT_MSG(smack_file_length > 0,
+ "SMACK file empty with persistant mode 1. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
// Enable permission for rules 2
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions with only r. Result: " << result);
+ " Error enabling app permissions with only r. Result: " << result);
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Permissions with only r not added.");
+ RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
// Clean up
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
}
/*
RUNNER_TEST(privilege_control13_app_reset_permissions)
{
-
int result;
/**
// Prepare permissions to reset
result = app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ " Error adding app permissions. Result: " << result);
// Reset permissions
result = app_reset_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
+ "Error reseting app permissions. Result: " << result);
// Are all second permissions not disabled?
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result==1, "Not all permissions added.");
+ RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
// Disable permissions
result = app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
+ "Error disabling app permissions. Result: " << result);
}
/**
result = app_revoke_permissions(APP_FRIEND_1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(APP_FRIEND_2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
app_uninstall(APP_FRIEND_1);
app_uninstall(APP_FRIEND_2);
// Clean up
result = app_revoke_permissions(APP_FRIEND_1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(APP_FRIEND_2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
app_uninstall(APP_FRIEND_1);
app_uninstall(APP_FRIEND_2);
// Clean up
result = app_revoke_permissions(APP_FRIEND_1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(APP_FRIEND_2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
app_uninstall(APP_FRIEND_1);
app_uninstall(APP_FRIEND_2);
unsigned int i;
unsigned int j;
- struct smack_accesses * rulesFriend = NULL;
+ struct smack_accesses *rulesFriend = NULL;
std::vector<std::string> accessesFriend =
- { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
+ { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
// Installing friends to be
result = app_install(APP_FRIEND_1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error installing second app. Result: " << result);
- for(i = 0; i<accessesFriend.size(); ++i)
+ for (i = 0; i < accessesFriend.size(); ++i)
{
- for(j = 0; j<accessesFriend.size(); ++j)
+ for (j = 0; j < accessesFriend.size(); ++j)
{
-
// Adding rules before making friends
result = smack_accesses_new(&rulesFriend);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
// Deleting all rules between friends
smack_accesses_add_modify(rulesFriend,
- APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
+ APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
smack_accesses_add_modify(rulesFriend,
- APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
+ APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
result = smack_accesses_apply(rulesFriend);
smack_accesses_free(rulesFriend);
rulesFriend = NULL;
}
-
}
// Clean up
result = app_revoke_permissions(APP_FRIEND_1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
result = app_revoke_permissions(APP_FRIEND_2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ "Error revoking app permissions. Result: " << result);
app_uninstall(APP_FRIEND_1);
app_uninstall(APP_FRIEND_2);
static void smack_unix_sock_server(int sock)
{
int fd, result;
- char* smack_label;
+ char *smack_label;
alarm(2);
fd = accept(sock, NULL, NULL);
if (fd < 0)
return;
result = smack_new_label_from_self(&smack_label);
- if(result != 0){
+ if (result != 0) {
close(fd);
close(sock);
free(smack_label);
RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
}
result = write(fd, smack_label, strlen(smack_label));
- if(result != (int)strlen(smack_label)){
+ if (result != (int)strlen(smack_label)) {
close(fd);
close(sock);
free(smack_label);
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
result = bind(sock,
- (struct sockaddr *) &sockaddr, sizeof(struct sockaddr_un));
- if(result != 0){
+ (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ if (result != 0) {
close(sock);
RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
}
result = listen(sock, 1);
- if(result != 0){
+ if (result != 0) {
close(sock);
RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
}
int sock;
int result;
char smack_label1[SMACK_LABEL_LEN + 1];
- char* smack_label2;
+ char *smack_label2;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG(sock >= 0,
"socket failed: " << strerror(errno));
result = connect(sock,
- (struct sockaddr *) &sockaddr, sizeof(struct sockaddr_un));
- if(result != 0){
+ (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ if (result != 0) {
close(sock);
RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
}
alarm(2);
result = read(sock, smack_label1, SMACK_LABEL_LEN);
alarm(0);
- if(result < 0){
+ if (result < 0) {
close(sock);
RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
}
smack_label1[result] = '\0';
smack_label2 = app_id_from_socket(sock);
- if(smack_label2 == NULL){
+ if (smack_label2 == NULL) {
close(sock);
RUNNER_ASSERT_MSG(0, "app_id_from_socket failed");
}
result = strcmp(smack_label1, smack_label2);
- if(result != 0){
+ if (result != 0) {
close(sock);
RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
<< "' != '" << smack_label2 << "-" << random() << "'");
const char *label1 = "qwert123456za";
const char *label2 = "trewq654123az";
- std::unique_ptr<char, std::function<void(void*)>> labelPtr(NULL,free);
+ std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
mkdir(path1,0);
mkdir(path2,0);
RUNNER_TEST(privilege_control17_appsettings_privilege)
{
-#define APP_1 "app_1"
+#define APP_1 "app_1"
#define APP_1_DIR "/tmp/app_1"
-#define APP_2 "app_2"
+#define APP_2 "app_2"
#define APP_2_DIR "/tmp/app_2"
#define APP_TEST "app_test"
-#define PRIV_APPSETTING (const char*[]){"http://tizen.org/privilege/appsetting", NULL}
-
- int ret;
- char* app1_dir_label;
- char* app2_dir_label;
- //prepare test
-
+#define PRIV_APPSETTING (const char*[]) {"http://tizen.org/privilege/appsetting", NULL}
- (void)app_uninstall(APP_TEST);
- (void)app_uninstall(APP_1);
- (void)app_uninstall(APP_2);
+ int ret;
+ char *app1_dir_label;
+ char *app2_dir_label;
+ //prepare test
- //install some app 1
- ret = app_install(APP_1);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install." << ret);
- mkdir(APP_1_DIR, S_IRWXU|S_IRGRP|S_IXGRP);
+ (void)app_uninstall(APP_TEST);
+ (void)app_uninstall(APP_1);
+ (void)app_uninstall(APP_2);
- //register settings folder for app 1
- ret = app_setup_path(APP_1, APP_1_DIR , APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_setup_path: " << ret);
+ //install some app 1
+ ret = app_install(APP_1);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install." << ret);
- //install "app_test" and give it appsettings privilege
- ret = app_install(APP_TEST);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install.");
+ mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
+ //register settings folder for app 1
+ ret = app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_setup_path: " << ret);
- ret = app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
+ //install "app_test" and give it appsettings privilege
+ ret = app_install(APP_TEST);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install.");
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << ret);
- //check if "app_test" has an RX access to the app "app_1"
- ret = smack_have_access(APP_TEST, APP_1, "rx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ ret = app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << ret);
- //check if "app_test" has an RWX access to a folder registered by "app_1"
- ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ //check if "app_test" has an RX access to the app "app_1"
+ ret = smack_have_access(APP_TEST, APP_1, "rx");
+ RUNNER_ASSERT_MSG(ret,"access denies");
- //intstall another app: "app_2"
- ret = app_install(APP_2);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install.");
+ //check if "app_test" has an RWX access to a folder registered by "app_1"
+ ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
+ RUNNER_ASSERT_MSG(ret,"access denies");
- mkdir(APP_2_DIR, S_IRWXU|S_IRGRP|S_IXGRP);
- //register settings folder for that "app_2"
- ret = app_setup_path(APP_2, APP_2_DIR , APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_setup_path: " << ret);
- //check if "app_test" has an RX access to the app "app_2"
- ret = smack_have_access(APP_TEST, APP_2, "rx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ //intstall another app: "app_2"
+ ret = app_install(APP_2);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_install.");
- //check if "app_test" has an RWX access to a folder registered by "app_2"
- ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- ret = smack_have_access(APP_TEST, app2_dir_label, "rwx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
+ //register settings folder for that "app_2"
+ ret = app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in app_setup_path: " << ret);
- free (app1_dir_label);
- free (app2_dir_label);
- rmdir(APP_1_DIR);
- rmdir(APP_2_DIR);
+ //check if "app_test" has an RX access to the app "app_2"
+ ret = smack_have_access(APP_TEST, APP_2, "rx");
+ RUNNER_ASSERT_MSG(ret,"access denies");
- (void)app_uninstall(APP_TEST);
- (void)app_uninstall(APP_1);
- (void)app_uninstall(APP_2);
+ //check if "app_test" has an RWX access to a folder registered by "app_2"
+ ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ ret = smack_have_access(APP_TEST, app2_dir_label, "rwx");
+ RUNNER_ASSERT_MSG(ret,"access denies");
+ free (app1_dir_label);
+ free (app2_dir_label);
+ rmdir(APP_1_DIR);
+ rmdir(APP_2_DIR);
+ (void)app_uninstall(APP_TEST);
+ (void)app_uninstall(APP_1);
+ (void)app_uninstall(APP_2);
}
RUNNER_TEST(privilege_control18_app_setup_path_public)
#include <sys/un.h>
#include <sys/wait.h>
-#define TEST_SUBJECT "test_subject"
-#define TEST_OBJECT "test_oject"
+#define TEST_SUBJECT "test_subject"
+#define TEST_OBJECT "test_oject"
#define TEST_OBJECT_2 "test_oject_2"
#define SOCK_PATH "/tmp/test-smack-socket"
struct stat fs1, fs2;
//handlers for mmap()
- void * h1 = MAP_FAILED;
- void * h2 = MAP_FAILED;
+ void *h1 = MAP_FAILED;
+ void *h2 = MAP_FAILED;
//getting files information
- if(fstat(fd1, &fs1) == -1) {
+ if (fstat(fd1, &fs1) == -1) {
perror("fstat");
return -1;
}
- if(fstat(fd2, &fs2) == -1) {
+ if (fstat(fd2, &fs2) == -1) {
perror("fstat");
return -1;
}
- if(fs1.st_size != fs2.st_size) //if files are identical size will be the same
+ if (fs1.st_size != fs2.st_size) //if files are identical size will be the same
return -1;
//mapping files to process memory
- if((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) {
+ if ((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) {
result = -1;
goto end;
}
- if((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
+ if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
result = -1;
goto end;
}
//cleaning after mmap()
end:
- if(h2 != MAP_FAILED)
+ if (h2 != MAP_FAILED)
munmap(h2, fs2.st_size);
- if(h1 != MAP_FAILED)
+ if (h1 != MAP_FAILED)
munmap(h1, fs1.st_size);
return result;
/**
* Helper method to reset privileges at the begginning of tests.
*/
-void clean_up(){
- struct smack_accesses * rules = NULL;
+void clean_up()
+{
+ struct smack_accesses *rules = NULL;
int result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
/**
* Checking if subject has any access to object
*/
-bool checkNoAccesses(const char *subject, const char *object){
+bool checkNoAccesses(const char *subject, const char *object)
+{
int result;
result = smack_have_access(subject, object,"r");
- if(result==1){
+ if (result == 1) {
return false;
}
result = smack_have_access(subject, object,"w");
- if(result==1){
+ if (result == 1) {
return false;
}
result = smack_have_access(subject, object,"x");
- if(result==1){
+ if (result == 1) {
return false;
}
result = smack_have_access(subject, object,"a");
- if(result==1){
+ if (result == 1) {
return false;
}
result = smack_have_access(subject, object,"t");
- if(result==1){
+ if (result == 1) {
return false;
}
return true;
int removeAccessesAll()
{
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
int result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
clean_up();
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
// THE TEST
*/
RUNNER_TEST(smack_accesses_add_modify_test_2){
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
*/
RUNNER_TEST(smack_accesses_add_modify_test_3){
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
*/
RUNNER_TEST(smack_accesses_add_modify_test_4){
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
*/
RUNNER_TEST(smack_accesses_add_modify_test_5){
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
*/
RUNNER_TEST(smack_accesses_add_modify_test_6){
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
result = smack_accesses_new(&rules);
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
unsigned int i;
int result;
- struct smack_accesses * rules = NULL;
+ struct smack_accesses *rules = NULL;
- for(i = 0; i<accessesBasic.size(); ++i){
+ for (i = 0; i < accessesBasic.size(); ++i) {
result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
unsigned int i;
int result;
- struct smack_accesses * rules = NULL;
-
- for(i = 0; i<accessesBasic.size(); ++i){
+ struct smack_accesses *rules = NULL;
+ for (i = 0; i < accessesBasic.size(); ++i) {
// Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),"");
result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
unsigned int i;
int result;
- struct smack_accesses * rules = NULL;
-
- for(i = 0; i<accessesBasic.size(); ++i){
+ struct smack_accesses *rules = NULL;
+ for (i = 0; i < accessesBasic.size(); ++i) {
// Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
// Creating and clearing rules with TEST_OBJECT
result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
result = smack_accesses_clear(rules);
RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
// Creating and clearing rules with TEST_OBJECT_2
result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
result = smack_accesses_clear(rules);
RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
{
/*
* author: Pawel Polawski
- * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
+ * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
* smack_accesses_free, smack_accesses_save
* description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
* stored and restored from file.
* expect: Rules created and stored in file should be identical to predefined template.
*/
- struct smack_accesses * rules = NULL; //rules prepared in this test case
- struct smack_accesses * import_test = NULL; //rules imported from file
+ struct smack_accesses *rules = NULL; //rules prepared in this test case
+ struct smack_accesses *import_test = NULL; //rules imported from file
int result; //result of each operation to be tested by RUNNER_ASSERT
int fd, tmp, sample; //file descripptors for save / restore rules tests
//CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
- struct smack_accesses * rules = NULL; //rules prepared in this test case
+ struct smack_accesses *rules = NULL; //rules prepared in this test case
int result; //for storing functions results
result = smack_accesses_new(&rules); //rules struct init
}
//pairs of rules for test with mixed cases, different length and mixed order
-char * rules_tab[] = {
- "reader1", "-", "-----",
- "reader2", "--------", "-----",
- "reader3", "RwXaT", "rwxat",
- "reader4", "RrrXXXXTTT", "r-x-t",
- "reader5", "-r-w-a-t", "rw-at",
- "reader6", "", "-----",
- "reader7", "xa--Rt---W", "rwxat",
- "reader8", "#Ax[T].!~W@1}", "-wxat"
- };
+char *rules_tab[] = {
+ "reader1", "-", "-----",
+ "reader2", "--------", "-----",
+ "reader3", "RwXaT", "rwxat",
+ "reader4", "RrrXXXXTTT", "r-x-t",
+ "reader5", "-r-w-a-t", "rw-at",
+ "reader6", "", "-----",
+ "reader7", "xa--Rt---W", "rwxat",
+ "reader8", "#Ax[T].!~W@1}", "-wxat"
+};
RUNNER_TEST(smack03_mixed_rule_string_add)
{
//In thist test case mixed string are used as rules applied to kernel, next they are
//readed and compared with correct form of rules
- struct smack_accesses * rules = NULL; //rules prepared in this test case
+ struct smack_accesses *rules = NULL; //rules prepared in this test case
int result; //for storing functions results
int i;
RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
//adding test rules with mixed string
- for(i = 0; i < (3 * 8) ; i += 3) {
+ for (i = 0; i < (3 * 8); i += 3) {
result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
}
RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
//checking accesses using normal rules
- for(i = 0; i < (3 * 8) ; i += 3) {
+ for (i = 0; i < (3 * 8); i += 3) {
result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table
RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
}
//free resources
smack_accesses_free(rules);
-
}
RUNNER_TEST(smack04_mixed_rule_string_have_access)
//rules were added in previous RUNNER_TEST section
//checking accesses using mixed rules
- for(i = 0; i < (3 * 8) ; i += 3) {
+ for (i = 0; i < (3 * 8); i += 3) {
result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
}
//In this test case process will manipulate it own label
- char * label = NULL;
+ char *label = NULL;
int result;
int fd;
const int B_SIZE = 8;
char buff[B_SIZE];
- char * def_rule = "_";
+ char *def_rule = "_";
//int smack_new_label_from_self(char **label);
result = smack_new_label_from_self(&label);
//RUNNER_TEST(smackXX_parent_child_label)
//{
- //In this test case parent process and child labels will be tested
- //Parent will fork and check child's label. First fork will be with default "_" parent label,
- //second one witch changed label.
+//In this test case parent process and child labels will be tested
+//Parent will fork and check child's label. First fork will be with default "_" parent label,
+//second one witch changed label.
//}
//bellow function is from libsmack.c witch changed name
-char * xattr(enum smack_label_type type)
+char *xattr(enum smack_label_type type)
{
switch (type) {
case SMACK_LABEL_ACCESS:
case SMACK_LABEL_IPOUT:
return "security.SMACK64IPOUT";
default:
- /* Should not reach this point */
- return NULL;
+ /* Should not reach this point */
+ return NULL;
}
}
// return "security.SMACK64IPOUT";
int result;
- char * label = NULL;
+ char *label = NULL;
const int B_SIZE = 8;
char buff[B_SIZE];
- char * file_path = "/etc/smack/test_smack_rules";
+ char *file_path = "/etc/smack/test_smack_rules";
//preparing environment by restoring default "_" label
//RUNNER_TEST(smackXX_get_label_exec)
//{
- //In this test case EXEC label will be tested
- //by setting this type of label, reading it and testing executed binary exit status
+//In this test case EXEC label will be tested
+//by setting this type of label, reading it and testing executed binary exit status
//}
RUNNER_TEST(smack07_l_get_set_label)
*/
int result;
- char * label = NULL;
+ char *label = NULL;
const int B_SIZE = 8;
char buff[B_SIZE];
- char * file_path = "/etc/smack/test_smack_rules_lnk";
+ char *file_path = "/etc/smack/test_smack_rules_lnk";
//preparing environment by restoring default "_" label
*/
int result;
- char * label = NULL;
+ char *label = NULL;
const int B_SIZE = 8;
char buff[B_SIZE];
int fd;
- char * file_path = "/etc/smack/test_smack_rules";
+ char *file_path = "/etc/smack/test_smack_rules";
fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules
RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules");
unsigned int i;
int result;
- struct smack_accesses * rulesBasic = NULL;
+ struct smack_accesses *rulesBasic = NULL;
- for(i = 0; i<accessesBasic.size(); ++i)
+ for (i = 0; i < accessesBasic.size(); ++i)
{
// Creating rules
result = smack_accesses_new(&rulesBasic);
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
+ // Checking if accesses were created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
smack_accesses_free(rulesBasic);
rulesBasic = NULL;
clean_up();
}
- for(i = 0; i<3; ++i)
+ for (i = 0; i < 3; ++i)
{
// --- Creating rules (r or w or x)
result = smack_accesses_new(&rulesBasic);
// Applying rules
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
+ // Checking if accesses were created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// --- Modifying accesses (r for wx or w for rx or x for rw)
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i+3].c_str(),accessesBasic[i].c_str());
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// Checking if wrong accesses were not created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
smack_accesses_free(rulesBasic);
rulesBasic = NULL;
result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// Applying rules
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
+ // Checking if accesses were created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// --- Modifying accesses (adding rwx and removing r or w or x)
result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"rwx",accessesBasic[i].c_str());
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// Checking if wrong accesses were not created
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// --- Adding crossing accesses (rx or rw or wx)
- result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[3+((i+1)%3)].c_str(),"");
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
// Applying rules
result = smack_accesses_apply(rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[3+((i+1)%3)].c_str());
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[3 + ((i + 1) % 3)].c_str());
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
+ " Error while checking smack access. Result: " << result);
// Deleting all rules
result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"","rwx");
int result;
int fd;
- struct smack_accesses * rulesBasic = NULL;
+ struct smack_accesses *rulesBasic = NULL;
// Pre-cleanup
removeAccessesAll();
result = smack_accesses_new(&rulesBasic);
RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
- // Loading file with partial wrong rules - test_smack_rules2
+ // Loading file with partial wrong rules - test_smack_rules2
fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
removeAccessesAll();
smack_accesses_free(rulesBasic);
-
}
//int smack_new_label_from_socket(int fd, char **label);
{
static int number = time(NULL);
int result;
- char* smack_label;
+ char *smack_label;
number++;
result = asprintf(&smack_label, "s%ld", number);
static void smack_unix_sock_server(int sock)
{
int fd, result;
- char* smack_label;
+ char *smack_label;
alarm(2);
fd = accept(sock, NULL, NULL);
RUNNER_TEST(smack09_new_label_from_socket)
{
-
int pid;
struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
unlink(SOCK_PATH);
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
- result = bind(sock, (struct sockaddr *) &sockaddr, sizeof(struct sockaddr_un));
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
RUNNER_ASSERT_MSG(result == 0, "bind failed: " << strerror(errno));
result = listen(sock, 1);
RUNNER_ASSERT_MSG(result == 0, "listen failed: " << strerror(errno));
RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
/* Test if socket label was unaffected by fork() */
smack_unix_sock_server(sock);
- if(!pid) {
- usleep (100);
- smack_set_another_label_for_self();
+ if (!pid) {
+ usleep (100);
+ smack_set_another_label_for_self();
smack_unix_sock_server(sock);
}
close(sock);
} else { /* parent process, client */
sleep(1); /* Give server some time to setup listening socket */
for (int i = 0; i < 4; ++i) {
-
int sock, result;
char smack_label1[SMACK_LABEL_LEN + 1];
- char* smack_label2;
+ char *smack_label2;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
- result = connect(sock, (struct sockaddr *) &sockaddr, sizeof(struct sockaddr_un));
+ result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
RUNNER_ASSERT_MSG(result == 0, "connect failed: " << strerror(errno));
alarm(2);
result = read(sock, smack_label1, SMACK_LABEL_LEN);
result = smack_new_label_from_socket(sock, &smack_label2);
RUNNER_ASSERT_MSG(result == 0, "smack_label_from_socket failed");
result = strcmp(smack_label1, smack_label2);
- if(i < 3)
+ if (i < 3)
RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i);
else
RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1 << "' != '" << smack_label2 << "' i == " << i);
projects / platform / core / test / security-tests.git / commitdiff