--- /dev/null
+Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_cases.cpp
+ * @author Pawel Polawski (p.polawski@samsung.com)
+ * @version 1.0
+ * @brief libprivilege test runer
+ */
+
+#include <string>
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+
+#include <sys/smack.h>
+
+#include <sys/xattr.h>
+
+int files_compare(int fd1, int fd2)
+{
+ int result = 0;
+
+ //for getting files sizes
+ struct stat fs1, fs2;
+
+ //handlers for mmap()
+ void * h1 = MAP_FAILED;
+ void * h2 = MAP_FAILED;
+
+ //getting files information
+ if(fstat(fd1, &fs1) == -1) {
+ perror("fstat");
+ return -1;
+ }
+ if(fstat(fd2, &fs2) == -1) {
+ perror("fstat");
+ return -1;
+ }
+
+ if(fs1.st_size != fs2.st_size) //if files are identical size will be the same
+ return -1;
+
+ //mapping files to process memory
+ if((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) {
+ result = -1;
+ goto end;
+ }
+ if((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
+ result = -1;
+ goto end;
+ }
+
+ result = memcmp(h1, h2, fs1.st_size);
+
+ //cleaning after mmap()
+end:
+ if(h2 != MAP_FAILED)
+ munmap(h2, fs2.st_size);
+ if(h1 != MAP_FAILED)
+ munmap(h1, fs1.st_size);
+
+ return result;
+}
+
+RUNNER_TEST_GROUP_INIT(libsmack)
+
+RUNNER_TEST(smack01_storing_and_restoring_rules)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
+ * smack_accesses_free, smack_accesses_save
+ * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
+ * stored and restored from file.
+ * expect: Rules created and stored in file should be identical to predefined template.
+ */
+
+ struct smack_accesses * rules = NULL; //rules prepared in this test case
+ struct smack_accesses * import_test = NULL; //rules imported from file
+
+ int result; //result of each operation to be tested by RUNNER_ASSERT
+ int fd, tmp, sample; //file descripptors for save / restore rules tests
+
+ //int smack_accesses_new(struct smack_accesses **accesses);
+ result = smack_accesses_new(&rules); //rules struct init
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ result = smack_accesses_new(&import_test); //rules struct init
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ //opening files
+ fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
+ tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
+ sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
+ RUNNER_ASSERT_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
+
+ //int smack_accesses_add(struct smack_accesses *handle, const char *subject,
+ // const char *object, const char *access_type);
+ result = smack_accesses_add(rules, "writer", "book", "rw");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules, "reader", "book", "wx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject,
+ // const char *object, const char *access_add, const char *access_del);
+ result = smack_accesses_add_modify(rules, "reader", "book", "r", "wx");
+ RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
+
+ //int smack_accesses_save(struct smack_accesses *handle, int fd);
+ result = smack_accesses_save(rules, fd);
+ RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
+
+ //int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd);
+ result = lseek(fd, 0, SEEK_SET);
+ RUNNER_ASSERT_MSG(result == 0, "lseek() error");
+ result = smack_accesses_add_from_file(import_test, fd);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
+
+ result = smack_accesses_save(import_test, tmp);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
+
+ result = files_compare(fd, tmp); //comparing rules saved in file, restored from it and stored one more time
+ RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
+
+ result = files_compare(tmp, sample); //comparing rules stored in file with reference preinstalled rules
+ RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
+
+ //void smack_accesses_free(struct smack_accesses *handle);
+ smack_accesses_free(rules);
+ smack_accesses_free(import_test);
+
+ //closing file descriptors
+ close(fd);
+ close(tmp);
+ close(sample);
+}
+
+RUNNER_TEST(smack02_aplying_rules_into_kernel)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
+ * smack_accesses_add, smack_accesses_free
+ * description: In this test case aplying rules to kernel will be tested. After that function for test
+ * accesses will be used.
+ * expect: In case of correct rules access should be granted.
+ */
+
+ //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
+
+ struct smack_accesses * rules = NULL; //rules prepared in this test case
+ int result; //for storing functions results
+
+ result = smack_accesses_new(&rules); //rules struct init
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ //adding test rules to struct
+ result = smack_accesses_add(rules, "writer", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules, "reader", "book", "r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules, "spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //int smack_accesses_apply(struct smack_accesses *handle);
+ result = smack_accesses_apply(rules); //applying rules to kernel
+ RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
+
+ //int smack_have_access(const char *subject, const char *object,
+ // const char *access_type);
+ result = smack_have_access("spy", "book", "rwx"); //should have access - rule exist
+ RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
+ result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
+ result = smack_have_access("mars", "book", "rwx"); //should have no acces - rule not exist
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
+
+ //int smack_revoke_subject(const char *subject);
+ result = smack_revoke_subject("snickers"); //this subject do not exist in kernel rules
+ RUNNER_ASSERT_MSG(result == -1, "Error in rmoving not existing subject from kernel"); // <----- TODO: this one should be changed (== 0) after fixing revoke_subject in kernel
+ result = smack_revoke_subject("spy"); //this subject exist in kernel rules
+ RUNNER_ASSERT_MSG(result == 0, "Error in rmoving existing subject from kernel");
+
+ result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel
+ RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now spy should have no access
+ result = smack_have_access("spy", "book", "-----"); //and should have "-----" rule
+ RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
+
+ result = smack_accesses_add(rules, "twix", "book", "rwx"); //for create new rule as a consequence of use accesses_clear() below
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //int smack_accesses_clear(struct smack_accesses *handle);
+ result = smack_accesses_clear(rules); //"spy" removed before by using smack_revoke_subject()
+ RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
+
+ result = smack_have_access("writer", "book", "rwx"); //testing acces after acces_clear()
+ RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now writer also should have no access
+ result = smack_have_access("writer", "book", "-----"); //and should have "-----" rule
+ RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
+ result = smack_have_access("twix", "book", "-----"); //rule created by calling accesses_clear()
+ RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel");
+
+ //free resources
+ smack_accesses_free(rules);
+}
+
+//pairs of rules for test with mixed cases, different length and mixed order
+char * rules_tab[] = {
+ "reader1", "-", "-----",
+ "reader2", "--------", "-----",
+ "reader3", "RwXaT", "rwxat",
+ "reader4", "RrrXXXXTTT", "r-x-t",
+ "reader5", "-r-w-a-t", "rw-at",
+ "reader6", "", "-----",
+ "reader7", "xa--Rt---W", "rwxat",
+ "reader8", "#Ax[T].!~W@1}", "-wxat"
+ };
+
+RUNNER_TEST(smack03_mixed_rule_string_add)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
+ * description: In thist test case rules based on mixed string are added to kernel.
+ * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
+ * expect: Rules should be parsed correct and aplied to kernel.
+ */
+
+ //In thist test case mixed string are used as rules applied to kernel, next they are
+ //readed and compared with correct form of rules
+
+ struct smack_accesses * rules = NULL; //rules prepared in this test case
+ int result; //for storing functions results
+ int i;
+
+ result = smack_accesses_new(&rules); //rules struct init
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ //adding test rules with mixed string
+ for(i = 0; i < (3 * 8) ; i += 3) {
+ result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ }
+
+ //clearing
+ //FIXME: Using clear() here can cover error in accesses_apply() function
+ //result = smack_accesses_clear(rules);
+ //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
+
+ //applying rules to kernel
+ result = smack_accesses_apply(rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
+
+ //checking accesses using normal rules
+ for(i = 0; i < (3 * 8) ; i += 3) {
+ result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table
+ RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
+ }
+
+ //free resources
+ smack_accesses_free(rules);
+
+}
+
+RUNNER_TEST(smack04_mixed_rule_string_have_access)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_have_access
+ * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
+ * expect: Subjects should have accesses to the objects.
+ */
+
+ //In this test case we checking previous aplied rules but for compare mixed strings are used
+
+ int result;
+ int i;
+
+ //rules were added in previous RUNNER_TEST section
+ //checking accesses using mixed rules
+ for(i = 0; i < (3 * 8) ; i += 3) {
+ result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table
+ RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
+ }
+}
+
+//RUNNER_TEST(smackXX_accesses_add_modify)
+//{
+//IDEAS FOR TESTS
+// - what if we want to apply rule that is already in kernel?
+// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
+// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
+//}
+
+RUNNER_TEST(smack05_self_label)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_set_label_for_self, smack_new_label_from_self
+ * description: In this test case process test it own default label. Next label is changed
+ * and tested one more time if change was successfull.
+ * expect: Proces should have default "-" label and can change it to the oter one.
+ */
+
+ //In this test case process will manipulate it own label
+
+ char * label = NULL;
+ int result;
+ int fd;
+
+ const int B_SIZE = 8;
+ char buff[B_SIZE];
+
+ char * def_rule = "_";
+
+ //int smack_new_label_from_self(char **label);
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting self label");
+
+ //comparing this label with default one "_"
+ result = strcmp(label, def_rule);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
+
+ //comparing this rule with received from /proc/self/attr/current
+ fd = open("/proc/self/attr/current", O_RDONLY, 0644);
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
+ result = read(fd, buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
+ result = strncmp(buff, def_rule, result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
+
+ free(label);
+
+ //now time for setting labels:
+
+ //int smack_set_label_for_self(const char *label);
+ result = smack_set_label_for_self("cola");
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
+
+ //checking new label using smack function
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting self label");
+ result = strcmp(label, "cola");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
+
+ //checking new label using /proc/self/attr/current
+ result = lseek(fd, 0, SEEK_SET); //going to the file beginning
+ RUNNER_ASSERT_MSG(result == 0, "lseek() error");
+ result = read(fd, buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
+ result = strncmp(buff, "cola", result);
+ RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
+
+ free(label);
+ close(fd);
+}
+
+//RUNNER_TEST(smackXX_parent_child_label)
+//{
+ //In this test case parent process and child labels will be tested
+ //Parent will fork and check child's label. First fork will be with default "_" parent label,
+ //second one witch changed label.
+//}
+
+//bellow function is from libsmack.c witch changed name
+char * xattr(enum smack_label_type type)
+{
+ switch (type) {
+ case SMACK_LABEL_ACCESS:
+ return "security.SMACK64";
+ case SMACK_LABEL_EXEC:
+ return "security.SMACK64EXEC";
+ case SMACK_LABEL_MMAP:
+ return "security.SMACK64MMAP";
+ case SMACK_LABEL_TRANSMUTE:
+ return "security.SMACK64TRANSMUTE";
+ case SMACK_LABEL_IPIN:
+ return "security.SMACK64IPIN";
+ case SMACK_LABEL_IPOUT:
+ return "security.SMACK64IPOUT";
+ default:
+ /* Should not reach this point */
+ return NULL;
+ }
+}
+
+//TODO: In bellow RUNNER_TEST add lget / lset functions to be testet the same way as normal get / set
+RUNNER_TEST(smack06_get_set_label)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_getlabel, smack_setlabel
+ * description: In this test case file label is tested using SMACK API functions and system xattr functions.
+ * Functions tested here is used for normal files.
+ * expect: Function should return default label, and the new one after change it.
+ */
+
+ //In this test case will be tested setting and getting file label
+ //If file is symbolic link functions should follow it
+
+ //SMACK xattr from libsmack.c:
+ //
+ //case SMACK_LABEL_ACCESS:
+ // return "security.SMACK64";
+ //case SMACK_LABEL_EXEC:
+ // return "security.SMACK64EXEC";
+ //case SMACK_LABEL_MMAP:
+ // return "security.SMACK64MMAP";
+ //case SMACK_LABEL_TRANSMUTE:
+ // return "security.SMACK64TRANSMUTE";
+ //case SMACK_LABEL_IPIN:
+ // return "security.SMACK64IPIN";
+ //case SMACK_LABEL_IPOUT:
+ // return "security.SMACK64IPOUT";
+
+ int result;
+ char * label = NULL;
+
+ const int B_SIZE = 8;
+ char buff[B_SIZE];
+
+ char * file_path = "/etc/smack/test_smack_rules";
+
+
+ //preparing environment by restoring default "_" label
+ result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //int smack_getlabel(const char *path, char** label,
+ // enum smack_label_type type);
+ result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //get label, should be default "_"
+ result = strcmp(label, "_");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+ free(label);
+ //get label using xattr function
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "_", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+
+
+ //int smack_setlabel(const char *path, const char* label,
+ // enum smack_label_type type);
+ result = smack_setlabel(file_path, "fanta", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //get label using smack function
+ result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //get label, should be default "fanta"
+ result = strcmp(label, "fanta");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+ free(label);
+ //get label using xattr function
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "fanta", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+}
+
+//RUNNER_TEST(smackXX_get_label_exec)
+//{
+ //In this test case EXEC label will be tested
+ //by setting this type of label, reading it and testing executed binary exit status
+//}
+
+RUNNER_TEST(smack07_l_get_set_label)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_lgetlabel, smack_lsetlabel, smack_getlabel
+ * description: Functions tested here are similar to one from previous test case. The difference
+ * is that in case of symbolic link they follows it and operates on file pointed by it.
+ * expect: All label manipulations should affect file pointed by symbolic link.
+ */
+
+ int result;
+ char * label = NULL;
+
+ const int B_SIZE = 8;
+ char buff[B_SIZE];
+
+ char * file_path = "/etc/smack/test_smack_rules_lnk";
+
+
+ //preparing environment by restoring default "_" label
+ result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+ result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //int smack_lgetlabel(const char *path, char** label,
+ // enum smack_label_type type);
+ result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //get label of symbolic link, should be default "_"
+ result = strcmp(label, "_");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+ free(label);
+ //get label using xattr function
+ result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "_", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+
+
+ //int smack_lsetlabel(const char *path, const char* label,
+ // enum smack_label_type type);
+ result = smack_lsetlabel(file_path, "7up", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+ //and set label for file pointed by link
+ result = smack_setlabel(file_path, "mirinda", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //get label using smack function
+ result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //check label, should be "7up"
+ result = strcmp(label, "7up");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+ free(label);
+ //get label using xattr function
+ result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "7up", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+
+
+ //now similar to above, but folowing symbolic link set before to "mirinda"
+ result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error gettin label of file pointed by symbolic link");
+ //now label should be "mirinda" for file instead of "7up" set for link
+ result = strcmp(label, "mirinda");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong label of file pointed by symbolic link");
+ free(label);
+ //get label using xattr function
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "mirinda", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+}
+
+RUNNER_TEST(smack08_f_get_set_label)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_fgetlabel, smack_fsetlabel
+ * description: This test case is similar to test case smack06 above. The difference
+ * is that argument is file descriptor instead of file path.
+ * Function not follow symbolic link and operates directly on it.
+ * expect: All label manipulations should affect symbolic link itself.
+ */
+
+ int result;
+ char * label = NULL;
+
+ const int B_SIZE = 8;
+ char buff[B_SIZE];
+
+ int fd;
+ char * file_path = "/etc/smack/test_smack_rules";
+
+ fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules");
+
+ //preparing environment by restoring default "_" label
+ result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //int smack_fgetlabel(int fd, char** label,
+ // enum smack_label_type type);
+ result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //check label, should be "_"
+ result = strcmp(label, "_");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+ free(label);
+ //get label using xattr function
+ result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "_", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file default label");
+
+
+ //int smack_fsetlabel(int fd, const char* label,
+ // enum smack_label_type type);
+ result = smack_fsetlabel(fd, "sprite", SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file");
+
+
+ //get label using smack function
+ result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file");
+ //check label, should be "sprite"
+ result = strcmp(label, "sprite");
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+ free(label);
+ //get label using xattr function
+ result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file");
+ //check label, should match the one readed by smack function
+ result = strncmp(buff, "sprite", result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong file label");
+
+
+ close(fd);
+}
+
+//int smack_new_label_from_socket(int fd, char **label);
+
projects / platform / core / test / security-tests.git / commitdiff