Source0: %{name}-%{version}.tar.gz
Source1: %{name}.manifest
BuildRequires: cmake
+BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(libprivilege-control)
BuildRequires: pkgconfig(security-server)
#include <summary_collector.h>
#include <string>
#include <unordered_set>
+#include <sys/capability.h>
#include <grp.h>
#include <pwd.h>
#include <cynara_test_client.h>
DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
+DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
static const char *const SM_APP_ID1 = "sm_test_app_id_double";
static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
+RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
+{
+ int result;
+ CapsSetsUniquePtr caps, caps_empty(cap_init());
+
+ caps.reset(cap_from_text("all=eip"));
+ RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
+ result = cap_set_proc(caps.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "can't set capabilities. Result: " << result);
+
+ result = security_manager_drop_process_privileges();
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "dropping caps failed. Result: " << result);
+
+ caps.reset(cap_get_proc());
+ RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
+
+ result = cap_compare(caps.get(), caps_empty.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
+}
int main(int argc, char *argv[])
{
projects / platform / core / test / security-tests.git / commitdiff