#include <sstream>
#include <sys/stat.h>
-#define SMACK_RULES_DIR "/opt/etc/smack-app/accesses.d/"
-#define SMACK_LOAD2 "/smack/load2"
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-#define APPID_DIR "test_APP_ID_dir"
-#define APPID_SHARED_DIR "test_APP_ID_shared_dir"
-#define CANARY_LABEL "tiny_yellow_canary"
+#define SMACK_RULES_DIR "/opt/etc/smack-app/accesses.d/"
+#define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/WRT"
+#define SMACK_LOAD2 "/smack/load2"
+#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
+#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
+#define APPID_DIR "test_APP_ID_dir"
+#define APPID_SHARED_DIR "test_APP_ID_shared_dir"
+#define CANARY_LABEL "tiny_yellow_canary"
#define APP_ID "test_APP"
#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
#define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
#define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
#define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform"
+#define EARLY_RULE_SUBJECT "livebox.web-provider"
+#define EARLY_RULE_RIGHTS "rwx--"
const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
RUNNER_TEST(privilege_control01_app_install)
{
int result;
- char *path = NULL;
int fd = -1;
unlink(SMACK_RULES_DIR APP_ID);
// checking if file really exists
fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << path << " : " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
close(fd);
- free(path);
// try install second time app with the same ID - it should pass.
result = app_install(APP_ID);
RUNNER_TEST(privilege_control07_app_uninstall)
{
int result;
- char *path = NULL;
int fd = -1;
result = app_uninstall(APP_ID);
fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after app_uninstall");
close(fd);
- free(path);
}
void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
cleaning_smack_database_files();
}
+
+RUNNER_TEST(privilege_control20_early_rules)
+{
+ int result;
+ int fd = -1;
+ int pass_1 = 0;
+ int pass_2 = 0;
+ char *single_line_format = NULL;
+ char *perm = NULL;
+ FILE *file = NULL;
+ char subject[SMACK_LABEL_LEN + 1];
+ char object[SMACK_LABEL_LEN + 1];
+ char rule_add[6]; // "rwxat" + '\0'
+ char rule_remove[6]; // "rwxat" + '\0'
+
+ subject[SMACK_LABEL_LEN] = '\0';
+ object[SMACK_LABEL_LEN] = '\0';
+ rule_add[5] = '\0';
+ rule_remove[5] = '\0';
+
+ unlink(SMACK_RULES_DIR APP_ID);
+
+ app_uninstall(APP_ID);
+
+ result = app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
+ result = app_install(APP_TEST_APP_1);
+ RUNNER_ASSERT_MSG(result == 0, "app_install returned " << result << ". Errno: " << strerror(errno));
+
+ // checking if file really exists
+ fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
+ close(fd);
+ RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
+ fd = -1;
+
+ result = app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
+ RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
+ result = app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
+ RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
+
+ file = fopen(SMACK_STARTUP_RULES_FILE, "r");
+ RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+
+ result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN);
+
+ while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
+ pass_1 = 1; // Found rule for APP_ID
+ continue;
+ }
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
+ pass_2 = 1; // Found rule for APP_TEST_APP_1
+ continue;
+ }
+ }
+ free(single_line_format);
+ single_line_format = NULL;
+ fclose(file);
+ file = NULL;
+
+ RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+
+ // Checking if "early rule" for APP_ID was really removed
+ // We also should make sure that "early rules" for other apps wasn't removed
+ result = app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ pass_1 = 1;
+ pass_2 = 0;
+
+ file = fopen(SMACK_STARTUP_RULES_FILE, "r");
+ RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+
+ result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN);
+
+ while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
+ pass_1 = 0; // Found rule for APP_ID - it should NOT be here
+ continue;
+ }
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
+ pass_2 = 1; // Found rule for APP_TEST_APP_1
+ continue;
+ }
+ }
+ free(single_line_format);
+ single_line_format = NULL;
+ fclose(file);
+ file = NULL;
+
+ RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+
+ // Removing and checking "early rule" for APP_TEST_APP_1
+ result = app_uninstall(APP_TEST_APP_1);
+ RUNNER_ASSERT_MSG(result == 0, "app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ pass_1 = 1;
+ pass_2 = 1;
+
+ file = fopen(SMACK_STARTUP_RULES_FILE, "r");
+ RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+
+ result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN);
+
+ while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
+ pass_1 = 0; // Found rule for APP_ID - it should NOT be here
+ continue;
+ }
+ if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
+ pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
+ continue;
+ }
+ }
+ free(single_line_format);
+ single_line_format = NULL;
+ fclose(file);
+ file = NULL;
+
+ RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
+}