void AppContext::revokeAccessToAll()
{
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_label.c_str()),
"Error in smack_revoke_subject(" << m_label << ")");
+#endif
}
void AppContext::revokeRules()
#include <fcntl.h>
#include <map>
#include <string>
+#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/smack.h>
#include <security-manager-types.h>
#include <dpl/test/test_runner.h>
+#include <sm_api.h>
#include <tzplatform.h>
#include <label_generator.h>
#include <tests_common.h>
}
void AppInstallHelper::revokeRules() const {
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(
0 == smack_revoke_subject(generateAppLabel().c_str()),
"Revoking smack subject failed");
+#endif
}
+#ifndef SMACK_ENABLED
+uid_t AppInstallHelper::getPUID() const {
+ if (m_puid)
+ return *m_puid;
+
+ static constexpr auto MMAP_SIZE = sizeof(uid_t);
+ auto deleter = [&](void* addr) {
+ RUNNER_ASSERT_ERRNO_MSG(munmap(addr, MMAP_SIZE) == 0, "munmap() failed");
+ };
+ auto shmem = std::unique_ptr<void, decltype(deleter)>{mmap(nullptr, sizeof(uid_t),
+ PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANONYMOUS, -1, 0),
+ std::move(deleter)};
+ RUNNER_ASSERT_ERRNO_MSG(shmem.get(), "mmap() failed");
+ pid_t pid = fork();
+ RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ SecurityManagerTest::Api::prepareAppCandidate();
+ SecurityManagerTest::Api::prepareApp(m_appName);
+ uid_t uid = getuid();
+ std::memcpy(shmem.get(), &uid, sizeof(uid));
+ _exit(0);
+ }
+ waitPid(pid);
+ SecurityManagerTest::Api::cleanupApp(m_appName, geteuid(), pid);
+ uid_t uid;
+ std::memcpy(&uid, shmem.get(), sizeof(uid));
+ m_puid = uid;
+ return uid;
+}
+#endif
+
std::string AppInstallHelper::generateAppLabel() const {
return generateProcessLabel(getAppId(), getPkgId(), getIsHybrid());
}
#include <unistd.h>
#include <map>
+#include <optional>
#include <string>
#include <utility>
#include <vector>
removePaths();
}
+#ifndef SMACK_ENABLED
+private:
+ mutable std::optional<uid_t> m_puid;
+
+public:
+ uid_t getPUID() const;
+#endif
+
protected:
struct RootInfo {
RootInfo() : isCreated(false) {}
namespace
{
+#if SMACK_ENABLED
static const char* get_xattr_name(enum smack_label_type type)
{
switch (type) {
return nullptr;
}
}
+#endif
}
FsLabelManager::FsLabelManager(const std::string &path, const std::string &label)
const char *label,
enum smack_label_type labelType)
{
+#if SMACK_ENABLED
std::string path = m_path + relativePath;
int ret = smack_setlabel(path.c_str(), label, labelType);
RUNNER_ASSERT_MSG(ret == 0, "Error in normal setting label " << label);
checkLabel(path, label, labelType);
+#else
+ (void)relativePath;
+ (void)label;
+ (void)labelType;
+#endif
}
void FsLabelManager::testSmackGetLabel(const std::string &relativePath,
const char *label,
enum smack_label_type labelType)
{
+#if SMACK_ENABLED
std::string path = m_path + relativePath;
char *tmpLabel;
RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
checkLabel(path, tmpLabel, labelType);
+#else
+ (void)relativePath;
+ (void)label;
+ (void)labelType;
+#endif
}
void FsLabelManager::testSmackClearLabels(const std::string &relativePath)
const char *label,
enum smack_label_type labelType)
{
+#if SMACK_ENABLED
char buf[SMACK_LABEL_LEN+2] = { 0, };
int ret = getxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
+#else
+ (void)path;
+ (void)label;
+ (void)labelType;
+#endif
}
void FsLabelManager::checkLinkLabel(const std::string &path,
const char *label,
enum smack_label_type labelType)
{
+#if SMACK_ENABLED
char buf[SMACK_LABEL_LEN+2] = { 0, };
int ret = lgetxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
+#else
+ (void)path;
+ (void)label;
+ (void)labelType;
+#endif
}
#include <tests_common.h>
#include <label_generator.h>
-constexpr inline char NO_SMACK_LABEL[] = "User::Pkg::default_app_no_Smack_mode";
-
// Common implementation details
std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid)
{
#include <string>
#include <sys/types.h>
+constexpr inline char NO_SMACK_LABEL[] = "User::Pkg::default_app_no_Smack_mode";
+
std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
std::string generatePathRWLabel(const std::string &pkgId);
std::string generatePathROLabel(const std::string &pkgId);
namespace {
+#if SMACK_ENABLED
const std::string& getOnlycapPath()
{
static std::string onlycapPath;
-
if (onlycapPath.empty()) {
const char* smackfs = smack_smackfs_path();
if (smackfs != nullptr) {
return onlycapPath;
}
-const char* SEPARATORS = " ";
OnlycapSet smackGetOnlycap()
{
+ static constexpr char SEPARATORS[] = " ";
std::ifstream ifs(getOnlycapPath());
RUNNER_ASSERT_MSG(ifs, "Opening " << getOnlycapPath() << " failed.");
}
return onlycapSet;
}
+#endif
void smackSetOnlycap(const OnlycapSet& onlycapSet)
{
+#if SMACK_ENABLED
if (onlycapSet.empty()) {
int ret = smack_set_onlycap(NULL, 0);
RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_onlycap():" << ret);
int ret = smack_set_onlycap(labels, i);
RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_onlycap():" << ret);
+#else
+ (void)onlycapSet;
+#endif
}
void smackSetLabelForSelf(const std::string& label)
{
+#if SMACK_ENABLED
int ret = smack_set_label_for_self(label.c_str());
RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self('" << label << "'): " << ret);
+#else
+ (void)label;
+#endif
}
} // namespace anonymous
ScopedProcessLabel::ScopedProcessLabel(std::string label, bool restore) :
m_label(std::move(label))
{
+#if SMACK_ENABLED
if (restore) {
// store the current process label
char* originalLabel = NULL;
}
}
smackSetLabelForSelf(m_label);
+#else
+ (void)restore;
+#endif
}
ScopedProcessLabel::ScopedProcessLabel(ScopedProcessLabel&& other)
SmackAccess::SmackAccess()
: m_handle(nullptr)
{
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(0 == smack_accesses_new(&m_handle),
"Error in smack_accesses_new");
+#endif
}
void SmackAccess::add(
const std::string &object,
const std::string &rights)
{
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(0 == smack_accesses_add(m_handle,
subject.c_str(),
object.c_str(),
rights.c_str()),
"Error in smack_accesses_add.");
+#else
+ (void)subject;
+ (void)object;
+ (void)rights;
+#endif
}
void SmackAccess::apply() {
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(0 == smack_accesses_apply(m_handle),
"Error in smack_accessses_apply.");
+#endif
}
void SmackAccess::clear() {
+#if SMACK_ENABLED
RUNNER_ASSERT_MSG(0 == smack_accesses_clear(m_handle),
"Error in smack_accesses_clear.");
+#endif
}
SmackAccess::~SmackAccess() {
+#if SMACK_ENABLED
if (m_handle)
smack_accesses_free(m_handle);
+#endif
}
" access: " << rule.access);
}
+
#ifdef SMACK_ENABLED
std::string accessOpposite(std::string &access)
{
const PrivilegeVector &deniedPrivs) const
{
/* Privileges should be granted to all users if root installs app */
+#if SMACK_ENABLED
auto user = (m_uidGid == 0 ? ANY_USER_REPRESENTATION : std::to_string(m_uidGid));
+#else
+ auto user = std::to_string(getPUID());
+#endif
std::string smackLabel = generateProcessLabel(m_appName, m_pkgName, m_isHybrid);
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
const char* correctLabel, bool transmute_test, bool exec_test)
{
+#if SMACK_ENABLED
int result;
CStringPtr labelPtr;
char* label = nullptr;
} else {
RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
}
-
+#else
+ (void)fpath;
+ (void)sb;
+ (void)correctLabel;
+ (void)transmute_test;
+ (void)exec_test;
+#endif
return 0;
}
int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
+#if SMACK_ENABLED
smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
+#else
+ (void)fpath;
+#endif
return 0;
}
app.checkAfterUninstall();
}
+#if SMACK_ENABLED
RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
{
std::string expectedSockLabel = "labelExpectedOnlyFromSocket";
waitPid(pid);
}
}
+#endif
RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
{
ScopedInstaller appsInstall(appIds, apps[0].getPkgId());
+ for (const auto& app : apps)
+ app.checkAfterInstall();
InstallRequest updateRequest;
updateRequest.setPkgId(apps[0].getPkgId());
static void testSetLabelForSelf(const std::string &appName, const std::string &pkgName,
bool expected_success)
{
+#if SMACK_ENABLED
//FIXME : replace this with SM API
std::string label = generateProcessLabel(appName, pkgName);
int result = smack_set_label_for_self(label.c_str());
else
RUNNER_ASSERT_MSG(result != 0, "smack_set_label_for_self(" << label <<
") wrongly succeeded");
+#else
+ (void)appName;
+ (void)pkgName;
+ (void)expected_success;
+#endif
}
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_LABEL_MONITOR_API)
const char *shmName = "shm01_testName";
auto exLabel = app.generateAppLabel();
ScopedInstaller req(app);
- char *label = NULL;
// clean up environment
shm_unlink(shmName);
RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "security_manager_shm_open failed");
FdUniquePtr file(&fd);
+#if SMACK_ENABLED
+ char *label = NULL;
ssize_t len = smack_new_label_from_file(fd, XATTR_NAME_SMACK, &label);
RUNNER_ASSERT_MSG(len > 0, "");
RUNNER_ASSERT_MSG(exLabel == label, "Wrong label. Expected: " << exLabel
<< " Found: " << label);
+#endif
int ret = shm_unlink(shmName);
RUNNER_ASSERT_ERRNO_MSG(0 == ret, "shm_unlink failed");
const char *shmName = "shm02_testName";
auto exLabel = app.generateAppLabel();
ScopedInstaller req(app);
- char *label = NULL;
// clean up environment
shm_unlink(shmName);
RUNNER_ASSERT_ERRNO_MSG(fd1 >= 0, "security_manager_shm_open failed");
FdUniquePtr file1(&fd1);
+#if SMACK_ENABLED
+ char *label = NULL;
ssize_t len = smack_new_label_from_file(fd1, XATTR_NAME_SMACK, &label);
RUNNER_ASSERT_MSG(len > 0, "");
RUNNER_ASSERT_MSG(exLabel == label, "Wrong label. Expected: " << exLabel
<< " Found: " << label);
+#endif
int fd2 = security_manager_shm_open(shmName, O_CREAT | O_RDWR, 0666, app.getAppId().c_str());
RUNNER_ASSERT_ERRNO_MSG(fd2 >= 0, "security_manager_shm_open failed");
// clean up environment
shm_unlink(shmName);
- char *label = NULL;
int fd1 = security_manager_shm_open(shmName, O_CREAT | O_RDWR, 0666, appa.getAppId().c_str());
RUNNER_ASSERT_ERRNO_MSG(fd1 >= 0, "security_manager_shm_open failed");
FdUniquePtr file1(&fd1);
+#if SMACK_ENABLED
+ char *label = NULL;
ssize_t len = smack_new_label_from_file(fd1, XATTR_NAME_SMACK, &label);
RUNNER_ASSERT_MSG(len > 0, "");
RUNNER_ASSERT_MSG(exLabel == label, "Wrong label. Expected: " << exLabel
<< " Found: " << label);
+#endif
int fd2 = security_manager_shm_open(shmName, O_CREAT | O_RDWR, 0666, appb.getAppId().c_str());
int err = errno;
projects / platform / core / test / security-tests.git / commitdiff