Verify proper handling of symlinks by set_app_privilege().

[Issue#]       SSDWSSP-80
[Feature]      Verify proper handling of symlinks by set_app_privilege().
[Cause]        Requirements about following symlinks for Smack exec labels have been given.
[Solution]     Use symlink for running app, label symlink and its target differently.
[Verification] Build, install, run libprivilege-control tests.

Change-Id: Ia6fd9c76538a55e44f19c410b36f0ee535d08f0a

diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp
index e52010e2630c1d64251908a716c023a8f88db624..a961dbe28e146e92a6f56ee0016894d1e5f690e9 100644 (file)
--- a/tests/libprivilege-control-tests/test_cases.cpp
+++ b/tests/libprivilege-control-tests/test_cases.cpp
@@ -49,6 +49,7 @@
 
 #define APP_SET_PRIV  "test_APP"
 #define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
+#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
 
 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
 
@@ -364,9 +365,11 @@ RUNNER_TEST(privilege_control05_set_app_privilege)
 {
     int result;
     char* labelApp = "test_pc_label";
+    char* labelAppSymlink = "test_pc_label_symlink";
 
     // Preset exec label
-    smack_setlabel(APP_SET_PRIV_PATH,labelApp, SMACK_LABEL_EXEC);
+    smack_lsetlabel(APP_SET_PRIV_PATH_REAL, labelApp, SMACK_LABEL_EXEC);
+    smack_lsetlabel(APP_SET_PRIV_PATH, labelAppSymlink, SMACK_LABEL_EXEC);
 
     // Set APP privileges
     result = set_app_privilege(APP_SET_PRIV, NULL, APP_SET_PRIV_PATH);
@@ -375,9 +378,10 @@ RUNNER_TEST(privilege_control05_set_app_privilege)
     // Check if SMACK label really set
     char * label;
     result = smack_new_label_from_self(&label);
-    RUNNER_ASSERT_MSG(result == 0, "Error setting label for exec" << result);
+    RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
+    RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
     result = strcmp(labelApp, label);
-    RUNNER_ASSERT_MSG(result == 0, "Label NOT set");
+    RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
 
     // Check if DAC privileges really set
     RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");

diff --git a/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP b/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP
deleted file mode 100644 (file)
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000

diff --git a/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP b/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP
new file mode 120000 (symlink)
index 0000000000000000000000000000000000000000..749f74787e257f3821e577f37e0f6edd3a7f805a
--- /dev/null
+++ b/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP
@@ -0,0 +1 @@
+test_APP_REAL
\ No newline at end of file

diff --git a/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL b/tests/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL
new file mode 100644 (file)
index 0000000..e69de29