RUNNER_ASSERT_MSG_BT(result == 1, "Error while checking Smack access");
result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only
RUNNER_ASSERT_MSG_BT(result == 0, "Error while checking Smack access");
- result = smack_have_access("mars", "book", "rwx"); //should fail - rule not exist
+ result = smack_have_access("s02badsubjectlabel", "book", "rwx"); //should fail - rule not exist
RUNNER_ASSERT_MSG_BT(result == -1, "Error while checking Smack access");
//int smack_revoke_subject(const char *subject);
- result = smack_revoke_subject("snickers"); //this subject do not exist in kernel rules
+ result = smack_revoke_subject("s02nonexistinglabel"); //this subject do not exist in kernel rules
RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing not existing subject from kernel");
result = smack_revoke_subject("spy"); //this subject exist in kernel rules
RUNNER_ASSERT_MSG_BT(result == 0, "Error in removing existing subject from kernel");
result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel
RUNNER_ASSERT_MSG_BT(result == 0, "Error in acces aplied to kernel"); //now spy should have no access
- result = smack_accesses_add(rules, "twix", "book", "rwx"); //for create new rule as a consequence of use accesses_clear() below
+ //for create new rule as a consequence of use accesses_clear() below
+ result = smack_accesses_add(rules, "s02subjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
//int smack_accesses_clear(struct smack_accesses *handle);
int result;
char *label = NULL;
- const int B_SIZE = 8;
- char buff[B_SIZE];
+ char buff[SMACK_LABEL_LEN+1];
+ const char* s06testlabel = "s06testlabel";
const char *file_path = "/etc/smack/test_smack_rules";
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
//get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
result = strncmp(buff, "_", result);
//int smack_setlabel(const char *path, const char* label,
// enum smack_label_type type);
- result = smack_setlabel(file_path, "fanta", SMACK_LABEL_ACCESS);
+ result = smack_setlabel(file_path, s06testlabel, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
//get label using smack function
result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //get label, should be default "fanta"
- result = strcmp(label, "fanta");
+ //get label, should be default s06testlabel
+ result = strcmp(label, s06testlabel);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
//get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
- result = strncmp(buff, "fanta", result);
+ result = strncmp(buff, s06testlabel, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
}
int result;
char *label = NULL;
- const int B_SIZE = 8;
- char buff[B_SIZE];
+ char buff[SMACK_LABEL_LEN+1];
+ const char* s07testlabel1 = "s07testlabel1";
+ const char* s07testlabel2 = "s07testlabel2";
const char *file_path = "/etc/smack/test_smack_rules_lnk";
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
//get label using xattr function
- result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
result = strncmp(buff, "_", result);
//int smack_lsetlabel(const char *path, const char* label,
// enum smack_label_type type);
- result = smack_lsetlabel(file_path, "7up", SMACK_LABEL_ACCESS);
+ result = smack_lsetlabel(file_path, s07testlabel1, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
//and set label for file pointed by link
- result = smack_setlabel(file_path, "mirinda", SMACK_LABEL_ACCESS);
+ result = smack_setlabel(file_path, s07testlabel2, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
//get label using smack function
result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //check label, should be "7up"
- result = strcmp(label, "7up");
+ //check label, should be s07testlabel1
+ result = strcmp(label, s07testlabel1);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
//get label using xattr function
- result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
- result = strncmp(buff, "7up", result);
+ result = strncmp(buff, s07testlabel1, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
- //now similar to above, but folowing symbolic link set before to "mirinda"
+ //now similar to above, but folowing symbolic link set before to s07testlabel2
result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error gettin label of file pointed by symbolic link");
- //now label should be "mirinda" for file instead of "7up" set for link
- result = strcmp(label, "mirinda");
+ //now label should be s07testlabel2 for file instead of s07testlabel1 set for link
+ result = strcmp(label, s07testlabel2);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong label of file pointed by symbolic link");
free(label);
//get label using xattr function
- result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
- result = strncmp(buff, "mirinda", result);
+ result = strncmp(buff, s07testlabel2, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
}
int result;
char *label = NULL;
- const int B_SIZE = 8;
- char buff[B_SIZE];
+ char buff[SMACK_LABEL_LEN+1];
+ const char* s08testlabel = "s08testlabel";
int fd;
const char *file_path = "/etc/smack/test_smack_rules";
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file default label");
free(label);
//get label using xattr function
- result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
result = strncmp(buff, "_", result);
//int smack_fsetlabel(int fd, const char* label,
// enum smack_label_type type);
- result = smack_fsetlabel(fd, "sprite", SMACK_LABEL_ACCESS);
+ result = smack_fsetlabel(fd, s08testlabel, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in setting ACCESS label for file");
//get label using smack function
result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS);
RUNNER_ASSERT_MSG_BT(result == 0, "Error in getting smack ACCESS label from file");
- //check label, should be "sprite"
- result = strcmp(label, "sprite");
+ //check label, should be s08testlabel
+ result = strcmp(label, s08testlabel);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
free(label);
//get label using xattr function
- result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE);
+ result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, SMACK_LABEL_LEN);
RUNNER_ASSERT_MSG_BT(result > 0, "Error in getting xattr from file");
//check label, should match the one readed by smack function
- result = strncmp(buff, "sprite", result);
+ result = strncmp(buff, s08testlabel, result);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong file label");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off)");
result = smack_have_access("reader", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("mars", "book", "rwx");
+ result = smack_have_access("s02badsubjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off)");
//testing subject revoking - should return error (no accesses applied = no subjects to revoke)
- result = smack_revoke_subject("snickers");
+ result = smack_revoke_subject("s02nonexistinglabel");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_revoke_subject error - subject doesn't exist.");
result = smack_revoke_subject("spy");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_revoke_subject error - subject doesn't exist.");
result = smack_have_access("spy", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off).");
- result = smack_accesses_add(rules.get(), "twix", "book", "rwx");
+ result = smack_accesses_add(rules.get(), "s02subjectlabel", "book", "rwx");
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to add smack rules");
//smack_accesses_clear should return error aswell
int result;
int fd;
- const int B_SIZE = 8;
- char buff[B_SIZE];
+ char buff[SMACK_LABEL_LEN+1];
//smack_new_label_from_self should fail
result = smack_new_label_from_self(&label);
fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
RUNNER_ASSERT_MSG_BT(fd >= 0, "/proc/self/attr/current failed to open.");
- result = read(fd, buff, B_SIZE); //however reading it should return error
+ result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
if(result >= 0) {
close(fd);
RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error.");
}
//setting label for self should fail
- result = smack_set_label_for_self("fanta");
+ result = smack_set_label_for_self("s04testlabel");
if(result != -1) {
close(fd);
RUNNER_ASSERT_MSG_BT(false, "set_label_for_self should return error (SMACK is off).");
RUNNER_ASSERT_MSG_BT(false, "lseek() error.");
}
- result = read(fd, buff, B_SIZE); //however it should return error
+ result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
if(result >= 0) {
close(fd);
RUNNER_ASSERT_MSG_BT(false, "Reading /proc/self/attr/current should return error.");
RUNNER_CHILD_TEST_SMACK(tc11_security_server_get_uid_by_cookie_smack)
{
+ const char* tc11testlabel = "tc11testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG_BT(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc11testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(smack_revoke_subject(tc11testlabel) == 0,
+ "Error in smack_revoke_subject");
//drop privileges
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
RUNNER_CHILD_TEST_SMACK(tc12_security_server_get_uid_by_cookie_smack)
{
+ const char* tc12testlabel = "tc12testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG_BT(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc12testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc12testlabel,
+ "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
//drop privileges
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
RUNNER_CHILD_TEST_SMACK(tc13_security_server_get_uid_by_cookie_smack)
{
+ const char* tc13testlabel = "tc13testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc13testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc13testlabel,
+ "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc13testlabel,
+ "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
//drop privileges
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
RUNNER_CHILD_TEST_SMACK(tc15_security_server_get_gid_by_cookie_smack)
{
+ const char* tc15testlabel = "tc15testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG_BT(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc15testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(smack_revoke_subject(tc15testlabel) == 0,
+ "Error in smack_revoke_subject");
//drop privileges
RUNNER_ASSERT_MSG_BT(setgid(APP_GID) == 0, "Unable to drop privileges");
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
RUNNER_CHILD_TEST_SMACK(tc16_security_server_get_gid_by_cookie_smack)
{
+ const char* tc16testlabel = "tc16testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG_BT(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc16testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc16testlabel,
+ "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
//drop privileges
RUNNER_ASSERT_MSG_BT(setgid(APP_GID) == 0, "Unable to drop privileges");
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
RUNNER_CHILD_TEST_SMACK(tc17_security_server_get_gid_by_cookie_smack)
{
+ const char* tc17testlabel = "tc17testlabel";
+
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == 20, "Wrong cookie size");
//preapare SMACK environment
- RUNNER_ASSERT_MSG_BT(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- RUNNER_ASSERT_MSG_BT(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(smack_set_label_for_self(tc17testlabel) == 0,
+ "Unable to set label for self");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc17testlabel,
+ "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
+ RUNNER_ASSERT_MSG_BT(apply_smack_rule(tc17testlabel,
+ "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
//drop privileges
RUNNER_ASSERT_MSG_BT(setgid(APP_GID) == 0, "Unable to drop privileges");
RUNNER_ASSERT_MSG_BT(setuid(APP_UID) == 0, "Unable to drop privileges");
projects / platform / core / test / security-tests.git / commitdiff