projects / platform / core / security / security-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d94e405)
Add rules related with addition of System::Privileged domain. 25/80425/1 accepted/tizen/common/20160718.155922 accepted/tizen/ivi/20160718.104941 accepted/tizen/mobile/20160718.105015 accepted/tizen/tv/20160718.104731 accepted/tizen/wearable/20160718.104947 submit/tizen/20160718.054439
authorjin-gyu.kim <jin-gyu.kim@samsung.com>
Mon, 18 Jul 2016 05:18:55 +0000 (14:18 +0900)
committerjin-gyu.kim <jin-gyu.kim@samsung.com>
Mon, 18 Jul 2016 05:19:03 +0000 (14:19 +0900)
Change-Id: I8c0754342339ae65982ceab6c376fd4387246cbf

test/smack_rule_test/checksmacklabel.sh patch | blob | history
test/smack_rule_test/checksmackrule_loaded.sh patch | blob | history
test/smack_rule_test/checksmackrule_saved.sh patch | blob | history

diff --git a/test/smack_rule_test/checksmacklabel.sh b/test/smack_rule_test/checksmacklabel.sh
index fec47795f7604a10d22f3ad87b7b02f7caa02caa..eba678228787018af0dbc6acf8fb9d2a6ac450a2 100755 (executable)
--- a/test/smack_rule_test/checksmacklabel.sh
+++ b/test/smack_rule_test/checksmacklabel.sh
@@ -26,7 +26,7 @@ function CHECK_RULE_ACCESS
        if [ "${label:8:1}"  != '_' ] && [ "${label:8:1}"  != '*' ] && [ "${label:8:1}"  != '^' ] &&
                 [ "${label:8:6}"  != 'System' ] && [ "${label:8:11}"  != 'System::Run' ] && [ "${label:8:11}"  != 'System::Log' ] &&
           [ "${label:8:14}"  != 'System::Shared' ] && [ "${label:8:4}"  != 'User' ] && [ "${label:8:10}"  != 'User::Home' ] &&
-          [ "${label:8:17}"  != 'User::App::Shared' ] && [ "${label:8:9}"  != 'User::Pkg' ]
+          [ "${label:8:17}"  != 'User::App::Shared' ] && [ "${label:8:9}"  != 'User::Pkg' ] && [ "${label:8:18}" != 'System::Privileged']
        then
                CHECK_EXCEPTION
                if [ "$?" == 0 ]
@@ -39,7 +39,7 @@ function CHECK_RULE_ACCESS
 function CHECK_RULE_EXECUTE
 {
        if [ "${label:9:1}"  != '_' ] && [ "${label:9:1}"  != '^' ] &&
-          [ "${label:9:6}"  != 'System' ] && [ "${label:9:4}"  != 'User' ] && [ "${label:9:9}"  != 'User::App' ]
+          [ "${label:9:6}"  != 'System' ] && [ "${label:9:4}"  != 'User' ] && [ "${label:9:9}"  != 'User::App' ] && [ "${label:9:18}" != 'System::Privileged']
        then
                CHECK_EXCEPTION
                if [ "$?" == 0 ]
diff --git a/test/smack_rule_test/checksmackrule_loaded.sh b/test/smack_rule_test/checksmackrule_loaded.sh
index d174e6ff494a59de205a42e36bb28cc3f1f3b333..180719efa617216b05dd6411d7ee7cbe7851409d 100755 (executable)
--- a/test/smack_rule_test/checksmackrule_loaded.sh
+++ b/test/smack_rule_test/checksmackrule_loaded.sh
@@ -368,6 +368,146 @@ function RULE_CHECK
         then
             return 0
         fi 
+    # System::Privileged System rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Shared" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Run rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Run" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Log rwxa
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Log" ]]
+    then
+        if [ "$3" == "rwxa" ]
+        then
+            return 0
+        fi
+    # System::Privileged User::Home rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::Home" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi
+    # System::Privileged User::App::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::App::Shared" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi
+    # System::Privileged _ rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "_" ]]
+    then
+        if [ "$3" == "rwx" ]
+        then
+            return 0
+        fi  
+    # _ System::Privileged wx
+    elif [ "$1" == "_" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "wx" ]
+        then
+            return 0
+        fi
+    # System System::Privileged rwxat
+    elif [ "$1" == "System" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi 
+    # ^ System::Privileged rwxa
+    elif [ "$1" == "^" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "rwxa" ]
+        then
+            return 0
+        fi
+    # System::Privileged ^ rwxa
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "^" ]]
+    then
+        if [ "$3" == "rwxa" ]
+        then
+            return 0
+        fi
+    # User System::Privileged wx
+    elif [ "$1" == "User" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "wx" ]
+        then
+            return 0
+        fi
+    # System::Privileged User rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User" ]]
+    then
+        if [ "$3" == "rwx" ]
+        then
+            return 0
+        fi
+    # System::Privileged ~PKG~ rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"* ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi    
+    # System::Privileged ~PKG~::RO rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"*"::RO" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi 
+    # System::Privileged ~PKG~::SharedRO rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"*"::SharedRO" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi                       
+    # System::Privileged User::App::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::App::Shared" ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi 
+    # System::Privileged ~APP~ rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::App::"* ]]
+    then
+        if [ "$3" == "rwx" ]
+        then
+            return 0
+        fi            
+    # ~APP~ System::Privileged wx
+    elif [[ "$1" == *"::App::"* ]] && [ "$2" == "System::Privileged" ]
+    then
+        if [ "$3" == "wx" ]
+        then
+            return 0
+        fi
+    # System::Privileged ~AUTHOR~ rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"Author"* ]]
+    then
+        if [ "$3" == "rwxat" ]
+        then
+            return 0
+        fi   
     fi
 
     EXCEPTION_CHECK $1 $2 $3
diff --git a/test/smack_rule_test/checksmackrule_saved.sh b/test/smack_rule_test/checksmackrule_saved.sh
index 4039c899766b380e08ece7cb745920f64904ce90..f42dd7049d518c04041abe5f5a7798a1f3dea0d4 100755 (executable)
--- a/test/smack_rule_test/checksmackrule_saved.sh
+++ b/test/smack_rule_test/checksmackrule_saved.sh
@@ -367,9 +367,149 @@ function RULE_CHECK
         pkgname1=$(/usr/bin/sqlite3 $dbpath "select DISTINCT pkg_name from app_pkg_view where app_name='$appname1';")
         pkgname2=$(/usr/bin/sqlite3 $dbpath "select DISTINCT pkg_name from app_pkg_view where app_name='$appname2';")
         if [ "$pkgname1" == "$pkgname2" ] && [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged System rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Shared" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Run rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Run" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged System::Log rwxa
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "System::Log" ]]
+    then
+        if [ "$3" == "rwxa--" ]
+        then
+            return 0
+        fi
+    # System::Privileged User::Home rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::Home" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged User::App::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::App::Shared" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi
+    # System::Privileged _ rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "_" ]]
+    then
+        if [ "$3" == "rwx---" ]
+        then
+            return 0
+        fi  
+    # _ System::Privileged wx
+    elif [ "$1" == "_" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "-wx---" ]
+        then
+            return 0
+        fi
+    # System System::Privileged rwxat
+    elif [ "$1" == "System" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "rwxat-" ]
         then
             return 0
         fi 
+    # ^ System::Privileged rwxa
+    elif [ "$1" == "^" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "rwxa--" ]
+        then
+            return 0
+        fi
+    # System::Privileged ^ rwxa
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "^" ]]
+    then
+        if [ "$3" == "rwxa--" ]
+        then
+            return 0
+        fi
+    # User System::Privileged wx
+    elif [ "$1" == "User" ] && [[ "$2" == "System::Privileged" ]]
+    then
+        if [ "$3" == "-wx---" ]
+        then
+            return 0
+        fi
+    # System::Privileged User rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User" ]]
+    then
+        if [ "$3" == "rwx---" ]
+        then
+            return 0
+        fi
+    # System::Privileged ~PKG~ rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"* ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi    
+    # System::Privileged ~PKG~::RO rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"*"::RO" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi 
+    # System::Privileged ~PKG~::SharedRO rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::Pkg::"*"::SharedRO" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi                       
+    # System::Privileged User::App::Shared rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == "User::App::Shared" ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi 
+    # System::Privileged ~APP~ rwx
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"::App::"* ]]
+    then
+        if [ "$3" == "rwx---" ]
+        then
+            return 0
+        fi            
+    # ~APP~ System::Privileged wx
+    elif [[ "$1" == *"::App::"* ]] && [ "$2" == "System::Privileged" ]
+    then
+        if [ "$3" == "-wx---" ]
+        then
+            return 0
+        fi
+    # System::Privileged ~AUTHOR~ rwxat
+    elif [ "$1" == "System::Privileged" ] && [[ "$2" == *"Author"* ]]
+    then
+        if [ "$3" == "rwxat-" ]
+        then
+            return 0
+        fi    
     fi
 
     EXCEPTION_CHECK $1 $2 $3
Domain: Security / Access Control;