#include <sys/smack.h>
#include <dpl/test/test_runner.h>
+#include <sm_commons.h>
#include <tzplatform.h>
struct AppInstallHelper {
}
std::string generateAppLabel() const {
- return "User::App::" + getAppId();
+ return generateProcessLabel(getAppId());
}
std::string generatePkgLabel() const {
- return "User::Pkg::" + getPkgId();
+ return generatePathRWLabel(getPkgId());
}
void removePaths() {
// Common implementation details
-std::string generateAppLabel(const std::string &appId)
+std::string generateProcessLabel(const std::string &appId)
{
return "User::App::" + appId;
}
-std::string generatePkgLabel(const std::string &pkgId)
+std::string generatePathRWLabel(const std::string &pkgId)
{
return "User::Pkg::" + pkgId;
}
const privileges_t &denied_privs)
{
(void) pkg_id;
- std::string smackLabel = generateAppLabel(app_id);
+ std::string smackLabel = generateProcessLabel(app_id);
CynaraTestClient::Client ctc;
std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num);
int result;
- nftw_expected_label = generatePkgLabel(pkgId);
+ nftw_expected_label = generatePathRWLabel(pkgId);
nftw_expected_transmute = true;
nftw_expected_exec = false;
result = nftw(SM_RW_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
- nftw_expected_label = generatePkgLabel(pkgId) + "::RO";
+ nftw_expected_label = generatePathRWLabel(pkgId) + "::RO";
nftw_expected_transmute = false;
nftw_expected_exec = false;
#include <security-manager-types.h>
-#include <app_install_helper.h>
#include <memory.h>
#include <sm_db.h>
#include <temp_test_user.h>
const std::string uidToStr(const uid_t uid);
-std::string generateAppLabel(const std::string &appId);
-std::string generatePkgLabel(const std::string &pkgId);
+std::string generateProcessLabel(const std::string &appId);
+std::string generatePathRWLabel(const std::string &pkgId);
std::string genRWPath(int app_num);
std::string genROPath(int app_num);
std::string genPublicROPath(int app_num);
const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
const char *const socketLabel = "not_expected_label";
- std::string expected_label = generateAppLabel(app_id);
+ std::string expected_label = generateProcessLabel(app_id);
std::string expected_socket_label = socketLabel;
char *label = nullptr;
CStringPtr labelPtr;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId, rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId, rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId, rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId, rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvAppId;
Api::install(requestInst);
- std::string smackLabel = generateAppLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id);
clientTestTemplate([&] (int sock, pid_t) {
Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
static void testSetLabelForSelf(const char *app_id, bool expected_success)
{
- std::string label = generateAppLabel(app_id);
+ std::string label = generateProcessLabel(app_id);
int result = smack_set_label_for_self(label.c_str());
if (expected_success)
RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << label <<
waitPid(pid);
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
waitPid(pid);
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
+ admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
waitPid(pid);
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
}
if(pid == 0)
waitPid(pid[0]);
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
pid[1] = fork();
waitPid(pid[1]);
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(),
std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
}
if(pid[1] == 0)
{
std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
- changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
+ changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
"access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
{
std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
- changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
+ changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
"access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
Api::registerPaths(preq);
// check labels
- check_path(path, generatePkgLabel(sm_pkg_id) + "::SharedRO");
+ check_path(path, generatePathRWLabel(sm_pkg_id) + "::SharedRO");
}
RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
// check rules
check_exact_access("System", trusted_label, system_access);
check_exact_access("User", trusted_label, system_access);
- check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(provider.getAppId()), trusted_label, trusted_access);
+ check_exact_access(generatePathRWLabel(provider.getPkgId()), trusted_label, "");
// install trusted app
InstallRequest trustedApp;
Api::install(trustedApp);
// check rules
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, trusted_access);
+ check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, "");
// install untrusted app
InstallRequest untrustedApp;
Api::install(untrustedApp);
// check rules
- check_exact_access(generateAppLabel(untrusted.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(untrusted.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(untrusted.getAppId()), trusted_label, "");
+ check_exact_access(generatePathRWLabel(untrusted.getPkgId()), trusted_label, "");
// uninstall trusting app
Api::uninstall(trustingApp);
// there's still one app with author id, rules should be kept
check_exact_access("System", trusted_label, system_access);
check_exact_access("User", trusted_label, system_access);
- check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, "");
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(provider.getAppId()), trusted_label, "");
+ check_exact_access(generatePathRWLabel(provider.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, trusted_access);
+ check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, "");
Api::uninstall(trustedApp);
// no more apps with author id
check_exact_access("System", trusted_label, "");
check_exact_access("User", trusted_label, "");
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
+ check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, "");
+ check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, "");
Api::uninstall(untrustedApp);
}
trustingApp2.setAuthorId(authorId1);
Api::install(trustingApp2);
- check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl");
- check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl");
- check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl");
- check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl");
- check_exact_access("System", generateAppLabel(trusted2.getAppId()), "rwxl");
- check_exact_access("User", generateAppLabel(trusted2.getAppId()), "rwxl");
+ check_exact_access("System", generateProcessLabel(trusted1.getAppId()), "rwxl");
+ check_exact_access("User", generateProcessLabel(trusted1.getAppId()), "rwxl");
+ check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), "rwxatl");
+ check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), "rwxatl");
+ check_exact_access("System", generateProcessLabel(trusted2.getAppId()), "rwxl");
+ check_exact_access("User", generateProcessLabel(trusted2.getAppId()), "rwxl");
Api::uninstall(trustingApp2);
- check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl");
- check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl");
- check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl");
- check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl");
- check_exact_access("System", generateAppLabel(trusted2.getAppId()), "");
- check_exact_access("User", generateAppLabel(trusted2.getAppId()), "");
+ check_exact_access("System", generateProcessLabel(trusted1.getAppId()), "rwxl");
+ check_exact_access("User", generateProcessLabel(trusted1.getAppId()), "rwxl");
+ check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), "rwxatl");
+ check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), "rwxatl");
+ check_exact_access("System", generateProcessLabel(trusted2.getAppId()), "");
+ check_exact_access("User", generateProcessLabel(trusted2.getAppId()), "");
Api::uninstall(trustingApp);
- check_exact_access("System", generateAppLabel(trusted1.getAppId()), "");
- check_exact_access("User", generateAppLabel(trusted1.getAppId()), "");
- check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "");
- check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "");
+ check_exact_access("System", generateProcessLabel(trusted1.getAppId()), "");
+ check_exact_access("User", generateProcessLabel(trusted1.getAppId()), "");
+ check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), "");
+ check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), "");
}