*/
#include <string>
+#include <sstream>
#include <fcntl.h>
#include <dpl/test/test_runner.h>
#include <dpl/log/log.h>
#define TEST_SUBJECT "test_subject"
#define TEST_OBJECT "test_oject"
+#define TEST_OBJECT_2 "test_oject_2"
+std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
int files_compare(int fd1, int fd2)
{
}
/**
+ * Checking if subject has any access to object
+ */
+bool checkNoAccesses(const char *subject, const char *object){
+ int result;
+ result = smack_have_access(subject, object,"r");
+ if(result==1){
+ return false;
+ }
+ result = smack_have_access(subject, object,"w");
+ if(result==1){
+ return false;
+ }
+ result = smack_have_access(subject, object,"x");
+ if(result==1){
+ return false;
+ }
+ result = smack_have_access(subject, object,"a");
+ if(result==1){
+ return false;
+ }
+ result = smack_have_access(subject, object,"t");
+ if(result==1){
+ return false;
+ }
+ return true;
+}
+
+int removeAccessesAll()
+{
+ struct smack_accesses * rules = NULL;
+ int result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_01", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_02", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_03", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_01", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_02", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_03", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_01", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_02", "", "rxwat");
+ result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_03", "", "rxwat");
+
+ smack_accesses_apply(rules);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+ smack_accesses_free(rules);
+}
+
+
+/**
* Add a new access with smack_accesses_add_modify()
*/
RUNNER_TEST(smack_accesses_add_modify_test_1){
smack_accesses_free(rules);
}
+/**
+ * Run smack_accesses_add_modify with the same accesses_add and accesses_del.
+ */
+RUNNER_TEST(smack_accesses_add_modify_test_7){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses * rules = NULL;
+
+ for(i = 0; i<accessesBasic.size(); ++i){
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Error while checking smack access. Accesses exist.");
+
+ // CLEAN UP
+ clean_up();
+ smack_accesses_free(rules);
+ }
+}
+
+/**
+ * Revoke subject with previously added rules and revoke it again.
+ */
+RUNNER_TEST(smack_revoke_subject_test_1){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses * rules = NULL;
+
+ for(i = 0; i<accessesBasic.size(); ++i){
+
+ // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str(),"");
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str(),"");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+
+ // Revoking subject
+ result = smack_revoke_subject(TEST_SUBJECT);
+ RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Revoke didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Revoke didn't work. Accesses exist.");
+
+
+ // Revoking subject again
+ result = smack_revoke_subject(TEST_SUBJECT);
+ RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Revoke didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Revoke didn't work. Accesses exist.");
+
+ smack_accesses_free(rules);
+ }
+}
+
+/**
+ * Clearing accesses
+ */
+RUNNER_TEST(smack_accesses_clear_test_1){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses * rules = NULL;
+
+ for(i = 0; i<accessesBasic.size(); ++i){
+
+ // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+
+ smack_accesses_free(rules);
+
+ // Creating and clearing rules with TEST_OBJECT
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+ result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_clear(rules);
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule " << accessesBasic[i].c_str() << " does not exist.");
+
+ smack_accesses_free(rules);
+
+ // Creating and clearing rules with TEST_OBJECT_2
+ result = smack_accesses_new(&rules);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance");
+
+ result = smack_accesses_add(rules,TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_clear(rules);
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
+
+ smack_accesses_free(rules);
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Clear didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Clear didn't work. Accesses exist.");
+ }
+}
+
RUNNER_TEST(smack01_storing_and_restoring_rules)
{
/*
close(fd);
}
+RUNNER_TEST(smack10_adding_removing_rules)
+{
+ unsigned int i;
+ int result;
+
+ struct smack_accesses * rulesBasic = NULL;
+
+ for(i = 0; i<accessesBasic.size(); ++i)
+ {
+ // Creating rules
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Adding accesses
+ result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ smack_accesses_free(rulesBasic);
+ rulesBasic = NULL;
+
+ // Deleting all rules
+ clean_up();
+ }
+
+ for(i = 0; i<3; ++i)
+ {
+ // --- Creating rules (r or w or x)
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Adding accesses
+ result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Modifying accesses (r for wx or w for rx or x for rw)
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[i+3].c_str(),accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ smack_accesses_free(rulesBasic);
+ rulesBasic = NULL;
+
+ // --- Creating complementary rules (r or w or x)
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Adding accesses
+ result = smack_accesses_add(rulesBasic, TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Modifying accesses (adding rwx and removing r or w or x)
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"rwx",accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i+3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Adding crossing accesses (rx or rw or wx)
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,accessesBasic[3+((i+1)%3)].c_str(),"");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[3+((i+1)%3)].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Deleting all rules
+ result = smack_accesses_add_modify(rulesBasic,TEST_SUBJECT, TEST_OBJECT,"","rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result);
+
+ smack_accesses_free(rulesBasic);
+ rulesBasic = NULL;
+
+ // Deleting all rules
+ clean_up();
+ }
+}
+
+RUNNER_TEST(smack11_saving_loading_rules)
+{
+ int result;
+ int fd;
+
+ struct smack_accesses * rulesBasic = NULL;
+
+ // Pre-cleanup
+ removeAccessesAll();
+
+ // Creating rules
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Loading file with rwxat rules - test_smack_rules_full
+ fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rulesBasic, fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ result = smack_have_access("test_subject_01", "test_object_01", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_01", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_01", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_01", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+
+ // Removing rules
+ removeAccessesAll();
+
+ smack_accesses_free(rulesBasic);
+
+ // Creating rules
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Loading file with partial wrong rules - test_smack_rules2
+ fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rulesBasic, fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result == 0, "Accesses were loaded from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
+ result = smack_have_access("test_subject_01", "test_object_02", "rwat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_01", "test_object_03", "wat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
+ result = smack_have_access("test_subject_02", "test_object_02", "wa-ft");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_02", "test_object_03", "wr");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_01", "a");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_02", "rwat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_03", "w");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+
+ // Removing rules
+ removeAccessesAll();
+
+ smack_accesses_free(rulesBasic);
+
+ // Creating rules
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Loading file with partial wrong rules - test_smack_rules3
+ fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rulesBasic, fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ result = smack_have_access("test_subject_01", "test_object_01", "rwat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result );
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_02"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Accesses exist.");
+ result = smack_have_access("test_subject_01", "test_object_03", "x");
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result );
+
+ // Removing rules
+ removeAccessesAll();
+
+ smack_accesses_free(rulesBasic);
+
+ // Creating rules
+ result = smack_accesses_new(&rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result);
+
+ // Loading file with partial wrong rules - test_smack_rules4
+ fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
+ RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rulesBasic, fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rulesBasic);
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ result = smack_have_access("test_subject_01", "test_object_01", "rxwat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result );
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_02"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Accesses exist.");
+ result = smack_have_access("test_subject_01", "test_object_03", "a");
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result );
+
+ // Removing rules
+ removeAccessesAll();
+
+ smack_accesses_free(rulesBasic);
+
+}
+
//int smack_new_label_from_socket(int fd, char **label);
projects / platform / core / test / security-tests.git / commitdiff