return result;
}
-
RUNNER_TEST_GROUP_INIT(libsmack)
/**
* Helper method to reset privileges at the begginning of tests.
*/
void clean_up()
{
- struct smack_accesses *rules = NULL;
- int result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
-
- // CLEAN UP
- smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwxat");
- smack_accesses_apply(rules);
- smack_accesses_free(rules);
-
- // PREINIT CHECK.
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"w") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"x") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"a") != 1, "Rule has previous privileges after cleaning up!");
- RUNNER_ASSERT_MSG_BT(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"t") != 1, "Rule has previous privileges after cleaning up!");
+ smack_revoke_subject(TEST_SUBJECT);
}
/**
bool checkNoAccesses(const char *subject, const char *object)
{
int result;
- result = smack_have_access(subject, object,"r");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"w");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"x");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"a");
- if (result == 1) {
- return false;
- }
- result = smack_have_access(subject, object,"t");
- if (result == 1) {
- return false;
+ for(const auto &perm : std::vector<std::string> () = {"r", "w", "a","t", "l"}) {
+ result = smack_have_access(subject, object, perm.c_str());
+ if (result == 1) {
+ return false;
+ }
}
return true;
}
void removeAccessesAll()
{
- struct smack_accesses *rules = NULL;
- int result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to create smack_accesses instance");
-
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_03", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_03", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_01", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_02", "", "rxwat");
- result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_03", "", "rxwat");
-
- smack_accesses_apply(rules);
- RUNNER_ASSERT_MSG_BT(result == 0, "Error while applying accesses. Result: " << result);
- smack_accesses_free(rules);
+ for(int i = 1; i <=3; i++)
+ //smack_revoke_subject will fail, when subject does not exist in kernel
+ //as this function is called at test beginning we cannot check return value
+ smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
}
-
/**
* Add a new access with smack_accesses_add_modify()
*/