#include <cstring>
#include <iomanip>
#include <iostream>
+#include <sys/smack.h> // SMACK_LABEL_LEN
#include "dcm_client.h"
#include "device_certificate_manager.h"
return __libc_malloc(size);
}
-}
+class Fd {
+ int fd;
+public:
+ explicit Fd(int fd) : fd(fd) { BOOST_REQUIRE_GE(fd, 0); }
+ operator int() const { return fd; }
+ ~Fd() { BOOST_CHECK_EQUAL(close(fd), 0); }
+};
+
+class OverrideSmackLabel {
+ Fd fd;
+ char old_label[SMACK_LABEL_LEN];
+ boost::uint_value_t<SMACK_LABEL_LEN>::least old_label_len;
+public:
+ explicit OverrideSmackLabel(const char *override_label)
+ : fd(open("/proc/thread-self/attr/current", O_RDWR)) {
+ const auto ret = read(fd, old_label, sizeof old_label + 1);
+ BOOST_REQUIRE_GT(ret, 0);
+ BOOST_REQUIRE_LE(ret, sizeof old_label);
+ old_label_len = ret;
+
+ // subsequent write()s fail without the seek
+ BOOST_REQUIRE_EQUAL(lseek(fd, 0, SEEK_SET), 0);
+
+ const auto len = strlen(override_label);
+ BOOST_REQUIRE_EQUAL(write(fd, override_label, len), len);
+ }
+
+ ~OverrideSmackLabel() {
+ BOOST_CHECK_EQUAL(write(fd, old_label, old_label_len), old_label_len);
+ }
+};
+
+} // namespace
BOOST_AUTO_TEST_SUITE(API_TEST)
NEGATIVE_TEST_CASE(test08_dcm_ext_api_no_privilege)
{
+ // This test seems to require the System::Privileged label because it
+ // relies on a particular cynara rule concerning System::Privileged and the
+ // underlying "http://tizen.org/privilege/internal/sysadmin" privilege
+ // checked during the "method-with-a-privilege-not-granted" call.
+ // Grep backend code for /method-with-a-privilege-not-granted/ for details.
+ //
+ // Sdb uses User::Shell but one can switch to System::Privileged, then back.
+ OverrideSmackLabel _("System::Privileged");
+
int ret = dcm_ext_call_api("method-with-a-privilege-not-granted", NULL, 0, NULL, NULL);
BOOST_REQUIRE_EQUAL(ret, DCM_EXT_ERROR_PERMISSION_DENIED);
}
projects / platform / core / security / device-certificate-manager.git / commitdiff