return 0;
}
-void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG_BT(result == 1,
- "Error while checking " << av_id << " rwx access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG_BT(result == 0,
- "Error while checking " << av_id << " a access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG_BT(result == 0,
- "Error while checking " << av_id << " t access to "
- << app_id << " " << comment << " Result: " << result);
-}
-
-/**
- * NOSMACK version of checkOnlyAvAccess function.
- *
- * Expects error instead of access granted/forbidden from smack_have_access.
- */
-void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG_BT(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG_BT(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG_BT(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
-}
-
void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
{
int result;
TestLibPrivilegeControlDatabase db_test;
db_test.test_db_after__perm_app_install(APP_ID);
}
-/*
- * Check app_register_av function
- * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_SMACK(privilege_control10_app_register_av)
-{
- RUNNER_IGNORED_MSG("app_register_av is deprecated");
- int result;
-
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
-
- DB_BEGIN
-
- // Adding two apps before antivir
- result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Adding antivir
- result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-
- // Checking added apps accesses
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
-
- DB_BEGIN
-
- // Adding third app
- result = perm_app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-
- // Checking app accesses
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
-
- // Adding second antivir
- result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
-
- // Checking app accesses
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
-
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
-}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
/**
* Grant SMACK permissions based on permissions list.
DB_END
}
-/**
- * Make two applications "friends", by giving them both full permissions on
- * each other.
- */
-RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
-{
- RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
-
- int result;
-
-/**
- * Test - making friends with no permissions on each other
- */
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-
- // Installing friends to be
- result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error installing first app. Result: " << result);
- result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error installing second app. Result: " << result);
-
- // Making friends
- result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error making friends. Errno: " << result);
-
- DB_END
-
- // Checking if friends were made
- result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error first one sided friednship failed. Result: " << result);
- result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error second one sided friednship failed. Result: " << result);
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-
- DB_END
-
-/**
- * Test - making friends with nonexistent friend
- */
-
- DB_BEGIN
-
- // Installing one friend
- result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error installing first app. Errno: " << result);
-
- // Adding imaginary friend as second
- result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error making friends (first) with imaginairy friend failed. Result: "
- << result);
- // Adding imaginary friend as first
- result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error making friends (second) with imaginairy friend failed. Result: "
- << result);
- // Clean up
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-
- DB_END
-
-/**
- * Test - making friends with some permissions already added
- */
- unsigned int i;
- unsigned int j;
-
- struct smack_accesses *rulesFriend = NULL;
-
- std::vector<std::string> accessesFriend =
- { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
-
- DB_BEGIN
-
- // Installing friends to be
- result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error installing first app. Result: " << result);
- result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error installing second app. Result: " << result);
-
- DB_END
-
- for (i = 0; i < accessesFriend.size(); ++i)
- {
- for (j = 0; j < accessesFriend.size(); ++j)
- {
- // Adding rules before making friends
- result = smack_accesses_new(&rulesFriend);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error in smack_accesses_new. Result: " << result);
-
- result = smack_accesses_add(rulesFriend,
- APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
- RUNNER_ASSERT_MSG_BT(result == 0,
- "Unable to add modify rulesFirend (first). Result: " << result);
- result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
- APP_FRIEND_1, accessesFriend[j].c_str());
- RUNNER_ASSERT_MSG_BT(result == 0,
- "Unable to add modify rulesFirend (second). Result: " << result);
-
- result = smack_accesses_apply(rulesFriend);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error in smack_accesses_apply. Result: " << result);
-
- DB_BEGIN
-
- // Adding friends
- result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- " Error making friends. Result: " << result);
-
- DB_END
-
- // Checking if friends were made
- result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error first one sided friednship failed. Result: " << result);
- result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG_BT(result == 1,
- " Error second one sided friednship failed. Result: " << result);
-
- // Deleting all rules between friends
- smack_accesses_add_modify(rulesFriend,
- APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
- smack_accesses_add_modify(rulesFriend,
- APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
-
- result = smack_accesses_apply(rulesFriend);
-
- smack_accesses_free(rulesFriend);
- rulesFriend = NULL;
- }
- }
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-
- DB_END
-}
-
static void smack_set_random_label_based_on_pid_on_self(void)
{
int result;
test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, false);
}
-/*
- * NOSMACK version of privilege_control10_app_register_av test.
- *
- * Uses NOSMACK version of checkOnlyAvAccess (mentioned above), rest of the test is identical to
- * it's SMACK version.
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_NOSMACK(privilege_control10_app_register_av_nosmack)
-{
- RUNNER_IGNORED_MSG("app_register_av is deprecated");
- int result;
-
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
-
- DB_BEGIN
-
- // Adding two apps before antivir
- result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG_BT(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG_BT(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-
- // Adding antivir
- result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG_BT(result == 0,
- "app_register_av returned " << result << ". Errno: " << strerror(errno));
-
- // Checking added apps accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
-
- DB_BEGIN
-
- // Adding third app
- result = perm_app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG_BT(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-
- // Checking app accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
-
- // Adding second antivir
- result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG_BT(result == 0,
- "app_register_av returned " << result << ". Errno: " << strerror(errno));
-
- // Checking app accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
-
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
-}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-
/**
* NOSMACK version of privilege_control11_app_enable_permissions test.
*