<filesystem path="/usr/bin/test-performance-check.sh" exec_label="_" />
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
- <filesystem path="/usr/bin/security-manager-tests" exec_label="User" />
+ <filesystem path="/usr/bin/security-manager-tests" exec_label="System::Privileged" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
<filesystem path="/usr/bin/ckm-tests" exec_label="System" />
if (m_uid != 0)
remove();
+/*
+ Below line of code is a hack for Gumd commit that removes Smack management capabilities:
+
+ | commit 9b45c1afa49103dcb4101f4b28bf7c145f3294a6
+ |/ Author: Yunmi Ha <yunmi.ha@samsung.com>
+ | Date: Tue Jul 5 13:40:16 2016 +0900
+ |
+ | Remove smack capability
+ |
+ | with wearable profile, CAP_MAC_ADMIN and CAP_MAC_OVERRIDE capabilities are removed.
+ | (can't use useradd/del/modify function without offline option.)
+ | with other profile, only CAP_MAC_OVERRIDE capability is removed.
+ |
+ | For this, gumd launcher was changed to systemd.
+ |
+ | Change-Id: Ic95fceed41afc41e37e93606c3abf830536ac7d6
+ | Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
+*/
+ m_offline = true;
+
bool ret = m_runner.userCreate(m_userName, m_userType, m_offline, m_uid, m_gid);
RUNNER_ASSERT_MSG(ret, "Failed to add user");
RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
RUNNER_ASSERT_ERRNO_MSG(result == 0,
"Can't set socket label. Result: " << result);
- {
- ScopedProcessLabel keepLabel;
+
+ SynchronizationPipe pipe;
+ pid_t pid = fork();
+
+ if (pid != 0) { // parent process
+ pipe.claimParentEp();
Api::setProcessLabel(app_id);
result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPIN, &label);
RUNNER_ASSERT_MSG(result == 0,
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
+ pipe.post();
+ waitPid(pid);
+ } else { // child process
+ pipe.claimChildEp();
+ pipe.wait();
+ uninstall_app(app_id, pkg_id, true);
+ exit(0);
}
-
- uninstall_app(app_id, pkg_id, true);
}
RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
result = drop_root_privileges(msg.uid, msg.gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");