From: Marcin Niesluchowski Date: Wed, 7 May 2014 13:27:44 +0000 (+0200) Subject: Refactor perm_app_setup_path libprivilege-control tests. X-Git-Tag: security-manager_5.5_testing~249 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1abdd16811c70843dd848ecdb5a976c36f20e62b;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Refactor perm_app_setup_path libprivilege-control tests. New design provides only three ways of labelling path in libprivilege-control. See: -> 'Added APP_PATH_PUBLIC and APP_PATH_FLOOR types to perm_app_setup_path function.' Verification: -> libprivilege-control-test --output=text --runignored (following tests should pass: -> privilege_control02_perm_app_setup_path_01_PRIVATE -> privilege_control02_perm_app_setup_path_02_FLOOR -> privilege_control02_perm_app_setup_path_03_PUBLIC_RO -> privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack) Change-Id: I90ffeaf1eac585bf0c999705940544263ac3214c --- diff --git a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h index 02077837..a89ff958 100644 --- a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h +++ b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h @@ -43,7 +43,6 @@ #define APP_ID "test_APP" #define APPID_DIR "test_APP_ID_dir" -#define APPID_SHARED_DIR "test_APP_ID_shared_dir" #define APP_1 "app_1" #define APP_1_DIR "/tmp/app_1" @@ -215,18 +214,20 @@ void check_app_installed(const char *app_path); int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/, int /*typeflag*/, struct FTW* /*ftwbuf*/); -int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/); +int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW* /*ftwbuf*/); +int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW* /*ftwbuf*/); int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, int /*typeflag*/, struct FTW* /*ftwbuf*/); int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, int /*typeflag*/, struct FTW* /*ftwbuf*/); +void test_perm_app_setup_path_PUBLIC_RO(bool smack); void test_revoke_permissions(int line_no, const char* app_id); void test_app_enable_permissions_efl(bool smack); void test_app_disable_permissions_efl(bool smack); void test_app_disable_permissions(bool smack); -void test_appsettings_privilege(bool smack); bool check_all_accesses(bool smack, const rules_t &rules); bool check_no_accesses(bool smack, const rules_t &rules); diff --git a/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp b/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp index b9789d1c..357db174 100644 --- a/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp +++ b/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp @@ -243,7 +243,7 @@ int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/, } int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) + const char* correctLabel) { int result; CStringPtr labelPtr; @@ -251,31 +251,79 @@ int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, /* ACCESS */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - labelPtr.reset(label); RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set"); - result = strcmp(USER_APP_ID, labelPtr.get()); + labelPtr.reset(label); + RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set"); + result = strcmp(correctLabel, label); RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); /* EXEC */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - labelPtr.reset(label); RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); + labelPtr.reset(label); if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) { - RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set"); - result = strcmp(USER_APP_ID, labelPtr.get()); + RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set"); + result = strcmp(correctLabel, label); RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect"); } else - RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set"); + RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set"); /* TRANSMUTE */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); labelPtr.reset(label); + RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set"); + + return 0; +} + + +int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW* /*ftwbuf*/) +{ + return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID); +} + +int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW* /*ftwbuf*/) +{ + return nftw_check_labels_app_dir(fpath, sb, "_"); +} + +int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW* /*ftwbuf*/) +{ + int result; + CStringPtr labelPtr; + char *label; + + /* ACCESS */ + result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set"); + labelPtr.reset(label); + RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set"); + result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label); + RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); + + /* EXEC */ + result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); + labelPtr.reset(label); + RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set"); + + /* TRANSMUTE */ + result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); + labelPtr.reset(label); + if (S_ISDIR(sb->st_mode)) { + RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set"); + result = strcmp("TRUE", label); + RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set"); + } else + RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set"); return 0; - } +} int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, int /*typeflag*/, struct FTW* /*ftwbuf*/) @@ -317,6 +365,32 @@ int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, return 0; } +void test_perm_app_setup_path_PUBLIC_RO(bool smack) +{ + int result; + + result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR); + + result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR); + + DB_BEGIN + + result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed"); + + DB_END + + result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir"); + + result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir"); + + RUNNER_ASSERT_BT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}})); +} + void test_revoke_permissions(int line_no, const char* app_id) { int result; @@ -618,79 +692,3 @@ void test_app_disable_permissions(bool smack) DB_END } - -void test_appsettings_privilege(bool smack) -{ - int ret; - CStringPtr app1DirLabelPtr; - CStringPtr app2DirLabelPtr; - char* label = NULL; - - DB_BEGIN - - (void)perm_app_uninstall(APP_TEST); - (void)perm_app_uninstall(APP_1); - (void)perm_app_uninstall(APP_2); - - //install some app 1 - ret = perm_app_install(APP_1); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret); - - mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP); - - //register settings folder for app 1 - ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW ); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret); - - //install "app_test" and give it appsettings privilege - ret = perm_app_install(APP_TEST); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install."); - - //register appsettings feature - ret = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, - " Error registering api feature. Result: " << ret); - - ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, false); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << ret); - - DB_END - - //check if "app_test" has an RWX access to a folder registered by "app_1" - ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS ); - app1DirLabelPtr.reset(label); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get()); - - - DB_BEGIN - - //intstall another app: "app_2" - ret = perm_app_install(APP_2); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install."); - - mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP); - //register settings folder for that "app_2" - ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW ); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret); - - DB_END - - //check if "app_test" has an RWX access to a folder registered by "app_2" - ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS ); - app2DirLabelPtr.reset(label); - RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app2DirLabelPtr.get(), "rwx"}}), "access denies"); - - rmdir(APP_1_DIR); - rmdir(APP_2_DIR); - - DB_BEGIN - - (void)perm_app_uninstall(APP_TEST); - (void)perm_app_uninstall(APP_1); - (void)perm_app_uninstall(APP_2); - - DB_END -} diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp index 197aa83b..c88e35a5 100644 --- a/tests/libprivilege-control-tests/test_cases.cpp +++ b/tests/libprivilege-control-tests/test_cases.cpp @@ -78,41 +78,6 @@ const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac"; const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac"; const std::vector BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16); -int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - int result; - char *label; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set"); - result = strcmp(APPID_SHARED_DIR, label); - RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); - - result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, - "Error rwxatl access was not given shared dir. Subject: " << - USER_APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result); - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set"); - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); - if (S_ISDIR(sb->st_mode)) { - RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set"); - result = strcmp("TRUE", label); - RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set"); - } else - RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set"); - - return 0; -} - void osp_blahblah_dac_check(int line_no, const std::vector &gids, std::string dac_file_path) { std::ifstream dac_file(dac_file_path); @@ -154,72 +119,58 @@ void remove_smack_files() RUNNER_TEST_GROUP_INIT(libprivilegecontrol) -/** - * Test setting labels for all files and folders in given path. - */ -RUNNER_TEST(privilege_control02_app_label_dir) +RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE) { int result; result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR); result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR); DB_BEGIN result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed"); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed"); DB_END - result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS); + result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir"); result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir"); } -RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir) +RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR) { int result; - DB_BEGIN - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID); - RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, USER_APP_ID) didn't fail"); - - DB_END - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR); result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR); DB_BEGIN - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed"); + result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed"); DB_END - result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir"); + result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir"); result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir"); +} - DB_BEGIN - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - DB_END +RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO) +{ + test_perm_app_setup_path_PUBLIC_RO(true); } /** @@ -909,115 +860,6 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) } } -RUNNER_TEST(privilege_control16_app_setup_path){ - const char *path1 = "/usr/share/privilege-control/app_setup_access_test"; - const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory"; - const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one"; - const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two"; - const char *label1 = "qwert123456za"; - const char *label2 = "trewq654123az"; - - CStringPtr labelPtr; - - mkdir(path1,0); - mkdir(path2,0); - - int fd = creat(path3, S_IRWXU); - if (fd >= 0) - close(fd); - fd = creat(path4, S_IRWXU); - if (fd >= 0) - close(fd); - - char *label = NULL; - - DB_BEGIN - - RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1)); - - DB_END - - RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1)); - - DB_BEGIN - - RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2)); - - DB_END - - RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2)); - - RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT_BT(labelPtr.get() == NULL); -} - -RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege) -{ - test_appsettings_privilege(true); -} - -void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) { - int result; - - DB_BEGIN - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << - " Error in perm_app_uninstall." << result); - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << - " Error in perm_app_install." << result); - - DB_END - - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << - " Unable to clean up Smack labels in " << TEST_APP_DIR); - - result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << - " Unable to clean up Smack labels in " << TEST_NON_APP_DIR); - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE); - RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << - " perm_app_setup_path() failed"); - - DB_END - - result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << - " Unable to check Smack labels for non-app dir"); - - DB_BEGIN - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << - " Error in perm_app_uninstall." << result); - - DB_END -} - -RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public) -{ - test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO); -} - -RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings) -{ - test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW); -} - void check_perm_app_has_permission(const char* app_label, const char* permission, bool is_enabled_expected) { int result; diff --git a/tests/libprivilege-control-tests/test_cases_nosmack.cpp b/tests/libprivilege-control-tests/test_cases_nosmack.cpp index 94821a02..b085f14c 100644 --- a/tests/libprivilege-control-tests/test_cases_nosmack.cpp +++ b/tests/libprivilege-control-tests/test_cases_nosmack.cpp @@ -55,90 +55,11 @@ //////NOSMACK ENVIRONMENT TESTS////////// ///////////////////////////////////////// -/** - * NOSMACK version of nftw_check_labels_app_shared_dir function. - * - * This function used with nftw should expect -1 result from smack_have_access instead of 1. - */ -int nftw_check_labels_app_shared_dir_nosmack(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - int result; - char* label; - - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path. Result: " << result); - RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set"); - - result = strcmp(APPID_SHARED_DIR, label); - RUNNER_ASSERT_MSG_BT(result == 0, - "ACCESS label on " << fpath << " is incorrect. Result: " << result); - - //The only exception in nftw_check_labels_app_shared_dir - //smack_have_access returns -1 because of no SMACK. - result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxat"); - RUNNER_ASSERT_MSG_BT(result == -1, - "smack_have_access should return error (SMACK is off). Result: " << result); - - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path. Result: " << result); - RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set"); - - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path. Result: " << result); - if (S_ISDIR(sb->st_mode)) { - RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set"); - result = strcmp("TRUE", label); - RUNNER_ASSERT_MSG_BT(result == 0, - "TRANSMUTE label on " << fpath << " is not set. Result: " << result); - } else - RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set"); - - return 0; -} - RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack) -/** - * NOSMACK version of privilege_control03 test. - * - * Uses nosmack version of nftw_check_labels_app_shared_dir (defined above). - */ -RUNNER_TEST_NOSMACK(privilege_control03_app_label_shared_dir_nosmack) +RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack) { - int result; - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID); - RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS, - "perm_app_setup_path should fail here. Result: " << result); - - DB_END - - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "Unable to clean up Smack labels in " << TEST_APP_DIR); - - result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "perm_app_setup_path() failed. Result: " << result); - - DB_END - - result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir_nosmack, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "Unable to check Smack labels for shared app dir"); - - result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "Unable to check Smack labels for non-app dir"); + test_perm_app_setup_path_PUBLIC_RO(false); } /** @@ -535,68 +456,3 @@ RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack) RUNNER_ASSERT_MSG_BT(smack_label == NULL, "perm_app_id_from_socket should fail."); } } - -RUNNER_TEST_NOSMACK(privilege_control17_appsettings_privilege_nosmack) -{ - test_appsettings_privilege(false); -} - -/** - * NOSMACK version of privilege_control18 test. - * - * Uses NOSMACK version of nftw_check_labels_app_public_dir. - */ -RUNNER_TEST_NOSMACK(privilege_control18_app_setup_path_public_nosmack) -{ - int result; - - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result); - - result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result); - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed. Result: " << result); - - DB_END - - result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to check Smack labels for non-app dir. Result: " << result); - -} - -/** - * NOSMACK version of privilege_control19 test. - * - * Uses NOSMACK version of nftw_check_labels_app_settings_dir. - */ -RUNNER_TEST_NOSMACK(privilege_control19_app_setup_path_settings_nosmack) -{ - int result; - - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result); - - result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result); - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW); - RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed. Result: " << result); - - DB_END - - result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG_BT(result == 0, - "Unable to check Smack labels for non-app dir. Result: " << result); - -} diff --git a/tests/libprivilege-control-tests/test_cases_stress.cpp b/tests/libprivilege-control-tests/test_cases_stress.cpp index 7e30320b..61948add 100644 --- a/tests/libprivilege-control-tests/test_cases_stress.cpp +++ b/tests/libprivilege-control-tests/test_cases_stress.cpp @@ -256,7 +256,7 @@ void privilege_control22_app_installation_1x100(bool smack) // Add app shared dir - APP_PATH_GROUP_RW result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR, - APP_PATH_GROUP_RW, APPID_SHARED_DIR); + APP_PATH_GROUP_RW); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. Loop index: " << i << ". Result: " << result); @@ -295,7 +295,7 @@ void privilege_control22_app_installation_1x100(bool smack) // Verify that all permissions to public dir have been added // correctly, also to other app - result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl"); + result = smack_have_access(APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl"); RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to Group RW dir are granted. Loop index: " << i); @@ -373,7 +373,7 @@ void privilege_control22_app_installation_1x100(bool smack) * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE * test_APP1, test_APP2 & test_APP6 register their directories as * APP_PATH_GROUP_RW using the same label - * APPID_SHARED_DIR = "test_APP_ID_shared_dir" + * LABEL_FOR_PUBLIC_SHARED_DIRS * test_APP3, test_APP7 & test_APP8 register their directories as * APP_PATH_PUBLIC_RO * test_APP4 & test_APP9 register their directories as @@ -525,17 +525,17 @@ void privilege_control23_app_installation2_10x10(bool smack) // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6) result = perm_app_setup_path(app_ids[1], app_dirs[1], - APP_PATH_GROUP_RW, APPID_SHARED_DIR); + APP_PATH_GROUP_RW); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. App id: " << app_ids[1] << " Loop index: " << i << ". Result: " << result); result = perm_app_setup_path(app_ids[2], app_dirs[2], - APP_PATH_GROUP_RW, APPID_SHARED_DIR); + APP_PATH_GROUP_RW); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. App id: " << app_ids[2] << " Loop index: " << i << ". Result: " << result); result = perm_app_setup_path(app_ids[6], app_dirs[6], - APP_PATH_GROUP_RW, APPID_SHARED_DIR); + APP_PATH_GROUP_RW); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. App id: " << app_ids[6] << " Loop index: " << i << ". Result: " << result); @@ -603,9 +603,9 @@ void privilege_control23_app_installation2_10x10(bool smack) // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders result = check_all_accesses(smack, (const rules_t) { - { app_ids[1], APPID_SHARED_DIR, "rwxatl" }, - { app_ids[2], APPID_SHARED_DIR, "rwxatl" }, - { app_ids[6], APPID_SHARED_DIR, "rwxatl" } } ); + { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" }, + { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" }, + { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } ); RUNNER_ASSERT_MSG_BT(result == 1, "Not all accesses to Group RW dir are granted. Loop index: " << i);