From: Jan Cybulski <j.cybulski@samsung.com>
Date: Thu, 5 Jun 2014 13:02:04 +0000 (+0200)
Subject: Test labeling links to execs by security-manager
X-Git-Tag: security-manager_5.5_testing~237
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9b7b551e564073b6a933c292d85c79f39a5e5b65;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Test labeling links to execs by security-manager

Security manager's installer service labels links to execs
with a special xattr: security.TIZEN_EXEC_LABEL.
This commit checks that functionality.

Change-Id: Iac86bc6a55aba4b3648ec2f4e475c28121b025f0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
---

diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp
index 2421796..66dbf62 100644
--- a/tests/security-manager-tests/security_manager_tests.cpp
+++ b/tests/security-manager-tests/security_manager_tests.cpp
@@ -7,6 +7,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/xattr.h>
+#include <linux/xattr.h>
 
 #include <libprivilege-control_test_common.h>
 #include <tests_common.h>
@@ -23,6 +24,7 @@ static uid_t SM_ALLOWED_UID2 = 7777;
 
 static const char* SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
 static const char* SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
+static const char *const XATTR_NAME_TIZENEXEC =  XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
 
 static const rules_t SM_ALLOWED_RULES = {
     { USER_APP_ID, "test_sm_book_8", "r" },
@@ -68,6 +70,30 @@ static const char* SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
 static const char* SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
 
 
+static bool isLinkToExec(const char *fpath, const struct stat *sb)
+{
+
+    struct stat buf;
+    char *target;
+    int ret;
+
+    // check if it's a link
+    if ( !S_ISLNK(sb->st_mode))
+        return false;
+
+    target = realpath(fpath, NULL);
+    RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
+
+    ret = stat(target, &buf);
+    RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
+
+    if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
+        return false;
+
+
+    return true;
+}
+
 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
                               const char* correctLabel, bool transmute_test, bool exec_test)
 {
@@ -98,6 +124,20 @@ static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb
         RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
 
 
+    /* LINK TO EXEC */
+    if (isLinkToExec(fpath, sb) && exec_test) {
+        char buf[SMACK_LABEL_LEN+1];
+        result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
+        RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
+                << fpath << "("<<strerror(errno)<<")");
+        buf[result]='\0';
+        result = strcmp(correctLabel, buf);
+        RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
+                " on link to executable " << fpath);
+    }
+
+
+
     /* TRANSMUTE */
     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");