From: Krzysztof Jackiewicz Date: Fri, 26 Jan 2018 09:32:27 +0000 (+0100) Subject: CKM: Restore label & onlycap after privileged tests X-Git-Tag: security-manager_5.5_testing~9^2~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F14%2F168414%2F3;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git CKM: Restore label & onlycap after privileged tests Change-Id: I8ee1dee9d8765f804f29de0df090bfa78ab582b6 --- diff --git a/src/ckm/privileged/ckm-tests-on-onlycap.sh b/src/ckm/privileged/ckm-tests-on-onlycap.sh index 3269256..570af4a 100644 --- a/src/ckm/privileged/ckm-tests-on-onlycap.sh +++ b/src/ckm/privileged/ckm-tests-on-onlycap.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +19,14 @@ # @brief Run ckm-tests on onlycap environment # +# save old label and onlycap +OLD_LABEL=`cat /proc/self/attr/current` +OLD_ONLYCAP=`cat /sys/fs/smackfs/onlycap` + +# make sure we're in onlycap so original state can be restored later +# (assume that OLD_LABEL is allowed to change the label) +echo "System::Privileged" > /proc/self/attr/current || exit + # push test app lables to onlycap label list echo "System::Privileged \ User::Pkg::test_label \ @@ -26,10 +34,17 @@ echo "System::Privileged \ User::Pkg::test_label_3 \ User::Pkg::test_label_4 \ User::Pkg::test_label_5 \ - System" > /sys/fs/smackfs/onlycap + System" > /sys/fs/smackfs/onlycap || exit # set capability for changing smack label of self and add/remove smack rules -setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests +setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests || exit # run test ckm-privileged-tests "${@}" # propagate all arguments + +# restore old onlycap +echo -n $OLD_ONLYCAP > /sys/fs/smackfs/onlycap + +# restore old label +# (assume that System::Privileged is allowed to do it with $OLD_ONLYCAP) +echo $OLD_LABEL > /proc/self/attr/current