From 41b8453f2a8197816e217b5327cdf47610a1d229 Mon Sep 17 00:00:00 2001 From: Pawel Polawski Date: Fri, 11 Jan 2013 11:58:59 +0100 Subject: [PATCH] Moved SMACK test from wrt-security repository. [Issue#] LINUXSWAP-444 [Cause] Move SMACK tests to new security-tests repository. [Problem] SMACK tests must be removed from wrt-security. [Solution] SMACK tests moved to security-tests repository. [Verification] Succesfuul compilation and run SMACK tests. Change-Id: Ia54493b989e8cc3eca0b68dbecc316dbd68abf0b --- CMakeLists.txt | 83 +++++ LICENSE | 203 +++++++++++ packaging/security-tests.spec | 48 +++ tests/CMakeLists.txt | 38 ++ tests/libsmack-tests/CMakeLists.txt | 75 ++++ tests/libsmack-tests/libsmack-test.cpp | 28 ++ tests/libsmack-tests/test_cases.cpp | 642 +++++++++++++++++++++++++++++++++ tests/libsmack-tests/test_smack_rules | 3 + tests/security-tests-all.sh | 22 ++ tests/security-tests.sh | 166 +++++++++ 10 files changed, 1308 insertions(+) create mode 100644 CMakeLists.txt create mode 100644 LICENSE create mode 100644 packaging/security-tests.spec create mode 100644 tests/CMakeLists.txt create mode 100644 tests/libsmack-tests/CMakeLists.txt create mode 100644 tests/libsmack-tests/libsmack-test.cpp create mode 100644 tests/libsmack-tests/test_cases.cpp create mode 100644 tests/libsmack-tests/test_smack_rules create mode 100644 tests/security-tests-all.sh create mode 100644 tests/security-tests.sh diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..314b148 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,83 @@ +# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @author Pawel Polawski (p.polawski@partner.samsung.com) +# @brief +# + +############################# Check minimum CMake version ##################### + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("security-tests") + +############################# cmake packages ################################## + +INCLUDE(FindPkgConfig) + +############################# compilation defines ############################# + +# EMPTY + +############################# compiler flags ################################## + +SET(CMAKE_C_FLAGS_PROFILING "-O0 -g -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -std=c++0x -g -pg") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -std=c++0x -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2 -g") +SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x -g") + +#SET(SMACK_ENABLE ON) + +OPTION(DPL_LOG "DPL logs status" ON) +IF(DPL_LOG) + MESSAGE(STATUS "Logging enabled for DPL") + ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") +ELSE(DPL_LOG) + MESSAGE(STATUS "Logging disabled for DPL") +ENDIF(DPL_LOG) + +# If supported for the target machine, emit position-independent code,suitable +# for dynamic linking and avoiding any limit on the size of the global offset +# table. This option makes a difference on the m68k, PowerPC and SPARC. +# (BJ: our ARM too?) +ADD_DEFINITIONS("-fPIC") + +# Set the default ELF image symbol visibility to hidden - all symbols will be +# marked with this unless overridden within the code. +#ADD_DEFINITIONS("-fvisibility=hidden") + +# Set compiler warning flags +#ADD_DEFINITIONS("-Werror") # Make all warnings into errors. +ADD_DEFINITIONS("-Wall") # Generate all warnings +ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings +ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM) +ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features +ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features +STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") +ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") + +IF(SMACK_ENABLE) + ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") +ENDIF(SMACK_ENABLE) + +############################# Targets names ################################### + +# No target defined so far + +############################# subdirectories ################################## + +ADD_SUBDIRECTORY(tests) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..181359e --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ +Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec new file mode 100644 index 0000000..0ca378d --- /dev/null +++ b/packaging/security-tests.spec @@ -0,0 +1,48 @@ +#sbs-git:slp/pkgs/w/wrt-security wrt-security 0.0.43 +Name: security-tests +Summary: Security repository for holding tests. +Version: 0.0.44 +Release: 1 +Group: Development/Libraries +License: Apache License, Version 2.0 +URL: N/A +Source0: %{name}-%{version}.tar.gz +BuildRequires: cmake +BuildRequires: pkgconfig(libsmack) +BuildRequires: pkgconfig(dpl-test-efl) +Requires: cert-svc-test +Requires: security-server-test + +%description +Security tests repository - for tests that can't be kept together with code. + +%prep +%setup -q + +%build +export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib" + +cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ + -DDPL_LOG="ON" \ + -DVERSION=%{version} +make %{?jobs:-j%jobs} + +%install +rm -rf %{buildroot} +%make_install +ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk + +%clean +rm -rf %{buildroot} + +%post +echo "security-tests postinst done ..." + +%postun + +%files +/usr/bin/security-tests.sh +/usr/bin/security-tests-all.sh +/usr/bin/libsmack-test +/etc/smack/test_smack_rules +/etc/smack/test_smack_rules_lnk diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 0000000..42ea068 --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,38 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/security-tests.sh + DESTINATION bin + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/security-tests-all.sh + DESTINATION bin + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +ADD_SUBDIRECTORY(libsmack-tests) diff --git a/tests/libsmack-tests/CMakeLists.txt b/tests/libsmack-tests/CMakeLists.txt new file mode 100644 index 0000000..4d6876d --- /dev/null +++ b/tests/libsmack-tests/CMakeLists.txt @@ -0,0 +1,75 @@ +#Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# @file CMakeLists.txt +# @author Pawel Polawski (p.polawski@samsung.com) +# @version 0.1 +# @brief +# +INCLUDE(FindPkgConfig) +SET(TARGET_TEST "libsmack-test") + +#dependencies +PKG_CHECK_MODULES(TARGET_DEP + libsmack + dpl-test-efl + REQUIRED + ) + +#files to compile +SET(TARGET_TEST_SOURCES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/libsmack-test.cpp + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_cases.cpp + ) + +#header directories +INCLUDE_DIRECTORIES( + ${TARGET_DEP_INCLUDE_DIRS} + ) + +#preprocessor definitions +#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") + +#output format +ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES}) + +#linker directories +TARGET_LINK_LIBRARIES(${TARGET_TEST} + ${TARGET_DEP_LIBRARIES} + ) + +#place for output file +INSTALL(TARGETS ${TARGET_TEST} + DESTINATION /usr/bin + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +#place for additional files +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules + DESTINATION /etc/smack + PERMISSIONS + OWNER_READ + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) diff --git a/tests/libsmack-tests/libsmack-test.cpp b/tests/libsmack-tests/libsmack-test.cpp new file mode 100644 index 0000000..e41aa29 --- /dev/null +++ b/tests/libsmack-tests/libsmack-test.cpp @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file libprivilege-test.cpp + * @author Pawel Polawski (p.polawski@samsung.com) + * @version 1.0 + * @brief libsmack test runer + */ +#include + +int main (int argc, char *argv[]) { + int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); + return status; +} + diff --git a/tests/libsmack-tests/test_cases.cpp b/tests/libsmack-tests/test_cases.cpp new file mode 100644 index 0000000..c00a2af --- /dev/null +++ b/tests/libsmack-tests/test_cases.cpp @@ -0,0 +1,642 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * @file test_cases.cpp + * @author Pawel Polawski (p.polawski@samsung.com) + * @version 1.0 + * @brief libprivilege test runer + */ + +#include +#include +#include + +#include +#include +#include +#include + +#include + +#include + +int files_compare(int fd1, int fd2) +{ + int result = 0; + + //for getting files sizes + struct stat fs1, fs2; + + //handlers for mmap() + void * h1 = MAP_FAILED; + void * h2 = MAP_FAILED; + + //getting files information + if(fstat(fd1, &fs1) == -1) { + perror("fstat"); + return -1; + } + if(fstat(fd2, &fs2) == -1) { + perror("fstat"); + return -1; + } + + if(fs1.st_size != fs2.st_size) //if files are identical size will be the same + return -1; + + //mapping files to process memory + if((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) == MAP_FAILED) { + result = -1; + goto end; + } + if((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) { + result = -1; + goto end; + } + + result = memcmp(h1, h2, fs1.st_size); + + //cleaning after mmap() +end: + if(h2 != MAP_FAILED) + munmap(h2, fs2.st_size); + if(h1 != MAP_FAILED) + munmap(h1, fs1.st_size); + + return result; +} + +RUNNER_TEST_GROUP_INIT(libsmack) + +RUNNER_TEST(smack01_storing_and_restoring_rules) +{ + /* + * author: Pawel Polawski + * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file, + * smack_accesses_free, smack_accesses_save + * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be + * stored and restored from file. + * expect: Rules created and stored in file should be identical to predefined template. + */ + + struct smack_accesses * rules = NULL; //rules prepared in this test case + struct smack_accesses * import_test = NULL; //rules imported from file + + int result; //result of each operation to be tested by RUNNER_ASSERT + int fd, tmp, sample; //file descripptors for save / restore rules tests + + //int smack_accesses_new(struct smack_accesses **accesses); + result = smack_accesses_new(&rules); //rules struct init + RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance"); + result = smack_accesses_new(&import_test); //rules struct init + RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance"); + + //opening files + fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules + RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_rules"); + tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before + RUNNER_ASSERT_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp"); + sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules + RUNNER_ASSERT_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules"); + + //int smack_accesses_add(struct smack_accesses *handle, const char *subject, + // const char *object, const char *access_type); + result = smack_accesses_add(rules, "writer", "book", "rw"); + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + result = smack_accesses_add(rules, "reader", "book", "wx"); + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + + //int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject, + // const char *object, const char *access_add, const char *access_del); + result = smack_accesses_add_modify(rules, "reader", "book", "r", "wx"); + RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules"); + + //int smack_accesses_save(struct smack_accesses *handle, int fd); + result = smack_accesses_save(rules, fd); + RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file"); + + //int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd); + result = lseek(fd, 0, SEEK_SET); + RUNNER_ASSERT_MSG(result == 0, "lseek() error"); + result = smack_accesses_add_from_file(import_test, fd); + RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file"); + + result = smack_accesses_save(import_test, tmp); + RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file"); + + result = files_compare(fd, tmp); //comparing rules saved in file, restored from it and stored one more time + RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules"); + + result = files_compare(tmp, sample); //comparing rules stored in file with reference preinstalled rules + RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file"); + + //void smack_accesses_free(struct smack_accesses *handle); + smack_accesses_free(rules); + smack_accesses_free(import_test); + + //closing file descriptors + close(fd); + close(tmp); + close(sample); +} + +RUNNER_TEST(smack02_aplying_rules_into_kernel) +{ + /* + * author: Pawel Polawski + * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new, + * smack_accesses_add, smack_accesses_free + * description: In this test case aplying rules to kernel will be tested. After that function for test + * accesses will be used. + * expect: In case of correct rules access should be granted. + */ + + //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing) + + struct smack_accesses * rules = NULL; //rules prepared in this test case + int result; //for storing functions results + + result = smack_accesses_new(&rules); //rules struct init + RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance"); + + //adding test rules to struct + result = smack_accesses_add(rules, "writer", "book", "rwx"); + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + result = smack_accesses_add(rules, "reader", "book", "r"); + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + result = smack_accesses_add(rules, "spy", "book", "rwx"); + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + + //int smack_accesses_apply(struct smack_accesses *handle); + result = smack_accesses_apply(rules); //applying rules to kernel + RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel"); + + //int smack_have_access(const char *subject, const char *object, + // const char *access_type); + result = smack_have_access("spy", "book", "rwx"); //should have access - rule exist + RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access"); + result = smack_have_access("reader", "book", "rwx"); //should have no access - wrong rule, should be "r" only + RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access"); + result = smack_have_access("mars", "book", "rwx"); //should have no acces - rule not exist + RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access"); + + //int smack_revoke_subject(const char *subject); + result = smack_revoke_subject("snickers"); //this subject do not exist in kernel rules + RUNNER_ASSERT_MSG(result == -1, "Error in rmoving not existing subject from kernel"); // <----- TODO: this one should be changed (== 0) after fixing revoke_subject in kernel + result = smack_revoke_subject("spy"); //this subject exist in kernel rules + RUNNER_ASSERT_MSG(result == 0, "Error in rmoving existing subject from kernel"); + + result = smack_have_access("spy", "book", "rwx"); //testing access after revoke_subject() from kernel + RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now spy should have no access + result = smack_have_access("spy", "book", "-----"); //and should have "-----" rule + RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel"); + + result = smack_accesses_add(rules, "twix", "book", "rwx"); //for create new rule as a consequence of use accesses_clear() below + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + + //int smack_accesses_clear(struct smack_accesses *handle); + result = smack_accesses_clear(rules); //"spy" removed before by using smack_revoke_subject() + RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel"); + + result = smack_have_access("writer", "book", "rwx"); //testing acces after acces_clear() + RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); //now writer also should have no access + result = smack_have_access("writer", "book", "-----"); //and should have "-----" rule + RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel"); + result = smack_have_access("twix", "book", "-----"); //rule created by calling accesses_clear() + RUNNER_ASSERT_MSG(result == 1, "Error in acces aplied to kernel"); + + //free resources + smack_accesses_free(rules); +} + +//pairs of rules for test with mixed cases, different length and mixed order +char * rules_tab[] = { + "reader1", "-", "-----", + "reader2", "--------", "-----", + "reader3", "RwXaT", "rwxat", + "reader4", "RrrXXXXTTT", "r-x-t", + "reader5", "-r-w-a-t", "rw-at", + "reader6", "", "-----", + "reader7", "xa--Rt---W", "rwxat", + "reader8", "#Ax[T].!~W@1}", "-wxat" + }; + +RUNNER_TEST(smack03_mixed_rule_string_add) +{ + /* + * author: Pawel Polawski + * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free + * description: In thist test case rules based on mixed string are added to kernel. + * Strings are presented above and contains lower / upper case alpha, numbers and special signs. + * expect: Rules should be parsed correct and aplied to kernel. + */ + + //In thist test case mixed string are used as rules applied to kernel, next they are + //readed and compared with correct form of rules + + struct smack_accesses * rules = NULL; //rules prepared in this test case + int result; //for storing functions results + int i; + + result = smack_accesses_new(&rules); //rules struct init + RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance"); + + //adding test rules with mixed string + for(i = 0; i < (3 * 8) ; i += 3) { + result = smack_accesses_add(rules, rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table + RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); + } + + //clearing + //FIXME: Using clear() here can cover error in accesses_apply() function + //result = smack_accesses_clear(rules); + //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel"); + + //applying rules to kernel + result = smack_accesses_apply(rules); + RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel"); + + //checking accesses using normal rules + for(i = 0; i < (3 * 8) ; i += 3) { + result = smack_have_access(rules_tab[i], "book", rules_tab[i + 2]); //using normal rules from table + RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access"); + } + + //free resources + smack_accesses_free(rules); + +} + +RUNNER_TEST(smack04_mixed_rule_string_have_access) +{ + /* + * author: Pawel Polawski + * test: smack_have_access + * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings. + * expect: Subjects should have accesses to the objects. + */ + + //In this test case we checking previous aplied rules but for compare mixed strings are used + + int result; + int i; + + //rules were added in previous RUNNER_TEST section + //checking accesses using mixed rules + for(i = 0; i < (3 * 8) ; i += 3) { + result = smack_have_access(rules_tab[i], "book", rules_tab[i + 1]); //using mixed rules from table + RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access"); + } +} + +//RUNNER_TEST(smackXX_accesses_add_modify) +//{ +//IDEAS FOR TESTS +// - what if we want to apply rule that is already in kernel? +// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule) +// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule +//} + +RUNNER_TEST(smack05_self_label) +{ + /* + * author: Pawel Polawski + * test: smack_set_label_for_self, smack_new_label_from_self + * description: In this test case process test it own default label. Next label is changed + * and tested one more time if change was successfull. + * expect: Proces should have default "-" label and can change it to the oter one. + */ + + //In this test case process will manipulate it own label + + char * label = NULL; + int result; + int fd; + + const int B_SIZE = 8; + char buff[B_SIZE]; + + char * def_rule = "_"; + + //int smack_new_label_from_self(char **label); + result = smack_new_label_from_self(&label); + RUNNER_ASSERT_MSG(result == 0, "Error in getting self label"); + + //comparing this label with default one "_" + result = strcmp(label, def_rule); + RUNNER_ASSERT_MSG(result == 0, "Wrong default process label"); + + //comparing this rule with received from /proc/self/attr/current + fd = open("/proc/self/attr/current", O_RDONLY, 0644); + RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /proc/self/attr/current"); + result = read(fd, buff, B_SIZE); + RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current"); + result = strncmp(buff, def_rule, result); + RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule"); + + free(label); + + //now time for setting labels: + + //int smack_set_label_for_self(const char *label); + result = smack_set_label_for_self("cola"); + RUNNER_ASSERT_MSG(result == 0, "Error in setting self label"); + + //checking new label using smack function + result = smack_new_label_from_self(&label); + RUNNER_ASSERT_MSG(result == 0, "Error in getting self label"); + result = strcmp(label, "cola"); + RUNNER_ASSERT_MSG(result == 0, "Wrong process label"); + + //checking new label using /proc/self/attr/current + result = lseek(fd, 0, SEEK_SET); //going to the file beginning + RUNNER_ASSERT_MSG(result == 0, "lseek() error"); + result = read(fd, buff, B_SIZE); + RUNNER_ASSERT_MSG(result >= 0, "Error in reading from file /proc/self/attr/current"); + result = strncmp(buff, "cola", result); + RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set"); + + free(label); + close(fd); +} + +//RUNNER_TEST(smackXX_parent_child_label) +//{ + //In this test case parent process and child labels will be tested + //Parent will fork and check child's label. First fork will be with default "_" parent label, + //second one witch changed label. +//} + +//bellow function is from libsmack.c witch changed name +char * xattr(enum smack_label_type type) +{ + switch (type) { + case SMACK_LABEL_ACCESS: + return "security.SMACK64"; + case SMACK_LABEL_EXEC: + return "security.SMACK64EXEC"; + case SMACK_LABEL_MMAP: + return "security.SMACK64MMAP"; + case SMACK_LABEL_TRANSMUTE: + return "security.SMACK64TRANSMUTE"; + case SMACK_LABEL_IPIN: + return "security.SMACK64IPIN"; + case SMACK_LABEL_IPOUT: + return "security.SMACK64IPOUT"; + default: + /* Should not reach this point */ + return NULL; + } +} + +//TODO: In bellow RUNNER_TEST add lget / lset functions to be testet the same way as normal get / set +RUNNER_TEST(smack06_get_set_label) +{ + /* + * author: Pawel Polawski + * test: smack_getlabel, smack_setlabel + * description: In this test case file label is tested using SMACK API functions and system xattr functions. + * Functions tested here is used for normal files. + * expect: Function should return default label, and the new one after change it. + */ + + //In this test case will be tested setting and getting file label + //If file is symbolic link functions should follow it + + //SMACK xattr from libsmack.c: + // + //case SMACK_LABEL_ACCESS: + // return "security.SMACK64"; + //case SMACK_LABEL_EXEC: + // return "security.SMACK64EXEC"; + //case SMACK_LABEL_MMAP: + // return "security.SMACK64MMAP"; + //case SMACK_LABEL_TRANSMUTE: + // return "security.SMACK64TRANSMUTE"; + //case SMACK_LABEL_IPIN: + // return "security.SMACK64IPIN"; + //case SMACK_LABEL_IPOUT: + // return "security.SMACK64IPOUT"; + + int result; + char * label = NULL; + + const int B_SIZE = 8; + char buff[B_SIZE]; + + char * file_path = "/etc/smack/test_smack_rules"; + + + //preparing environment by restoring default "_" label + result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //int smack_getlabel(const char *path, char** label, + // enum smack_label_type type); + result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //get label, should be default "_" + result = strcmp(label, "_"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + free(label); + //get label using xattr function + result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "_", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + + + //int smack_setlabel(const char *path, const char* label, + // enum smack_label_type type); + result = smack_setlabel(file_path, "fanta", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //get label using smack function + result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //get label, should be default "fanta" + result = strcmp(label, "fanta"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); + free(label); + //get label using xattr function + result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "fanta", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); +} + +//RUNNER_TEST(smackXX_get_label_exec) +//{ + //In this test case EXEC label will be tested + //by setting this type of label, reading it and testing executed binary exit status +//} + +RUNNER_TEST(smack07_l_get_set_label) +{ + /* + * author: Pawel Polawski + * test: smack_lgetlabel, smack_lsetlabel, smack_getlabel + * description: Functions tested here are similar to one from previous test case. The difference + * is that in case of symbolic link they follows it and operates on file pointed by it. + * expect: All label manipulations should affect file pointed by symbolic link. + */ + + int result; + char * label = NULL; + + const int B_SIZE = 8; + char buff[B_SIZE]; + + char * file_path = "/etc/smack/test_smack_rules_lnk"; + + + //preparing environment by restoring default "_" label + result = smack_lsetlabel(file_path, "_", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + result = smack_setlabel(file_path, "_", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //int smack_lgetlabel(const char *path, char** label, + // enum smack_label_type type); + result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //get label of symbolic link, should be default "_" + result = strcmp(label, "_"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + free(label); + //get label using xattr function + result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "_", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + + + //int smack_lsetlabel(const char *path, const char* label, + // enum smack_label_type type); + result = smack_lsetlabel(file_path, "7up", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + //and set label for file pointed by link + result = smack_setlabel(file_path, "mirinda", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //get label using smack function + result = smack_lgetlabel(file_path, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //check label, should be "7up" + result = strcmp(label, "7up"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); + free(label); + //get label using xattr function + result = lgetxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "7up", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); + + + //now similar to above, but folowing symbolic link set before to "mirinda" + result = smack_getlabel(file_path, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error gettin label of file pointed by symbolic link"); + //now label should be "mirinda" for file instead of "7up" set for link + result = strcmp(label, "mirinda"); + RUNNER_ASSERT_MSG(result == 0, "Wrong label of file pointed by symbolic link"); + free(label); + //get label using xattr function + result = getxattr(file_path, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "mirinda", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); +} + +RUNNER_TEST(smack08_f_get_set_label) +{ + /* + * author: Pawel Polawski + * test: smack_fgetlabel, smack_fsetlabel + * description: This test case is similar to test case smack06 above. The difference + * is that argument is file descriptor instead of file path. + * Function not follow symbolic link and operates directly on it. + * expect: All label manipulations should affect symbolic link itself. + */ + + int result; + char * label = NULL; + + const int B_SIZE = 8; + char buff[B_SIZE]; + + int fd; + char * file_path = "/etc/smack/test_smack_rules"; + + fd = open(file_path, O_RDWR, 0644); //reference preinstalled rules + RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules"); + + //preparing environment by restoring default "_" label + result = smack_fsetlabel(fd, "_", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //int smack_fgetlabel(int fd, char** label, + // enum smack_label_type type); + result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //check label, should be "_" + result = strcmp(label, "_"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + free(label); + //get label using xattr function + result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "_", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file default label"); + + + //int smack_fsetlabel(int fd, const char* label, + // enum smack_label_type type); + result = smack_fsetlabel(fd, "sprite", SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in setting ACCESS label for file"); + + + //get label using smack function + result = smack_fgetlabel(fd, &label, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Error in getting smack ACCESS label from file"); + //check label, should be "sprite" + result = strcmp(label, "sprite"); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); + free(label); + //get label using xattr function + result = fgetxattr(fd, xattr(SMACK_LABEL_ACCESS), buff, B_SIZE); + RUNNER_ASSERT_MSG(result > 0, "Error in getting xattr from file"); + //check label, should match the one readed by smack function + result = strncmp(buff, "sprite", result); + RUNNER_ASSERT_MSG(result == 0, "Wrong file label"); + + + close(fd); +} + +//int smack_new_label_from_socket(int fd, char **label); + diff --git a/tests/libsmack-tests/test_smack_rules b/tests/libsmack-tests/test_smack_rules new file mode 100644 index 0000000..aa81db6 --- /dev/null +++ b/tests/libsmack-tests/test_smack_rules @@ -0,0 +1,3 @@ +writer book rw--- +reader book -wx-- +reader book r---- -wx-- diff --git a/tests/security-tests-all.sh b/tests/security-tests-all.sh new file mode 100644 index 0000000..363a979 --- /dev/null +++ b/tests/security-tests-all.sh @@ -0,0 +1,22 @@ +#!/bin/sh +echo "[Trigerring all tests...]" +sleep 5 +security-tests.sh ace --output=text +sleep 5 +security-tests.sh ace-client --output=text +sleep 5 +security-tests.sh ace-settings --output=text +sleep 5 +security-tests.sh ace-install --output=text +sleep 5 +security-tests.sh security-daemon --output=text +sleep 5 +security-tests.sh vcore --output=text +sleep 5 +security-tests.sh capi --output=text +sleep 5 +security-tests.sh pkcs --output=text +sleep 5 +security-tests.sh smack --output=text +sleep 5 +echo "[Done]" diff --git a/tests/security-tests.sh b/tests/security-tests.sh new file mode 100644 index 0000000..5180feb --- /dev/null +++ b/tests/security-tests.sh @@ -0,0 +1,166 @@ +#!/bin/sh + +##################################################################### +# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##################################################################### + +#testing internet access and date on the target +error(){ + echo "[ERROR]" $1 + exit 1 +} + +check_network_access(){ + echo "--- Checking for network access..." + ping -c 2 www.google.com > /dev/null || error 'Network not accessible' + echo 'Network access OK' +} + +check_date(){ + echo "--- Checkig date..." + date + openssl verify -CAfile /opt/apps/widget/tests/vcore_certs/cacert.pem /opt/apps/widget/tests/vcore_certs/respcert.pem 2>/dev/null | grep OK 1>/dev/null || error 'Date not set properly' + echo 'Date OK' +} + +kill_daemon(){ + echo "--- Killing daemon" + wrt_security_create_clean_db.sh + pkill -9 security-ser && sleep 3 + echo "--- Done" +} + + +echo "### Starting tests ######################################################" + +case $1 in + +"capi") + echo "=========================================================================" + echo "CAPI" + echo + #check network and date + check_network_access + check_date + #test binary execution + cert-svc-tests-capi $2 $3 + ;; + +"pkcs") + echo "=========================================================================" + echo "PKCS12" + echo + #test binary execution + cert-svc-tests-pkcs12 $2 $3 + ;; + +"vcore") + echo "=========================================================================" + echo "VCORE" + echo + #check network and date + check_network_access + check_date + #environment setup + cert-svc-tests-vcore-ocsp-server.sh & + #test binary execution + cert-svc-tests-vcore $2 $3 + ;; + +"smack") + echo "=========================================================================" + echo "SMACK" + echo + #test binary execution + libsmack-test $2 $3 + ;; + +"ace") + echo "=========================================================================" + echo "ACE" + echo + #environment setup + cp /usr/etc/ace/WAC2.0Policy.xml /usr/etc/ace/WAC2.0Policy.xml.bk + cp /usr/etc/ace/TizenPolicy.xml /usr/etc/ace/TizenPolicy.xml.bk + cp /usr/etc/ace/WAC2.0Policy-test.xml /usr/etc/ace/WAC2.0Policy.xml + cp /usr/etc/ace/TizenPolicy-test.xml /usr/etc/ace/TizenPolicy.xml + kill_daemon + #test binary execution + wrt-tests-ace $2 $3 + ;; + +"ace-client") + echo "=========================================================================" + echo "ACE-CLIENT" + echo + #environment setup + cp /usr/etc/ace/WAC2.0Policy.xml.bk /usr/etc/ace/WAC2.0Policy.xml + cp /usr/etc/ace/TizenPolicy.xml.bk /usr/etc/ace/TizenPolicy.xml + kill_daemon + #test binary execution + wrt-tests-ace-client $2 $3 + ;; + +"ace-settings") + echo "=========================================================================" + echo "ACE-SETTINGS" + echo + #environment setup + kill_daemon + #test binary execution + wrt-tests-ace-settings $2 $3 + ;; + +"ace-install") + echo "=========================================================================" + echo "ACE-INSTALL" + echo + #environment setup + kill_daemon + cp /usr/etc/ace/WAC2.0Policy.xml /usr/etc/ace/WAC2.0Policy.xml.bk + cp /usr/etc/ace/ace-install-api-demo-policy.xml /usr/etc/ace/WAC2.0Policy.xml + wrt_security_change_policy.sh + #test binary execution + wrt-tests-ace-install $2 $3 + ;; + +"security-daemon") + echo "=========================================================================" + echo "SECURITY-DAEMON" + echo + #environment setup + cp /usr/etc/ace/WAC2.0Policy.xml.bk /usr/etc/ace/WAC2.0Policy.xml + kill_daemon + cp /usr/etc/ace/WAC2.0Policy.xml /usr/etc/ace/WAC2.0Policy.xml.bk + cp /usr/etc/ace/ipc-tests-demo.xml /usr/etc/ace/WAC2.0Policy.xml + wrt_security_change_policy.sh + #test binary execution + wrt-tests-security-daemon $2 $3 + ;; + +*) + echo "Correct using:" + echo " security_test.sh " + echo + echo "modules: ace, ace-client, ace-settings, ace-install," + echo " security-daemon, vcore, capi, pkcs, smack" + ;; + +esac + +#clean up +pkill -9 wrt-secur # security daemon needs to be killed, as database connections need to be changed (SQLite files are changed!) + +echo "### Tests done ##########################################################" -- 2.7.4