From 662a4ce04d822ca4c5da875cf5c2c503cfd7ab0f Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Fri, 26 Jul 2013 13:14:38 +0200 Subject: [PATCH] libprivilege-control-tests: adjust tests for kernel with l access mode support. [Issue#] SSDWSSP-372 [Bug] Tests fail on kernel with sixth access mode for locks. [Cause] Modification to kernel extend Smack interface. [Solution] Adjust permissions in test, test for new mode. [Verification] Run the tests. Change-Id: I8e4edafa6617955deca9968eaca8b24ff86c3fe4 --- tests/libprivilege-control-tests/test_cases.cpp | 58 +++++++++++-------------- 1 file changed, 25 insertions(+), 33 deletions(-) diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp index 18f06fa..6ba98c6 100644 --- a/tests/libprivilege-control-tests/test_cases.cpp +++ b/tests/libprivilege-control-tests/test_cases.cpp @@ -74,7 +74,7 @@ #define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner" #define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform" #define EARLY_RULE_SUBJECT "livebox.web-provider" -#define EARLY_RULE_RIGHTS "rwx--" +#define EARLY_RULE_RIGHTS "rwx---" const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL }; const char *PRIVS2[] = { "test_privilege_control_rules2", NULL }; @@ -117,6 +117,8 @@ const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL }; #define APP_FRIEND_1 "app_friend_1" #define APP_FRIEND_2 "app_friend_2" +#define SMACK_ACC_LEN 6 + // How many open file descriptors should ftw() function use? #define FTW_MAX_FDS 16 @@ -985,9 +987,9 @@ RUNNER_TEST(privilege_control05_add_shared_dir_readers) { #define TEST_OBJ "TEST_OBJECT" #define TEST_OBJ_SOME_OTHER "TEST_OBJA" -#define test_string_01 "TEST_raz TEST_OBJECT r-x-- -----" -#define test_string_21 "TEST_trzy TEST_OBJA -wx--\n" -#define test_string_22 "TEST_trzy TEST_OBJECT r-x-- -----\n" +#define test_string_01 "TEST_raz TEST_OBJECT r-x--- ------" +#define test_string_21 "TEST_trzy TEST_OBJA -wx---\n" +#define test_string_22 "TEST_trzy TEST_OBJECT r-x--- ------\n" int result; int i; @@ -1463,50 +1465,50 @@ RUNNER_TEST(privilege_control11_add_api_feature) // correct rules result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed maaaaaalformed", NULL }, NULL, 0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "malformed malformed r--a- -----" }); + osp_blahblah_check(__LINE__, { "malformed malformed r--a-l ------" }); remove_smack_files(); result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object foo", NULL }, NULL, 0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "subject object ----- -----" }); + osp_blahblah_check(__LINE__, { "subject object ------ ------" }); remove_smack_files(); result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { - "subject object\t rwxat", + "subject object\t rwxatl", " \t \n", - "subject2\tobject2 txarw", + "subject2\tobject2 ltxarw", "", NULL }, NULL, 0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "subject object rwxat -----", "subject2 object2 rwxat -----"}); + osp_blahblah_check(__LINE__, { "subject object rwxatl ------", "subject2 object2 rwxatl ------"}); remove_smack_files(); result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { - "Sub::jE,ct object a-RwX", + "Sub::jE,ct object a-RwXL", NULL }, NULL, 0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa- -----"}); + osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa-l ------"}); remove_smack_files(); // TODO For now identical/complementary rules are not merged. result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { - "subject object rwxat", + "subject object rwxatl", " \t \n", - "subject object txarw", + "subject object ltxarw", "", NULL }, NULL, 0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "subject object rwxat -----", "subject object rwxat -----"}); + osp_blahblah_check(__LINE__, { "subject object rwxatl ------", "subject object rwxatl ------"}); remove_smack_files(); // empty group ids result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},0); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "a a ---a- -----"}); + osp_blahblah_check(__LINE__, { "a a ---a-- ------"}); result = file_exists(OSP_BLAHBLAH_DAC); RUNNER_ASSERT(result == -1); remove_smack_files(); @@ -1516,19 +1518,19 @@ RUNNER_TEST(privilege_control11_add_api_feature) result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},3); printf("%d \n", result); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "a a ---a- -----"}); + osp_blahblah_check(__LINE__, { "a a ---a-- ------"}); osp_blahblah_dac_check(__LINE__, {0,1,2}); remove_smack_files(); result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},1); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "a a ---a- -----"}); + osp_blahblah_check(__LINE__, { "a a ---a-- ------"}); osp_blahblah_dac_check(__LINE__, {0}); remove_smack_files(); result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {1,1,1},3); RUNNER_ASSERT(result == PC_OPERATION_SUCCESS); - osp_blahblah_check(__LINE__, { "a a ---a- -----"}); + osp_blahblah_check(__LINE__, { "a a ---a-- ------"}); osp_blahblah_dac_check(__LINE__, {1,1,1}); remove_smack_files(); } @@ -2443,13 +2445,13 @@ RUNNER_TEST(privilege_control20_early_rules) FILE *file = NULL; char subject[SMACK_LABEL_LEN + 1]; char object[SMACK_LABEL_LEN + 1]; - char rule_add[6]; // "rwxat" + '\0' - char rule_remove[6]; // "rwxat" + '\0' + char rule_add[SMACK_ACC_LEN + 1]; + char rule_remove[SMACK_ACC_LEN + 1]; subject[SMACK_LABEL_LEN] = '\0'; object[SMACK_LABEL_LEN] = '\0'; - rule_add[5] = '\0'; - rule_remove[5] = '\0'; + rule_add[SMACK_ACC_LEN] = '\0'; + rule_remove[SMACK_ACC_LEN] = '\0'; unlink(SMACK_RULES_DIR APP_ID); @@ -2474,7 +2476,7 @@ RUNNER_TEST(privilege_control20_early_rules) file = fopen(SMACK_STARTUP_RULES_FILE, "r"); RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN); + result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN); while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { @@ -2486,8 +2488,6 @@ RUNNER_TEST(privilege_control20_early_rules) continue; } } - free(single_line_format); - single_line_format = NULL; fclose(file); file = NULL; @@ -2504,8 +2504,6 @@ RUNNER_TEST(privilege_control20_early_rules) file = fopen(SMACK_STARTUP_RULES_FILE, "r"); RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN); - while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { pass_1 = 0; // Found rule for APP_ID - it should NOT be here @@ -2516,8 +2514,6 @@ RUNNER_TEST(privilege_control20_early_rules) continue; } } - free(single_line_format); - single_line_format = NULL; fclose(file); file = NULL; @@ -2533,8 +2529,6 @@ RUNNER_TEST(privilege_control20_early_rules) file = fopen(SMACK_STARTUP_RULES_FILE, "r"); RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - result = asprintf(&single_line_format, "%%%ds %%%ds %%5s %%5s\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN); - while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { pass_1 = 0; // Found rule for APP_ID - it should NOT be here @@ -2546,9 +2540,7 @@ RUNNER_TEST(privilege_control20_early_rules) } } free(single_line_format); - single_line_format = NULL; fclose(file); - file = NULL; RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found"); RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found"); -- 2.7.4