From c98d08618ed0dac900949f1fc48722c2b7dace46 Mon Sep 17 00:00:00 2001 From: Marcin Niesluchowski Date: Mon, 29 Apr 2013 16:45:59 +0200 Subject: [PATCH] 5 tests added - 1 smack_accesses_clear() test; 1 smack_revoke_subject() test; 1 smack_accesses_add_modify() test; 1 test for adding, removing rules; 1 test for saving, loading rules from file. [Issue#] SSDWSSP-58 [Bug/Feature] Create additional 5 test cases for libsmack [Cause] N/A [Solution] N/A [Verification] N/A Change-Id: Ia3484d6ebdb48ba27e22018ca9c0e7dab5470db8 --- packaging/security-tests.spec | 4 + tests/libsmack-tests/CMakeLists.txt | 40 +++ tests/libsmack-tests/test_cases.cpp | 510 +++++++++++++++++++++++++++++ tests/libsmack-tests/test_smack_rules2 | 9 + tests/libsmack-tests/test_smack_rules3 | 3 + tests/libsmack-tests/test_smack_rules4 | 3 + tests/libsmack-tests/test_smack_rules_full | 9 + 7 files changed, 578 insertions(+) create mode 100644 tests/libsmack-tests/test_smack_rules2 create mode 100644 tests/libsmack-tests/test_smack_rules3 create mode 100644 tests/libsmack-tests/test_smack_rules4 create mode 100644 tests/libsmack-tests/test_smack_rules_full diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index cfc613c..3e5652f 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -55,6 +55,10 @@ echo "security-tests postinst done ..." /usr/bin/security-server-tests-pid-reuser /usr/bin/security-server-tests-server /usr/bin/security-server-tests-password +/etc/smack/test_smack_rules_full +/etc/smack/test_smack_rules2 +/etc/smack/test_smack_rules3 +/etc/smack/test_smack_rules4 /etc/smack/test_smack_rules /etc/smack/test_smack_rules_lnk /usr/share/privilege-control/* diff --git a/tests/libsmack-tests/CMakeLists.txt b/tests/libsmack-tests/CMakeLists.txt index 4d6876d..7992118 100644 --- a/tests/libsmack-tests/CMakeLists.txt +++ b/tests/libsmack-tests/CMakeLists.txt @@ -73,3 +73,43 @@ INSTALL(FILES WORLD_READ WORLD_EXECUTE ) + +#place for full rules +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules_full + DESTINATION /etc/smack + PERMISSIONS + OWNER_READ + GROUP_READ + WORLD_READ + ) + +#place for rules2 +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules2 + DESTINATION /etc/smack + PERMISSIONS + OWNER_READ + GROUP_READ + WORLD_READ + ) + +#place for rules3 +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules3 + DESTINATION /etc/smack + PERMISSIONS + OWNER_READ + GROUP_READ + WORLD_READ + ) + +#place for rules4 +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules4 + DESTINATION /etc/smack + PERMISSIONS + OWNER_READ + GROUP_READ + WORLD_READ + ) diff --git a/tests/libsmack-tests/test_cases.cpp b/tests/libsmack-tests/test_cases.cpp index bc8901c..5a9d953 100644 --- a/tests/libsmack-tests/test_cases.cpp +++ b/tests/libsmack-tests/test_cases.cpp @@ -23,6 +23,7 @@ */ #include +#include #include #include #include @@ -34,7 +35,9 @@ #define TEST_SUBJECT "test_subject" #define TEST_OBJECT "test_oject" +#define TEST_OBJECT_2 "test_oject_2" +std::vector accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" }; int files_compare(int fd1, int fd2) { @@ -106,6 +109,56 @@ void clean_up(){ } /** + * Checking if subject has any access to object + */ +bool checkNoAccesses(const char *subject, const char *object){ + int result; + result = smack_have_access(subject, object,"r"); + if(result==1){ + return false; + } + result = smack_have_access(subject, object,"w"); + if(result==1){ + return false; + } + result = smack_have_access(subject, object,"x"); + if(result==1){ + return false; + } + result = smack_have_access(subject, object,"a"); + if(result==1){ + return false; + } + result = smack_have_access(subject, object,"t"); + if(result==1){ + return false; + } + return true; +} + +int removeAccessesAll() +{ + struct smack_accesses * rules = NULL; + int result = smack_accesses_new(&rules); + RUNNER_ASSERT_MSG(result == 0, "Unable to create smack_accesses instance"); + + result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_01", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_02", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_01", "test_object_03", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_01", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_02", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_02", "test_object_03", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_01", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_02", "", "rxwat"); + result = smack_accesses_add_modify(rules, "test_subject_03", "test_object_03", "", "rxwat"); + + smack_accesses_apply(rules); + RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); + smack_accesses_free(rules); +} + + +/** * Add a new access with smack_accesses_add_modify() */ RUNNER_TEST(smack_accesses_add_modify_test_1){ @@ -283,6 +336,138 @@ RUNNER_TEST(smack_accesses_add_modify_test_6){ smack_accesses_free(rules); } +/** + * Run smack_accesses_add_modify with the same accesses_add and accesses_del. + */ +RUNNER_TEST(smack_accesses_add_modify_test_7){ + unsigned int i; + int result; + + struct smack_accesses * rules = NULL; + + for(i = 0; i= 0, "Unable to open /etc/smack/test_smack_rules_full"); + + // Adding rules from file + result = smack_accesses_add_from_file(rulesBasic, fd); + close(fd); + RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file"); + + // Applying rules + result = smack_accesses_apply(rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); + + // Checking rules + result = smack_have_access("test_subject_01", "test_object_01", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_01", "test_object_02", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_01", "test_object_03", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_02", "test_object_01", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_02", "test_object_02", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_02", "test_object_03", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_03", "test_object_01", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_03", "test_object_02", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + result = smack_have_access("test_subject_03", "test_object_03", "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack accesses."); + + // Removing rules + removeAccessesAll(); + + smack_accesses_free(rulesBasic); + + // Creating rules + result = smack_accesses_new(&rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result); + + // Loading file with partial wrong rules - test_smack_rules2 + fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644); + RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2"); + + // Adding rules from file + result = smack_accesses_add_from_file(rulesBasic, fd); + close(fd); + RUNNER_ASSERT_MSG(result == 0, "Accesses were loaded from file"); + + // Applying rules + result = smack_accesses_apply(rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); + + // Checking rules + RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"), + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); + result = smack_have_access("test_subject_01", "test_object_02", "rwat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + result = smack_have_access("test_subject_01", "test_object_03", "wat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"), + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); + result = smack_have_access("test_subject_02", "test_object_02", "wa-ft"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + result = smack_have_access("test_subject_02", "test_object_03", "wr"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + result = smack_have_access("test_subject_03", "test_object_01", "a"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + result = smack_have_access("test_subject_03", "test_object_02", "rwat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + result = smack_have_access("test_subject_03", "test_object_03", "w"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); + + // Removing rules + removeAccessesAll(); + + smack_accesses_free(rulesBasic); + + // Creating rules + result = smack_accesses_new(&rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result); + + // Loading file with partial wrong rules - test_smack_rules3 + fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644); + RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3"); + + // Adding rules from file + result = smack_accesses_add_from_file(rulesBasic, fd); + close(fd); + RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file"); + + // Applying rules + result = smack_accesses_apply(rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); + + // Checking rules + result = smack_have_access("test_subject_01", "test_object_01", "rwat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result ); + RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_02"), + " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Accesses exist."); + result = smack_have_access("test_subject_01", "test_object_03", "x"); + RUNNER_ASSERT_MSG(result == 0, + " Error while checking smack access loaded from /etc/smack/test_smack_rules3. Result: " << result ); + + // Removing rules + removeAccessesAll(); + + smack_accesses_free(rulesBasic); + + // Creating rules + result = smack_accesses_new(&rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while creating new accesses. Result: " << result); + + // Loading file with partial wrong rules - test_smack_rules4 + fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644); + RUNNER_ASSERT_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4"); + + // Adding rules from file + result = smack_accesses_add_from_file(rulesBasic, fd); + close(fd); + RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file"); + + // Applying rules + result = smack_accesses_apply(rulesBasic); + RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); + + // Checking rules + result = smack_have_access("test_subject_01", "test_object_01", "rxwat"); + RUNNER_ASSERT_MSG(result == 1, + " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result ); + RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_02"), + " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Accesses exist."); + result = smack_have_access("test_subject_01", "test_object_03", "a"); + RUNNER_ASSERT_MSG(result == 0, + " Error while checking smack access loaded from /etc/smack/test_smack_rules4. Result: " << result ); + + // Removing rules + removeAccessesAll(); + + smack_accesses_free(rulesBasic); + +} + //int smack_new_label_from_socket(int fd, char **label); diff --git a/tests/libsmack-tests/test_smack_rules2 b/tests/libsmack-tests/test_smack_rules2 new file mode 100644 index 0000000..51ee763 --- /dev/null +++ b/tests/libsmack-tests/test_smack_rules2 @@ -0,0 +1,9 @@ +test_subject_01 test_object_01 --- +test_subject_01 test_object_02 rwat +test_subject_01 test_object_03 wat +test_subject_02 test_object_01 $$$$$$$ +test_subject_02 test_object_02 wa-ft +test_subject_02 test_object_03 +rwh4r9d32!@#$ +test_subject_03 test_object_01 aaaaaa %$%^$#@b +test_subject_03 test_object_02 rwat +test_subject_03 test_object_03 w---ls diff --git a/tests/libsmack-tests/test_smack_rules3 b/tests/libsmack-tests/test_smack_rules3 new file mode 100644 index 0000000..5714b92 --- /dev/null +++ b/tests/libsmack-tests/test_smack_rules3 @@ -0,0 +1,3 @@ +test_subject_01 test_object_01 rwat +test_subject_01 test_object_02 +test_subject_01 test_object_03 xxxxx diff --git a/tests/libsmack-tests/test_smack_rules4 b/tests/libsmack-tests/test_smack_rules4 new file mode 100644 index 0000000..8c553b6 --- /dev/null +++ b/tests/libsmack-tests/test_smack_rules4 @@ -0,0 +1,3 @@ +test_subject_01 test_object_01 rwxat +test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat +test_subject_01 test_object_03 aaaaaa xxxxxx diff --git a/tests/libsmack-tests/test_smack_rules_full b/tests/libsmack-tests/test_smack_rules_full new file mode 100644 index 0000000..d4f7ddf --- /dev/null +++ b/tests/libsmack-tests/test_smack_rules_full @@ -0,0 +1,9 @@ +test_subject_01 test_object_01 rwxat +test_subject_01 test_object_02 rwxat +test_subject_01 test_object_03 rwxat +test_subject_02 test_object_01 rwxat +test_subject_02 test_object_02 rwxat +test_subject_02 test_object_03 rwxat +test_subject_03 test_object_01 rwxat +test_subject_03 test_object_02 rwxat +test_subject_03 test_object_03 rwxat -- 2.7.4