Merge branches 'ckm', 'security-manager' and 'cynara' into 'tizen'

[platform/core/test/security-tests.git] / src / ckm / privileged / ckm-tests-on-onlycap.sh

#!/bin/sh

# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
#    Licensed under the Apache License, Version 2.0 (the "License");
#    you may not use this file except in compliance with the License.
#    You may obtain a copy of the License at
#
#        http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS,
#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#    See the License for the specific language governing permissions and
#    limitations under the License.
#
# @file        ckm-tests-on-onlycap.sh
# @author      Kyungwook Tak (k.tak@samsung.com)
# @brief       Run ckm-tests on onlycap environment
#

# save old label and onlycap
OLD_LABEL=`cat /proc/self/attr/current`
OLD_ONLYCAP=`cat /sys/fs/smackfs/onlycap`

# make sure we're in onlycap so original state can be restored later
# (assume that OLD_LABEL is allowed to change the label)
echo "System::Privileged" > /proc/self/attr/current || exit

# push test app lables to onlycap label list
echo "System::Privileged \
      User::Pkg::test_label \
      User::Pkg::test_label_2 \
      User::Pkg::test_label_3 \
      User::Pkg::test_label_4 \
      User::Pkg::test_label_5 \
      System" > /sys/fs/smackfs/onlycap || exit

# set capability for changing smack label of self and add/remove smack rules
setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests || exit

# run test
ckm-privileged-tests "${@}" # propagate all arguments

# restore old onlycap
echo -n $OLD_ONLYCAP > /sys/fs/smackfs/onlycap

# restore old label
# (assume that System::Privileged is allowed to do it with $OLD_ONLYCAP)
echo $OLD_LABEL > /proc/self/attr/current