projects / platform / core / test / security-tests.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 99ac53c) | patch
Generic solution for onlycap issues 08/200708/5
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 1 Mar 2019 11:12:34 +0000 (12:12 +0100)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 5 Mar 2019 08:25:01 +0000 (08:25 +0000)
commit73f509909a3e4942cc60efbe5963e3bcac9cd7d4
tree1891fc4baea1d5a1cdcc0883ed0a9e0e8024a48ctree | snapshot
parent99ac53ca4f1ef7a2b931711969c08a4acee06fadcommit | diff
Generic solution for onlycap issues

Once a process changes its smack label it may be unable to restore the original
one if onlycap is active and the new label is not in onlycap.

This commit provides a single class for handling process relabeling. The class
is able to restore the original process label even if onlycap is active. To do
so it stores the original onlycap value and original process label. The new
label is appended to current onlycap. When class is destroyed the old label and
old onlycap content is restored.

The drawback of this solution is that the relabeled process effectively gets
CAP_MAC_ADMIN.

The script for running ckm tests on onlycap has been removed.

All tests that do not directly test smack_set_label_for_self() use the new class
for process relabeling.

Change-Id: I0dda65fbd392f1b09061349061bdaf634efd9093
21 files changed:
packaging/security-tests.spec diff | blob | history
src/ckm-integration/process-settings/change-smack.cpp diff | blob | history
src/ckm-integration/process-settings/change-smack.h diff | blob | history
src/ckm/privileged/CMakeLists.txt diff | blob | history
src/ckm/privileged/access_provider2.cpp diff | blob | history
src/ckm/privileged/access_provider2.h diff | blob | history
src/ckm/privileged/cc-mode.cpp diff | blob | history
src/ckm/privileged/ckm-privileged-common.cpp diff | blob | history
src/ckm/privileged/ckm-privileged-common.h diff | blob | history
src/ckm/privileged/ckm-tests-on-onlycap.sh [deleted file] blob | history
src/common/CMakeLists.txt diff | blob | history
src/common/access_provider.cpp diff | blob | history
src/common/scoped_process_label.cpp [new file with mode: 0644] blob
src/common/scoped_process_label.h [new file with mode: 0644] blob
src/common/tests_common.cpp diff | blob | history
src/common/tests_common.h diff | blob | history
src/cynara-tests/test_cases_helpers.cpp diff | blob | history
src/security-manager-tests/common/scoped_label.h [deleted file] blob | history
src/security-manager-tests/common/sm_commons.cpp diff | blob | history
src/security-manager-tests/test_cases.cpp diff | blob | history
src/security-tests.sh diff | blob | history
Domain: Security / Uncategorized;