RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
}
-RUNNER_CHILD_TEST(tc11_security_server_get_uid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc11_security_server_get_uid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
}
-RUNNER_CHILD_TEST(tc12_security_server_get_uid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc12_security_server_get_uid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
}
-RUNNER_CHILD_TEST(tc13_security_server_get_uid_by_cookie)
+RUNNER_CHILD_TEST_NOSMACK(tc12_security_server_get_uid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ uid_t realUid = getuid();
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ uid_t cookieUid;
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
+RUNNER_CHILD_TEST_SMACK(tc13_security_server_get_uid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
}
+RUNNER_CHILD_TEST_NOSMACK(tc13_security_server_get_uid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ uid_t cookieUid, realUid = getuid();
+ retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
+ RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
+}
+
RUNNER_TEST(tc14_security_server_get_gid_by_cookie)
{
int cookieSize = security_server_get_cookie_size();
}
-RUNNER_CHILD_TEST(tc15_security_server_get_gid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc15_security_server_get_gid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
}
-RUNNER_CHILD_TEST(tc16_security_server_get_gid_by_cookie)
+RUNNER_CHILD_TEST_SMACK(tc16_security_server_get_gid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
}
-RUNNER_CHILD_TEST(tc17_security_server_get_gid_by_cookie)
+RUNNER_CHILD_TEST_NOSMACK(tc16_security_server_get_gid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ std::vector<char> cookie(cookieSize);
+
+ gid_t realGid = getgid();
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ //checking function
+ gid_t cookieGid;
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc17_security_server_get_gid_by_cookie_smack)
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
}
+RUNNER_CHILD_TEST_NOSMACK(tc17_security_server_get_gid_by_cookie_nosmack)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
+
+ //drop privileges
+ RUNNER_ASSERT_MSG(setgid(5000) == 0, "Unable to drop privileges");
+ RUNNER_ASSERT_MSG(setuid(5000) == 0, "Unable to drop privileges");
+
+ std::vector<char> cookie(cookieSize);
+ int retval = security_server_request_cookie(&cookie[0], cookieSize);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
+
+ //checking function
+ gid_t cookieGid, realGid = getgid();
+ retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
+ RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
+ RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
+}
RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
int res;
* label - there is no need to re-check it.
* - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
*/
-RUNNER_TEST_NOSMACK(tc_security_server_get_smacklabel_cookie_nosmack) {
+RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
int res;
pid_t mypid;
res = security_server_request_cookie(cookie, cookie_size);
std::unique_ptr<char, std::function<void(char*)> > cookie_ptr(cookie, free);
cookie = NULL;
- if (res != SECURITY_SERVER_API_SUCCESS) {
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
- "Error in requesting cookie from security-server. Result: " << res);
- }
+ RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
+ "Error in requesting cookie from security-server. Result: " << res);
label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
RUNNER_ASSERT_MSG(label_ss != NULL, "Error in getting label by cookie");