#!/bin/sh
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# @brief Run ckm-tests on onlycap environment
#
+# save old label and onlycap
+OLD_LABEL=`cat /proc/self/attr/current`
+OLD_ONLYCAP=`cat /sys/fs/smackfs/onlycap`
+
+# make sure we're in onlycap so original state can be restored later
+# (assume that OLD_LABEL is allowed to change the label)
+echo "System::Privileged" > /proc/self/attr/current || exit
+
# push test app lables to onlycap label list
echo "System::Privileged \
User::Pkg::test_label \
User::Pkg::test_label_3 \
User::Pkg::test_label_4 \
User::Pkg::test_label_5 \
- System" > /sys/fs/smackfs/onlycap
+ System" > /sys/fs/smackfs/onlycap || exit
# set capability for changing smack label of self and add/remove smack rules
-setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests
+setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests || exit
# run test
ckm-privileged-tests "${@}" # propagate all arguments
+
+# restore old onlycap
+echo -n $OLD_ONLYCAP > /sys/fs/smackfs/onlycap
+
+# restore old label
+# (assume that System::Privileged is allowed to do it with $OLD_ONLYCAP)
+echo $OLD_LABEL > /proc/self/attr/current
projects / platform / core / test / security-tests.git / commitdiff