static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
-static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
+static const char *const SM_RW_PATH = "/usr/apps/test_DIR/app_dir";
+static const char *const SM_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
static const std::string EXEC_FILE("exec");
}
};
-static void generateAppLabel(const std::string &pkgId, std::string &label)
+static void generateAppLabel(const std::string &appId, std::string &label)
{
- (void) pkgId;
+ (void) appId;
label = "User";
}
}
-static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
+static int nftw_check_sm_labels_app_rw_dir(const char *fpath, const struct stat *sb,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
}
-static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
+static int nftw_check_sm_labels_app_ro_dir(const char *fpath, const struct stat *sb,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
- return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
+ return nftw_check_sm_labels_app_dir(fpath, sb, "User::Home", true, false);
}
static void prepare_app_path()
{
int result;
- result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
+ result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+ result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
{
int result;
- result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
+ result = nftw(SM_RW_PATH, &nftw_check_sm_labels_app_rw_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+ result = nftw(SM_RO_PATH, &nftw_check_sm_labels_app_ro_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
const privileges_t &allowed_privs, const privileges_t &denied_privs)
{
- (void) app_id;
+ (void) pkg_id;
std::string smackLabel;
- generateAppLabel(pkg_id, smackLabel);
+ generateAppLabel(app_id, smackLabel);
CynaraTestClient::Client ctc;
requestInst.setPkgId(sm_pkg_id);
requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
+ requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
+ requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
Api::install(requestInst);
//install app for non-root user
//should fail (users may only register folders inside their home)
prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH,
+ SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
requestUid ? user.getUid() : 0);
Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
//install app for non-root user
//should succeed - this time i register folder inside user's home dir
prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_PRIVATE, appDir.c_str(),
+ SECURITY_MANAGER_PATH_RW, appDir.c_str(),
requestUid ? user.getUid() : 0);
for (auto &privilege : SM_ALLOWED_PRIVILEGES)